Remove internal api calls from the rack::attack throttling

author: Francisco Javier López <fjlopez@gitlab.com> 2018-02-15 19:54:36 +0300
committer: Douwe Maan <douwe@gitlab.com> 2018-02-15 19:54:36 +0300
commit: 5ddd576c7e93da1c97b81af90f65e1f368266547 (patch)
tree: e11e5af31745f2f053354715a0f48dba10a50e3d /spec/requests/rack_attack_global_spec.rb
parent: e5df66e1af47ea9bbd526657f9af913618e6f3ee (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb
index 0fec14d0cce..b18e922b063 100644
--- a/spec/requests/rack_attack_global_spec.rb
+++ b/spec/requests/rack_attack_global_spec.rb
@@ -22,6 +22,7 @@ describe 'Rack Attack global throttles' do
 
   let(:url_that_does_not_require_authentication) { '/users/sign_in' }
   let(:url_that_requires_authentication) { '/dashboard/snippets' }
+  let(:url_api_internal) { '/api/v4/internal/check' }
   let(:api_partial_url) { '/todos' }
 
   around do |example|
@@ -172,6 +173,15 @@ describe 'Rack Attack global throttles' do
         get url_that_does_not_require_authentication
         expect(response).to have_http_status 200
       end
+
+      context 'when the request is to the api internal endpoints' do
+        it 'allows requests over the rate limit' do
+          (1 + requests_per_period).times do
+            get url_api_internal, secret_token: Gitlab::Shell.secret_token
+            expect(response).to have_http_status 200
+          end
+        end
+      end
     end
 
     context 'when the throttle is disabled' do
author	Francisco Javier López <fjlopez@gitlab.com>	2018-02-15 19:54:36 +0300
committer	Douwe Maan <douwe@gitlab.com>	2018-02-15 19:54:36 +0300
commit	5ddd576c7e93da1c97b81af90f65e1f368266547 (patch)
tree	e11e5af31745f2f053354715a0f48dba10a50e3d /spec/requests/rack_attack_global_spec.rb
parent	e5df66e1af47ea9bbd526657f9af913618e6f3ee (diff)