diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-05 22:02:13 -0500 |
|---|---|---|
| committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-06 21:20:17 -0500 |
| commit | c4f56a88029c1fe73bf6efb062b5f77a65282fed (patch) | |
| tree | 890a869e8ce06a5438b38c8e9dca9529362cc2f4 | |
| parent | a475411f4380ef4d0260940206e2553da3b2f3ee (diff) | |
| download | gitlab-ce-c4f56a88029c1fe73bf6efb062b5f77a65282fed.tar.gz | |
Increase test suite around deploy tokens behavior
Also, fixes broken specs
| -rw-r--r-- | app/helpers/deploy_tokens_helper.rb | 5 | ||||
| -rw-r--r-- | app/models/deploy_token.rb | 6 | ||||
| -rw-r--r-- | app/models/project_deploy_token.rb | 6 | ||||
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 2 | ||||
| -rw-r--r-- | app/views/projects/deploy_tokens/_form.html.haml | 11 | ||||
| -rw-r--r-- | doc/user/project/deploy_tokens/index.md | 14 | ||||
| -rw-r--r-- | lib/gitlab/auth.rb | 8 | ||||
| -rw-r--r-- | spec/controllers/projects/deploy_tokens_controller_spec.rb | 61 | ||||
| -rw-r--r-- | spec/controllers/projects/settings/repository_controller_spec.rb | 40 | ||||
| -rw-r--r-- | spec/lib/gitlab/auth_spec.rb | 90 | ||||
| -rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 49 | ||||
| -rw-r--r-- | spec/lib/gitlab/import_export/all_models.yml | 4 | ||||
| -rw-r--r-- | spec/models/deploy_token_spec.rb | 21 | ||||
| -rw-r--r-- | spec/policies/deploy_token_policy_spec.rb | 2 | ||||
| -rw-r--r-- | spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb | 16 | ||||
| -rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 1 | ||||
| -rw-r--r-- | spec/services/deploy_tokens/create_service_spec.rb | 28 |
17 files changed, 144 insertions, 220 deletions
diff --git a/app/helpers/deploy_tokens_helper.rb b/app/helpers/deploy_tokens_helper.rb index 3ca567a2bdd..c791b4e68b3 100644 --- a/app/helpers/deploy_tokens_helper.rb +++ b/app/helpers/deploy_tokens_helper.rb @@ -4,4 +4,9 @@ module DeployTokensHelper deploy_token.errors.present? || Rails.env.test? end + + def container_registry_enabled? + Gitlab.config.registry.enabled && + can?(current_user, :read_container_image, @project) + end end diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 6639cb17287..11add42b2c5 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -17,10 +17,6 @@ class DeployToken < ActiveRecord::Base scope :read_repository, -> { where(read_repository: true) } scope :read_registry, -> { where(read_registry: true) } - def self.redis_shared_state_key(user_id) - "gitlab:deploy_token:user_#{user_id}" - end - def revoke! update!(revoked: true) end @@ -38,7 +34,7 @@ class DeployToken < ActiveRecord::Base end def has_access_to?(requested_project) - self.projects.first == requested_project + project == requested_project end def project diff --git a/app/models/project_deploy_token.rb b/app/models/project_deploy_token.rb index 2831b01e378..ab4482f0c0b 100644 --- a/app/models/project_deploy_token.rb +++ b/app/models/project_deploy_token.rb @@ -5,10 +5,4 @@ class ProjectDeployToken < ActiveRecord::Base validates :deploy_token, presence: true validates :project, presence: true validates :deploy_token_id, uniqueness: { scope: [:project_id] } - - accepts_nested_attributes_for :deploy_token - - def redis_shared_state_key(user_id) - "gitlab:deploy_token:#{project_id}:#{user_id}" - end end diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index bb3ab856467..425ceb9c1a8 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -143,7 +143,7 @@ module Auth def user_can_pull?(requested_project) has_authentication_ability?(:read_container_image) && - can_user?(:read_container_image, requested_project) + can?(current_user, :read_container_image, requested_project) end def deploy_token_can_pull?(requested_project) diff --git a/app/views/projects/deploy_tokens/_form.html.haml b/app/views/projects/deploy_tokens/_form.html.haml index d027b2ca4b4..a947013370d 100644 --- a/app/views/projects/deploy_tokens/_form.html.haml +++ b/app/views/projects/deploy_tokens/_form.html.haml @@ -18,11 +18,12 @@ = f.check_box :read_repository = label_tag ("deploy_token_read_repository"), 'read_repository' %span= s_('DeployTokens|Allows read-only access to the repository') - - %fieldset - = f.check_box :read_registry - = label_tag ("deploy_token_read_registry"), 'read_registry' - %span= s_('DeployTokens|Allows read-only access to the registry images') + + - if container_registry_enabled? + %fieldset + = f.check_box :read_registry + = label_tag ("deploy_token_read_registry"), 'read_registry' + %span= s_('DeployTokens|Allows read-only access to the registry images') .prepend-top-default = f.submit s_('DeployTokens|Create deploy token'), class: 'btn btn-success' diff --git a/doc/user/project/deploy_tokens/index.md b/doc/user/project/deploy_tokens/index.md index 72a1a1ccabc..e2c24a52f6d 100644 --- a/doc/user/project/deploy_tokens/index.md +++ b/doc/user/project/deploy_tokens/index.md @@ -46,26 +46,30 @@ the following table. To download a repository using a Deploy Token, you just need to: 1. Create a Deploy Token with `read_repository` as a scope. -2. `git clone` the project using the Deploy Token: +2. Take note of your `username` and `token` +3. `git clone` the project using the Deploy Token: ```bash -git clone http://oauth2:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git +git clone http://<username>:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git ``` -Just replace `<deploy_token>` with your real token. +Just replace `<username>` and `<deploy_token>` with the proper values ### Read container registry images To read the container registry images, you'll need to: 1. Create a Deploy Token with `read_registry` as a scope. -2. Log in to GitLab’s Container Registry using the deploy token: +2. Take note of your `username` and `token` +3. Log in to GitLab’s Container Registry using the deploy token: ``` docker login registry.example.com -u <username> -p <deploy_token> ``` -Just replace `<username>` and `<deploy_token>` with the proper values. + +Just replace `<username>` and `<deploy_token>` with the proper values. Then you can simply +pull images from your Container Registry. [ce-17894]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894 [ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845 diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 13a59bb4a76..f88f9d2d808 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -173,19 +173,17 @@ module Gitlab end.uniq end - # Project is always sent when using read_scope, - # but is not sent when using read_registry scope - # (since jwt is not context aware of the project) def deploy_token_check(login, password) return unless password.present? token = DeployToken.active.find_by(token: password) - return unless token - return unless login != "gitlab+deploy-token-#{token.id}" + return unless token && login + return if login != token.username scopes = abilities_for_scopes(token.scopes) + if valid_scoped_token?(token, available_scopes) Gitlab::Auth::Result.new(token, token.project, :deploy_token, scopes) end diff --git a/spec/controllers/projects/deploy_tokens_controller_spec.rb b/spec/controllers/projects/deploy_tokens_controller_spec.rb deleted file mode 100644 index 8de564a56af..00000000000 --- a/spec/controllers/projects/deploy_tokens_controller_spec.rb +++ /dev/null @@ -1,61 +0,0 @@ -require 'spec_helper' - -describe Projects::DeployTokensController do - let(:project) { create(:project) } - let(:user) { create(:user) } - let!(:member) { project.add_master(user) } - - before do - sign_in(user) - end - - describe 'POST #create' do - let(:deploy_token_params) { attributes_for(:deploy_token) } - - subject do - post :create, - namespace_id: project.namespace, - project_id: project, - deploy_token: deploy_token_params - end - - context 'with valid params' do - it 'should create a new DeployToken' do - expect { subject }.to change(DeployToken, :count).by(1) - end - - it 'should include a flash notice' do - subject - expect(flash[:notice]).to eq('Your new project deploy token has been created.') - end - - it 'should redirect to project settings repository' do - subject - expect(response).to redirect_to project_settings_repository_path(project) - end - end - - context 'with invalid params' do - let(:deploy_token_params) { attributes_for(:deploy_token, scopes: []) } - - it 'should not create a new DeployToken' do - expect { subject }.not_to change(DeployToken, :count) - end - - it 'should redirect to project settings repository' do - subject - expect(response).to redirect_to project_settings_repository_path(project) - end - end - - context 'when user does not have enough permissions' do - let!(:member) { project.add_developer(user) } - - it 'responds with status 404' do - subject - - expect(response).to have_gitlab_http_status(404) - end - end - end -end diff --git a/spec/controllers/projects/settings/repository_controller_spec.rb b/spec/controllers/projects/settings/repository_controller_spec.rb index da4d3e5732d..3a4014b7768 100644 --- a/spec/controllers/projects/settings/repository_controller_spec.rb +++ b/spec/controllers/projects/settings/repository_controller_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe Projects::Settings::RepositoryController, :clean_gitlab_redis_shared_state do +describe Projects::Settings::RepositoryController do let(:project) { create(:project_empty_repo, :public) } let(:user) { create(:user) } @@ -16,43 +16,5 @@ describe Projects::Settings::RepositoryController, :clean_gitlab_redis_shared_st expect(response).to have_gitlab_http_status(200) expect(response).to render_template(:show) end - - context 'with no deploy token attributes present' do - it 'should build an empty instance of DeployToken' do - get :show, namespace_id: project.namespace, project_id: project - - deploy_token = assigns(:deploy_token) - expect(deploy_token).to be_an_instance_of(DeployToken) - expect(deploy_token.name).to be_nil - expect(deploy_token.expires_at).to be_nil - expect(deploy_token.scopes).to eq([]) - end - end - - context 'with deploy token attributes present' do - let(:deploy_token_key) { "gitlab:deploy_token:#{project.id}:#{user.id}:attributes" } - - let(:deploy_token_attributes) do - { - name: 'test-token', - expires_at: Date.today + 1.month - } - end - - before do - Gitlab::Redis::SharedState.with do |redis| - redis.set(deploy_token_key, deploy_token_attributes.to_json) - end - - get :show, namespace_id: project.namespace, project_id: project - end - - it 'should build an instance of DeployToken' do - deploy_token = assigns(:deploy_token) - expect(deploy_token).to be_an_instance_of(DeployToken) - expect(deploy_token.name).to eq(deploy_token_attributes[:name]) - expect(deploy_token.expires_at.to_date).to eq(deploy_token_attributes[:expires_at].to_date) - end - end end end diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 7be888d812f..e3ec707076a 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -195,7 +195,7 @@ describe Gitlab::Auth do personal_access_token = create(:personal_access_token, scopes: ['read_registry']) expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '') - expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_access_token, [:read_project, :build_download_code, :build_read_container_image])) + expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_access_token, [:build_read_container_image])) end end @@ -262,25 +262,38 @@ describe Gitlab::Auth do context 'when the deploy token has read_repository as scope' do let(:deploy_token) { create(:deploy_token, read_registry: false, projects: [project]) } + let(:login) { deploy_token.username } - it 'succeeds when project is present, token is valid and has read_repository as scope' do - abilities = %i(download_code) - auth_success = Gitlab::Auth::Result.new(deploy_token, project, :deploy_token, abilities) + it 'succeeds when login and token are valid' do + auth_success = Gitlab::Auth::Result.new(deploy_token, project, :deploy_token, [:download_code]) - expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '') - expect(gl_auth.find_for_git_client('', deploy_token.token, project: project, ip: 'ip')) + expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: login) + expect(gl_auth.find_for_git_client(login, deploy_token.token, project: project, ip: 'ip')) .to eq(auth_success) end + it 'fails when login is not valid' do + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'random_login') + expect(gl_auth.find_for_git_client('random_login', deploy_token.token, project: project, ip: 'ip')) + .to eq(auth_failure) + end + + it 'fails when token is not valid' do + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, '123123', project: project, ip: 'ip')) + .to eq(auth_failure) + end + it 'fails if token is nil' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', nil, project: project, ip: 'ip')) + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, nil, project: project, ip: 'ip')) .to eq(auth_failure) end it 'fails if token is not related to project' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', 'abcdef', project: project, ip: 'ip')) + another_deploy_token = create(:deploy_token) + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, another_deploy_token.token, project: project, ip: 'ip')) .to eq(auth_failure) end @@ -296,30 +309,42 @@ describe Gitlab::Auth do context 'when the deploy token has read_registry as a scope' do let(:deploy_token) { create(:deploy_token, read_repository: false, projects: [project]) } + let(:login) { deploy_token.username } context 'when registry enabled' do before do stub_container_registry_config(enabled: true) end - it 'succeeds if deploy token does have read_registry as scope' do - abilities = %i(read_project build_download_code build_read_container_image) - auth_success = Gitlab::Auth::Result.new(deploy_token, project, :deploy_token, abilities) + it 'succeeds when login and token are valid' do + auth_success = Gitlab::Auth::Result.new(deploy_token, project, :deploy_token, [:build_read_container_image]) - expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '') - expect(gl_auth.find_for_git_client('', deploy_token.token, project: nil, ip: 'ip')) + expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: login) + expect(gl_auth.find_for_git_client(login, deploy_token.token, project: nil, ip: 'ip')) .to eq(auth_success) end + it 'fails when login is not valid' do + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'random_login') + expect(gl_auth.find_for_git_client('random_login', deploy_token.token, project: project, ip: 'ip')) + .to eq(auth_failure) + end + + it 'fails when token is not valid' do + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, '123123', project: project, ip: 'ip')) + .to eq(auth_failure) + end + it 'fails if token is nil' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', nil, project: nil, ip: 'ip')) + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, nil, project: nil, ip: 'ip')) .to eq(auth_failure) end it 'fails if token is not related to project' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', 'abcdef', project: nil, ip: 'ip')) + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, 'abcdef', project: nil, ip: 'ip')) .to eq(auth_failure) end @@ -338,30 +363,9 @@ describe Gitlab::Auth do stub_container_registry_config(enabled: false) end - it 'fails if deploy token have read_registry as scope' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', deploy_token.token, project: nil, ip: 'ip')) - .to eq(auth_failure) - end - - it 'fails if token is nil' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', nil, project: nil, ip: 'ip')) - .to eq(auth_failure) - end - - it 'fails if token is not related to project' do - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: '') - expect(gl_auth.find_for_git_client('', 'abcdef', project: nil, ip: 'ip')) - .to eq(auth_failure) - end - - it 'fails if token has been revoked' do - deploy_token.revoke! - - expect(deploy_token.revoked?).to be_truthy - expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'deploy-token') - expect(gl_auth.find_for_git_client('deploy-token', deploy_token.token, project: nil, ip: 'ip')) + it 'fails when login and token are valid' do + expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login) + expect(gl_auth.find_for_git_client(login, deploy_token.token, project: nil, ip: 'ip')) .to eq(auth_failure) end end diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index 000e9e86813..6c625596605 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -147,21 +147,29 @@ describe Gitlab::GitAccess do end context 'when actor is DeployToken' do - let(:project_deploy_token) { create(:project_deploy_token, project: project) } - let(:actor) { project_deploy_token.deploy_token } + let(:actor) { create(:deploy_token, projects: [project]) } context 'when DeployToken is active and belongs to project' do it 'allows pull access' do expect { pull_access_check }.not_to raise_error end + + it 'blocks the push' do + expect { push_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:upload]) + end end context 'when DeployToken does not belong to project' do - let(:actor) { create(:deploy_token) } + let(:another_project) { create(:project) } + let(:actor) { create(:deploy_token, projects: [another_project]) } it 'blocks pull access' do expect { pull_access_check }.to raise_not_found end + + it 'blocks the push' do + expect { push_access_check }.to raise_not_found + end end end end @@ -613,6 +621,41 @@ describe Gitlab::GitAccess do end end + describe 'deploy token permissions' do + let(:deploy_token) { create(:deploy_token) } + let(:actor) { deploy_token } + + context 'pull code' do + context 'when project is authorized' do + before do + deploy_token.projects << project + end + + it { expect { pull_access_check }.not_to raise_error } + end + + context 'when unauthorized' do + context 'from public project' do + let(:project) { create(:project, :public, :repository) } + + it { expect { pull_access_check }.not_to raise_error } + end + + context 'from internal project' do + let(:project) { create(:project, :internal, :repository) } + + it { expect { pull_access_check }.to raise_not_found } + end + + context 'from private project' do + let(:project) { create(:project, :private, :repository) } + + it { expect { pull_access_check }.to raise_not_found } + end + end + end + end + describe 'build authentication_abilities permissions' do let(:authentication_abilities) { build_authentication_abilities } diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml index d38e665436f..897a5984782 100644 --- a/spec/lib/gitlab/import_export/all_models.yml +++ b/spec/lib/gitlab/import_export/all_models.yml @@ -145,6 +145,9 @@ pipeline_schedule: - pipelines pipeline_schedule_variables: - pipeline_schedule +deploy_tokens: +- project_deploy_tokens +- projects deploy_keys: - user - deploy_keys_projects @@ -281,6 +284,7 @@ project: - project_badges - source_of_merge_requests - internal_ids +- project_deploy_tokens - deploy_tokens award_emoji: - awardable diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 395c97f13a5..1adc049ca58 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -70,8 +70,27 @@ describe DeployToken do end describe '#username' do - it 'returns Ghost username' do + it 'returns a harcoded username' do expect(deploy_token.username).to eq("gitlab+deploy-token-#{deploy_token.id}") end end + + describe '#has_access_to?' do + let(:project) { create(:project) } + + subject(:deploy_token) { create(:deploy_token, projects: [project]) } + + context 'when the deploy token has access to the project' do + it 'should return true' do + expect(deploy_token.has_access_to?(project)).to be_truthy + end + end + + context 'when the deploy token does not have access to the project' do + it 'should return false' do + another_project = create(:project) + expect(deploy_token.has_access_to?(another_project)).to be_falsy + end + end + end end diff --git a/spec/policies/deploy_token_policy_spec.rb b/spec/policies/deploy_token_policy_spec.rb index f6d8d19aac9..eea287d895e 100644 --- a/spec/policies/deploy_token_policy_spec.rb +++ b/spec/policies/deploy_token_policy_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe DeployTokenPolicy do let(:current_user) { create(:user) } let(:project) { create(:project) } - let(:deploy_token) { create(:deploy_token, project: project) } + let(:deploy_token) { create(:deploy_token, projects: [project]) } subject { described_class.new(current_user, deploy_token) } diff --git a/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb b/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb index f52bd46074d..a416acffe94 100644 --- a/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb +++ b/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb @@ -13,20 +13,4 @@ describe Projects::Settings::DeployTokensPresenter do expect(presenter.length).to eq(3) end end - - describe '#temporal_token' do - context 'when a deploy token has been created recently' do - it 'returns the token of the deploy' do - deploy_token = ::DeployTokens::CreateService.new(project, user, attributes_for(:deploy_token)).execute - - expect(presenter.temporal_token).to eq(deploy_token.token) - end - end - - context 'when a deploy token has not been created recently' do - it 'does returns nil' do - expect(presenter.temporal_token).to be_nil - end - end - end end diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 0949ec24c50..290eeae828e 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -558,7 +558,6 @@ describe Auth::ContainerRegistryAuthenticationService do let(:project) { create(:project, :public) } context 'when pulling and pushing' do - let(:current_user) { create(:deploy_token, projects: [project]) } let(:current_params) do { scope: "repository:#{project.full_path}:pull,push" } end diff --git a/spec/services/deploy_tokens/create_service_spec.rb b/spec/services/deploy_tokens/create_service_spec.rb index 4830f17faa8..2a308a9bf8c 100644 --- a/spec/services/deploy_tokens/create_service_spec.rb +++ b/spec/services/deploy_tokens/create_service_spec.rb @@ -20,20 +20,6 @@ describe DeployTokens::CreateService, :clean_gitlab_redis_shared_state do it 'returns a DeployToken' do expect(subject).to be_an_instance_of DeployToken end - - it 'should store the token on redis' do - redis_key = DeployToken.redis_shared_state_key(user.id) - subject - - expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).not_to be_nil - end - - it 'should not store deploy token attributes on redis' do - redis_key = DeployToken.redis_shared_state_key(user.id) + ":attributes" - subject - - expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).to be_nil - end end context 'when the deploy token is invalid' do @@ -46,20 +32,6 @@ describe DeployTokens::CreateService, :clean_gitlab_redis_shared_state do it 'should not create a new ProjectDeployToken' do expect { subject }.not_to change { ProjectDeployToken.count } end - - it 'should not store the token on redis' do - redis_key = DeployToken.redis_shared_state_key(user.id) - subject - - expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).to be_nil - end - - it 'should store deploy token attributes on redis' do - redis_key = DeployToken.redis_shared_state_key(user.id) + ":attributes" - subject - - expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).not_to be_nil - end end end end |