diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-02 21:23:43 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-02 21:23:43 +0300 |
commit | b8110282a17d805dc28fb94f2d62f164bd1c3665 (patch) | |
tree | 722c853c14f1eff27ae260f2ad331c219b3ddd63 /spec/requests | |
parent | bfbbc52faaae2a1a06e065511a1a8661203e868a (diff) |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/ci/pipeline_schedules_spec.rb | 106 | ||||
-rw-r--r-- | spec/requests/api/internal/kubernetes_spec.rb | 12 | ||||
-rw-r--r-- | spec/requests/api/terraform/state_spec.rb | 7 |
3 files changed, 103 insertions, 22 deletions
diff --git a/spec/requests/api/ci/pipeline_schedules_spec.rb b/spec/requests/api/ci/pipeline_schedules_spec.rb index e0199b7b51c..4c8a356469d 100644 --- a/spec/requests/api/ci/pipeline_schedules_spec.rb +++ b/spec/requests/api/ci/pipeline_schedules_spec.rb @@ -97,46 +97,112 @@ RSpec.describe API::Ci::PipelineSchedules do pipeline_schedule.pipelines << build(:ci_pipeline, project: project) end - context 'authenticated user with valid permissions' do - it 'returns pipeline_schedule details' do - get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", developer) - + matcher :return_pipeline_schedule_sucessfully do + match_unless_raises do |reponse| expect(response).to have_gitlab_http_status(:ok) expect(response).to match_response_schema('pipeline_schedule') end + end - it 'responds with 404 Not Found if requesting non-existing pipeline_schedule' do - get api("/projects/#{project.id}/pipeline_schedules/-5", developer) + shared_context 'request with project permissions' do + context 'authenticated user with project permisions' do + before do + project.add_maintainer(user) + end - expect(response).to have_gitlab_http_status(:not_found) + it 'returns pipeline_schedule details' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + + expect(response).to return_pipeline_schedule_sucessfully + expect(json_response).to have_key('variables') + end end end - context 'authenticated user with invalid permissions' do - it 'does not return pipeline_schedules list' do - get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + shared_examples 'request with schedule ownership' do + context 'authenticated user with pipeline schedule ownership' do + it 'returns pipeline_schedule details' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", developer) - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to return_pipeline_schedule_sucessfully + expect(json_response).to have_key('variables') + end end end - context 'authenticated user with insufficient permissions' do - before do - project.add_guest(user) + shared_examples 'request with unauthenticated user' do + context 'with unauthenticated user' do + it 'does not return pipeline_schedule' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}") + + expect(response).to have_gitlab_http_status(:unauthorized) + end end + end - it 'does not return pipeline_schedules list' do - get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + shared_examples 'request with non-existing pipeline_schedule' do + it 'responds with 404 Not Found if requesting non-existing pipeline_schedule' do + get api("/projects/#{project.id}/pipeline_schedules/-5", developer) expect(response).to have_gitlab_http_status(:not_found) end end - context 'unauthenticated user' do - it 'does not return pipeline_schedules list' do - get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}") + context 'with private project' do + it_behaves_like 'request with schedule ownership' + it_behaves_like 'request with project permissions' + it_behaves_like 'request with unauthenticated user' + it_behaves_like 'request with non-existing pipeline_schedule' - expect(response).to have_gitlab_http_status(:unauthorized) + context 'authenticated user with no project permissions' do + it 'does not return pipeline_schedule' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'authenticated user with insufficient project permissions' do + before do + project.add_guest(user) + end + + it 'does not return pipeline_schedule' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'with public project' do + let_it_be(:project) { create(:project, :repository, :public, public_builds: false) } + + it_behaves_like 'request with schedule ownership' + it_behaves_like 'request with project permissions' + it_behaves_like 'request with unauthenticated user' + it_behaves_like 'request with non-existing pipeline_schedule' + + context 'authenticated user with no project permissions' do + it 'returns pipeline_schedule with no variables' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + + expect(response).to return_pipeline_schedule_sucessfully + expect(json_response).not_to have_key('variables') + end + end + + context 'authenticated user with insufficient project permissions' do + before do + project.add_guest(user) + end + + it 'returns pipeline_schedule with no variables' do + get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user) + + expect(response).to return_pipeline_schedule_sucessfully + expect(json_response).not_to have_key('variables') + end end end end diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb index f669483b5a4..a532b8e59f2 100644 --- a/spec/requests/api/internal/kubernetes_spec.rb +++ b/spec/requests/api/internal/kubernetes_spec.rb @@ -166,6 +166,16 @@ RSpec.describe API::Internal::Kubernetes do ) ) end + + context 'repository is for project members only' do + let(:project) { create(:project, :public, :repository_private) } + + it 'returns 404' do + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:not_found) + end + end end context 'project is private' do @@ -190,7 +200,7 @@ RSpec.describe API::Internal::Kubernetes do context 'project does not exist' do it 'returns 404' do - send_request(params: { id: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + send_request(params: { id: non_existing_record_id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) expect(response).to have_gitlab_http_status(:not_found) end diff --git a/spec/requests/api/terraform/state_spec.rb b/spec/requests/api/terraform/state_spec.rb index 8d128bd911f..3466921bff6 100644 --- a/spec/requests/api/terraform/state_spec.rb +++ b/spec/requests/api/terraform/state_spec.rb @@ -125,6 +125,7 @@ RSpec.describe API::Terraform::State do expect { request }.to change { Terraform::State.count }.by(0) expect(response).to have_gitlab_http_status(:ok) + expect(Gitlab::Json.parse(response.body)).to be_empty end context 'on Unicorn', :unicorn do @@ -132,6 +133,7 @@ RSpec.describe API::Terraform::State do expect { request }.to change { Terraform::State.count }.by(0) expect(response).to have_gitlab_http_status(:ok) + expect(Gitlab::Json.parse(response.body)).to be_empty end end end @@ -167,6 +169,7 @@ RSpec.describe API::Terraform::State do expect { request }.to change { Terraform::State.count }.by(1) expect(response).to have_gitlab_http_status(:ok) + expect(Gitlab::Json.parse(response.body)).to be_empty end context 'on Unicorn', :unicorn do @@ -174,6 +177,7 @@ RSpec.describe API::Terraform::State do expect { request }.to change { Terraform::State.count }.by(1) expect(response).to have_gitlab_http_status(:ok) + expect(Gitlab::Json.parse(response.body)).to be_empty end end end @@ -206,10 +210,11 @@ RSpec.describe API::Terraform::State do context 'with maintainer permissions' do let(:current_user) { maintainer } - it 'deletes the state' do + it 'deletes the state and returns empty body' do expect { request }.to change { Terraform::State.count }.by(-1) expect(response).to have_gitlab_http_status(:ok) + expect(Gitlab::Json.parse(response.body)).to be_empty end end |