diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 14:10:13 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 14:10:13 +0300 |
commit | 0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch) | |
tree | 7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /spec/models/application_setting_spec.rb | |
parent | 72123183a20411a36d607d70b12d57c484394c8e (diff) |
Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42
Diffstat (limited to 'spec/models/application_setting_spec.rb')
-rw-r--r-- | spec/models/application_setting_spec.rb | 43 |
1 files changed, 40 insertions, 3 deletions
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index 20cd96e831c..61f008416ea 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -85,12 +85,15 @@ RSpec.describe ApplicationSetting do it { is_expected.to validate_numericality_of(:container_registry_import_max_step_duration).only_integer.is_greater_than_or_equal_to(0) } it { is_expected.to validate_numericality_of(:container_registry_pre_import_timeout).only_integer.is_greater_than_or_equal_to(0) } it { is_expected.to validate_numericality_of(:container_registry_import_timeout).only_integer.is_greater_than_or_equal_to(0) } + it { is_expected.to validate_numericality_of(:container_registry_pre_import_tags_rate).is_greater_than_or_equal_to(0) } it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_tags_count) } it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_retries) } it { is_expected.not_to allow_value(nil).for(:container_registry_import_start_max_retries) } it { is_expected.not_to allow_value(nil).for(:container_registry_import_max_step_duration) } it { is_expected.not_to allow_value(nil).for(:container_registry_pre_import_timeout) } it { is_expected.not_to allow_value(nil).for(:container_registry_import_timeout) } + it { is_expected.not_to allow_value(nil).for(:container_registry_pre_import_tags_rate) } + it { is_expected.to allow_value(1.5).for(:container_registry_pre_import_tags_rate) } it { is_expected.to validate_presence_of(:container_registry_import_target_plan) } it { is_expected.to validate_presence_of(:container_registry_import_created_before) } @@ -551,11 +554,45 @@ RSpec.describe ApplicationSetting do it { is_expected.to allow_value(*KeyRestrictionValidator.supported_key_restrictions(type)).for(field) } it { is_expected.not_to allow_value(128).for(field) } end + end + end - it_behaves_like 'key validations' + describe '#ensure_key_restrictions!' do + context 'with non-compliant FIPS settings' do + before do + setting.update_columns( + rsa_key_restriction: 1024, + dsa_key_restriction: 0, + ecdsa_key_restriction: 521, + ed25519_key_restriction: -1, + ecdsa_sk_key_restriction: 0, + ed25519_sk_key_restriction: 0 + ) + end - context 'FIPS mode', :fips_mode do - it_behaves_like 'key validations' + context 'in non-FIPS mode', fips_mode: false do + it 'keeps existing key restrictions' do + expect { setting.ensure_key_restrictions! }.not_to change { setting.valid? } + expect(setting).to be_valid + expect(setting.rsa_key_restriction).to eq(1024) + expect(setting.dsa_key_restriction).to eq(0) + expect(setting.ecdsa_key_restriction).to eq(521) + expect(setting.ed25519_key_restriction).to eq(-1) + expect(setting.ecdsa_sk_key_restriction).to eq(0) + expect(setting.ed25519_sk_key_restriction).to eq(0) + end + end + + context 'in FIPS mode', :fips_mode do + it 'updates key restrictions to meet FIPS compliance' do + expect { setting.ensure_key_restrictions! }.to change { setting.valid? }.from(false).to(true) + expect(setting.rsa_key_restriction).to eq(3072) + expect(setting.dsa_key_restriction).to eq(-1) + expect(setting.ecdsa_key_restriction).to eq(521) + expect(setting.ed25519_key_restriction).to eq(-1) + expect(setting.ecdsa_sk_key_restriction).to eq(256) + expect(setting.ed25519_sk_key_restriction).to eq(256) + end end end end |