diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
| commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
| tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/requests/api/internal | |
| parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) | |
| download | gitlab-ce-85dc423f7090da0a52c73eb66faf22ddb20efff9.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'spec/requests/api/internal')
| -rw-r--r-- | spec/requests/api/internal/base_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/internal/kubernetes_spec.rb | 124 |
2 files changed, 87 insertions, 41 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index 873189af397..4a0a7c81781 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -415,7 +415,7 @@ RSpec.describe API::Internal::Base do let(:env) { {} } around do |example| - Timecop.freeze { example.run } + freeze_time { example.run } end before do @@ -1179,7 +1179,7 @@ RSpec.describe API::Internal::Base do let(:gl_repository) { "snippet-#{personal_snippet.id}" } it 'does not try to notify that project moved' do - allow(Gitlab::GlRepository).to receive(:parse).and_return([personal_snippet, nil, Gitlab::GlRepository::PROJECT]) + allow(Gitlab::GlRepository).to receive(:parse).and_return([personal_snippet, nil, Gitlab::GlRepository::SNIPPET]) expect(Gitlab::Checks::ProjectMoved).not_to receive(:fetch_message) diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb index 555ca441fe7..f669483b5a4 100644 --- a/spec/requests/api/internal/kubernetes_spec.rb +++ b/spec/requests/api/internal/kubernetes_spec.rb @@ -3,24 +3,97 @@ require 'spec_helper' RSpec.describe API::Internal::Kubernetes do - describe "GET /internal/kubernetes/agent_info" do + let(:jwt_auth_headers) do + jwt_token = JWT.encode({ 'iss' => Gitlab::Kas::JWT_ISSUER }, Gitlab::Kas.secret, 'HS256') + + { Gitlab::Kas::INTERNAL_API_REQUEST_HEADER => jwt_token } + end + + let(:jwt_secret) { SecureRandom.random_bytes(Gitlab::Kas::SECRET_LENGTH) } + + before do + allow(Gitlab::Kas).to receive(:secret).and_return(jwt_secret) + end + + shared_examples 'authorization' do + context 'not authenticated' do + it 'returns 401' do + send_request(headers: { Gitlab::Kas::INTERNAL_API_REQUEST_HEADER => '' }) + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + context 'kubernetes_agent_internal_api feature flag disabled' do before do stub_feature_flags(kubernetes_agent_internal_api: false) end it 'returns 404' do - get api('/internal/kubernetes/agent_info') + send_request expect(response).to have_gitlab_http_status(:not_found) end end + end + shared_examples 'agent authentication' do it 'returns 403 if Authorization header not sent' do - get api('/internal/kubernetes/agent_info') + send_request + + expect(response).to have_gitlab_http_status(:forbidden) + end + + it 'returns 403 if Authorization is for non-existent agent' do + send_request(headers: { 'Authorization' => 'Bearer NONEXISTENT' }) expect(response).to have_gitlab_http_status(:forbidden) end + end + + describe 'POST /internal/kubernetes/usage_metrics' do + def send_request(headers: {}, params: {}) + post api('/internal/kubernetes/usage_metrics'), params: params, headers: headers.reverse_merge(jwt_auth_headers) + end + + include_examples 'authorization' + + context 'is authenticated for an agent' do + let!(:agent_token) { create(:cluster_agent_token) } + + it 'returns no_content for valid gitops_sync_count' do + send_request(params: { gitops_sync_count: 10 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:no_content) + end + + it 'returns no_content 0 gitops_sync_count' do + send_request(params: { gitops_sync_count: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:no_content) + end + + it 'returns 400 for non number' do + send_request(params: { gitops_sync_count: 'string' }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'returns 400 for negative number' do + send_request(params: { gitops_sync_count: '-1' }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:bad_request) + end + end + end + + describe "GET /internal/kubernetes/agent_info" do + def send_request(headers: {}, params: {}) + get api('/internal/kubernetes/agent_info'), params: params, headers: headers.reverse_merge(jwt_auth_headers) + end + + include_examples 'authorization' + include_examples 'agent authentication' context 'an agent is found' do let!(:agent_token) { create(:cluster_agent_token) } @@ -29,7 +102,7 @@ RSpec.describe API::Internal::Kubernetes do let(:project) { agent.project } it 'returns expected data', :aggregate_failures do - get api('/internal/kubernetes/agent_info'), headers: { 'Authorization' => "Bearer #{agent_token.token}" } + send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" }) expect(response).to have_gitlab_http_status(:success) @@ -53,42 +126,15 @@ RSpec.describe API::Internal::Kubernetes do ) end end - - context 'no such agent exists' do - it 'returns 404' do - get api('/internal/kubernetes/agent_info'), headers: { 'Authorization' => 'Bearer ABCD' } - - expect(response).to have_gitlab_http_status(:forbidden) - end - end end describe 'GET /internal/kubernetes/project_info' do - context 'kubernetes_agent_internal_api feature flag disabled' do - before do - stub_feature_flags(kubernetes_agent_internal_api: false) - end - - it 'returns 404' do - get api('/internal/kubernetes/project_info') - - expect(response).to have_gitlab_http_status(:not_found) - end + def send_request(headers: {}, params: {}) + get api('/internal/kubernetes/project_info'), params: params, headers: headers.reverse_merge(jwt_auth_headers) end - it 'returns 403 if Authorization header not sent' do - get api('/internal/kubernetes/project_info') - - expect(response).to have_gitlab_http_status(:forbidden) - end - - context 'no such agent exists' do - it 'returns 404' do - get api('/internal/kubernetes/project_info'), headers: { 'Authorization' => 'Bearer ABCD' } - - expect(response).to have_gitlab_http_status(:forbidden) - end - end + include_examples 'authorization' + include_examples 'agent authentication' context 'an agent is found' do let!(:agent_token) { create(:cluster_agent_token) } @@ -99,7 +145,7 @@ RSpec.describe API::Internal::Kubernetes do let(:project) { create(:project, :public) } it 'returns expected data', :aggregate_failures do - get api('/internal/kubernetes/project_info'), params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) expect(response).to have_gitlab_http_status(:success) @@ -126,7 +172,7 @@ RSpec.describe API::Internal::Kubernetes do let(:project) { create(:project, :private) } it 'returns 404' do - get api('/internal/kubernetes/project_info'), params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) expect(response).to have_gitlab_http_status(:not_found) end @@ -136,7 +182,7 @@ RSpec.describe API::Internal::Kubernetes do let(:project) { create(:project, :internal) } it 'returns 404' do - get api('/internal/kubernetes/project_info'), params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) expect(response).to have_gitlab_http_status(:not_found) end @@ -144,7 +190,7 @@ RSpec.describe API::Internal::Kubernetes do context 'project does not exist' do it 'returns 404' do - get api('/internal/kubernetes/project_info'), params: { id: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + send_request(params: { id: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) expect(response).to have_gitlab_http_status(:not_found) end |