diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 13:00:54 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-20 13:00:54 +0300 |
commit | 3cccd102ba543e02725d247893729e5c73b38295 (patch) | |
tree | f36a04ec38517f5deaaacb5acc7d949688d1e187 /spec/requests/api/settings_spec.rb | |
parent | 205943281328046ef7b4528031b90fbda70c75ac (diff) |
Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42
Diffstat (limited to 'spec/requests/api/settings_spec.rb')
-rw-r--r-- | spec/requests/api/settings_spec.rb | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/spec/requests/api/settings_spec.rb b/spec/requests/api/settings_spec.rb index f7048a1ca6b..c724c69045e 100644 --- a/spec/requests/api/settings_spec.rb +++ b/spec/requests/api/settings_spec.rb @@ -91,7 +91,7 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting do end end - it "updates application settings" do + it "updates application settings", fips_mode: false do put api("/application/settings", admin), params: { default_ci_config_path: 'debian/salsa-ci.yml', @@ -286,6 +286,55 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting do expect(json_response['hashed_storage_enabled']).to eq(true) end + context 'SSH key restriction settings', :fips_mode do + let(:settings) do + { + dsa_key_restriction: -1, + ecdsa_key_restriction: 256, + ecdsa_sk_key_restriction: 256, + ed25519_key_restriction: 256, + ed25519_sk_key_restriction: 256, + rsa_key_restriction: 3072 + } + end + + it 'allows updating the settings' do + put api("/application/settings", admin), params: settings + + expect(response).to have_gitlab_http_status(:ok) + settings.each do |attribute, value| + expect(ApplicationSetting.current.public_send(attribute)).to eq(value) + end + end + + it 'does not allow DSA keys' do + put api("/application/settings", admin), params: { dsa_key_restriction: 1024 } + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'does not allow short RSA key values' do + put api("/application/settings", admin), params: { rsa_key_restriction: 2048 } + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'does not allow unrestricted key lengths' do + types = %w(dsa_key_restriction + ecdsa_key_restriction + ecdsa_sk_key_restriction + ed25519_key_restriction + ed25519_sk_key_restriction + rsa_key_restriction) + + types.each do |type| + put api("/application/settings", admin), params: { type => 0 } + + expect(response).to have_gitlab_http_status(:bad_request) + end + end + end + context 'external policy classification settings' do let(:settings) do { |