summaryrefslogtreecommitdiff
path: root/spec/services/auth
diff options
context:
space:
mode:
authorLin Jen-Shin <godfat@godfat.org>2017-08-02 15:55:17 +0800
committerLin Jen-Shin <godfat@godfat.org>2017-08-02 15:55:17 +0800
commita210ddaa1bee5222320108a654e52f4f4c26df05 (patch)
tree7318f193d9246929ee1458ef4426599ce843734d /spec/services/auth
parent2822081821f3f1e1e8cf8cfd8228ddb282b2d198 (diff)
parenta623446a09e047b73a4fc871bf5de4bb75e100ea (diff)
downloadgitlab-ce-a210ddaa1bee5222320108a654e52f4f4c26df05.tar.gz
Merge remote-tracking branch 'upstream/master' into add-star-for-action-scope
* upstream/master: (3161 commits) Derive project path from import URL add article to list link to CI/CD Deep Dive demo for #5800 Add code review guidelines related to Build [CI skip]. Make time span dropdown style on cycle analytics page consistent copyedit, add article to the list Make Markdown autocomplete dropdown style consistent Add 204. Remove duplicated method. Make sure we didn't commit conflicts Fix bug in blob test Always fetch branches before finding the merge base, otherwise we could find an outdated merge base Fixes dropdown margin in sidebar Fixes the search losing focus Docs add blog articles Inline script cleanup globals and easy Add option to use CommitLanguages RPC CI fixes for gitaly-ruby fix Allow logged in users to read user list under public restriction Small refactor in LegacyNamespace and moved back send_update_instructions ...
Diffstat (limited to 'spec/services/auth')
-rw-r--r--spec/services/auth/container_registry_authentication_service_spec.rb62
1 files changed, 37 insertions, 25 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 0609790893d..7f704629bfa 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -1,6 +1,6 @@
require 'spec_helper'
-describe Auth::ContainerRegistryAuthenticationService, services: true do
+describe Auth::ContainerRegistryAuthenticationService do
let(:current_project) { nil }
let(:current_user) { nil }
let(:current_params) { {} }
@@ -34,7 +34,9 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
context 'for changed configuration' do
- before { stub_application_setting(container_registry_token_expire_delay: expire_delay) }
+ before do
+ stub_application_setting(container_registry_token_expire_delay: expire_delay)
+ end
it { expect(expires_at).to be_within(2.seconds).of(Time.now + expire_delay.minutes) }
end
@@ -44,7 +46,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
shared_examples 'an accessible' do
let(:access) do
[{ 'type' => 'repository',
- 'name' => project.path_with_namespace,
+ 'name' => project.full_path,
'actions' => actions }]
end
@@ -101,7 +103,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
describe '#full_access_token' do
let(:project) { create(:empty_project) }
- let(:token) { described_class.full_access_token(project.path_with_namespace) }
+ let(:token) { described_class.full_access_token(project.full_path) }
subject { { token: token } }
@@ -123,10 +125,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
context 'allow developer to push images' do
- before { project.team << [current_user, :developer] }
+ before do
+ project.team << [current_user, :developer]
+ end
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:push" }
+ { scope: "repository:#{project.full_path}:push" }
end
it_behaves_like 'a pushable'
@@ -144,11 +148,13 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
context 'allow reporter to pull images' do
- before { project.team << [current_user, :reporter] }
+ before do
+ project.team << [current_user, :reporter]
+ end
context 'when pulling from root level repository' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull" }
+ { scope: "repository:#{project.full_path}:pull" }
end
it_behaves_like 'a pullable'
@@ -167,10 +173,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
context 'return a least of privileges' do
- before { project.team << [current_user, :reporter] }
+ before do
+ project.team << [current_user, :reporter]
+ end
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:push,pull" }
+ { scope: "repository:#{project.full_path}:push,pull" }
end
it_behaves_like 'a pullable'
@@ -178,10 +186,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
context 'disallow guest to pull or push images' do
- before { project.team << [current_user, :guest] }
+ before do
+ project.team << [current_user, :guest]
+ end
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull,push" }
+ { scope: "repository:#{project.full_path}:pull,push" }
end
it_behaves_like 'an inaccessible'
@@ -204,7 +214,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'allow anyone to pull images' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull" }
+ { scope: "repository:#{project.full_path}:pull" }
end
it_behaves_like 'a pullable'
@@ -213,7 +223,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'disallow anyone to push images' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:push" }
+ { scope: "repository:#{project.full_path}:push" }
end
it_behaves_like 'an inaccessible'
@@ -244,7 +254,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'for internal user' do
context 'allow anyone to pull images' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull" }
+ { scope: "repository:#{project.full_path}:pull" }
end
it_behaves_like 'a pullable'
@@ -253,7 +263,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'disallow anyone to push images' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:push" }
+ { scope: "repository:#{project.full_path}:push" }
end
it_behaves_like 'an inaccessible'
@@ -272,7 +282,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'for external user' do
let(:current_user) { create(:user, external: true) }
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull,push,*" }
+ { scope: "repository:#{project.full_path}:pull,push,*" }
end
it_behaves_like 'an inaccessible'
@@ -319,7 +329,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'allow to pull and push images' do
let(:current_params) do
- { scope: "repository:#{current_project.path_with_namespace}:pull,push" }
+ { scope: "repository:#{current_project.full_path}:pull,push" }
end
it_behaves_like 'a pullable and pushable' do
@@ -344,7 +354,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'for other projects' do
context 'when pulling' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull" }
+ { scope: "repository:#{project.full_path}:pull" }
end
context 'allow for public' do
@@ -411,7 +421,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'when pushing' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:push" }
+ { scope: "repository:#{project.full_path}:push" }
end
context 'disallow for all' do
@@ -439,11 +449,13 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'for project without container registry' do
let(:project) { create(:empty_project, :public, container_registry_enabled: false) }
- before { project.update(container_registry_enabled: false) }
+ before do
+ project.update(container_registry_enabled: false)
+ end
context 'disallow when pulling' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull" }
+ { scope: "repository:#{project.full_path}:pull" }
end
it_behaves_like 'an inaccessible'
@@ -471,7 +483,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
let(:project) { create(:empty_project, :private) }
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull" }
+ { scope: "repository:#{project.full_path}:pull" }
end
it_behaves_like 'a forbidden'
@@ -482,7 +494,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'when pulling and pushing' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:pull,push" }
+ { scope: "repository:#{project.full_path}:pull,push" }
end
it_behaves_like 'a pullable'
@@ -491,7 +503,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'when pushing' do
let(:current_params) do
- { scope: "repository:#{project.path_with_namespace}:push" }
+ { scope: "repository:#{project.full_path}:push" }
end
it_behaves_like 'a forbidden'