diff options
Diffstat (limited to 'spec/lib/gitlab/ci/variables/builder/group_spec.rb')
-rw-r--r-- | spec/lib/gitlab/ci/variables/builder/group_spec.rb | 209 |
1 files changed, 209 insertions, 0 deletions
diff --git a/spec/lib/gitlab/ci/variables/builder/group_spec.rb b/spec/lib/gitlab/ci/variables/builder/group_spec.rb new file mode 100644 index 00000000000..72487588cde --- /dev/null +++ b/spec/lib/gitlab/ci/variables/builder/group_spec.rb @@ -0,0 +1,209 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Variables::Builder::Group do + let_it_be(:group) { create(:group) } + + let(:builder) { described_class.new(group) } + + describe '#secret_variables' do + let(:environment) { '*' } + let(:protected_ref) { false } + + let_it_be(:variable) do + create(:ci_group_variable, + value: 'secret', + group: group) + end + + let_it_be(:protected_variable) do + create(:ci_group_variable, :protected, + value: 'protected', + group: group) + end + + let(:variable_item) { item(variable) } + let(:protected_variable_item) { item(protected_variable) } + + subject do + builder.secret_variables( + environment: environment, + protected_ref: protected_ref) + end + + context 'when the ref is not protected' do + let(:protected_ref) { false } + + it 'contains only the CI variables' do + is_expected.to contain_exactly(variable_item) + end + end + + context 'when the ref is protected' do + let(:protected_ref) { true } + + it 'contains all the variables' do + is_expected.to contain_exactly(variable_item, protected_variable_item) + end + end + + context 'when environment name is specified' do + let(:environment) { 'review/name' } + + before do + Ci::GroupVariable.update_all(environment_scope: environment_scope) + end + + context 'when environment scope is exactly matched' do + let(:environment_scope) { 'review/name' } + + it { is_expected.to contain_exactly(variable_item) } + end + + context 'when environment scope is matched by wildcard' do + let(:environment_scope) { 'review/*' } + + it { is_expected.to contain_exactly(variable_item) } + end + + context 'when environment scope does not match' do + let(:environment_scope) { 'review/*/special' } + + it { is_expected.not_to contain_exactly(variable_item) } + end + + context 'when environment scope has _' do + let(:environment_scope) { '*_*' } + + it 'does not treat it as wildcard' do + is_expected.not_to contain_exactly(variable_item) + end + end + + context 'when environment name contains underscore' do + let(:environment) { 'foo_bar/test' } + let(:environment_scope) { 'foo_bar/*' } + + it 'matches literally for _' do + is_expected.to contain_exactly(variable_item) + end + end + + # The environment name and scope cannot have % at the moment, + # but we're considering relaxing it and we should also make sure + # it doesn't break in case some data sneaked in somehow as we're + # not checking this integrity in database level. + context 'when environment scope has %' do + let(:environment_scope) { '*%*' } + + it 'does not treat it as wildcard' do + is_expected.not_to contain_exactly(variable_item) + end + end + + context 'when environment name contains a percent' do + let(:environment) { 'foo%bar/test' } + let(:environment_scope) { 'foo%bar/*' } + + it 'matches literally for _' do + is_expected.to contain_exactly(variable_item) + end + end + end + + context 'when variables with the same name have different environment scopes' do + let(:environment) { 'review/name' } + + let_it_be(:partially_matched_variable) do + create(:ci_group_variable, + key: variable.key, + value: 'partial', + environment_scope: 'review/*', + group: group) + end + + let_it_be(:perfectly_matched_variable) do + create(:ci_group_variable, + key: variable.key, + value: 'prefect', + environment_scope: 'review/name', + group: group) + end + + it 'orders the variables from least to most matched' do + variables_collection = Gitlab::Ci::Variables::Collection.new([ + variable, + partially_matched_variable, + perfectly_matched_variable + ]).to_runner_variables + + expect(subject.to_runner_variables).to eq(variables_collection) + end + end + + context 'when group has children' do + let(:protected_ref) { true } + + let_it_be(:group_child_1) { create(:group, parent: group) } + let_it_be(:group_child_2) { create(:group, parent: group_child_1) } + + let_it_be_with_reload(:group_child_3) do + create(:group, parent: group_child_2) + end + + let_it_be(:variable_child_1) do + create(:ci_group_variable, group: group_child_1) + end + + let_it_be(:variable_child_2) do + create(:ci_group_variable, group: group_child_2) + end + + let_it_be(:variable_child_3) do + create(:ci_group_variable, group: group_child_3) + end + + context 'traversal queries' do + shared_examples 'correct ancestor order' do + let(:builder) { described_class.new(group_child_3) } + + it 'returns all variables belonging to the group and parent groups' do + expected_array1 = Gitlab::Ci::Variables::Collection.new( + [protected_variable_item, variable_item]) + .to_runner_variables + + expected_array2 = Gitlab::Ci::Variables::Collection.new( + [variable_child_1, variable_child_2, variable_child_3] + ).to_runner_variables + + got_array = subject.to_runner_variables + + expect(got_array.shift(2)).to contain_exactly(*expected_array1) + expect(got_array).to eq(expected_array2) + end + end + + context 'recursive' do + before do + stub_feature_flags(use_traversal_ids: false) + end + + include_examples 'correct ancestor order' + end + + context 'linear' do + before do + stub_feature_flags(use_traversal_ids: true) + end + + include_examples 'correct ancestor order' + end + end + end + end + + def item(variable) + Gitlab::Ci::Variables::Collection::Item.fabricate(variable) + end +end |