1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Ci::Variables::Builder::Project do
let_it_be(:project) { create(:project, :repository) }
let(:builder) { described_class.new(project) }
describe '#secret_variables' do
let(:environment) { '*' }
let(:protected_ref) { false }
let_it_be(:variable) do
create(:ci_variable,
value: 'secret',
project: project)
end
let_it_be(:protected_variable) do
create(:ci_variable, :protected,
value: 'protected',
project: project)
end
let(:variable_item) { item(variable) }
let(:protected_variable_item) { item(protected_variable) }
subject do
builder.secret_variables(
environment: environment,
protected_ref: protected_ref)
end
context 'when the ref is protected' do
let(:protected_ref) { true }
it 'contains all the variables' do
is_expected.to contain_exactly(variable_item, protected_variable_item)
end
end
context 'when the ref is not protected' do
let(:protected_ref) { false }
it 'contains only the unprotected variables' do
is_expected.to contain_exactly(variable_item)
end
end
context 'when environment name is specified' do
let(:environment) { 'review/name' }
before do
Ci::Variable.update_all(environment_scope: environment_scope)
end
context 'when environment scope is exactly matched' do
let(:environment_scope) { 'review/name' }
it { is_expected.to contain_exactly(variable_item) }
end
context 'when environment scope is matched by wildcard' do
let(:environment_scope) { 'review/*' }
it { is_expected.to contain_exactly(variable_item) }
end
context 'when environment scope does not match' do
let(:environment_scope) { 'review/*/special' }
it { is_expected.not_to contain_exactly(variable_item) }
end
context 'when environment scope has _' do
let(:environment_scope) { '*_*' }
it 'does not treat it as wildcard' do
is_expected.not_to contain_exactly(variable_item)
end
end
context 'when environment name contains underscore' do
let(:environment) { 'foo_bar/test' }
let(:environment_scope) { 'foo_bar/*' }
it 'matches literally for _' do
is_expected.to contain_exactly(variable_item)
end
end
# The environment name and scope cannot have % at the moment,
# but we're considering relaxing it and we should also make sure
# it doesn't break in case some data sneaked in somehow as we're
# not checking this integrity in database level.
context 'when environment scope has %' do
let(:environment_scope) { '*%*' }
it 'does not treat it as wildcard' do
is_expected.not_to contain_exactly(variable_item)
end
end
context 'when environment name contains a percent' do
let(:environment) { 'foo%bar/test' }
let(:environment_scope) { 'foo%bar/*' }
it 'matches literally for _' do
is_expected.to contain_exactly(variable_item)
end
end
end
context 'when variables with the same name have different environment scopes' do
let(:environment) { 'review/name' }
let_it_be(:partially_matched_variable) do
create(:ci_variable,
key: variable.key,
value: 'partial',
environment_scope: 'review/*',
project: project)
end
let_it_be(:perfectly_matched_variable) do
create(:ci_variable,
key: variable.key,
value: 'prefect',
environment_scope: 'review/name',
project: project)
end
it 'puts variables matching environment scope more in the end' do
variables_collection = Gitlab::Ci::Variables::Collection.new(
[
variable,
partially_matched_variable,
perfectly_matched_variable
]).to_runner_variables
expect(subject.to_runner_variables).to eq(variables_collection)
end
end
end
def item(variable)
Gitlab::Ci::Variables::Collection::Item.fabricate(variable)
end
end
|