diff options
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/factories/clusters/applications/helm.rb | 18 | ||||
| -rw-r--r-- | spec/lib/gitlab/database/batch_count_spec.rb | 8 | ||||
| -rw-r--r-- | spec/lib/gitlab/usage_data_spec.rb | 138 | ||||
| -rw-r--r-- | spec/services/clusters/applications/ingress_modsecurity_usage_service_spec.rb | 196 |
4 files changed, 152 insertions, 208 deletions
diff --git a/spec/factories/clusters/applications/helm.rb b/spec/factories/clusters/applications/helm.rb index 0152b16c8ea..7e52c54d4f1 100644 --- a/spec/factories/clusters/applications/helm.rb +++ b/spec/factories/clusters/applications/helm.rb @@ -77,6 +77,24 @@ FactoryBot.define do trait :no_helm_installed do cluster factory: %i(cluster provided_by_gcp) end + + trait :modsecurity_blocking do + modsecurity_enabled { true } + modsecurity_mode { :blocking } + end + + trait :modsecurity_logging do + modsecurity_enabled { true } + modsecurity_mode { :logging } + end + + trait :modsecurity_disabled do + modsecurity_enabled { false } + end + + trait :modsecurity_not_installed do + modsecurity_enabled { nil } + end end factory :clusters_applications_cert_manager, class: 'Clusters::Applications::CertManager' do diff --git a/spec/lib/gitlab/database/batch_count_spec.rb b/spec/lib/gitlab/database/batch_count_spec.rb index 7be84b8f980..e7cb53f2dbd 100644 --- a/spec/lib/gitlab/database/batch_count_spec.rb +++ b/spec/lib/gitlab/database/batch_count_spec.rb @@ -35,6 +35,10 @@ describe Gitlab::Database::BatchCount do expect(described_class.batch_count(model, "#{model.table_name}.id")).to eq(5) end + it 'counts with Arel column' do + expect(described_class.batch_count(model, model.arel_table[:id])).to eq(5) + end + it 'counts table with batch_size 50K' do expect(described_class.batch_count(model, batch_size: 50_000)).to eq(5) end @@ -98,6 +102,10 @@ describe Gitlab::Database::BatchCount do expect(described_class.batch_distinct_count(model, "#{model.table_name}.#{column}")).to eq(2) end + it 'counts with Arel column' do + expect(described_class.batch_distinct_count(model, model.arel_table[column])).to eq(2) + end + it 'counts with :column field with batch_size of 50K' do expect(described_class.batch_distinct_count(model, column, batch_size: 50_000)).to eq(2) end diff --git a/spec/lib/gitlab/usage_data_spec.rb b/spec/lib/gitlab/usage_data_spec.rb index 858ee360d8a..ddbc4240f10 100644 --- a/spec/lib/gitlab/usage_data_spec.rb +++ b/spec/lib/gitlab/usage_data_spec.rb @@ -319,18 +319,132 @@ describe Gitlab::UsageData, :aggregate_failures do describe '#ingress_modsecurity_usage' do subject { described_class.ingress_modsecurity_usage } - it 'gathers variable data' do - allow_any_instance_of( - ::Clusters::Applications::IngressModsecurityUsageService - ).to receive(:execute).and_return( - { - ingress_modsecurity_blocking: 1, - ingress_modsecurity_disabled: 2 - } - ) - - expect(subject[:ingress_modsecurity_blocking]).to eq(1) - expect(subject[:ingress_modsecurity_disabled]).to eq(2) + let(:environment) { create(:environment) } + let(:project) { environment.project } + let(:environment_scope) { '*' } + let(:deployment) { create(:deployment, :success, environment: environment, project: project, cluster: cluster) } + let(:cluster) { create(:cluster, environment_scope: environment_scope, projects: [project]) } + let(:ingress_mode) { :modsecurity_blocking } + let!(:ingress) { create(:clusters_applications_ingress, ingress_mode, cluster: cluster) } + + context 'when cluster is disabled' do + let(:cluster) { create(:cluster, :disabled, projects: [project]) } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(0) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'when deployment is unsuccessful' do + let!(:deployment) { create(:deployment, :failed, environment: environment, project: project, cluster: cluster) } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(0) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'when deployment is successful' do + let!(:deployment) { create(:deployment, :success, environment: environment, project: project, cluster: cluster) } + + context 'when modsecurity is in blocking mode' do + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(1) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'when modsecurity is in logging mode' do + let(:ingress_mode) { :modsecurity_logging } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(1) + expect(subject[:ingress_modsecurity_blocking]).to eq(0) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'when modsecurity is disabled' do + let(:ingress_mode) { :modsecurity_disabled } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(0) + expect(subject[:ingress_modsecurity_disabled]).to eq(1) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'when modsecurity is not installed' do + let(:ingress_mode) { :modsecurity_not_installed } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(0) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(1) + end + end + + context 'with multiple projects' do + let(:environment_2) { create(:environment) } + let(:project_2) { environment_2.project } + let(:cluster_2) { create(:cluster, environment_scope: environment_scope, projects: [project_2]) } + let!(:ingress_2) { create(:clusters_applications_ingress, :modsecurity_logging, cluster: cluster_2) } + let!(:deployment_2) { create(:deployment, :success, environment: environment_2, project: project_2, cluster: cluster_2) } + + it 'gathers non-duplicated ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(1) + expect(subject[:ingress_modsecurity_blocking]).to eq(1) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'with multiple deployments' do + let!(:deployment_2) { create(:deployment, :success, environment: environment, project: project, cluster: cluster) } + + it 'gathers non-duplicated ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(1) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'with multiple projects' do + let(:environment_2) { create(:environment) } + let(:project_2) { environment_2.project } + let!(:deployment_2) { create(:deployment, :success, environment: environment_2, project: project_2, cluster: cluster) } + let(:cluster) { create(:cluster, environment_scope: environment_scope, projects: [project, project_2]) } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(2) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end + + context 'with multiple environments' do + let!(:environment_2) { create(:environment, project: project) } + let!(:deployment_2) { create(:deployment, :success, environment: environment_2, project: project, cluster: cluster) } + + it 'gathers ingress data' do + expect(subject[:ingress_modsecurity_logging]).to eq(0) + expect(subject[:ingress_modsecurity_blocking]).to eq(2) + expect(subject[:ingress_modsecurity_disabled]).to eq(0) + expect(subject[:ingress_modsecurity_not_installed]).to eq(0) + end + end end end diff --git a/spec/services/clusters/applications/ingress_modsecurity_usage_service_spec.rb b/spec/services/clusters/applications/ingress_modsecurity_usage_service_spec.rb deleted file mode 100644 index d456284f76a..00000000000 --- a/spec/services/clusters/applications/ingress_modsecurity_usage_service_spec.rb +++ /dev/null @@ -1,196 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Clusters::Applications::IngressModsecurityUsageService do - describe '#execute' do - ADO_MODSEC_KEY = Clusters::Applications::IngressModsecurityUsageService::ADO_MODSEC_KEY - - let(:project_with_ci_var) { create(:environment).project } - let(:project_with_pipeline_var) { create(:environment).project } - - subject { described_class.new.execute } - - context 'with multiple projects' do - let(:pipeline1) { create(:ci_pipeline, :with_job, project: project_with_pipeline_var) } - let(:pipeline2) { create(:ci_pipeline, :with_job, project: project_with_ci_var) } - - let!(:deployment_with_pipeline_var) do - create( - :deployment, - :success, - environment: project_with_pipeline_var.environments.first, - project: project_with_pipeline_var, - deployable: pipeline1.builds.last - ) - end - let!(:deployment_with_project_var) do - create( - :deployment, - :success, - environment: project_with_ci_var.environments.first, - project: project_with_ci_var, - deployable: pipeline2.builds.last - ) - end - - context 'mixed data' do - let!(:ci_variable) { create(:ci_variable, project: project_with_ci_var, key: ADO_MODSEC_KEY, value: "On") } - let!(:pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline1, key: ADO_MODSEC_KEY, value: "Off") } - - it 'gathers variable data' do - expect(subject[:ingress_modsecurity_blocking]).to eq(1) - expect(subject[:ingress_modsecurity_disabled]).to eq(1) - end - end - - context 'blocking' do - let(:modsec_values) { { key: ADO_MODSEC_KEY, value: "On" } } - - let!(:ci_variable) { create(:ci_variable, project: project_with_ci_var, **modsec_values) } - let!(:pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline1, **modsec_values) } - - it 'gathers variable data' do - expect(subject[:ingress_modsecurity_blocking]).to eq(2) - expect(subject[:ingress_modsecurity_disabled]).to eq(0) - end - end - - context 'disabled' do - let(:modsec_values) { { key: ADO_MODSEC_KEY, value: "Off" } } - - let!(:ci_variable) { create(:ci_variable, project: project_with_ci_var, **modsec_values) } - let!(:pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline1, **modsec_values) } - - it 'gathers variable data' do - expect(subject[:ingress_modsecurity_blocking]).to eq(0) - expect(subject[:ingress_modsecurity_disabled]).to eq(2) - end - end - end - - context 'when set as both ci and pipeline variables' do - let(:modsec_values) { { key: ADO_MODSEC_KEY, value: "Off" } } - - let(:pipeline) { create(:ci_pipeline, :with_job, project: project_with_ci_var) } - let!(:deployment) do - create( - :deployment, - :success, - environment: project_with_ci_var.environments.first, - project: project_with_ci_var, - deployable: pipeline.builds.last - ) - end - - let!(:ci_variable) { create(:ci_variable, project: project_with_ci_var, **modsec_values) } - let!(:pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline, **modsec_values) } - - it 'wont double-count projects' do - expect(subject[:ingress_modsecurity_blocking]).to eq(0) - expect(subject[:ingress_modsecurity_disabled]).to eq(1) - end - - it 'gives precedence to pipeline variable' do - pipeline_variable.update(value: "On") - - expect(subject[:ingress_modsecurity_blocking]).to eq(1) - expect(subject[:ingress_modsecurity_disabled]).to eq(0) - end - end - - context 'when a project has multiple environments' do - let(:modsec_values) { { key: ADO_MODSEC_KEY, value: "On" } } - - let!(:env1) { project_with_pipeline_var.environments.first } - let!(:env2) { create(:environment, project: project_with_pipeline_var) } - - let!(:pipeline_with_2_deployments) do - create(:ci_pipeline, :with_job, project: project_with_ci_var).tap do |pip| - pip.builds << build(:ci_build, pipeline: pip, project: project_with_pipeline_var) - end - end - - let!(:deployment1) do - create( - :deployment, - :success, - environment: env1, - project: project_with_pipeline_var, - deployable: pipeline_with_2_deployments.builds.last - ) - end - let!(:deployment2) do - create( - :deployment, - :success, - environment: env2, - project: project_with_pipeline_var, - deployable: pipeline_with_2_deployments.builds.last - ) - end - - context 'when set as ci variable' do - let!(:ci_variable) { create(:ci_variable, project: project_with_pipeline_var, **modsec_values) } - - it 'gathers variable data' do - expect(subject[:ingress_modsecurity_blocking]).to eq(2) - expect(subject[:ingress_modsecurity_disabled]).to eq(0) - end - end - - context 'when set as pipeline variable' do - let!(:pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline_with_2_deployments, **modsec_values) } - - it 'gathers variable data' do - expect(subject[:ingress_modsecurity_blocking]).to eq(2) - expect(subject[:ingress_modsecurity_disabled]).to eq(0) - end - end - end - - context 'when an environment has multiple deployments' do - let!(:env) { project_with_pipeline_var.environments.first } - - let!(:pipeline_first) do - create(:ci_pipeline, :with_job, project: project_with_pipeline_var).tap do |pip| - pip.builds << build(:ci_build, pipeline: pip, project: project_with_pipeline_var) - end - end - let!(:pipeline_last) do - create(:ci_pipeline, :with_job, project: project_with_pipeline_var).tap do |pip| - pip.builds << build(:ci_build, pipeline: pip, project: project_with_pipeline_var) - end - end - - let!(:deployment_first) do - create( - :deployment, - :success, - environment: env, - project: project_with_pipeline_var, - deployable: pipeline_first.builds.last - ) - end - let!(:deployment_last) do - create( - :deployment, - :success, - environment: env, - project: project_with_pipeline_var, - deployable: pipeline_last.builds.last - ) - end - - context 'when set as pipeline variable' do - let!(:first_pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline_first, key: ADO_MODSEC_KEY, value: "On") } - let!(:last_pipeline_variable) { create(:ci_pipeline_variable, pipeline: pipeline_last, key: ADO_MODSEC_KEY, value: "Off") } - - it 'gives precedence to latest deployment' do - expect(subject[:ingress_modsecurity_blocking]).to eq(0) - expect(subject[:ingress_modsecurity_disabled]).to eq(1) - end - end - end - end -end |