From fa35ea13873f81405c5203f0827ea15703615c97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Mon, 27 Nov 2017 16:58:12 +0100
Subject: [PATCH] Strip leading & trailing whitespaces in CI/CD secret variable
 keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 app/models/concerns/has_variable.rb            |  4 ++++
 ...-environment-scope-value-is-not-trimmed.yml |  5 +++++
 spec/models/concerns/has_variable_spec.rb      | 18 ++++++++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 changelogs/unreleased/40561-environment-scope-value-is-not-trimmed.yml

diff --git a/app/models/concerns/has_variable.rb b/app/models/concerns/has_variable.rb
index 9585b5583dc..8a241e4374a 100644
--- a/app/models/concerns/has_variable.rb
+++ b/app/models/concerns/has_variable.rb
@@ -16,6 +16,10 @@ module HasVariable
        key: Gitlab::Application.secrets.db_key_base,
        algorithm: 'aes-256-cbc'
 
+    def key=(new_key)
+      super(new_key.to_s.strip)
+    end
+
     def to_runner_variable
       { key: key, value: value, public: false }
     end
diff --git a/changelogs/unreleased/40561-environment-scope-value-is-not-trimmed.yml b/changelogs/unreleased/40561-environment-scope-value-is-not-trimmed.yml
new file mode 100644
index 00000000000..e0e3ddbdaa8
--- /dev/null
+++ b/changelogs/unreleased/40561-environment-scope-value-is-not-trimmed.yml
@@ -0,0 +1,5 @@
+---
+title: Strip leading & trailing whitespaces in CI/CD secret variable keys
+merge_request: 15615
+author:
+type: fixed
diff --git a/spec/models/concerns/has_variable_spec.rb b/spec/models/concerns/has_variable_spec.rb
index f4b24e6d1d9..f87869a2fdc 100644
--- a/spec/models/concerns/has_variable_spec.rb
+++ b/spec/models/concerns/has_variable_spec.rb
@@ -9,6 +9,24 @@ describe HasVariable do
   it { is_expected.not_to allow_value('foo bar').for(:key) }
   it { is_expected.not_to allow_value('foo/bar').for(:key) }
 
+  describe '#key=' do
+    context 'when the new key is nil' do
+      it 'strips leading and trailing whitespaces' do
+        subject.key = nil
+
+        expect(subject.key).to eq('')
+      end
+    end
+
+    context 'when the new key has leadind and trailing whitespaces' do
+      it 'strips leading and trailing whitespaces' do
+        subject.key = ' my key '
+
+        expect(subject.key).to eq('my key')
+      end
+    end
+  end
+
   describe '#value' do
     before do
       subject.value = 'secret'
-- 
GitLab