Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-20 10:00:54 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-20 10:00:54 +0000
commit: 3cccd102ba543e02725d247893729e5c73b38295 (patch)
tree: f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/requests/api/settings_spec.rb
parent: 205943281328046ef7b4528031b90fbda70c75ac (diff)
download: gitlab-ce-3cccd102ba543e02725d247893729e5c73b38295.tar.gz
1 files changed, 50 insertions, 1 deletions
diff --git a/spec/requests/api/settings_spec.rb b/spec/requests/api/settings_spec.rb
index f7048a1ca6b..c724c69045e 100644
--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -91,7 +91,7 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting do
         end
       end
 
-      it "updates application settings" do
+      it "updates application settings", fips_mode: false do
         put api("/application/settings", admin),
           params: {
             default_ci_config_path: 'debian/salsa-ci.yml',
@@ -286,6 +286,55 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting do
       expect(json_response['hashed_storage_enabled']).to eq(true)
     end
 
+    context 'SSH key restriction settings', :fips_mode do
+      let(:settings) do
+        {
+          dsa_key_restriction: -1,
+          ecdsa_key_restriction: 256,
+          ecdsa_sk_key_restriction: 256,
+          ed25519_key_restriction: 256,
+          ed25519_sk_key_restriction: 256,
+          rsa_key_restriction: 3072
+        }
+      end
+
+      it 'allows updating the settings' do
+        put api("/application/settings", admin), params: settings
+
+        expect(response).to have_gitlab_http_status(:ok)
+        settings.each do |attribute, value|
+          expect(ApplicationSetting.current.public_send(attribute)).to eq(value)
+        end
+      end
+
+      it 'does not allow DSA keys' do
+        put api("/application/settings", admin), params: { dsa_key_restriction: 1024 }
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+      end
+
+      it 'does not allow short RSA key values' do
+        put api("/application/settings", admin), params: { rsa_key_restriction: 2048 }
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+      end
+
+      it 'does not allow unrestricted key lengths' do
+        types = %w(dsa_key_restriction
+                   ecdsa_key_restriction
+                   ecdsa_sk_key_restriction
+                   ed25519_key_restriction
+                   ed25519_sk_key_restriction
+                   rsa_key_restriction)
+
+        types.each do |type|
+          put api("/application/settings", admin), params: { type => 0 }
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+        end
+      end
+    end
+
     context 'external policy classification settings' do
       let(:settings) do
         {
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-20 10:00:54 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-20 10:00:54 +0000
commit	3cccd102ba543e02725d247893729e5c73b38295 (patch)
tree	f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/requests/api/settings_spec.rb
parent	205943281328046ef7b4528031b90fbda70c75ac (diff)
download	gitlab-ce-3cccd102ba543e02725d247893729e5c73b38295.tar.gz