diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-20 09:55:51 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-20 09:55:51 +0000 |
commit | e8d2c2579383897a1dd7f9debd359abe8ae8373d (patch) | |
tree | c42be41678c2586d49a75cabce89322082698334 /spec/support/shared_examples/requests | |
parent | fc845b37ec3a90aaa719975f607740c22ba6a113 (diff) | |
download | gitlab-ce-e8d2c2579383897a1dd7f9debd359abe8ae8373d.tar.gz |
Add latest changes from gitlab-org/gitlab@14-1-stable-eev14.1.0-rc42
Diffstat (limited to 'spec/support/shared_examples/requests')
5 files changed, 392 insertions, 18 deletions
diff --git a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb index 0530aa8c760..1f68dd7a382 100644 --- a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb @@ -12,15 +12,17 @@ RSpec.shared_context 'Debian repository shared context' do |container_type, can_ let_it_be(:user, freeze: true) { create(:user) } let_it_be(:personal_access_token, freeze: true) { create(:personal_access_token, user: user) } - let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", container: private_container, codename: 'existing-codename') } + let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: private_container, codename: 'existing-codename') } let_it_be(:private_component, freeze: true) { create("debian_#{container_type}_component", distribution: private_distribution, name: 'existing-component') } let_it_be(:private_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'all') } let_it_be(:private_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'existing-arch') } + let_it_be(:private_component_file) { create("debian_#{container_type}_component_file", component: private_component, architecture: private_architecture) } - let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", container: public_container, codename: 'existing-codename') } + let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: public_container, codename: 'existing-codename') } let_it_be(:public_component, freeze: true) { create("debian_#{container_type}_component", distribution: public_distribution, name: 'existing-component') } let_it_be(:public_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'all') } let_it_be(:public_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'existing-arch') } + let_it_be(:public_component_file) { create("debian_#{container_type}_component_file", component: public_component, architecture: public_architecture) } if container_type == :group let_it_be(:private_project) { create(:project, :private, group: private_container) } @@ -40,14 +42,15 @@ RSpec.shared_context 'Debian repository shared context' do |container_type, can_ let(:visibility_level) { :public } let(:distribution) { { private: private_distribution, public: public_distribution }[visibility_level] } + let(:architecture) { { private: private_architecture, public: public_architecture }[visibility_level] } + let(:component) { { private: private_component, public: public_component }[visibility_level] } + let(:component_file) { { private: private_component_file, public: public_component_file }[visibility_level] } - let(:component) { 'main' } - let(:architecture) { 'amd64' } let(:source_package) { 'sample' } let(:letter) { source_package[0..2] == 'lib' ? source_package[0..3] : source_package[0] } let(:package_name) { 'libsample0' } let(:package_version) { '1.2.3~alpha2' } - let(:file_name) { "#{package_name}_#{package_version}_#{architecture}.deb" } + let(:file_name) { "#{package_name}_#{package_version}_#{architecture.name}.deb" } let(:method) { :get } diff --git a/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb b/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb index 9cf5bc04f65..7e1f4500779 100644 --- a/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb @@ -31,6 +31,28 @@ RSpec.shared_examples 'a noteable graphql type we can query' do expect(graphql_data_at(*path_to_noteable, :discussions, :nodes)) .to match_array(expected) end + + it 'can fetch discussion noteable' do + create(discussion_factory, project: project, noteable: noteable) + fields = + <<-QL.strip_heredoc + discussions { + nodes { + noteable { + __typename + ... on #{noteable.class.name.demodulize} { + id + } + } + } + } + QL + + post_graphql(query(fields), current_user: current_user) + + data = graphql_data_at(*path_to_noteable, :discussions, :nodes, :noteable, :id) + expect(data[0]).to eq(global_id_of(noteable)) + end end describe '.notes' do diff --git a/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb index 585c4fb8a4e..1ad38a17f9c 100644 --- a/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb @@ -1,9 +1,9 @@ # frozen_string_literal: true -RSpec.shared_examples 'rejects helm packages access' do |user_type, status, add_member = true| +RSpec.shared_examples 'rejects helm packages access' do |user_type, status| context "for user type #{user_type}" do before do - project.send("add_#{user_type}", user) if add_member && user_type != :anonymous + project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member end it_behaves_like 'returning response status', status @@ -18,19 +18,170 @@ RSpec.shared_examples 'rejects helm packages access' do |user_type, status, add_ end end -RSpec.shared_examples 'process helm download content request' do |user_type, status, add_member = true| +RSpec.shared_examples 'process helm service index request' do |user_type, status| context "for user type #{user_type}" do before do - project.send("add_#{user_type}", user) if add_member && user_type != :anonymous + project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member end - it_behaves_like 'returning response status', status + it 'returns a valid YAML response', :aggregate_failures do + subject + + expect(response).to have_gitlab_http_status(status) + + expect(response.media_type).to eq('text/yaml') + expect(response.body).to start_with("---\napiVersion: v1\nentries:\n") + + yaml_response = YAML.safe_load(response.body) + + expect(yaml_response.keys).to contain_exactly('apiVersion', 'entries', 'generated', 'serverInfo') + expect(yaml_response['entries']).to be_a(Hash) + expect(yaml_response['entries'].keys).to contain_exactly(package.name) + expect(yaml_response['serverInfo']).to eq({ 'contextPath' => "/api/v4/projects/#{project.id}/packages/helm" }) + + package_entry = yaml_response['entries'][package.name] + + expect(package_entry.length).to eq(1) + expect(package_entry.first.keys).to contain_exactly('name', 'version', 'apiVersion', 'created', 'digest', 'urls') + expect(package_entry.first['digest']).to eq('fd2b2fa0329e80a2a602c2bb3b40608bcd6ee5cf96cf46fd0d2800a4c129c9db') + expect(package_entry.first['urls']).to eq(["charts/#{package.name}-#{package.version}.tgz"]) + end + end +end + +RSpec.shared_examples 'process helm workhorse authorization' do |user_type, status, test_bypass: false| + context "for user type #{user_type}" do + before do + project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member + end + + it 'has the proper status and content type' do + subject + + expect(response).to have_gitlab_http_status(status) + expect(response.media_type).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) + end + + context 'with a request that bypassed gitlab-workhorse' do + let(:headers) do + basic_auth_header(user.username, personal_access_token.token) + .merge(workhorse_headers) + .tap { |h| h.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER) } + end + + before do + project.add_maintainer(user) + end + + it_behaves_like 'returning response status', :forbidden + end + end +end + +RSpec.shared_examples 'process helm upload' do |user_type, status| + shared_examples 'creates helm package files' do + it 'creates package files' do + expect(::Packages::Helm::ExtractionWorker).to receive(:perform_async).once + expect { subject } + .to change { project.packages.count }.by(1) + .and change { Packages::PackageFile.count }.by(1) + expect(response).to have_gitlab_http_status(status) + + package_file = project.packages.last.package_files.reload.last + expect(package_file.file_name).to eq('package.tgz') + end + end + + context "for user type #{user_type}" do + before do + project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member + end + + context 'with object storage disabled' do + before do + stub_package_file_object_storage(enabled: false) + end + + context 'without a file from workhorse' do + let(:send_rewritten_field) { false } + + it_behaves_like 'returning response status', :bad_request + end + + context 'with correct params' do + it_behaves_like 'package workhorse uploads' + it_behaves_like 'creates helm package files' + it_behaves_like 'a package tracking event', 'API::HelmPackages', 'push_package' + end + end + + context 'with object storage enabled' do + let(:tmp_object) do + fog_connection.directories.new(key: 'packages').files.create( # rubocop:disable Rails/SaveBang + key: "tmp/uploads/#{file_name}", + body: 'content' + ) + end + + let(:fog_file) { fog_to_uploaded_file(tmp_object) } + let(:params) { { chart: fog_file, 'chart.remote_id' => file_name } } + + context 'and direct upload enabled' do + let(:fog_connection) do + stub_package_file_object_storage(direct_upload: true) + end + + it_behaves_like 'creates helm package files' + + ['123123', '../../123123'].each do |remote_id| + context "with invalid remote_id: #{remote_id}" do + let(:params) do + { + chart: fog_file, + 'chart.remote_id' => remote_id + } + end + + it_behaves_like 'returning response status', :forbidden + end + end + end + + context 'and direct upload disabled' do + context 'and background upload disabled' do + let(:fog_connection) do + stub_package_file_object_storage(direct_upload: false, background_upload: false) + end + + it_behaves_like 'creates helm package files' + end + + context 'and background upload enabled' do + let(:fog_connection) do + stub_package_file_object_storage(direct_upload: false, background_upload: true) + end + + it_behaves_like 'creates helm package files' + end + end + end + + it_behaves_like 'background upload schedules a file migration' + end +end + +RSpec.shared_examples 'process helm download content request' do |user_type, status| + context "for user type #{user_type}" do + before do + project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member + end it_behaves_like 'a package tracking event', 'API::HelmPackages', 'pull_package' - it 'returns a valid package archive' do + it 'returns expected status and a valid package archive' do subject + expect(response).to have_gitlab_http_status(status) expect(response.media_type).to eq('application/octet-stream') end end @@ -51,3 +202,69 @@ RSpec.shared_examples 'rejects helm access with unknown project id' do end end end + +RSpec.shared_examples 'handling helm chart index requests' do + context 'with valid project' do + subject { get api(url), headers: headers } + + using RSpec::Parameterized::TableSyntax + + context 'personal token' do + where(:visibility, :user_role, :shared_examples_name, :expected_status) do + :public | :guest | 'process helm service index request' | :success + :public | :not_a_member | 'process helm service index request' | :success + :public | :anonymous | 'process helm service index request' | :success + :private | :reporter | 'process helm service index request' | :success + :private | :guest | 'rejects helm packages access' | :forbidden + :private | :not_a_member | 'rejects helm packages access' | :not_found + :private | :anonymous | 'rejects helm packages access' | :unauthorized + end + + with_them do + let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, personal_access_token.token) } + + before do + project.update!(visibility: visibility.to_s) + end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status] + end + end + + context 'when an invalid token is passed' do + let(:headers) { basic_auth_header(user.username, 'wrong') } + + it_behaves_like 'returning response status', :unauthorized + end + + context 'with job token' do + where(:visibility, :user_role, :shared_examples_name, :expected_status) do + :public | :guest | 'process helm service index request' | :success + :public | :not_a_member | 'process helm service index request' | :success + :public | :anonymous | 'process helm service index request' | :success + :private | :reporter | 'process helm service index request' | :success + :private | :guest | 'rejects helm packages access' | :forbidden + :private | :not_a_member | 'rejects helm packages access' | :not_found + :private | :anonymous | 'rejects helm packages access' | :unauthorized + end + + with_them do + let_it_be(:ci_build) { create(:ci_build, project: project, user: user, status: :running) } + + let(:headers) { user_role == :anonymous ? {} : job_basic_auth_header(ci_build) } + + before do + project.update!(visibility: visibility.to_s) + end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status] + end + end + end + + it_behaves_like 'deploy token for package GET requests' + + it_behaves_like 'rejects helm access with unknown project id' do + subject { get api(url) } + end +end diff --git a/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb index 617fdecbb5b..878cbc10a24 100644 --- a/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb @@ -136,8 +136,8 @@ RSpec.shared_examples 'process nuget workhorse authorization' do |user_type, sta end end -RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member = true| - RSpec.shared_examples 'creates nuget package files' do +RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member = true, symbol_package = false| + shared_examples 'creates nuget package files' do it 'creates package files' do expect(::Packages::Nuget::ExtractionWorker).to receive(:perform_async).once expect { subject } @@ -146,7 +146,7 @@ RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member = expect(response).to have_gitlab_http_status(status) package_file = target.packages.last.package_files.reload.last - expect(package_file.file_name).to eq('package.nupkg') + expect(package_file.file_name).to eq(file_name) end end @@ -169,7 +169,12 @@ RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member = context 'with correct params' do it_behaves_like 'package workhorse uploads' it_behaves_like 'creates nuget package files' - it_behaves_like 'a package tracking event', 'API::NugetPackages', 'push_package' + + if symbol_package + it_behaves_like 'a package tracking event', 'API::NugetPackages', 'push_symbol_package' + else + it_behaves_like 'a package tracking event', 'API::NugetPackages', 'push_package' + end end end @@ -300,6 +305,18 @@ RSpec.shared_examples 'process nuget download content request' do |user_type, st it_behaves_like 'rejects nuget packages access', :anonymous, :not_found end + context 'with symbol package' do + let(:format) { 'snupkg' } + + it 'returns a valid package archive' do + subject + + expect(response.media_type).to eq('application/octet-stream') + end + + it_behaves_like 'a package tracking event', 'API::NugetPackages', 'pull_symbol_package' + end + context 'with lower case package name' do let_it_be(:package_name) { 'dummy.package' } @@ -407,3 +424,114 @@ RSpec.shared_examples 'rejects nuget access with unknown target id' do end end end + +RSpec.shared_examples 'nuget authorize upload endpoint' do + using RSpec::Parameterized::TableSyntax + + context 'with valid project' do + where(:visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do + 'PUBLIC' | :developer | true | true | 'process nuget workhorse authorization' | :success + 'PUBLIC' | :guest | true | true | 'rejects nuget packages access' | :forbidden + 'PUBLIC' | :developer | true | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :guest | true | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :developer | false | true | 'rejects nuget packages access' | :forbidden + 'PUBLIC' | :guest | false | true | 'rejects nuget packages access' | :forbidden + 'PUBLIC' | :developer | false | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :guest | false | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :anonymous | false | true | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :developer | true | true | 'process nuget workhorse authorization' | :success + 'PRIVATE' | :guest | true | true | 'rejects nuget packages access' | :forbidden + 'PRIVATE' | :developer | true | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :guest | true | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :developer | false | true | 'rejects nuget packages access' | :not_found + 'PRIVATE' | :guest | false | true | 'rejects nuget packages access' | :not_found + 'PRIVATE' | :developer | false | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :guest | false | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :anonymous | false | true | 'rejects nuget packages access' | :unauthorized + end + + with_them do + let(:token) { user_token ? personal_access_token.token : 'wrong' } + let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } + let(:headers) { user_headers.merge(workhorse_headers) } + + before do + update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false)) + end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member] + end + end + + it_behaves_like 'deploy token for package uploads' + + it_behaves_like 'job token for package uploads', authorize_endpoint: true do + let_it_be(:job) { create(:ci_build, :running, user: user, project: project) } + end + + it_behaves_like 'rejects nuget access with unknown target id' + + it_behaves_like 'rejects nuget access with invalid target id' +end + +RSpec.shared_examples 'nuget upload endpoint' do |symbol_package: false| + using RSpec::Parameterized::TableSyntax + + context 'with valid project' do + where(:visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do + 'PUBLIC' | :developer | true | true | 'process nuget upload' | :created + 'PUBLIC' | :guest | true | true | 'rejects nuget packages access' | :forbidden + 'PUBLIC' | :developer | true | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :guest | true | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :developer | false | true | 'rejects nuget packages access' | :forbidden + 'PUBLIC' | :guest | false | true | 'rejects nuget packages access' | :forbidden + 'PUBLIC' | :developer | false | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :guest | false | false | 'rejects nuget packages access' | :unauthorized + 'PUBLIC' | :anonymous | false | true | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :developer | true | true | 'process nuget upload' | :created + 'PRIVATE' | :guest | true | true | 'rejects nuget packages access' | :forbidden + 'PRIVATE' | :developer | true | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :guest | true | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :developer | false | true | 'rejects nuget packages access' | :not_found + 'PRIVATE' | :guest | false | true | 'rejects nuget packages access' | :not_found + 'PRIVATE' | :developer | false | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :guest | false | false | 'rejects nuget packages access' | :unauthorized + 'PRIVATE' | :anonymous | false | true | 'rejects nuget packages access' | :unauthorized + end + + with_them do + let(:token) { user_token ? personal_access_token.token : 'wrong' } + let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } + let(:headers) { user_headers.merge(workhorse_headers) } + let(:snowplow_gitlab_standard_context) { { project: project, user: user, namespace: project.namespace } } + + before do + update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false)) + end + + it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member], symbol_package + end + end + + it_behaves_like 'deploy token for package uploads' + + it_behaves_like 'job token for package uploads' do + let_it_be(:job) { create(:ci_build, :running, user: user, project: project) } + end + + it_behaves_like 'rejects nuget access with unknown target id' + + it_behaves_like 'rejects nuget access with invalid target id' + + context 'file size above maximum limit' do + let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_headers) } + + before do + allow_next_instance_of(UploadedFile) do |uploaded_file| + allow(uploaded_file).to receive(:size).and_return(project.actual_limits.nuget_max_file_size + 1) + end + end + + it_behaves_like 'returning response status', :bad_request + end +end diff --git a/spec/support/shared_examples/requests/api/packages_shared_examples.rb b/spec/support/shared_examples/requests/api/packages_shared_examples.rb index 42c29084d7b..ecde4ee8565 100644 --- a/spec/support/shared_examples/requests/api/packages_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/packages_shared_examples.rb @@ -100,7 +100,7 @@ RSpec.shared_examples 'job token for package GET requests' do end end -RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false| +RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false, accept_invalid_username: false| context 'with job token headers' do let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) } @@ -133,7 +133,11 @@ RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: fa context 'invalid user' do let(:headers) { basic_auth_header('foo', job.token).merge(workhorse_headers) } - it_behaves_like 'returning response status', :unauthorized + if accept_invalid_username + it_behaves_like 'returning response status', :success + else + it_behaves_like 'returning response status', :unauthorized + end end end end @@ -143,7 +147,7 @@ RSpec.shared_examples 'a package tracking event' do |category, action| stub_feature_flags(collect_package_events: true) end - it "creates a gitlab tracking event #{action}", :snowplow do + it "creates a gitlab tracking event #{action}", :snowplow, :aggregate_failures do expect { subject }.to change { Packages::Event.count }.by(1) expect_snowplow_event(category: category, action: action, **snowplow_gitlab_standard_context) |