diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 08:27:35 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 08:27:35 +0000 |
commit | 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch) | |
tree | c8f718a08e110ad7e1894510980d2155a6549197 /spec/services/auth | |
parent | e852b0ae16db4052c1c567d9efa4facc81146e88 (diff) | |
download | gitlab-ce-7e9c479f7de77702622631cff2628a9c8dcbc627.tar.gz |
Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42
Diffstat (limited to 'spec/services/auth')
-rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 131 |
1 files changed, 68 insertions, 63 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index bc85f4f0087..90ef32f1c5c 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' RSpec.describe Auth::ContainerRegistryAuthenticationService do + include AdminModeHelper + let(:current_project) { nil } let(:current_user) { nil } let(:current_params) { {} } @@ -135,7 +137,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end describe '#full_access_token' do - let(:project) { create(:project) } + let_it_be(:project) { create(:project) } let(:token) { described_class.full_access_token(project.full_path) } subject { { token: token } } @@ -148,7 +150,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end describe '#pull_access_token' do - let(:project) { create(:project) } + let_it_be(:project) { create(:project) } let(:token) { described_class.pull_access_token(project.full_path) } subject { { token: token } } @@ -161,7 +163,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'user authorization' do - let(:current_user) { create(:user) } + let_it_be(:current_user) { create(:user) } context 'for registry catalog' do let(:current_params) do @@ -175,14 +177,14 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for private project' do - let(:project) { create(:project) } + let_it_be(:project) { create(:project) } context 'allow to use scope-less authentication' do it_behaves_like 'a valid token' end context 'allow developer to push images' do - before do + before_all do project.add_developer(current_user) end @@ -195,7 +197,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow developer to delete images' do - before do + before_all do project.add_developer(current_user) end @@ -222,7 +224,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow developer to delete images since registry 2.7' do - before do + before_all do project.add_developer(current_user) end @@ -235,7 +237,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'allow reporter to pull images' do - before do + before_all do project.add_reporter(current_user) end @@ -250,7 +252,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow reporter to delete images' do - before do + before_all do project.add_reporter(current_user) end @@ -263,7 +265,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow reporter to delete images since registry 2.7' do - before do + before_all do project.add_reporter(current_user) end @@ -276,7 +278,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'return a least of privileges' do - before do + before_all do project.add_reporter(current_user) end @@ -289,7 +291,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow guest to pull or push images' do - before do + before_all do project.add_guest(current_user) end @@ -302,7 +304,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow guest to delete images' do - before do + before_all do project.add_guest(current_user) end @@ -315,7 +317,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow guest to delete images since registry 2.7' do - before do + before_all do project.add_guest(current_user) end @@ -329,7 +331,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for public project' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } context 'allow anyone to pull images' do let(:current_params) do @@ -378,7 +380,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for internal project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } context 'for internal user' do context 'allow anyone to pull images' do @@ -420,7 +422,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do context 'for external user' do context 'disallow anyone to pull or push images' do - let(:current_user) { create(:user, external: true) } + let_it_be(:current_user) { create(:user, external: true) } let(:current_params) do { scopes: ["repository:#{project.full_path}:pull,push"] } end @@ -430,7 +432,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow anyone to delete images' do - let(:current_user) { create(:user, external: true) } + let_it_be(:current_user) { create(:user, external: true) } let(:current_params) do { scopes: ["repository:#{project.full_path}:*"] } end @@ -440,7 +442,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'disallow anyone to delete images since registry 2.7' do - let(:current_user) { create(:user, external: true) } + let_it_be(:current_user) { create(:user, external: true) } let(:current_params) do { scopes: ["repository:#{project.full_path}:delete"] } end @@ -453,14 +455,14 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'delete authorized as maintainer' do - let(:current_project) { create(:project) } - let(:current_user) { create(:user) } + let_it_be(:current_project) { create(:project) } + let_it_be(:current_user) { create(:user) } let(:authentication_abilities) do [:admin_container_image] end - before do + before_all do current_project.add_maintainer(current_user) end @@ -488,14 +490,14 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'build authorized as user' do - let(:current_project) { create(:project) } - let(:current_user) { create(:user) } + let_it_be(:current_project) { create(:project) } + let_it_be(:current_user) { create(:user) } let(:authentication_abilities) do [:build_read_container_image, :build_create_container_image, :build_destroy_container_image] end - before do + before_all do current_project.add_developer(current_user) end @@ -550,7 +552,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'allow for public' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } it_behaves_like 'a pullable' it_behaves_like 'not a container repository factory' @@ -563,7 +565,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'when you are member' do - before do + before_all do project.add_developer(current_user) end @@ -572,7 +574,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'when you are owner' do - let(:project) { create(:project, namespace: current_user.namespace) } + let_it_be(:project) { create(:project, namespace: current_user.namespace) } it_behaves_like 'a pullable' it_behaves_like 'not a container repository factory' @@ -580,12 +582,12 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for private' do - let(:project) { create(:project, :private) } + let_it_be(:project) { create(:project, :private) } it_behaves_like 'pullable for being team member' context 'when you are admin' do - let(:current_user) { create(:admin) } + let_it_be(:current_user) { create(:admin) } context 'when you are not member' do it_behaves_like 'an inaccessible' @@ -593,7 +595,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'when you are member' do - before do + before_all do project.add_developer(current_user) end @@ -602,7 +604,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'when you are owner' do - let(:project) { create(:project, namespace: current_user.namespace) } + let_it_be(:project) { create(:project, namespace: current_user.namespace) } it_behaves_like 'a pullable' it_behaves_like 'not a container repository factory' @@ -618,9 +620,9 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do context 'disallow for all' do context 'when you are member' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } - before do + before_all do project.add_developer(current_user) end @@ -629,7 +631,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'when you are owner' do - let(:project) { create(:project, :public, namespace: current_user.namespace) } + let_it_be(:project) { create(:project, :public, namespace: current_user.namespace) } it_behaves_like 'an inaccessible' it_behaves_like 'not a container repository factory' @@ -639,10 +641,10 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for project without container registry' do - let(:project) { create(:project, :public, container_registry_enabled: false) } + let_it_be(:project) { create(:project, :public, container_registry_enabled: false) } before do - project.update(container_registry_enabled: false) + project.update!(container_registry_enabled: false) end context 'disallow when pulling' do @@ -656,7 +658,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for project that disables repository' do - let(:project) { create(:project, :public, :repository_disabled) } + let_it_be(:project) { create(:project, :public, :repository_disabled) } context 'disallow when pulling' do let(:current_params) do @@ -670,8 +672,8 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'registry catalog browsing authorized as admin' do - let(:current_user) { create(:user, :admin) } - let(:project) { create(:project, :public) } + let_it_be(:current_user) { create(:user, :admin) } + let_it_be(:project) { create(:project, :public) } let(:current_params) do { scopes: ["registry:catalog:*"] } @@ -681,8 +683,8 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'support for multiple scopes' do - let(:internal_project) { create(:project, :internal) } - let(:private_project) { create(:project, :private) } + let_it_be(:internal_project) { create(:project, :internal) } + let_it_be(:private_project) { create(:project, :private) } let(:current_params) do { @@ -694,7 +696,11 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'user has access to all projects' do - let(:current_user) { create(:user, :admin) } + let_it_be(:current_user) { create(:user, :admin) } + + before do + enable_admin_mode!(current_user) + end it_behaves_like 'a browsable' do let(:access) do @@ -711,7 +717,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'user only has access to internal project' do - let(:current_user) { create(:user) } + let_it_be(:current_user) { create(:user) } it_behaves_like 'a browsable' do let(:access) do @@ -747,7 +753,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for private project' do - let(:project) { create(:project, :private) } + let_it_be(:project) { create(:project, :private) } let(:current_params) do { scopes: ["repository:#{project.full_path}:pull"] } @@ -757,7 +763,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for public project' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } context 'when pulling and pushing' do let(:current_params) do @@ -806,7 +812,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for public project' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } context 'when pulling' do it_behaves_like 'a pullable' @@ -824,7 +830,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for internal project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } context 'when pulling' do it_behaves_like 'a pullable' @@ -842,7 +848,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for private project' do - let(:project) { create(:project, :private) } + let_it_be(:project) { create(:project, :private) } context 'when pulling' do it_behaves_like 'a pullable' @@ -880,7 +886,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for public project' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } context 'when pulling' do it_behaves_like 'a pullable' @@ -890,7 +896,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for internal project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } context 'when pulling' do it_behaves_like 'an inaccessible' @@ -900,7 +906,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for private project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } context 'when pulling' do it_behaves_like 'an inaccessible' @@ -918,10 +924,10 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'when deploy token is not related to the project' do - let(:current_user) { create(:deploy_token, read_registry: false) } + let_it_be(:current_user) { create(:deploy_token, read_registry: false) } context 'for public project' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } context 'when pulling' do it_behaves_like 'a pullable' @@ -929,7 +935,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for internal project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } context 'when pulling' do it_behaves_like 'an inaccessible' @@ -937,7 +943,7 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'for private project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } context 'when pulling' do it_behaves_like 'an inaccessible' @@ -949,19 +955,19 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do let(:current_user) { create(:deploy_token, :revoked, projects: [project]) } context 'for public project' do - let(:project) { create(:project, :public) } + let_it_be(:project) { create(:project, :public) } it_behaves_like 'a pullable' end context 'for internal project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } it_behaves_like 'an inaccessible' end context 'for private project' do - let(:project) { create(:project, :internal) } + let_it_be(:project) { create(:project, :internal) } it_behaves_like 'an inaccessible' end @@ -969,14 +975,13 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do end context 'user authorization' do - let(:current_user) { create(:user) } + let_it_be(:current_user) { create(:user) } context 'with multiple scopes' do - let(:project) { create(:project) } - let(:project2) { create } + let_it_be(:project) { create(:project) } context 'allow developer to push images' do - before do + before_all do project.add_developer(current_user) end |