Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-16 21:18:33 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-16 21:18:33 +0300
commit: f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch)
tree: a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /spec/controllers/groups
parent: bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff)
4 files changed, 36 insertions, 20 deletions
diff --git a/spec/controllers/groups/boards_controller_spec.rb b/spec/controllers/groups/boards_controller_spec.rb
index a7480130e0a..6201cddecb0 100644
--- a/spec/controllers/groups/boards_controller_spec.rb
+++ b/spec/controllers/groups/boards_controller_spec.rb
@@ -29,7 +29,7 @@ RSpec.describe Groups::BoardsController do
           expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
           allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true)
           allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true)
-          allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false)
+          allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false)
         end
 
         it 'returns a not found 404 response' do
@@ -74,7 +74,7 @@ RSpec.describe Groups::BoardsController do
           expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
           allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true)
           allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true)
-          allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false)
+          allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false)
         end
 
         it 'returns a not found 404 response' do
@@ -111,7 +111,7 @@ RSpec.describe Groups::BoardsController do
           expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
           allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true)
           allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true)
-          allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false)
+          allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false)
         end
 
         it 'returns a not found 404 response' do
diff --git a/spec/controllers/groups/clusters/applications_controller_spec.rb b/spec/controllers/groups/clusters/applications_controller_spec.rb
index c3947c27399..5629e86c928 100644
--- a/spec/controllers/groups/clusters/applications_controller_spec.rb
+++ b/spec/controllers/groups/clusters/applications_controller_spec.rb
@@ -10,7 +10,8 @@ RSpec.describe Groups::Clusters::ApplicationsController do
   end
 
   shared_examples 'a secure endpoint' do
-    it { expect { subject }.to be_allowed_for(:admin) }
+    it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { subject }.to be_allowed_for(:admin) }
+    it('is denied for admin when admin mode is disabled') { expect { subject }.to be_denied_for(:admin) }
     it { expect { subject }.to be_allowed_for(:owner).of(group) }
     it { expect { subject }.to be_allowed_for(:maintainer).of(group) }
     it { expect { subject }.to be_denied_for(:developer).of(group) }
diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb
index b287aca1e46..1334372a1f5 100644
--- a/spec/controllers/groups/clusters_controller_spec.rb
+++ b/spec/controllers/groups/clusters_controller_spec.rb
@@ -99,7 +99,8 @@ RSpec.describe Groups::ClustersController do
     describe 'security' do
       let(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) }
 
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -183,7 +184,8 @@ RSpec.describe Groups::ClustersController do
     include_examples 'GET new cluster shared examples'
 
     describe 'security' do
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -316,7 +318,8 @@ RSpec.describe Groups::ClustersController do
         allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil)
       end
 
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -418,7 +421,8 @@ RSpec.describe Groups::ClustersController do
     end
 
     describe 'security' do
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -486,7 +490,8 @@ RSpec.describe Groups::ClustersController do
         allow(WaitForClusterCreationWorker).to receive(:perform_in)
       end
 
-      it { expect { post_create_aws }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { post_create_aws }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { post_create_aws }.to be_denied_for(:admin) }
       it { expect { post_create_aws }.to be_allowed_for(:owner).of(group) }
       it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(group) }
       it { expect { post_create_aws }.to be_denied_for(:developer).of(group) }
@@ -544,7 +549,8 @@ RSpec.describe Groups::ClustersController do
         end
       end
 
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -580,7 +586,8 @@ RSpec.describe Groups::ClustersController do
     end
 
     describe 'security' do
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -619,7 +626,8 @@ RSpec.describe Groups::ClustersController do
     end
 
     describe 'security' do
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -651,7 +659,8 @@ RSpec.describe Groups::ClustersController do
     end
 
     describe 'security' do
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -759,7 +768,8 @@ RSpec.describe Groups::ClustersController do
     describe 'security' do
       let_it_be(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) }
 
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
@@ -827,7 +837,8 @@ RSpec.describe Groups::ClustersController do
     describe 'security' do
       let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, cluster_type: :group_type, groups: [group]) }
 
-      it { expect { go }.to be_allowed_for(:admin) }
+      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
+      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
       it { expect { go }.to be_allowed_for(:owner).of(group) }
       it { expect { go }.to be_allowed_for(:maintainer).of(group) }
       it { expect { go }.to be_denied_for(:developer).of(group) }
diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
index 39cbdfb9123..83775dcdbdf 100644
--- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
+++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
@@ -130,7 +130,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           }
         end
 
-        it 'proxies status from the remote token request' do
+        it 'proxies status from the remote token request', :aggregate_failures do
           subject
 
           expect(response).to have_gitlab_http_status(:service_unavailable)
@@ -147,7 +147,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           }
         end
 
-        it 'proxies status from the remote manifest request' do
+        it 'proxies status from the remote manifest request', :aggregate_failures do
           subject
 
           expect(response).to have_gitlab_http_status(:bad_request)
@@ -156,7 +156,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
       end
 
       it 'sends a file' do
-        expect(controller).to receive(:send_file).with(manifest.file.path, {})
+        expect(controller).to receive(:send_file).with(manifest.file.path, type: manifest.content_type)
 
         subject
       end
@@ -165,6 +165,10 @@ RSpec.describe Groups::DependencyProxyForContainersController do
         subject
 
         expect(response).to have_gitlab_http_status(:ok)
+        expect(response.headers['Docker-Content-Digest']).to eq(manifest.digest)
+        expect(response.headers['Content-Length']).to eq(manifest.size)
+        expect(response.headers['Docker-Distribution-Api-Version']).to eq(DependencyProxy::DISTRIBUTION_API_VERSION)
+        expect(response.headers['Etag']).to eq("\"#{manifest.digest}\"")
         expect(response.headers['Content-Disposition']).to match(/^attachment/)
       end
     end
@@ -207,7 +211,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           }
         end
 
-        it 'proxies status from the remote blob request' do
+        it 'proxies status from the remote blob request', :aggregate_failures do
           subject
 
           expect(response).to have_gitlab_http_status(:bad_request)
@@ -221,7 +225,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
         subject
       end
 
-      it 'returns Content-Disposition: attachment' do
+      it 'returns Content-Disposition: attachment', :aggregate_failures do
         subject
 
         expect(response).to have_gitlab_http_status(:ok)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-16 21:18:33 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-16 21:18:33 +0300
commit	f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch)
tree	a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /spec/controllers/groups
parent	bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff)