1 files changed, 70 insertions, 13 deletions

diff --git a/spec/lib/gitlab/ci/config/external/file/project_spec.rb b/spec/lib/gitlab/ci/config/external/file/project_spec.rb
index 74720c0a3ca..5d3412a148b 100644
--- a/spec/lib/gitlab/ci/config/external/file/project_spec.rb
+++ b/spec/lib/gitlab/ci/config/external/file/project_spec.rb
@@ -66,6 +66,11 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
   end
 
   describe '#valid?' do
+    subject(:valid?) do
+      project_file.validate!
+      project_file.valid?
+    end
+
     context 'when a valid path is used' do
       let(:params) do
         { project: project.full_path, file: '/file.yml' }
@@ -74,18 +79,16 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
       let(:root_ref_sha) { project.repository.root_ref_sha }
 
       before do
-        stub_project_blob(root_ref_sha, '/file.yml') { 'image: ruby:2.7' }
+        stub_project_blob(root_ref_sha, '/file.yml') { 'image: image:1.0' }
       end
 
-      it 'returns true' do
-        expect(project_file).to be_valid
-      end
+      it { is_expected.to be_truthy }
 
       context 'when user does not have permission to access file' do
         let(:context_user) { create(:user) }
 
         it 'returns false' do
-          expect(project_file).not_to be_valid
+          expect(valid?).to be_falsy
           expect(project_file.error_message).to include("Project `#{project.full_path}` not found or access denied!")
         end
       end
@@ -99,12 +102,10 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
       let(:ref_sha) { project.commit('master').sha }
 
       before do
-        stub_project_blob(ref_sha, '/file.yml') { 'image: ruby:2.7' }
+        stub_project_blob(ref_sha, '/file.yml') { 'image: image:1.0' }
       end
 
-      it 'returns true' do
-        expect(project_file).to be_valid
-      end
+      it { is_expected.to be_truthy }
     end
 
     context 'when an empty file is used' do
@@ -120,7 +121,7 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
       end
 
       it 'returns false' do
-        expect(project_file).not_to be_valid
+        expect(valid?).to be_falsy
         expect(project_file.error_message).to include("Project `#{project.full_path}` file `/xxxxxxxxxxx.yml` is empty!")
       end
     end
@@ -131,7 +132,7 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
       end
 
       it 'returns false' do
-        expect(project_file).not_to be_valid
+        expect(valid?).to be_falsy
         expect(project_file.error_message).to include("Project `#{project.full_path}` reference `I-Do-Not-Exist` does not exist!")
       end
     end
@@ -144,7 +145,7 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
       end
 
       it 'returns false' do
-        expect(project_file).not_to be_valid
+        expect(valid?).to be_falsy
         expect(project_file.error_message).to include("Project `#{project.full_path}` file `/xxxxxxxxxxxxxxxxxxx.yml` does not exist!")
       end
     end
@@ -155,10 +156,27 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
       end
 
       it 'returns false' do
-        expect(project_file).not_to be_valid
+        expect(valid?).to be_falsy
         expect(project_file.error_message).to include('Included file `/invalid-file` does not have YAML extension!')
       end
     end
+
+    context 'when non-existing project is used with a masked variable' do
+      let(:variables) do
+        Gitlab::Ci::Variables::Collection.new([
+          { key: 'VAR1', value: 'a_secret_variable_value', masked: true }
+        ])
+      end
+
+      let(:params) do
+        { project: 'a_secret_variable_value', file: '/file.yml' }
+      end
+
+      it 'returns false with masked project name' do
+        expect(valid?).to be_falsy
+        expect(project_file.error_message).to include("Project `xxxxxxxxxxxxxxxxxxxxxxx` not found or access denied!")
+      end
+    end
   end
 
   describe '#expand_context' do
@@ -176,6 +194,45 @@ RSpec.describe Gitlab::Ci::Config::External::File::Project do
     end
   end
 
+  describe '#metadata' do
+    let(:params) do
+      { project: project.full_path, file: '/file.yml' }
+    end
+
+    subject(:metadata) { project_file.metadata }
+
+    it {
+      is_expected.to eq(
+        context_project: context_project.full_path,
+        context_sha: '12345',
+        type: :file,
+        location: '/file.yml',
+        extra: { project: project.full_path, ref: 'HEAD' }
+      )
+    }
+
+    context 'when project name and ref include masked variables' do
+      let(:variables) do
+        Gitlab::Ci::Variables::Collection.new([
+          { key: 'VAR1', value: 'a_secret_variable_value1', masked: true },
+          { key: 'VAR2', value: 'a_secret_variable_value2', masked: true }
+        ])
+      end
+
+      let(:params) { { project: 'a_secret_variable_value1', ref: 'a_secret_variable_value2', file: '/file.yml' } }
+
+      it {
+        is_expected.to eq(
+          context_project: context_project.full_path,
+          context_sha: '12345',
+          type: :file,
+          location: '/file.yml',
+          extra: { project: 'xxxxxxxxxxxxxxxxxxxxxxxx', ref: 'xxxxxxxxxxxxxxxxxxxxxxxx' }
+        )
+      }
+    end
+  end
+
   private
 
   def stub_project_blob(ref, path)