diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 10:00:54 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 10:00:54 +0000 |
commit | 3cccd102ba543e02725d247893729e5c73b38295 (patch) | |
tree | f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/requests/api/ci/secure_files_spec.rb | |
parent | 205943281328046ef7b4528031b90fbda70c75ac (diff) | |
download | gitlab-ce-3cccd102ba543e02725d247893729e5c73b38295.tar.gz |
Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42
Diffstat (limited to 'spec/requests/api/ci/secure_files_spec.rb')
-rw-r--r-- | spec/requests/api/ci/secure_files_spec.rb | 153 |
1 files changed, 108 insertions, 45 deletions
diff --git a/spec/requests/api/ci/secure_files_spec.rb b/spec/requests/api/ci/secure_files_spec.rb index aa479cb8713..6de6d1ef222 100644 --- a/spec/requests/api/ci/secure_files_spec.rb +++ b/spec/requests/api/ci/secure_files_spec.rb @@ -6,15 +6,24 @@ RSpec.describe API::Ci::SecureFiles do before do stub_ci_secure_file_object_storage stub_feature_flags(ci_secure_files: true) + stub_feature_flags(ci_secure_files_read_only: false) end let_it_be(:maintainer) { create(:user) } let_it_be(:developer) { create(:user) } let_it_be(:guest) { create(:user) } let_it_be(:anonymous) { create(:user) } + let_it_be(:unconfirmed) { create(:user, :unconfirmed) } let_it_be(:project) { create(:project, creator_id: maintainer.id) } let_it_be(:secure_file) { create(:ci_secure_file, project: project) } + let(:file_params) do + { + file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), + name: 'upload-keystore.jks' + } + end + before_all do project.add_maintainer(maintainer) project.add_developer(developer) @@ -39,6 +48,43 @@ RSpec.describe API::Ci::SecureFiles do end end + context 'ci_secure_files_read_only feature flag' do + context 'when the flag is enabled' do + before do + stub_feature_flags(ci_secure_files_read_only: true) + end + + it 'returns a 503 when attempting to upload a file' do + stub_feature_flags(ci_secure_files_read_only: true) + + expect do + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params + end.not_to change {project.secure_files.count} + + expect(response).to have_gitlab_http_status(:service_unavailable) + end + + it 'returns a 200 when downloading a file' do + stub_feature_flags(ci_secure_files_read_only: true) + + get api("/projects/#{project.id}/secure_files", developer) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to be_a(Array) + end + end + + context 'when the flag is disabled' do + it 'returns a 201 when uploading a file when the ci_secure_files_read_only feature flag is disabled' do + expect do + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params + end.to change {project.secure_files.count}.by(1) + + expect(response).to have_gitlab_http_status(:created) + end + end + end + context 'authenticated user with admin permissions' do it 'returns project secure files' do get api("/projects/#{project.id}/secure_files", maintainer) @@ -73,6 +119,14 @@ RSpec.describe API::Ci::SecureFiles do end end + context 'unconfirmed user' do + it 'does not return project secure files' do + get api("/projects/#{project.id}/secure_files", unconfirmed) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + context 'unauthenticated user' do it 'does not return project secure files' do get api("/projects/#{project.id}/secure_files") @@ -117,6 +171,14 @@ RSpec.describe API::Ci::SecureFiles do end end + context 'unconfirmed user' do + it 'does not return project secure file details' do + get api("/projects/#{project.id}/secure_files/#{secure_file.id}", unconfirmed) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + context 'unauthenticated user' do it 'does not return project secure file details' do get api("/projects/#{project.id}/secure_files/#{secure_file.id}") @@ -167,6 +229,14 @@ RSpec.describe API::Ci::SecureFiles do end end + context 'unconfirmed user' do + it 'does not return project secure file details' do + get api("/projects/#{project.id}/secure_files/#{secure_file.id}/download", unconfirmed) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + context 'unauthenticated user' do it 'does not return project secure file details' do get api("/projects/#{project.id}/secure_files/#{secure_file.id}/download") @@ -179,14 +249,8 @@ RSpec.describe API::Ci::SecureFiles do describe 'POST /projects/:id/secure_files' do context 'authenticated user with admin permissions' do it 'creates a secure file' do - params = { - file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), - name: 'upload-keystore.jks', - permissions: 'execute' - } - expect do - post api("/projects/#{project.id}/secure_files", maintainer), params: params + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params.merge(permissions: 'execute') end.to change {project.secure_files.count}.by(1) expect(response).to have_gitlab_http_status(:created) @@ -204,26 +268,15 @@ RSpec.describe API::Ci::SecureFiles do end it 'creates a secure file with read_only permissions by default' do - params = { - file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), - name: 'upload-keystore.jks' - } - expect do - post api("/projects/#{project.id}/secure_files", maintainer), params: params + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params end.to change {project.secure_files.count}.by(1) expect(json_response['permissions']).to eq('read_only') end it 'uploads and downloads a secure file' do - post_params = { - file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), - name: 'upload-keystore.jks', - permissions: 'read_write' - } - - post api("/projects/#{project.id}/secure_files", maintainer), params: post_params + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params secure_file_id = json_response['id'] @@ -243,12 +296,8 @@ RSpec.describe API::Ci::SecureFiles do end it 'returns an error when no file is uploaded' do - post_params = { - name: 'upload-keystore.jks' - } - expect do - post api("/projects/#{project.id}/secure_files", maintainer), params: post_params + post api("/projects/#{project.id}/secure_files", maintainer), params: { name: 'upload-keystore.jks' } end.not_to change { project.secure_files.count } expect(response).to have_gitlab_http_status(:bad_request) @@ -256,7 +305,17 @@ RSpec.describe API::Ci::SecureFiles do end it 'returns an error when the file name is missing' do + expect do + post api("/projects/#{project.id}/secure_files", maintainer), params: { file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks') } + end.not_to change { project.secure_files.count } + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to eq('name is missing') + end + + it 'returns an error when the file name has already been used' do post_params = { + name: secure_file.name, file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks') } @@ -265,18 +324,12 @@ RSpec.describe API::Ci::SecureFiles do end.not_to change { project.secure_files.count } expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['error']).to eq('name is missing') + expect(json_response['message']['name']).to include('has already been taken') end it 'returns an error when an unexpected permission is supplied' do - post_params = { - file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), - name: 'upload-keystore.jks', - permissions: 'foo' - } - expect do - post api("/projects/#{project.id}/secure_files", maintainer), params: post_params + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params.merge(permissions: 'foo') end.not_to change { project.secure_files.count } expect(response).to have_gitlab_http_status(:bad_request) @@ -290,13 +343,8 @@ RSpec.describe API::Ci::SecureFiles do allow(instance).to receive_message_chain(:errors, :messages).and_return(['Error 1', 'Error 2']) end - post_params = { - file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), - name: 'upload-keystore.jks' - } - expect do - post api("/projects/#{project.id}/secure_files", maintainer), params: post_params + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params end.not_to change { project.secure_files.count } expect(response).to have_gitlab_http_status(:bad_request) @@ -307,13 +355,8 @@ RSpec.describe API::Ci::SecureFiles do allow(instance).to receive_message_chain(:file, :size).and_return(6.megabytes.to_i) end - post_params = { - file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'), - name: 'upload-keystore.jks' - } - expect do - post api("/projects/#{project.id}/secure_files", maintainer), params: post_params + post api("/projects/#{project.id}/secure_files", maintainer), params: file_params end.not_to change { project.secure_files.count } expect(response).to have_gitlab_http_status(:payload_too_large) @@ -340,6 +383,16 @@ RSpec.describe API::Ci::SecureFiles do end end + context 'unconfirmed user' do + it 'does not create a secure file' do + expect do + post api("/projects/#{project.id}/secure_files", unconfirmed) + end.not_to change { project.secure_files.count } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + context 'unauthenticated user' do it 'does not create a secure file' do expect do @@ -390,6 +443,16 @@ RSpec.describe API::Ci::SecureFiles do end end + context 'unconfirmed user' do + it 'does not delete the secure_file' do + expect do + delete api("/projects/#{project.id}/secure_files#{secure_file.id}", unconfirmed) + end.not_to change { project.secure_files.count } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + context 'unauthenticated user' do it 'does not delete the secure_file' do expect do |