diff options
Diffstat (limited to 'spec/graphql/types/project_type_spec.rb')
-rw-r--r-- | spec/graphql/types/project_type_spec.rb | 168 |
1 files changed, 167 insertions, 1 deletions
diff --git a/spec/graphql/types/project_type_spec.rb b/spec/graphql/types/project_type_spec.rb index 9d0d7a3918a..95c835773e1 100644 --- a/spec/graphql/types/project_type_spec.rb +++ b/spec/graphql/types/project_type_spec.rb @@ -31,12 +31,171 @@ RSpec.describe GitlabSchema.types['Project'] do container_expiration_policy service_desk_enabled service_desk_address issue_status_counts terraform_states alert_management_integrations container_repositories container_repositories_count - pipeline_analytics squash_read_only + pipeline_analytics squash_read_only sast_ci_configuration ] expect(described_class).to include_graphql_fields(*expected_fields) end + describe 'sast_ci_configuration' do + let_it_be(:project) { create(:project) } + let_it_be(:user) { create(:user) } + + before do + stub_licensed_features(security_dashboard: true) + project.add_developer(user) + allow(project.repository).to receive(:blob_data_at).and_return(gitlab_ci_yml_content) + end + + include_context 'read ci configuration for sast enabled project' + + let(:query) do + %( + query { + project(fullPath: "#{project.full_path}") { + sastCiConfiguration { + global { + nodes { + type + options { + nodes { + label + value + } + } + field + label + defaultValue + value + size + } + } + pipeline { + nodes { + type + options { + nodes { + label + value + } + } + field + label + defaultValue + value + size + } + } + analyzers { + nodes { + name + label + enabled + } + } + } + } + } + ) + end + + subject { GitlabSchema.execute(query, context: { current_user: user }).as_json } + + it "returns the project's sast configuration for global variables" do + secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration', 'global', 'nodes').first + expect(secure_analyzers_prefix['type']).to eq('string') + expect(secure_analyzers_prefix['field']).to eq('SECURE_ANALYZERS_PREFIX') + expect(secure_analyzers_prefix['label']).to eq('Image prefix') + expect(secure_analyzers_prefix['defaultValue']).to eq('registry.gitlab.com/gitlab-org/security-products/analyzers') + expect(secure_analyzers_prefix['value']).to eq('registry.gitlab.com/gitlab-org/security-products/analyzers') + expect(secure_analyzers_prefix['size']).to eq('LARGE') + expect(secure_analyzers_prefix['options']).to be_nil + end + + it "returns the project's sast configuration for pipeline variables" do + pipeline_stage = subject.dig('data', 'project', 'sastCiConfiguration', 'pipeline', 'nodes').first + expect(pipeline_stage['type']).to eq('string') + expect(pipeline_stage['field']).to eq('stage') + expect(pipeline_stage['label']).to eq('Stage') + expect(pipeline_stage['defaultValue']).to eq('test') + expect(pipeline_stage['value']).to eq('test') + expect(pipeline_stage['size']).to eq('MEDIUM') + end + + it "returns the project's sast configuration for analyzer variables" do + analyzer = subject.dig('data', 'project', 'sastCiConfiguration', 'analyzers', 'nodes').first + expect(analyzer['name']).to eq('brakeman') + expect(analyzer['label']).to eq('Brakeman') + expect(analyzer['enabled']).to eq(true) + end + + context "with guest user" do + before do + project.add_guest(user) + end + + context 'when project is private' do + let(:project) { create(:project, :private, :repository) } + + it "returns no configuration" do + secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration') + expect(secure_analyzers_prefix).to be_nil + end + end + + context 'when project is public' do + let(:project) { create(:project, :public, :repository) } + + context 'when repository is accessible by everyone' do + it "returns the project's sast configuration for global variables" do + secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration', 'global', 'nodes').first + + expect(secure_analyzers_prefix['type']).to eq('string') + expect(secure_analyzers_prefix['field']).to eq('SECURE_ANALYZERS_PREFIX') + end + end + end + end + + context "with non-member user" do + before do + project.team.truncate + end + + context 'when project is private' do + let(:project) { create(:project, :private, :repository) } + + it "returns no configuration" do + secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration') + expect(secure_analyzers_prefix).to be_nil + end + end + + context 'when project is public' do + let(:project) { create(:project, :public, :repository) } + + context 'when repository is accessible by everyone' do + it "returns the project's sast configuration for global variables" do + secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration', 'global', 'nodes').first + expect(secure_analyzers_prefix['type']).to eq('string') + expect(secure_analyzers_prefix['field']).to eq('SECURE_ANALYZERS_PREFIX') + end + end + + context 'when repository is accessible only by team members' do + it "returns no configuration" do + project.project_feature.update!(merge_requests_access_level: ProjectFeature::DISABLED, + builds_access_level: ProjectFeature::DISABLED, + repository_access_level: ProjectFeature::PRIVATE) + + secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration') + expect(secure_analyzers_prefix).to be_nil + end + end + end + end + end + describe 'issue field' do subject { described_class.fields['issue'] } @@ -159,6 +318,13 @@ RSpec.describe GitlabSchema.types['Project'] do it { is_expected.to have_graphql_type(Types::ContainerExpirationPolicyType) } end + describe 'terraform state field' do + subject { described_class.fields['terraformState'] } + + it { is_expected.to have_graphql_type(Types::Terraform::StateType) } + it { is_expected.to have_graphql_resolver(Resolvers::Terraform::StatesResolver.single) } + end + describe 'terraform states field' do subject { described_class.fields['terraformStates'] } |