diff options
Diffstat (limited to 'spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb')
-rw-r--r-- | spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb | 94 |
1 files changed, 67 insertions, 27 deletions
diff --git a/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb b/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb index a780952d51b..7677e5d8cb2 100644 --- a/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb +++ b/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb @@ -154,6 +154,30 @@ RSpec.shared_examples 'logs an auth warning' do |requested_actions| end end +RSpec.shared_examples 'allowed to delete container repository images' do + let(:authentication_abilities) do + [:admin_container_image] + end + + it_behaves_like 'a valid token' + + context 'allow to delete images' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:*"] } + end + + it_behaves_like 'a deletable' + end + + context 'allow to delete images since registry 2.7' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'a deletable since registry 2.7' + end +end + RSpec.shared_examples 'a container registry auth service' do include_context 'container registry auth service context' @@ -204,6 +228,46 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'not a container repository factory' end + describe '.pull_nested_repositories_access_token' do + let_it_be(:project) { create(:project) } + + let(:token) { described_class.pull_nested_repositories_access_token(project.full_path) } + let(:access) do + [ + { + 'type' => 'repository', + 'name' => project.full_path, + 'actions' => ['pull'] + }, + { + 'type' => 'repository', + 'name' => "#{project.full_path}/*", + 'actions' => ['pull'] + } + ] + end + + subject { { token: token } } + + it 'has the correct scope' do + expect(payload).to include('access' => access) + end + + it_behaves_like 'a valid token' + it_behaves_like 'not a container repository factory' + + context 'with path ending with a slash' do + let(:token) { described_class.pull_nested_repositories_access_token("#{project.full_path}/") } + + it 'has the correct scope' do + expect(payload).to include('access' => access) + end + + it_behaves_like 'a valid token' + it_behaves_like 'not a container repository factory' + end + end + context 'user authorization' do let_it_be(:current_user) { create(:user) } @@ -504,38 +568,14 @@ RSpec.shared_examples 'a container registry auth service' do end context 'delete authorized as maintainer' do - let_it_be(:current_project) { create(:project) } + let_it_be(:project) { create(:project) } let_it_be(:current_user) { create(:user) } - let(:authentication_abilities) do - [:admin_container_image] - end - before_all do - current_project.add_maintainer(current_user) - end - - it_behaves_like 'a valid token' - - context 'allow to delete images' do - let(:current_params) do - { scopes: ["repository:#{current_project.full_path}:*"] } - end - - it_behaves_like 'a deletable' do - let(:project) { current_project } - end + project.add_maintainer(current_user) end - context 'allow to delete images since registry 2.7' do - let(:current_params) do - { scopes: ["repository:#{current_project.full_path}:delete"] } - end - - it_behaves_like 'a deletable since registry 2.7' do - let(:project) { current_project } - end - end + it_behaves_like 'allowed to delete container repository images' end context 'build authorized as user' do |