Add latest changes from gitlab-org/gitlab@14-9-stable-eev14.9.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-03-18 23:02:30 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-03-18 23:02:30 +0300
commit: 41fe97390ceddf945f3d967b8fdb3de4c66b7dea (patch)
tree: 9c8d89a8624828992f06d892cd2f43818ff5dcc8 /spec/lib/security
parent: 0804d2dc31052fb45a1efecedc8e06ce9bc32862 (diff)
2 files changed, 71 insertions, 57 deletions
diff --git a/spec/lib/security/ci_configuration/sast_build_action_spec.rb b/spec/lib/security/ci_configuration/sast_build_action_spec.rb
index 6f702e51b73..efb8b0b9984 100644
--- a/spec/lib/security/ci_configuration/sast_build_action_spec.rb
+++ b/spec/lib/security/ci_configuration/sast_build_action_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
   let(:default_sast_values) do
     { 'global' =>
       [
-        { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/gitlab-org/security-products/analyzers', 'value' => 'registry.gitlab.com/gitlab-org/security-products/analyzers' }
+        { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/security-products', 'value' => 'registry.gitlab.com/security-products' }
       ],
       'pipeline' =>
       [
@@ -19,7 +19,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
   let(:params) do
     { 'global' =>
       [
-        { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/gitlab-org/security-products/analyzers', 'value' => 'new_registry' }
+        { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/security-products', 'value' => 'new_registry' }
       ],
       'pipeline' =>
       [
@@ -164,7 +164,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
       let(:params) do
         { 'global' =>
           [
-            { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/gitlab-org/security-products/analyzers', 'value' => 'registry.gitlab.com/gitlab-org/security-products/analyzers' }
+            { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/security-products', 'value' => 'registry.gitlab.com/security-products' }
           ],
           'pipeline' =>
           [
@@ -275,7 +275,7 @@ RSpec.describe Security::CiConfiguration::SastBuildAction do
         let(:params) do
           { 'global' =>
             [
-              { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/gitlab-org/security-products/analyzers', 'value' => '' }
+              { 'field' => 'SECURE_ANALYZERS_PREFIX', 'defaultValue' => 'registry.gitlab.com/security-products', 'value' => '' }
             ] }
         end
 
diff --git a/spec/lib/security/ci_configuration/sast_iac_build_action_spec.rb b/spec/lib/security/ci_configuration/sast_iac_build_action_spec.rb
index 4c459058368..7b2a0d22918 100644
--- a/spec/lib/security/ci_configuration/sast_iac_build_action_spec.rb
+++ b/spec/lib/security/ci_configuration/sast_iac_build_action_spec.rb
@@ -7,12 +7,13 @@ RSpec.describe Security::CiConfiguration::SastIacBuildAction do
 
   let(:params) { {} }
 
-  context 'with existing .gitlab-ci.yml' do
-    let(:auto_devops_enabled) { false }
+  shared_examples 'existing .gitlab-ci.yml tests' do
+    context 'with existing .gitlab-ci.yml' do
+      let(:auto_devops_enabled) { false }
 
-    context 'sast iac has not been included' do
-      let(:expected_yml) do
-        <<-CI_YML.strip_heredoc
+      context 'sast iac has not been included' do
+        let(:expected_yml) do
+          <<-CI_YML.strip_heredoc
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
@@ -28,39 +29,39 @@ RSpec.describe Security::CiConfiguration::SastIacBuildAction do
           include:
           - template: existing.yml
           - template: Security/SAST-IaC.latest.gitlab-ci.yml
-        CI_YML
-      end
-
-      context 'template includes are an array' do
-        let(:gitlab_ci_content) do
-          { "stages" => %w(test security),
-            "variables" => { "RANDOM" => "make sure this persists" },
-            "include" => [{ "template" => "existing.yml" }] }
+          CI_YML
         end
 
-        it 'generates the correct YML' do
-          expect(result[:action]).to eq('update')
-          expect(result[:content]).to eq(expected_yml)
-        end
-      end
-
-      context 'template include is not an array' do
-        let(:gitlab_ci_content) do
-          { "stages" => %w(test security),
-            "variables" => { "RANDOM" => "make sure this persists" },
-            "include" => { "template" => "existing.yml" } }
+        context 'template includes are an array' do
+          let(:gitlab_ci_content) do
+            { "stages" => %w(test security),
+              "variables" => { "RANDOM" => "make sure this persists" },
+              "include" => [{ "template" => "existing.yml" }] }
+          end
+
+          it 'generates the correct YML' do
+            expect(result[:action]).to eq('update')
+            expect(result[:content]).to eq(expected_yml)
+          end
         end
 
-        it 'generates the correct YML' do
-          expect(result[:action]).to eq('update')
-          expect(result[:content]).to eq(expected_yml)
+        context 'template include is not an array' do
+          let(:gitlab_ci_content) do
+            { "stages" => %w(test security),
+              "variables" => { "RANDOM" => "make sure this persists" },
+              "include" => { "template" => "existing.yml" } }
+          end
+
+          it 'generates the correct YML' do
+            expect(result[:action]).to eq('update')
+            expect(result[:content]).to eq(expected_yml)
+          end
         end
       end
-    end
 
-    context 'secret_detection has been included' do
-      let(:expected_yml) do
-        <<-CI_YML.strip_heredoc
+      context 'secret_detection has been included' do
+        let(:expected_yml) do
+          <<-CI_YML.strip_heredoc
           # You can override the included template(s) by including variable overrides
           # SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
           # Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
@@ -74,37 +75,50 @@ RSpec.describe Security::CiConfiguration::SastIacBuildAction do
             RANDOM: make sure this persists
           include:
           - template: Security/SAST-IaC.latest.gitlab-ci.yml
-        CI_YML
-      end
-
-      context 'secret_detection template include are an array' do
-        let(:gitlab_ci_content) do
-          { "stages" => %w(test),
-            "variables" => { "RANDOM" => "make sure this persists" },
-            "include" => [{ "template" => "Security/SAST-IaC.latest.gitlab-ci.yml" }] }
+          CI_YML
         end
 
-        it 'generates the correct YML' do
-          expect(result[:action]).to eq('update')
-          expect(result[:content]).to eq(expected_yml)
-        end
-      end
-
-      context 'secret_detection template include is not an array' do
-        let(:gitlab_ci_content) do
-          { "stages" => %w(test),
-            "variables" => { "RANDOM" => "make sure this persists" },
-            "include" => { "template" => "Security/SAST-IaC.latest.gitlab-ci.yml" } }
+        context 'secret_detection template include are an array' do
+          let(:gitlab_ci_content) do
+            { "stages" => %w(test),
+              "variables" => { "RANDOM" => "make sure this persists" },
+              "include" => [{ "template" => "Security/SAST-IaC.latest.gitlab-ci.yml" }] }
+          end
+
+          it 'generates the correct YML' do
+            expect(result[:action]).to eq('update')
+            expect(result[:content]).to eq(expected_yml)
+          end
         end
 
-        it 'generates the correct YML' do
-          expect(result[:action]).to eq('update')
-          expect(result[:content]).to eq(expected_yml)
+        context 'secret_detection template include is not an array' do
+          let(:gitlab_ci_content) do
+            { "stages" => %w(test),
+              "variables" => { "RANDOM" => "make sure this persists" },
+              "include" => { "template" => "Security/SAST-IaC.latest.gitlab-ci.yml" } }
+          end
+
+          it 'generates the correct YML' do
+            expect(result[:action]).to eq('update')
+            expect(result[:content]).to eq(expected_yml)
+          end
         end
       end
     end
   end
 
+  context 'with existing .gitlab-ci.yml and when the ci config file configuration was not set' do
+    subject(:result) { described_class.new(auto_devops_enabled, gitlab_ci_content).generate }
+
+    it_behaves_like 'existing .gitlab-ci.yml tests'
+  end
+
+  context 'with existing .gitlab-ci.yml and when the ci config file configuration was deleted' do
+    subject(:result) { described_class.new(auto_devops_enabled, gitlab_ci_content, ci_config_path: '').generate }
+
+    it_behaves_like 'existing .gitlab-ci.yml tests'
+  end
+
   context 'with no .gitlab-ci.yml' do
     let(:gitlab_ci_content) { nil }
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-03-18 23:02:30 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-03-18 23:02:30 +0300
commit	41fe97390ceddf945f3d967b8fdb3de4c66b7dea (patch)
tree	9c8d89a8624828992f06d892cd2f43818ff5dcc8 /spec/lib/security
parent	0804d2dc31052fb45a1efecedc8e06ce9bc32862 (diff)