Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

3 files changed, 53 insertions, 32 deletions

diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index 6fe77727702..e04f63befd0 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -220,6 +220,8 @@ RSpec.describe API::Internal::Base do
     end
 
     it 'returns a token without expiry when the expires_at parameter is missing' do
+      token_size = (PersonalAccessToken.token_prefix || '').size + 20
+
       post api('/internal/personal_access_token'),
            params: {
              secret_token: secret_token,
@@ -229,12 +231,14 @@ RSpec.describe API::Internal::Base do
            }
 
       expect(json_response['success']).to be_truthy
-      expect(json_response['token']).to match(/\A\S{20}\z/)
+      expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
       expect(json_response['scopes']).to match_array(%w(read_api read_repository))
       expect(json_response['expires_at']).to be_nil
     end
 
     it 'returns a token with expiry when it receives a valid expires_at parameter' do
+      token_size = (PersonalAccessToken.token_prefix || '').size + 20
+
       post api('/internal/personal_access_token'),
            params: {
              secret_token: secret_token,
@@ -245,7 +249,7 @@ RSpec.describe API::Internal::Base do
            }
 
       expect(json_response['success']).to be_truthy
-      expect(json_response['token']).to match(/\A\S{20}\z/)
+      expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
       expect(json_response['scopes']).to match_array(%w(read_api read_repository))
       expect(json_response['expires_at']).to eq('9001-11-17')
     end
@@ -722,8 +726,7 @@ RSpec.describe API::Internal::Base do
           'ssh',
           {
             authentication_abilities: [:read_project, :download_code, :push_code],
-            namespace_path: project.namespace.path,
-            repository_path: project.path,
+            repository_path: "#{project.full_path}.git",
             redirected_path: nil
           }
         ).and_return(access_checker)
@@ -1337,9 +1340,13 @@ RSpec.describe API::Internal::Base do
       end
 
       context 'when the OTP is valid' do
-        it 'returns success' do
+        it 'registers a new OTP session and returns success' do
           allow_any_instance_of(Users::ValidateOtpService).to receive(:execute).with(otp).and_return(status: :success)
 
+          expect_next_instance_of(::Gitlab::Auth::Otp::SessionEnforcer) do |session_enforcer|
+            expect(session_enforcer).to receive(:update_session).once
+          end
+
           subject
 
           expect(json_response['success']).to be_truthy
diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb
index a532b8e59f2..afff3647b91 100644
--- a/spec/requests/api/internal/kubernetes_spec.rb
+++ b/spec/requests/api/internal/kubernetes_spec.rb
@@ -87,7 +87,7 @@ RSpec.describe API::Internal::Kubernetes do
     end
   end
 
-  describe "GET /internal/kubernetes/agent_info" do
+  describe 'GET /internal/kubernetes/agent_info' do
     def send_request(headers: {}, params: {})
       get api('/internal/kubernetes/agent_info'), params: params, headers: headers.reverse_merge(jwt_auth_headers)
     end
@@ -137,9 +137,7 @@ RSpec.describe API::Internal::Kubernetes do
     include_examples 'agent authentication'
 
     context 'an agent is found' do
-      let!(:agent_token) { create(:cluster_agent_token) }
-
-      let(:agent) { agent_token.agent }
+      let_it_be(:agent_token) { create(:cluster_agent_token) }
 
       context 'project is public' do
         let(:project) { create(:project, :public) }
@@ -186,6 +184,16 @@ RSpec.describe API::Internal::Kubernetes do
 
           expect(response).to have_gitlab_http_status(:not_found)
         end
+
+        context 'and agent belongs to project' do
+          let(:agent_token) { create(:cluster_agent_token, agent: create(:cluster_agent, project: project)) }
+
+          it 'returns 200' do
+            send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+
+            expect(response).to have_gitlab_http_status(:success)
+          end
+        end
       end
 
       context 'project is internal' do
diff --git a/spec/requests/api/internal/pages_spec.rb b/spec/requests/api/internal/pages_spec.rb
index 9a63e2a8ed5..5b970ca605c 100644
--- a/spec/requests/api/internal/pages_spec.rb
+++ b/spec/requests/api/internal/pages_spec.rb
@@ -128,32 +128,38 @@ RSpec.describe API::Internal::Pages do
             )
           end
 
-          it 'responds with proxy configuration' do
+          it 'responds with 204 because of feature deprecation' do
             query_host(serverless_domain.uri.host)
 
-            expect(response).to have_gitlab_http_status(:ok)
-            expect(response).to match_response_schema('internal/serverless/virtual_domain')
-
-            expect(json_response['certificate']).to eq(pages_domain.certificate)
-            expect(json_response['key']).to eq(pages_domain.key)
+            expect(response).to have_gitlab_http_status(:no_content)
+            expect(response.body).to be_empty
 
-            expect(json_response['lookup_paths']).to eq(
-              [
-                {
-                  'source' => {
-                    'type' => 'serverless',
-                    'service' => "test-function.#{project.name}-#{project.id}-#{environment.slug}.#{serverless_domain_cluster.knative.hostname}",
-                    'cluster' => {
-                      'hostname' => serverless_domain_cluster.knative.hostname,
-                      'address' => serverless_domain_cluster.knative.external_ip,
-                      'port' => 443,
-                      'cert' => serverless_domain_cluster.certificate,
-                      'key' => serverless_domain_cluster.key
-                    }
-                  }
-                }
-              ]
-            )
+            ##
+            # Serverless serving and reverse proxy to Kubernetes / Knative has
+            #   been deprecated and disabled, as per
+            #   https://gitlab.com/gitlab-org/gitlab-pages/-/issues/467
+            #
+            # expect(response).to match_response_schema('internal/serverless/virtual_domain')
+            # expect(json_response['certificate']).to eq(pages_domain.certificate)
+            # expect(json_response['key']).to eq(pages_domain.key)
+            #
+            # expect(json_response['lookup_paths']).to eq(
+            #   [
+            #     {
+            #       'source' => {
+            #         'type' => 'serverless',
+            #         'service' => "test-function.#{project.name}-#{project.id}-#{environment.slug}.#{serverless_domain_cluster.knative.hostname}",
+            #         'cluster' => {
+            #           'hostname' => serverless_domain_cluster.knative.hostname,
+            #           'address' => serverless_domain_cluster.knative.external_ip,
+            #           'port' => 443,
+            #           'cert' => serverless_domain_cluster.certificate,
+            #           'key' => serverless_domain_cluster.key
+            #         }
+            #       }
+            #     }
+            #   ]
+            # )
           end
         end
       end