diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-27 06:10:53 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-27 06:10:53 +0300 |
| commit | 21c8f4814b6e48e21c9c5bbe1abfaa6bfc45fe2d (patch) | |
| tree | dd5728883bb417fe0790c99aa1f70fc43317d72f | |
| parent | 135dd0646bd1402985d82d99eb1e667a0f695e8b (diff) | |
Add latest changes from gitlab-org/gitlab@master
19 files changed, 236 insertions, 21 deletions
@@ -510,7 +510,7 @@ gem 'kas-grpc', '~> 0.0.2' gem 'grpc', '~> 1.42.0' -gem 'google-protobuf', '~> 3.21', '>= 3.21.8' +gem 'google-protobuf', '~> 3.21', '>= 3.21.9' gem 'toml-rb', '~> 2.2.0' diff --git a/Gemfile.checksum b/Gemfile.checksum index c5fad96428c..f8b12ab681b 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -219,14 +219,14 @@ {"name":"gon","version":"6.4.0","platform":"ruby","checksum":"e3a618d659392890f1aa7db420f17c75fd7d35aeb5f8fe003697d02c4b88d2f0"}, {"name":"google-api-client","version":"0.50.0","platform":"ruby","checksum":"3ae45e972f293f3a66e53950ecc0fd350d85d6347c06a430bb971bd1ae5ad617"}, {"name":"google-cloud-env","version":"1.6.0","platform":"ruby","checksum":"6179acb946975892c7908748df5722a4ebadfc8cf5bb7b0d8d933ca67183fa15"}, -{"name":"google-protobuf","version":"3.21.8","platform":"java","checksum":"fed99be5fa3f5aafded120fb3efd1544a35cbbbc34d4dc6b84dfabe9fce044e0"}, -{"name":"google-protobuf","version":"3.21.8","platform":"ruby","checksum":"d1ff763c4fdf5744e5435a70b3a8100a1b112576aec8133ebee1a861a165f881"}, -{"name":"google-protobuf","version":"3.21.8","platform":"x64-mingw-ucrt","checksum":"1a3aed52e5279c914a7bcfe6339b586c169f64f4132c822af7ce3b837ff3a2ae"}, -{"name":"google-protobuf","version":"3.21.8","platform":"x64-mingw32","checksum":"ad868d1b7cc090a766bda2980a88a485f7348028aa22bbce6ddee011f9d39810"}, -{"name":"google-protobuf","version":"3.21.8","platform":"x86-linux","checksum":"76b0c65611ac96049cec2ab12735dd338e5901def03212c148991c2af3542c40"}, -{"name":"google-protobuf","version":"3.21.8","platform":"x86-mingw32","checksum":"94ad5bc5ef18e6b265b4b535b49fb49c7dc093b048df6ed5d9a09de032560a3b"}, -{"name":"google-protobuf","version":"3.21.8","platform":"x86_64-darwin","checksum":"9062431f13d4ff6597abd38177910828d339ff755a6609cc02d5963458f00479"}, -{"name":"google-protobuf","version":"3.21.8","platform":"x86_64-linux","checksum":"fed2e72269cd0bb1ed5bf372e0d7d9720a9ec749b9618868e98a7e6a09bef162"}, +{"name":"google-protobuf","version":"3.21.9","platform":"java","checksum":"8483ab2487170434f7a139d6534b3a166e4ec244a6fd8929f758d87abbb82fee"}, +{"name":"google-protobuf","version":"3.21.9","platform":"ruby","checksum":"5a656c159aa2c85008af7eab3f603cf22921b748e09438f6682dcf696d518adc"}, +{"name":"google-protobuf","version":"3.21.9","platform":"x64-mingw-ucrt","checksum":"7cb37b76241150212703f0ac582555f6fda1c7c66f58c1164667e783141e25fe"}, +{"name":"google-protobuf","version":"3.21.9","platform":"x64-mingw32","checksum":"54df7b9df435cc5c715261fbe8897fe03dd4b0e68e052aa0bb814c31bc66ef35"}, +{"name":"google-protobuf","version":"3.21.9","platform":"x86-linux","checksum":"11f28f344f6b6afa78fa0688379e39fbc86da4c199f04a51da7a29cf2db8205d"}, +{"name":"google-protobuf","version":"3.21.9","platform":"x86-mingw32","checksum":"a2dce43556196b6bb0fce2cf28df70fdca4255607fb9e1ffb7ee611953436a9a"}, +{"name":"google-protobuf","version":"3.21.9","platform":"x86_64-darwin","checksum":"9e948a08ee27cca8acf794c798db16d918ce503eae06525d7551dc05ac3324c0"}, +{"name":"google-protobuf","version":"3.21.9","platform":"x86_64-linux","checksum":"d4053012022f7bf47cd54c7c19416f600325e6cc1e1604a631c2fde69dd920a4"}, {"name":"googleapis-common-protos-types","version":"1.3.0","platform":"ruby","checksum":"c5411f3197cc3e02547ded1858303b1f830b4dc89c588c142ad6c8a231050671"}, {"name":"googleauth","version":"0.14.0","platform":"ruby","checksum":"4659b563d5b2727e775ba9231e75485c1b55ac8fc319e0bf1bc87d5e9705a632"}, {"name":"gpgme","version":"2.0.20","platform":"ruby","checksum":"fc194689cff40cd4ccafb3086031e930650b3efc15348bbfdf7a2f8b5a826f75"}, diff --git a/Gemfile.lock b/Gemfile.lock index 9a21b223d3e..6920fb22fc5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -619,7 +619,7 @@ GEM signet (~> 0.12) google-cloud-env (1.6.0) faraday (>= 0.17.3, < 3.0) - google-protobuf (3.21.8) + google-protobuf (3.21.9) googleapis-common-protos-types (1.3.0) google-protobuf (~> 3.14) googleauth (0.14.0) @@ -1644,7 +1644,7 @@ DEPENDENCIES gitlab_omniauth-ldap (~> 2.2.0) gon (~> 6.4.0) google-api-client (~> 0.33) - google-protobuf (~> 3.21, >= 3.21.8) + google-protobuf (~> 3.21, >= 3.21.9) gpgme (~> 2.0.19) grape (~> 1.5.2) grape-entity (~> 0.10.0) diff --git a/doc/api/protected_branches.md b/doc/api/protected_branches.md index 620cb0e0bae..8a96b2aa9ae 100644 --- a/doc/api/protected_branches.md +++ b/doc/api/protected_branches.md @@ -43,12 +43,14 @@ Example response: "name": "master", "push_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } ], "merge_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } @@ -61,12 +63,14 @@ Example response: "name": "release/*", "push_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } ], "merge_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } @@ -90,6 +94,7 @@ Example response: "name": "master", "push_access_levels": [ { + "id": 1, "access_level": 40, "user_id": null, "group_id": null, @@ -98,6 +103,7 @@ Example response: ], "merge_access_levels": [ { + "id": 1, "access_level": null, "user_id": null, "group_id": 1234, @@ -136,12 +142,14 @@ Example response: "name": "master", "push_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } ], "merge_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } @@ -162,6 +170,7 @@ Example response: "name": "master", "push_access_levels": [ { + "id": 1, "access_level": 40, "user_id": null, "group_id": null, @@ -170,6 +179,7 @@ Example response: ], "merge_access_levels": [ { + "id": 1, "access_level": null, "user_id": null, "group_id": 1234, @@ -215,18 +225,21 @@ Example response: "name": "*-stable", "push_access_levels": [ { + "id": 1, "access_level": 30, "access_level_description": "Developers + Maintainers" } ], "merge_access_levels": [ { + "id": 1, "access_level": 30, "access_level_description": "Developers + Maintainers" } ], "unprotect_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } @@ -247,6 +260,7 @@ Example response: "name": "*-stable", "push_access_levels": [ { + "id": 1, "access_level": 30, "user_id": null, "group_id": null, @@ -255,6 +269,7 @@ Example response: ], "merge_access_levels": [ { + "id": 1, "access_level": 30, "user_id": null, "group_id": null, @@ -263,6 +278,7 @@ Example response: ], "unprotect_access_levels": [ { + "id": 1, "access_level": 40, "user_id": null, "group_id": null, @@ -291,6 +307,7 @@ Example response: "name": "*-stable", "push_access_levels": [ { + "id": 1, "access_level": null, "user_id": 1, "group_id": null, @@ -299,6 +316,7 @@ Example response: ], "merge_access_levels": [ { + "id": 1, "access_level": 40, "user_id": null, "group_id": null, @@ -307,6 +325,7 @@ Example response: ], "unprotect_access_levels": [ { + "id": 1, "access_level": 40, "user_id": null, "group_id": null, @@ -348,6 +367,7 @@ Example response: "name": "master", "push_access_levels": [ { + "id": 1, "access_level": 30, "access_level_description": "Developers + Maintainers", "user_id": null, @@ -356,12 +376,14 @@ Example response: ], "merge_access_levels": [ { + "id": 1, "access_level": 30, "access_level_description": "Developers + Maintainers", "user_id": null, "group_id": null }, { + "id": 2, "access_level": 40, "access_level_description": "Maintainers", "user_id": null, @@ -370,6 +392,7 @@ Example response: ], "unprotect_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers", "user_id": null, diff --git a/doc/api/protected_tags.md b/doc/api/protected_tags.md index c8e7117e5a9..88b868a3965 100644 --- a/doc/api/protected_tags.md +++ b/doc/api/protected_tags.md @@ -41,6 +41,7 @@ Example response: "name": "release-1-0", "create_access_levels": [ { + "id":1, "access_level": 40, "access_level_description": "Maintainers" } @@ -75,6 +76,7 @@ Example response: "name": "release-1-0", "create_access_levels": [ { + "id": 1, "access_level": 40, "access_level_description": "Maintainers" } @@ -109,6 +111,7 @@ Example response: "name": "*-stable", "create_access_levels": [ { + "id": 1, "access_level": 30, "access_level_description": "Developers + Maintainers" } diff --git a/doc/development/sec/img/primary_identifier_changed_v15_6.png b/doc/development/sec/img/primary_identifier_changed_v15_6.png Binary files differnew file mode 100644 index 00000000000..6bdca5152f2 --- /dev/null +++ b/doc/development/sec/img/primary_identifier_changed_v15_6.png diff --git a/doc/development/sec/index.md b/doc/development/sec/index.md index c9805044e58..f988cbc595a 100644 --- a/doc/development/sec/index.md +++ b/doc/development/sec/index.md @@ -68,3 +68,88 @@ Depending on the context, the security reports may be stored either in the datab While CI/CD templates are the responsibility of the Verify section, many are critical to the Sec Section's feature usage. If you are working with CI/CD templates, please read the [development guide for GitLab CI/CD templates](../cicd/templates.md). + +## Importance of the primary identifier + +Within analyzer JSON reports, the [`identifiers` field](../integrations/secure.md#identifiers) contains a collection of types and categories by which +a vulnerability can be described (that is, a CWE family). + +The first item in the `identifiers` collection is known as the [primary identifier](../../user/application_security/terminology#primary-identifier), +a critical component to both describing and tracking vulnerabilities. + +In most other cases, the `identifiers` collection is unordered, where the remaining secondary identifiers act as metadata for grouping vulnerabilities +(see [Analyzer vulnerability translation](#analyzer-vulnerability-translation) below for the exception). + +Any time the primary identifier changes and a project pipeline is re-run, ingestion of the new report will “orphan” the previous DB record. +Because our processing logic relies on generating a delta of two different vulnerabilities, it can end up looking rather confusing. For example: + +[!Screenshot of primary identifier mismatch in MR widget](img/primary_identifier_changed_v15_6.png) + +After being [merged](../integrations/secure.md#tracking-and-merging-vulnerabilities), the previous vulnerability is listed as "remediated" and the introduced as ["detected"](../../user/application_security/vulnerabilities/index.md#vulnerability-status-values). + +### Guiding principles for ensuring primary identifier stability + +- A primary identifier should never change unless we have a compelling reason. +- Analyzer supporting vulnerability translation must include the legacy primary identifiers in a secondary position to prevent “orphaning” of results. +- Beyond the primary identifier, the order of secondary identifiers does not matter. +- The identifier is unique based on a combination of the `Type` and `Value` fields (see [identifier fingerprint](https://gitlab.com/gitlab-org/gitlab/-/blob/v15.5.1-ee/lib/gitlab/ci/reports/security/identifier.rb#L63)). +- If we change the primary identifier, rolling back analyzers to previous versions will not fix the orphaned results. The data previously ingested into our database is an artifact of previous jobs with few ways of automating data migrations. + +### Analyzer vulnerability translation + +In the case of SAST's semgrep analyzer, there is a secondary identifier of particular importance: the identifier linking the report’s vulnerability +to the legacy analyzer (that is, bandit or eslint). + +To [enable vulnerability translation](../../user/application_security/sast/analyzers.md#vulnerability-translation) +the semgrep analyzer relies on a secondary identifier exactly matching the primary identifier of the legacy analyzer. + +For example, when [`eslint`](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) was previously used to generate vulnerability records, +the [`semgrep`](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep) analyzer must produce an identifier collection containing the +original eslint primary identifier. + +Given the original `eslint` report: + +```json +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "identifiers": [ + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-eval-with-expression", + "value": "security/detect-eval-with-expression" + } + ] + } + ] +} +``` + +The corresponding semgrep report must contain the `eslint_rule_id`: + +```json +{ + "version": "14.0.4", + "vulnerabilities": [ + { + "identifiers": [ + { + "type": "semgrep_id", + "name": "eslint.detect-eval-with-expression", + "value": "eslint.detect-eval-with-expression", + "url": "https://semgrep.dev/r/gitlab.eslint.detect-eval-with-expression" + }, + { + "type": "eslint_rule_id", + "name": "ESLint rule ID security/detect-eval-with-expression", + "value": "security/detect-eval-with-expression" + } + ] + } + ] +} +``` + +[Tracking of vulnerabilities](../integrations/secure.md#tracking-and-merging-vulnerabilities) relies on a combination of the two identifiers +to remap DB records previously generated with the legacy analyzers to those generated with the new `semgrep` ones. diff --git a/lib/api/entities/protected_ref_access.rb b/lib/api/entities/protected_ref_access.rb index 443277e23cf..7b9b30d2385 100644 --- a/lib/api/entities/protected_ref_access.rb +++ b/lib/api/entities/protected_ref_access.rb @@ -3,6 +3,7 @@ module API module Entities class ProtectedRefAccess < Grape::Entity + expose :id expose :access_level expose :access_level_description do |protected_ref_access| protected_ref_access.humanize diff --git a/qa/qa/specs/features/browser_ui/14_analytics/performance_bar_spec.rb b/qa/qa/specs/features/browser_ui/14_analytics/performance_bar_spec.rb index 867c54102ae..6dfc58fbfea 100644 --- a/qa/qa/specs/features/browser_ui/14_analytics/performance_bar_spec.rb +++ b/qa/qa/specs/features/browser_ui/14_analytics/performance_bar_spec.rb @@ -2,7 +2,7 @@ module QA RSpec.describe 'Analytics' do - describe 'Performance bar display', :requires_admin, :skip_live_env do + describe 'Performance bar display', :requires_admin, :skip_live_env, product_group: :product_analytics do context 'when logged in as an admin user' do # performance metrics: pg, gitaly, redis, rugged (feature flagged), total (not always provided) let(:minimum_metrics_count) { 3 } diff --git a/qa/qa/specs/features/browser_ui/14_analytics/service_ping_default_enabled_spec.rb b/qa/qa/specs/features/browser_ui/14_analytics/service_ping_default_enabled_spec.rb index 7826aca3601..8e4b76cdb7c 100644 --- a/qa/qa/specs/features/browser_ui/14_analytics/service_ping_default_enabled_spec.rb +++ b/qa/qa/specs/features/browser_ui/14_analytics/service_ping_default_enabled_spec.rb @@ -2,7 +2,7 @@ module QA RSpec.describe 'Analytics' do - describe 'Service ping default enabled' do + describe 'Service ping default enabled', product_group: :product_intelligence do context 'when using default enabled from gitlab.yml config', :requires_admin, except: { job: 'review-qa-*' } do before do Flow::Login.sign_in_as_admin diff --git a/qa/qa/specs/features/browser_ui/14_analytics/service_ping_disabled_spec.rb b/qa/qa/specs/features/browser_ui/14_analytics/service_ping_disabled_spec.rb index 8b30d6a7ad7..e25bba97288 100644 --- a/qa/qa/specs/features/browser_ui/14_analytics/service_ping_disabled_spec.rb +++ b/qa/qa/specs/features/browser_ui/14_analytics/service_ping_disabled_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Analytics' do + RSpec.describe 'Analytics', product_group: :product_intelligence do describe 'Service ping disabled', :orchestrated, :service_ping_disabled, :requires_admin do context 'when disabled from gitlab.yml config' do before do diff --git a/spec/fixtures/api/schemas/entities/protected_ref_access.json b/spec/fixtures/api/schemas/entities/protected_ref_access.json new file mode 100644 index 00000000000..144852e1558 --- /dev/null +++ b/spec/fixtures/api/schemas/entities/protected_ref_access.json @@ -0,0 +1,25 @@ +{ + "type": "object", + "required": [ + "id", + "access_level", + "access_level_description" + ], + "properties": { + "id": { + "type": "integer" + }, + "access_level": { + "type": [ + "integer", + "null" + ] + }, + "access_level_description": { + "type": [ + "string", + "null" + ] + } + } +} diff --git a/spec/fixtures/api/schemas/protected_branch.json b/spec/fixtures/api/schemas/protected_branch.json new file mode 100644 index 00000000000..4ad5dbe2313 --- /dev/null +++ b/spec/fixtures/api/schemas/protected_branch.json @@ -0,0 +1,33 @@ +{ + "type": "object", + "required": [ + "id", + "name", + "push_access_levels", + "merge_access_levels", + "allow_force_push" + ], + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "push_access_levels": { + "type": "array", + "items": { + "$ref": "entities/protected_ref_access.json" + } + }, + "merge_access_levels": { + "type": "array", + "items": { + "$ref": "entities/protected_ref_access.json" + } + }, + "allow_force_push": { + "type": "boolean" + } + } +} diff --git a/spec/fixtures/api/schemas/protected_branches.json b/spec/fixtures/api/schemas/protected_branches.json new file mode 100644 index 00000000000..c87b3b153a9 --- /dev/null +++ b/spec/fixtures/api/schemas/protected_branches.json @@ -0,0 +1,6 @@ +{ + "type": "array", + "items": { + "$ref": "protected_branch.json" + } +} diff --git a/spec/fixtures/api/schemas/protected_tag.json b/spec/fixtures/api/schemas/protected_tag.json new file mode 100644 index 00000000000..c5aaf0f0cba --- /dev/null +++ b/spec/fixtures/api/schemas/protected_tag.json @@ -0,0 +1,19 @@ +{ + "type": "object", + "required": [ + "name", + "create_access_levels" + ], + "properties": { + "name": { + "type": "string" + }, + "create_access_levels": { + "type": "array", + "items": { + "$ref": "entities/protected_ref_access.json" + } + }, + "additionalProperties": false + } +} diff --git a/spec/fixtures/api/schemas/protected_tags.json b/spec/fixtures/api/schemas/protected_tags.json new file mode 100644 index 00000000000..731d0368a09 --- /dev/null +++ b/spec/fixtures/api/schemas/protected_tags.json @@ -0,0 +1,6 @@ +{ + "type": "array", + "items": { + "$ref": "protected_tag.json" + } +} diff --git a/spec/frontend/content_editor/markdown_snapshot_spec_helper.js b/spec/frontend/content_editor/markdown_snapshot_spec_helper.js index 05fa8e6a6b2..b85e64e71a5 100644 --- a/spec/frontend/content_editor/markdown_snapshot_spec_helper.js +++ b/spec/frontend/content_editor/markdown_snapshot_spec_helper.js @@ -34,11 +34,11 @@ export const describeMarkdownSnapshots = (description, glfmSpecificationDir) => path.join(glfmSpecificationDir, 'input', 'gitlab_flavored_markdown'), 'glfm_example_status.yml', ); - const glfmExampleSnapshotsDir = path.join(glfmSpecificationDir, 'example_snapshots'); - const markdownExamples = loadExamples(glfmExampleSnapshotsDir, 'markdown.yml'); - const expectedHtmlExamples = loadExamples(glfmExampleSnapshotsDir, 'html.yml'); + const outputExampleSnapshotsDir = path.join(glfmSpecificationDir, 'output_example_snapshots'); + const markdownExamples = loadExamples(outputExampleSnapshotsDir, 'markdown.yml'); + const expectedHtmlExamples = loadExamples(outputExampleSnapshotsDir, 'html.yml'); const expectedProseMirrorJsonExamples = loadExamples( - glfmExampleSnapshotsDir, + outputExampleSnapshotsDir, 'prosemirror_json.yml', ); diff --git a/spec/requests/api/protected_branches_spec.rb b/spec/requests/api/protected_branches_spec.rb index 9f10eb1bb9f..09a755cf79d 100644 --- a/spec/requests/api/protected_branches_spec.rb +++ b/spec/requests/api/protected_branches_spec.rb @@ -29,8 +29,7 @@ RSpec.describe API::ProtectedBranches do expect(response).to have_gitlab_http_status(:ok) expect(response).to include_pagination_headers - expect(json_response).to be_an Array - + expect(response).to match_response_schema('protected_branches') protected_branch_names = json_response.map { |x| x['name'] } expect(protected_branch_names).to match_array(expected_branch_names) end @@ -71,6 +70,7 @@ RSpec.describe API::ProtectedBranches do get api(route, user) expect(response).to have_gitlab_http_status(:ok) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER) @@ -130,6 +130,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER) @@ -140,6 +141,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, push_access_level: 30 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER) @@ -150,6 +152,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, merge_access_level: 30 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER) @@ -160,6 +163,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, push_access_level: 30, merge_access_level: 30 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER) @@ -170,6 +174,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, push_access_level: 0 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS) @@ -180,6 +185,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, merge_access_level: 0 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER) @@ -190,6 +196,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, push_access_level: 0, merge_access_level: 0 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(false) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS) @@ -200,6 +207,7 @@ RSpec.describe API::ProtectedBranches do post post_endpoint, params: { name: branch_name, allow_force_push: true } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_branch') expect(json_response['name']).to eq(branch_name) expect(json_response['allow_force_push']).to eq(true) expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER) diff --git a/spec/requests/api/protected_tags_spec.rb b/spec/requests/api/protected_tags_spec.rb index 84b7df86f31..f1db39ac204 100644 --- a/spec/requests/api/protected_tags_spec.rb +++ b/spec/requests/api/protected_tags_spec.rb @@ -22,7 +22,7 @@ RSpec.describe API::ProtectedTags do expect(response).to have_gitlab_http_status(:ok) expect(response).to include_pagination_headers - expect(json_response).to be_an Array + expect(response).to match_response_schema('protected_tags') protected_tag_names = json_response.map { |x| x['name'] } expected_tags_names = project.protected_tags.map { |x| x['name'] } @@ -57,6 +57,7 @@ RSpec.describe API::ProtectedTags do get api(route, user) expect(response).to have_gitlab_http_status(:ok) + expect(response).to match_response_schema('protected_tag') expect(json_response['name']).to eq(tag_name) expect(json_response['create_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER) end @@ -108,6 +109,7 @@ RSpec.describe API::ProtectedTags do post api("/projects/#{project.id}/protected_tags", user), params: { name: tag_name } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_tag') expect(json_response['name']).to eq(tag_name) expect(json_response['create_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER) end @@ -117,6 +119,7 @@ RSpec.describe API::ProtectedTags do params: { name: tag_name, create_access_level: 30 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_tag') expect(json_response['name']).to eq(tag_name) expect(json_response['create_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER) end @@ -126,6 +129,7 @@ RSpec.describe API::ProtectedTags do params: { name: tag_name, create_access_level: 0 } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_tag') expect(json_response['name']).to eq(tag_name) expect(json_response['create_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS) end @@ -142,6 +146,7 @@ RSpec.describe API::ProtectedTags do post api("/projects/#{project2.id}/protected_tags", user), params: { name: protected_name } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_tag') expect(json_response['name']).to eq(protected_name) end @@ -152,6 +157,7 @@ RSpec.describe API::ProtectedTags do post api("/projects/#{project.id}/protected_tags", user), params: { name: tag_name } expect(response).to have_gitlab_http_status(:created) + expect(response).to match_response_schema('protected_tag') expect(json_response['name']).to eq(tag_name) expect(json_response['create_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER) end |
