Create idea of read-only databasetc-geo-read-only-idea

In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo secondary node). But in GitLab CE it also might be useful to have the "read-only" idea around. So port it back to GitLab CE. Also having the principle of read-only in GitLab CE would hopefully lead to less errors introduced, doing write operations when there aren't allowed for read-only calls. Closes gitlab-org/gitlab-ce#37534.
author: Toon Claes <toon@iotcl.com> 2017-09-19 09:44:58 +0200
committer: Toon Claes <toon@iotcl.com> 2017-10-06 22:37:40 +0200
commit: d13669716ab0c31ce9039ae9f7f073e33a4dc40f (patch)
tree: 001bb2e6aa76ea7531c93e469c396f7fdcc408a7 /spec/lib/gitlab/middleware/read_only_spec.rb
parent: 2cf5dca8f80cdefeb8932bf80417f52f289668c8 (diff)
download: gitlab-ce-d13669716ab0c31ce9039ae9f7f073e33a4dc40f.tar.gz
1 files changed, 142 insertions, 0 deletions
diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb
new file mode 100644
index 00000000000..742a792a1af
--- /dev/null
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@@ -0,0 +1,142 @@
+require 'spec_helper'
+
+describe Gitlab::Middleware::ReadOnly do
+  include Rack::Test::Methods
+
+  RSpec::Matchers.define :be_a_redirect do
+    match do |response|
+      response.status == 301
+    end
+  end
+
+  RSpec::Matchers.define :disallow_request do
+    match do |middleware|
+      flash = middleware.send(:rack_flash)
+      flash['alert'] && flash['alert'].include?('You cannot do writing operations')
+    end
+  end
+
+  RSpec::Matchers.define :disallow_request_in_json do
+    match do |response|
+      json_response = JSON.parse(response.body)
+      response.body.include?('You cannot do writing operations') && json_response.key?('message')
+    end
+  end
+
+  let(:rack_stack) do
+    rack = Rack::Builder.new do
+      use ActionDispatch::Session::CacheStore
+      use ActionDispatch::Flash
+      use ActionDispatch::ParamsParser
+    end
+
+    rack.run(subject)
+    rack.to_app
+  end
+
+  subject { described_class.new(fake_app) }
+
+  let(:request) { Rack::MockRequest.new(rack_stack) }
+
+  context 'normal requests to a read-only Gitlab instance' do
+    let(:fake_app) { lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ['OK']] } }
+
+    before do
+      allow(Gitlab::Database).to receive(:read_only?) { true }
+    end
+
+    it 'expects PATCH requests to be disallowed' do
+      response = request.patch('/test_request')
+
+      expect(response).to be_a_redirect
+      expect(subject).to disallow_request
+    end
+
+    it 'expects PUT requests to be disallowed' do
+      response = request.put('/test_request')
+
+      expect(response).to be_a_redirect
+      expect(subject).to disallow_request
+    end
+
+    it 'expects POST requests to be disallowed' do
+      response = request.post('/test_request')
+
+      expect(response).to be_a_redirect
+      expect(subject).to disallow_request
+    end
+
+    it 'expects a internal POST request to be allowed after a disallowed request' do
+      response = request.post('/test_request')
+
+      expect(response).to be_a_redirect
+
+      response = request.post("/api/#{API::API.version}/internal")
+
+      expect(response).not_to be_a_redirect
+    end
+
+    it 'expects DELETE requests to be disallowed' do
+      response = request.delete('/test_request')
+
+      expect(response).to be_a_redirect
+      expect(subject).to disallow_request
+    end
+
+    context 'whitelisted requests' do
+      it 'expects DELETE request to logout to be allowed' do
+        response = request.delete('/users/sign_out')
+
+        expect(response).not_to be_a_redirect
+        expect(subject).not_to disallow_request
+      end
+
+      it 'expects a POST internal request to be allowed' do
+        response = request.post("/api/#{API::API.version}/internal")
+
+        expect(response).not_to be_a_redirect
+        expect(subject).not_to disallow_request
+      end
+
+      it 'expects a POST LFS request to batch URL to be allowed' do
+        response = request.post('/root/rouge.git/info/lfs/objects/batch')
+
+        expect(response).not_to be_a_redirect
+        expect(subject).not_to disallow_request
+      end
+    end
+  end
+
+  context 'json requests to a read-only GitLab instance' do
+    let(:fake_app) { lambda { |env| [200, { 'Content-Type' => 'application/json' }, ['OK']] } }
+    let(:content_json) { { 'CONTENT_TYPE' => 'application/json' } }
+
+    before do
+      allow(Gitlab::Database).to receive(:read_only?) { true }
+    end
+
+    it 'expects PATCH requests to be disallowed' do
+      response = request.patch('/test_request', content_json)
+
+      expect(response).to disallow_request_in_json
+    end
+
+    it 'expects PUT requests to be disallowed' do
+      response = request.put('/test_request', content_json)
+
+      expect(response).to disallow_request_in_json
+    end
+
+    it 'expects POST requests to be disallowed' do
+      response = request.post('/test_request', content_json)
+
+      expect(response).to disallow_request_in_json
+    end
+
+    it 'expects DELETE requests to be disallowed' do
+      response = request.delete('/test_request', content_json)
+
+      expect(response).to disallow_request_in_json
+    end
+  end
+end
author	Toon Claes <toon@iotcl.com>	2017-09-19 09:44:58 +0200
committer	Toon Claes <toon@iotcl.com>	2017-10-06 22:37:40 +0200
commit	d13669716ab0c31ce9039ae9f7f073e33a4dc40f (patch)
tree	001bb2e6aa76ea7531c93e469c396f7fdcc408a7 /spec/lib/gitlab/middleware/read_only_spec.rb
parent	2cf5dca8f80cdefeb8932bf80417f52f289668c8 (diff)
download	gitlab-ce-d13669716ab0c31ce9039ae9f7f073e33a4dc40f.tar.gz