diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-04 21:07:54 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-04 21:07:54 +0000 |
commit | 2fd92f2dc784ade9cb4e1c33dd60cbfad7b86818 (patch) | |
tree | 7779f36689db97a46e0268a4aec1d49f283eb0c8 /spec/services/auth | |
parent | 42ca24aa5bbab7a2d43bc866d9bee9876941cea2 (diff) | |
download | gitlab-ce-2fd92f2dc784ade9cb4e1c33dd60cbfad7b86818.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/services/auth')
-rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 5003dfcc951..84f4a7a4e7a 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -769,6 +769,15 @@ describe Auth::ContainerRegistryAuthenticationService do context 'when deploy token has read_registry as a scope' do let(:current_user) { create(:deploy_token, projects: [project]) } + shared_examples 'able to login' do + context 'registry provides read_container_image authentication_abilities' do + let(:current_params) { {} } + let(:authentication_abilities) { [:read_container_image] } + + it_behaves_like 'an authenticated' + end + end + context 'for public project' do let(:project) { create(:project, :public) } @@ -783,6 +792,8 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' end + + it_behaves_like 'able to login' end context 'for internal project' do @@ -799,6 +810,8 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' end + + it_behaves_like 'able to login' end context 'for private project' do @@ -815,18 +828,38 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' end + + it_behaves_like 'able to login' end end context 'when deploy token does not have read_registry scope' do let(:current_user) { create(:deploy_token, projects: [project], read_registry: false) } + shared_examples 'unable to login' do + context 'registry provides no container authentication_abilities' do + let(:current_params) { {} } + let(:authentication_abilities) { [] } + + it_behaves_like 'a forbidden' + end + + context 'registry provides inapplicable container authentication_abilities' do + let(:current_params) { {} } + let(:authentication_abilities) { [:download_code] } + + it_behaves_like 'a forbidden' + end + end + context 'for public project' do let(:project) { create(:project, :public) } context 'when pulling' do it_behaves_like 'a pullable' end + + it_behaves_like 'unable to login' end context 'for internal project' do @@ -835,6 +868,8 @@ describe Auth::ContainerRegistryAuthenticationService do context 'when pulling' do it_behaves_like 'an inaccessible' end + + it_behaves_like 'unable to login' end context 'for private project' do @@ -843,6 +878,15 @@ describe Auth::ContainerRegistryAuthenticationService do context 'when pulling' do it_behaves_like 'an inaccessible' end + + context 'when logging in' do + let(:current_params) { {} } + let(:authentication_abilities) { [] } + + it_behaves_like 'a forbidden' + end + + it_behaves_like 'unable to login' end end |