Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-10-04 18:09:33 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-10-04 18:09:33 +0300
commit: bf6d126a58a66a11b2e4b9de89986174a1885105 (patch)
tree: bf2912b22073ed86969a56935d81cae0b73e710b /spec/models
parent: 7928b47c8e06c1ac3f63d321a73dd527aea4e4c3 (diff)
4 files changed, 103 insertions, 6 deletions
diff --git a/spec/models/bulk_imports/failure_spec.rb b/spec/models/bulk_imports/failure_spec.rb
index cde62659a48..b3fd60ba348 100644
--- a/spec/models/bulk_imports/failure_spec.rb
+++ b/spec/models/bulk_imports/failure_spec.rb
@@ -3,15 +3,45 @@
 require 'spec_helper'
 
 RSpec.describe BulkImports::Failure, type: :model do
+  let(:failure) { create(:bulk_import_failure) }
+
   describe 'associations' do
     it { is_expected.to belong_to(:entity).required }
   end
 
   describe 'validations' do
-    before do
-      create(:bulk_import_failure)
+    it { is_expected.to validate_presence_of(:entity) }
+  end
+
+  describe '#relation' do
+    context 'when pipeline class is valid' do
+      it 'returns pipeline defined relation' do
+        failure.update!(pipeline_class: 'BulkImports::Common::Pipelines::WikiPipeline')
+
+        expect(failure.relation).to eq('wiki')
+      end
     end
 
-    it { is_expected.to validate_presence_of(:entity) }
+    context 'when pipeline class is invalid' do
+      it 'returns default relation' do
+        failure.update!(pipeline_class: 'foobar')
+
+        expect(failure.relation).to eq('foobar')
+      end
+
+      context 'when pipeline class is outside of BulkImports namespace' do
+        it 'returns default relation' do
+          failure.update!(pipeline_class: 'Gitlab::ImportExport::Importer')
+
+          expect(failure.relation).to eq('importer')
+        end
+      end
+
+      it 'returns demodulized, underscored, chomped string' do
+        failure.update!(pipeline_class: 'BulkImports::Pipelines::Test::TestRelationPipeline')
+
+        expect(failure.relation).to eq('test_relation')
+      end
+    end
   end
 end
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index 52142278c15..279556ac75d 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -2817,6 +2817,14 @@ RSpec.describe Ci::Build do
         end
       end
 
+      context 'when the opt_in_jwt project setting is true' do
+        it 'does not include the JWT variables' do
+          project.ci_cd_settings.update!(opt_in_jwt: true)
+
+          expect(subject.pluck(:key)).not_to include('CI_JOB_JWT', 'CI_JOB_JWT_V1', 'CI_JOB_JWT_V2')
+        end
+      end
+
       describe 'variables ordering' do
         context 'when variables hierarchy is stubbed' do
           let(:build_pre_var) { { key: 'build', value: 'value', public: true, masked: false } }
@@ -3527,6 +3535,49 @@ RSpec.describe Ci::Build do
 
       it { is_expected.to include(key: job_variable.key, value: job_variable.value, public: false, masked: false) }
     end
+
+    context 'when ID tokens are defined on the build' do
+      before do
+        rsa_key = OpenSSL::PKey::RSA.generate(3072).to_s
+        stub_application_setting(ci_jwt_signing_key: rsa_key)
+        build.metadata.update!(id_tokens: {
+                                 'ID_TOKEN_1' => { id_token: { aud: 'developers' } },
+                                 'ID_TOKEN_2' => { id_token: { aud: 'maintainers' } }
+                               })
+      end
+
+      subject(:runner_vars) { build.variables.to_runner_variables }
+
+      it 'includes the ID token variables' do
+        expect(runner_vars).to include(
+          a_hash_including(key: 'ID_TOKEN_1', public: false, masked: true),
+          a_hash_including(key: 'ID_TOKEN_2', public: false, masked: true)
+        )
+
+        id_token_var_1 = runner_vars.find { |var| var[:key] == 'ID_TOKEN_1' }
+        id_token_var_2 = runner_vars.find { |var| var[:key] == 'ID_TOKEN_2' }
+        id_token_1 = JWT.decode(id_token_var_1[:value], nil, false).first
+        id_token_2 = JWT.decode(id_token_var_2[:value], nil, false).first
+        expect(id_token_1['aud']).to eq('developers')
+        expect(id_token_2['aud']).to eq('maintainers')
+      end
+
+      context 'when a NoSigningKeyError is raised' do
+        it 'does not include the ID token variables' do
+          allow(::Gitlab::Ci::JwtV2).to receive(:for_build).and_raise(::Gitlab::Ci::Jwt::NoSigningKeyError)
+
+          expect(runner_vars.map { |var| var[:key] }).not_to include('ID_TOKEN_1', 'ID_TOKEN_2')
+        end
+      end
+
+      context 'when a RSAError is raised' do
+        it 'does not include the ID token variables' do
+          allow(::Gitlab::Ci::JwtV2).to receive(:for_build).and_raise(::OpenSSL::PKey::RSAError)
+
+          expect(runner_vars.map { |var| var[:key] }).not_to include('ID_TOKEN_1', 'ID_TOKEN_2')
+        end
+      end
+    end
   end
 
   describe '#scoped_variables' do
diff --git a/spec/models/ci/processable_spec.rb b/spec/models/ci/processable_spec.rb
index 61e2864a518..a199111b1e3 100644
--- a/spec/models/ci/processable_spec.rb
+++ b/spec/models/ci/processable_spec.rb
@@ -177,7 +177,7 @@ RSpec.describe Ci::Processable do
           Ci::Build.attribute_names.map(&:to_sym) +
           Ci::Build.attribute_aliases.keys.map(&:to_sym) +
           Ci::Build.reflect_on_all_associations.map(&:name) +
-          [:tag_list, :needs_attributes, :job_variables_attributes] -
+          [:tag_list, :needs_attributes, :job_variables_attributes, :id_tokens] -
           # ToDo: Move EE accessors to ee/
           ::Ci::Build.extra_accessors -
           [:dast_site_profiles_build, :dast_scanner_profiles_build]
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index bd46fb9b1a6..6fbf69ec23a 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -40,12 +40,20 @@ RSpec.describe Repository do
   end
 
   describe '#branch_names_contains' do
-    subject { repository.branch_names_contains(sample_commit.id) }
+    subject { repository.branch_names_contains(sample_commit.id, **opts) }
+
+    let(:opts) { {} }
 
     it { is_expected.to include('master') }
     it { is_expected.not_to include('feature') }
     it { is_expected.not_to include('fix') }
 
+    context 'when limit is provided' do
+      let(:opts) { { limit: 1 } }
+
+      it { is_expected.to match_array(["'test'"]) }
+    end
+
     describe 'when storage is broken', :broken_storage do
       it 'raises a storage error' do
         expect_to_raise_storage_error do
@@ -56,10 +64,18 @@ RSpec.describe Repository do
   end
 
   describe '#tag_names_contains' do
-    subject { repository.tag_names_contains(sample_commit.id) }
+    subject { repository.tag_names_contains(sample_commit.id, **opts) }
+
+    let(:opts) { {} }
 
     it { is_expected.to include('v1.1.0') }
     it { is_expected.not_to include('v1.0.0') }
+
+    context 'when limit is provided' do
+      let(:opts) { { limit: 1 } }
+
+      it { is_expected.to match_array(['v1.1.0']) }
+    end
   end
 
   describe '#tags_sorted_by' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-10-04 18:09:33 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-10-04 18:09:33 +0300
commit	bf6d126a58a66a11b2e4b9de89986174a1885105 (patch)
tree	bf2912b22073ed86969a56935d81cae0b73e710b /spec/models
parent	7928b47c8e06c1ac3f63d321a73dd527aea4e4c3 (diff)