Add latest changes from gitlab-org/gitlab@master

5 files changed, 369 insertions, 338 deletions

diff --git a/spec/support/helpers/workhorse_helpers.rb b/spec/support/helpers/workhorse_helpers.rb
index cd8387de686..83bda6e03b1 100644
--- a/spec/support/helpers/workhorse_helpers.rb
+++ b/spec/support/helpers/workhorse_helpers.rb
@@ -24,7 +24,12 @@ module WorkhorseHelpers
 
   # workhorse_post_with_file will transform file_key inside params as if it was disk accelerated by workhorse
   def workhorse_post_with_file(url, file_key:, params:)
-    workhorse_request_with_file(:post, url,
+    workhorse_form_with_file(url, method: :post, file_key: file_key, params: params)
+  end
+
+  # workhorse_form_with_file will transform file_key inside params as if it was disk accelerated by workhorse
+  def workhorse_form_with_file(url, file_key:, params:, method: :post)
+    workhorse_request_with_file(method, url,
                                 file_key: file_key,
                                 params: params,
                                 env: { 'CONTENT_TYPE' => 'multipart/form-data' },
diff --git a/spec/support/shared_contexts/requests/api/debian_repository_shared_context.rb b/spec/support/shared_contexts/requests/api/debian_repository_shared_context.rb
new file mode 100644
index 00000000000..95b8b7ed9f8
--- /dev/null
+++ b/spec/support/shared_contexts/requests/api/debian_repository_shared_context.rb
@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+RSpec.shared_context 'Debian repository shared context' do |container_type, can_freeze|
+  include_context 'workhorse headers'
+
+  before do
+    stub_feature_flags(debian_packages: true, debian_group_packages: true)
+  end
+
+  let_it_be(:private_container, freeze: can_freeze) { create(container_type, :private) }
+  let_it_be(:public_container, freeze: can_freeze) { create(container_type, :public) }
+  let_it_be(:user, freeze: true) { create(:user) }
+  let_it_be(:personal_access_token, freeze: true) { create(:personal_access_token, user: user) }
+
+  let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: private_container, codename: 'existing-codename') }
+  let_it_be(:private_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: private_distribution) }
+  let_it_be(:private_component, freeze: true) { create("debian_#{container_type}_component", distribution: private_distribution, name: 'existing-component') }
+  let_it_be(:private_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'all') }
+  let_it_be(:private_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'existing-arch') }
+  let_it_be(:private_component_file) { create("debian_#{container_type}_component_file", component: private_component, architecture: private_architecture) }
+
+  let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: public_container, codename: 'existing-codename') }
+  let_it_be(:public_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: public_distribution) }
+  let_it_be(:public_component, freeze: true) { create("debian_#{container_type}_component", distribution: public_distribution, name: 'existing-component') }
+  let_it_be(:public_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'all') }
+  let_it_be(:public_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'existing-arch') }
+  let_it_be(:public_component_file) { create("debian_#{container_type}_component_file", component: public_component, architecture: public_architecture) }
+
+  if container_type == :group
+    let_it_be(:private_project) { create(:project, :private, group: private_container) }
+    let_it_be(:public_project) { create(:project, :public, group: public_container) }
+    let_it_be(:private_project_distribution) { create(:debian_project_distribution, container: private_project, codename: 'existing-codename') }
+    let_it_be(:public_project_distribution) { create(:debian_project_distribution, container: public_project, codename: 'existing-codename') }
+
+    let(:project) { { private: private_project, public: public_project }[visibility_level] }
+  else
+    let_it_be(:private_project) { private_container }
+    let_it_be(:public_project) { public_container }
+    let_it_be(:private_project_distribution) { private_distribution }
+    let_it_be(:public_project_distribution) { public_distribution }
+  end
+
+  let_it_be(:private_package) { create(:debian_package, project: private_project, published_in: private_project_distribution) }
+  let_it_be(:public_package) { create(:debian_package, project: public_project, published_in: public_project_distribution) }
+
+  let(:visibility_level) { :public }
+
+  let(:distribution) { { private: private_distribution, public: public_distribution }[visibility_level] }
+  let(:architecture) { { private: private_architecture, public: public_architecture }[visibility_level] }
+  let(:component) { { private: private_component, public: public_component }[visibility_level] }
+  let(:component_file) { { private: private_component_file, public: public_component_file }[visibility_level] }
+  let(:package) { { private: private_package, public: public_package }[visibility_level] }
+  let(:letter) { package.name[0..2] == 'lib' ? package.name[0..3] : package.name[0] }
+
+  let(:method) { :get }
+
+  let(:workhorse_params) do
+    if method == :put
+      file_upload = fixture_file_upload("spec/fixtures/packages/debian/#{file_name}")
+      { file: file_upload }
+    else
+      {}
+    end
+  end
+
+  let(:api_params) { workhorse_params }
+
+  let(:auth_headers) { {} }
+  let(:wh_headers) do
+    if method == :put
+      workhorse_headers
+    else
+      {}
+    end
+  end
+
+  let(:headers) { auth_headers.merge(wh_headers) }
+
+  let(:send_rewritten_field) { true }
+
+  subject do
+    if method == :put
+      workhorse_finalize(
+        api(url),
+        method: method,
+        file_key: :file,
+        params: api_params,
+        headers: headers,
+        send_rewritten_field: send_rewritten_field
+      )
+    else
+      send method, api(url), headers: headers, params: api_params
+    end
+  end
+end
+
+RSpec.shared_context 'Debian repository auth headers' do |user_type, auth_method = :private_token|
+  let(:token) { user_type == :invalid_token ? 'wrong' : personal_access_token.token }
+
+  let(:auth_headers) do
+    if user_type == :anonymous
+      {}
+    elsif auth_method == :private_token
+      { 'Private-Token' => token }
+    else
+      basic_auth_header(user.username, token)
+    end
+  end
+end
+
+RSpec.shared_context 'Debian repository access' do |visibility_level, user_type, auth_method|
+  include_context 'Debian repository auth headers', user_type, auth_method do
+    let(:containers) { { private: private_container, public: public_container } }
+    let(:container) { containers[visibility_level] }
+
+    before do
+      container.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member && user_type != :invalid_token
+    end
+  end
+end
diff --git a/spec/support/shared_examples/requests/api/debian_common_shared_examples.rb b/spec/support/shared_examples/requests/api/debian_common_shared_examples.rb
new file mode 100644
index 00000000000..e0225070986
--- /dev/null
+++ b/spec/support/shared_examples/requests/api/debian_common_shared_examples.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'rejects Debian access with unknown container id' do |anonymous_status, auth_method|
+  context 'with an unknown container' do
+    let(:container) { double(id: non_existing_record_id) }
+
+    context 'as anonymous' do
+      it_behaves_like 'Debian packages GET request', anonymous_status, nil
+    end
+
+    context 'as authenticated user' do
+      include_context 'Debian repository auth headers', :not_a_member, auth_method do
+        it_behaves_like 'Debian packages GET request', :not_found, nil
+      end
+    end
+  end
+end
diff --git a/spec/support/shared_examples/requests/api/debian_distributions_shared_examples.rb b/spec/support/shared_examples/requests/api/debian_distributions_shared_examples.rb
new file mode 100644
index 00000000000..5cd63c33936
--- /dev/null
+++ b/spec/support/shared_examples/requests/api/debian_distributions_shared_examples.rb
@@ -0,0 +1,192 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'Debian distributions GET request' do |status, body = nil|
+  and_body = body.nil? ? '' : ' and expected body'
+
+  it "returns #{status}#{and_body}" do
+    subject
+
+    expect(response).to have_gitlab_http_status(status)
+
+    unless body.nil?
+      expect(response.body).to match(body)
+    end
+  end
+end
+
+RSpec.shared_examples 'Debian distributions PUT request' do |status, body|
+  and_body = body.nil? ? '' : ' and expected body'
+
+  if status == :success
+    it 'updates distribution', :aggregate_failures do
+      expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
+
+      expect { subject }
+          .to not_change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }
+          .and not_change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }
+          .and not_change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }
+
+      expect(response).to have_gitlab_http_status(status)
+      expect(response.media_type).to eq('application/json')
+
+      unless body.nil?
+        expect(response.body).to match(body)
+      end
+    end
+  else
+    it "returns #{status}#{and_body}", :aggregate_failures do
+      subject
+
+      expect(response).to have_gitlab_http_status(status)
+
+      unless body.nil?
+        expect(response.body).to match(body)
+      end
+    end
+  end
+end
+
+RSpec.shared_examples 'Debian distributions DELETE request' do |status, body|
+  and_body = body.nil? ? '' : ' and expected body'
+
+  if status == :success
+    it 'updates distribution', :aggregate_failures do
+      expect { subject }
+          .to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(-1)
+          .and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(-1)
+          .and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(-2)
+
+      expect(response).to have_gitlab_http_status(status)
+      expect(response.media_type).to eq('application/json')
+
+      unless body.nil?
+        expect(response.body).to match(body)
+      end
+    end
+  else
+    it "returns #{status}#{and_body}", :aggregate_failures do
+      subject
+
+      expect(response).to have_gitlab_http_status(status)
+
+      unless body.nil?
+        expect(response.body).to match(body)
+      end
+    end
+  end
+end
+
+RSpec.shared_examples 'Debian distributions POST request' do |status, body|
+  and_body = body.nil? ? '' : ' and expected body'
+
+  if status == :created
+    it 'creates distribution', :aggregate_failures do
+      expect(::Packages::Debian::CreateDistributionService).to receive(:new).with(container, user, api_params).and_call_original
+
+      expect { subject }
+          .to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(1)
+          .and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(1)
+          .and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(2)
+
+      expect(response).to have_gitlab_http_status(status)
+      expect(response.media_type).to eq('application/json')
+
+      unless body.nil?
+        expect(response.body).to match(body)
+      end
+    end
+  else
+    it "returns #{status}#{and_body}", :aggregate_failures do
+      subject
+
+      expect(response).to have_gitlab_http_status(status)
+
+      unless body.nil?
+        expect(response.body).to match(body)
+      end
+    end
+  end
+end
+
+RSpec.shared_examples 'Debian distributions read endpoint' do |desired_behavior, success_status, success_body|
+  context 'with valid container' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
+      :public  | :guest         | :private_token | success_status | success_body
+      :public  | :not_a_member  | :private_token | success_status | success_body
+      :public  | :anonymous     | :private_token | success_status | success_body
+      :public  | :invalid_token | :private_token | :unauthorized  | nil
+      :private | :developer     | :private_token | success_status | success_body
+      :private | :developer     | :basic         | :not_found     | nil
+      :private | :guest         | :private_token | :forbidden     | nil
+      :private | :not_a_member  | :private_token | :not_found     | nil
+      :private | :anonymous     | :private_token | :not_found     | nil
+      :private | :invalid_token | :private_token | :unauthorized  | nil
+    end
+
+    with_them do
+      include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
+        it_behaves_like "Debian distributions #{desired_behavior} request", params[:expected_status], params[:expected_body]
+      end
+    end
+  end
+
+  it_behaves_like 'rejects Debian access with unknown container id', :not_found, :private_token
+end
+
+RSpec.shared_examples 'Debian distributions write endpoint' do |desired_behavior, success_status, success_body|
+  context 'with valid container' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
+      :public  | :developer     | :private_token | success_status | success_body
+      :public  | :developer     | :basic         | :unauthorized  | nil
+      :public  | :guest         | :private_token | :forbidden     | nil
+      :public  | :not_a_member  | :private_token | :forbidden     | nil
+      :public  | :anonymous     | :private_token | :unauthorized  | nil
+      :public  | :invalid_token | :private_token | :unauthorized  | nil
+      :private | :developer     | :private_token | success_status | success_body
+      :private | :guest         | :private_token | :forbidden     | nil
+      :private | :not_a_member  | :private_token | :not_found     | nil
+      :private | :anonymous     | :private_token | :not_found     | nil
+      :private | :invalid_token | :private_token | :unauthorized  | nil
+    end
+
+    with_them do
+      include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
+        it_behaves_like "Debian distributions #{desired_behavior} request", params[:expected_status], params[:expected_body]
+      end
+    end
+  end
+
+  it_behaves_like 'rejects Debian access with unknown container id', :not_found, :private_token
+end
+
+RSpec.shared_examples 'Debian distributions maintainer write endpoint' do |desired_behavior, success_status, success_body|
+  context 'with valid container' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
+      :public  | :maintainer    | :private_token | success_status | success_body
+      :public  | :maintainer    | :basic         | :unauthorized  | nil
+      :public  | :developer     | :private_token | :forbidden     | nil
+      :public  | :not_a_member  | :private_token | :forbidden     | nil
+      :public  | :anonymous     | :private_token | :unauthorized  | nil
+      :public  | :invalid_token | :private_token | :unauthorized  | nil
+      :private | :maintainer    | :private_token | success_status | success_body
+      :private | :developer     | :private_token | :forbidden     | nil
+      :private | :not_a_member  | :private_token | :not_found     | nil
+      :private | :anonymous     | :private_token | :not_found     | nil
+      :private | :invalid_token | :private_token | :unauthorized  | nil
+    end
+
+    with_them do
+      include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
+        it_behaves_like "Debian distributions #{desired_behavior} request", params[:expected_status], params[:expected_body]
+      end
+    end
+  end
+
+  it_behaves_like 'rejects Debian access with unknown container id', :not_found, :private_token
+end
diff --git a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
index 39714e46f4e..2fd5e6a5f91 100644
--- a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
@@ -1,129 +1,6 @@
 # frozen_string_literal: true
 
-RSpec.shared_context 'Debian repository shared context' do |container_type, can_freeze|
-  include_context 'workhorse headers'
-
-  before do
-    stub_feature_flags(debian_packages: true, debian_group_packages: true)
-  end
-
-  let_it_be(:private_container, freeze: can_freeze) { create(container_type, :private) }
-  let_it_be(:public_container, freeze: can_freeze) { create(container_type, :public) }
-  let_it_be(:user, freeze: true) { create(:user) }
-  let_it_be(:personal_access_token, freeze: true) { create(:personal_access_token, user: user) }
-
-  let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: private_container, codename: 'existing-codename') }
-  let_it_be(:private_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: private_distribution) }
-  let_it_be(:private_component, freeze: true) { create("debian_#{container_type}_component", distribution: private_distribution, name: 'existing-component') }
-  let_it_be(:private_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'all') }
-  let_it_be(:private_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'existing-arch') }
-  let_it_be(:private_component_file) { create("debian_#{container_type}_component_file", component: private_component, architecture: private_architecture) }
-
-  let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: public_container, codename: 'existing-codename') }
-  let_it_be(:public_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: public_distribution) }
-  let_it_be(:public_component, freeze: true) { create("debian_#{container_type}_component", distribution: public_distribution, name: 'existing-component') }
-  let_it_be(:public_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'all') }
-  let_it_be(:public_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'existing-arch') }
-  let_it_be(:public_component_file) { create("debian_#{container_type}_component_file", component: public_component, architecture: public_architecture) }
-
-  if container_type == :group
-    let_it_be(:private_project) { create(:project, :private, group: private_container) }
-    let_it_be(:public_project) { create(:project, :public, group: public_container) }
-    let_it_be(:private_project_distribution) { create(:debian_project_distribution, container: private_project, codename: 'existing-codename') }
-    let_it_be(:public_project_distribution) { create(:debian_project_distribution, container: public_project, codename: 'existing-codename') }
-
-    let(:project) { { private: private_project, public: public_project }[visibility_level] }
-  else
-    let_it_be(:private_project) { private_container }
-    let_it_be(:public_project) { public_container }
-    let_it_be(:private_project_distribution) { private_distribution }
-    let_it_be(:public_project_distribution) { public_distribution }
-  end
-
-  let_it_be(:private_package) { create(:debian_package, project: private_project, published_in: private_project_distribution) }
-  let_it_be(:public_package) { create(:debian_package, project: public_project, published_in: public_project_distribution) }
-
-  let(:visibility_level) { :public }
-
-  let(:distribution) { { private: private_distribution, public: public_distribution }[visibility_level] }
-  let(:architecture) { { private: private_architecture, public: public_architecture }[visibility_level] }
-  let(:component) { { private: private_component, public: public_component }[visibility_level] }
-  let(:component_file) { { private: private_component_file, public: public_component_file }[visibility_level] }
-  let(:package) { { private: private_package, public: public_package }[visibility_level] }
-  let(:letter) { package.name[0..2] == 'lib' ? package.name[0..3] : package.name[0] }
-
-  let(:method) { :get }
-
-  let(:workhorse_params) do
-    if method == :put
-      file_upload = fixture_file_upload("spec/fixtures/packages/debian/#{file_name}")
-      { file: file_upload }
-    else
-      {}
-    end
-  end
-
-  let(:api_params) { workhorse_params }
-
-  let(:auth_headers) { {} }
-  let(:wh_headers) do
-    if method == :put
-      workhorse_headers
-    else
-      {}
-    end
-  end
-
-  let(:headers) { auth_headers.merge(wh_headers) }
-
-  let(:send_rewritten_field) { true }
-
-  subject do
-    if method == :put
-      workhorse_finalize(
-        api(url),
-        method: method,
-        file_key: :file,
-        params: api_params,
-        headers: headers,
-        send_rewritten_field: send_rewritten_field
-      )
-    else
-      send method, api(url), headers: headers, params: api_params
-    end
-  end
-end
-
-RSpec.shared_context 'with file_name' do |file_name|
-  let(:file_name) { file_name }
-end
-
-RSpec.shared_context 'Debian repository auth headers' do |user_role, user_token, auth_method = :token|
-  let(:token) { user_token ? personal_access_token.token : 'wrong' }
-
-  let(:auth_headers) do
-    if user_role == :anonymous
-      {}
-    elsif auth_method == :token
-      { 'Private-Token' => token }
-    else
-      basic_auth_header(user.username, token)
-    end
-  end
-end
-
-RSpec.shared_context 'Debian repository access' do |visibility_level, user_role, add_member, user_token, auth_method|
-  include_context 'Debian repository auth headers', user_role, user_token, auth_method do
-    let(:containers) { { private: private_container, public: public_container } }
-    let(:container) { containers[visibility_level] }
-
-    before do
-      container.send("add_#{user_role}", user) if add_member && user_role != :anonymous
-    end
-  end
-end
-
-RSpec.shared_examples 'Debian repository GET request' do |status, body = nil|
+RSpec.shared_examples 'Debian packages GET request' do |status, body = nil|
   and_body = body.nil? ? '' : ' and expected body'
 
   it "returns #{status}#{and_body}" do
@@ -137,7 +14,7 @@ RSpec.shared_examples 'Debian repository GET request' do |status, body = nil|
   end
 end
 
-RSpec.shared_examples 'Debian repository upload request' do |status, body = nil|
+RSpec.shared_examples 'Debian packages upload request' do |status, body = nil|
   and_body = body.nil? ? '' : ' and expected body'
 
   if status == :created
@@ -177,7 +54,7 @@ RSpec.shared_examples 'Debian repository upload request' do |status, body = nil|
   end
 end
 
-RSpec.shared_examples 'Debian repository upload authorize request' do |status, body = nil|
+RSpec.shared_examples 'Debian packages upload authorize request' do |status, body = nil|
   and_body = body.nil? ? '' : ' and expected body'
 
   if status == :created
@@ -223,237 +100,57 @@ RSpec.shared_examples 'Debian repository upload authorize request' do |status, b
   end
 end
 
-RSpec.shared_examples 'Debian repository POST distribution request' do |status, body|
-  and_body = body.nil? ? '' : ' and expected body'
-
-  if status == :created
-    it 'creates distribution', :aggregate_failures do
-      expect(::Packages::Debian::CreateDistributionService).to receive(:new).with(container, user, api_params).and_call_original
-
-      expect { subject }
-          .to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(1)
-          .and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(1)
-          .and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(2)
-
-      expect(response).to have_gitlab_http_status(status)
-      expect(response.media_type).to eq('application/json')
-
-      unless body.nil?
-        expect(response.body).to match(body)
-      end
-    end
-  else
-    it "returns #{status}#{and_body}", :aggregate_failures do
-      subject
-
-      expect(response).to have_gitlab_http_status(status)
-
-      unless body.nil?
-        expect(response.body).to match(body)
-      end
-    end
-  end
-end
-
-RSpec.shared_examples 'Debian repository PUT distribution request' do |status, body|
-  and_body = body.nil? ? '' : ' and expected body'
-
-  if status == :success
-    it 'updates distribution', :aggregate_failures do
-      expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
-
-      expect { subject }
-          .to not_change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }
-          .and not_change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }
-          .and not_change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }
-
-      expect(response).to have_gitlab_http_status(status)
-      expect(response.media_type).to eq('application/json')
-
-      unless body.nil?
-        expect(response.body).to match(body)
-      end
-    end
-  else
-    it "returns #{status}#{and_body}", :aggregate_failures do
-      subject
-
-      expect(response).to have_gitlab_http_status(status)
-
-      unless body.nil?
-        expect(response.body).to match(body)
-      end
-    end
-  end
-end
-
-RSpec.shared_examples 'Debian repository DELETE distribution request' do |status, body|
-  and_body = body.nil? ? '' : ' and expected body'
-
-  if status == :success
-    it 'updates distribution', :aggregate_failures do
-      expect { subject }
-          .to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(-1)
-          .and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(-1)
-          .and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(-2)
-
-      expect(response).to have_gitlab_http_status(status)
-      expect(response.media_type).to eq('application/json')
-
-      unless body.nil?
-        expect(response.body).to match(body)
-      end
-    end
-  else
-    it "returns #{status}#{and_body}", :aggregate_failures do
-      subject
-
-      expect(response).to have_gitlab_http_status(status)
-
-      unless body.nil?
-        expect(response.body).to match(body)
-      end
-    end
-  end
-end
-
-RSpec.shared_examples 'rejects Debian access with unknown container id' do |hidden_status|
-  context 'with an unknown container' do
-    let(:container) { double(id: non_existing_record_id) }
-
-    context 'as anonymous' do
-      it_behaves_like 'Debian repository GET request', hidden_status, nil
-    end
-
-    context 'as authenticated user' do
-      subject { get api(url), headers: basic_auth_header(user.username, personal_access_token.token) }
-
-      it_behaves_like 'Debian repository GET request', :not_found, nil
-    end
-  end
-end
-
-RSpec.shared_examples 'Debian repository read endpoint' do |desired_behavior, success_status, success_body, authenticate_non_public: true|
-  hidden_status = if authenticate_non_public
-                    :unauthorized
-                  else
-                    :not_found
-                  end
-
-  context 'with valid container' do
-    using RSpec::Parameterized::TableSyntax
-
-    where(:visibility_level, :user_role, :member, :user_token, :expected_status, :expected_body) do
-      :public  | :developer  | true  | true  | success_status | success_body
-      :public  | :guest      | true  | true  | success_status | success_body
-      :public  | :developer  | true  | false | :unauthorized  | nil
-      :public  | :guest      | true  | false | :unauthorized  | nil
-      :public  | :developer  | false | true  | success_status | success_body
-      :public  | :guest      | false | true  | success_status | success_body
-      :public  | :developer  | false | false | :unauthorized  | nil
-      :public  | :guest      | false | false | :unauthorized  | nil
-      :public  | :anonymous  | false | true  | success_status | success_body
-      :private | :developer  | true  | true  | success_status | success_body
-      :private | :guest      | true  | true  | :forbidden     | nil
-      :private | :developer  | true  | false | :unauthorized  | nil
-      :private | :guest      | true  | false | :unauthorized  | nil
-      :private | :developer  | false | true  | :not_found     | nil
-      :private | :guest      | false | true  | :not_found     | nil
-      :private | :developer  | false | false | :unauthorized  | nil
-      :private | :guest      | false | false | :unauthorized  | nil
-      :private | :anonymous  | false | true  | hidden_status  | nil
-    end
-
-    with_them do
-      include_context 'Debian repository access', params[:visibility_level], params[:user_role], params[:member], params[:user_token], :basic do
-        it_behaves_like "Debian repository #{desired_behavior}", params[:expected_status], params[:expected_body]
-      end
-    end
-  end
-
-  it_behaves_like 'rejects Debian access with unknown container id', hidden_status
-end
-
-RSpec.shared_examples 'Debian repository write endpoint' do |desired_behavior, success_status, success_body, authenticate_non_public: true|
-  hidden_status = if authenticate_non_public
-                    :unauthorized
-                  else
-                    :not_found
-                  end
-
+RSpec.shared_examples 'Debian packages read endpoint' do |desired_behavior, success_status, success_body|
   context 'with valid container' do
     using RSpec::Parameterized::TableSyntax
 
-    where(:visibility_level, :user_role, :member, :user_token, :expected_status, :expected_body) do
-      :public  | :developer  | true  | true  | success_status | success_body
-      :public  | :guest      | true  | true  | :forbidden     | nil
-      :public  | :developer  | true  | false | :unauthorized  | nil
-      :public  | :guest      | true  | false | :unauthorized  | nil
-      :public  | :developer  | false | true  | :forbidden     | nil
-      :public  | :guest      | false | true  | :forbidden     | nil
-      :public  | :developer  | false | false | :unauthorized  | nil
-      :public  | :guest      | false | false | :unauthorized  | nil
-      :public  | :anonymous  | false | true  | :unauthorized  | nil
-      :private | :developer  | true  | true  | success_status | success_body
-      :private | :guest      | true  | true  | :forbidden     | nil
-      :private | :developer  | true  | false | :unauthorized  | nil
-      :private | :guest      | true  | false | :unauthorized  | nil
-      :private | :developer  | false | true  | :not_found     | nil
-      :private | :guest      | false | true  | :not_found     | nil
-      :private | :developer  | false | false | :unauthorized  | nil
-      :private | :guest      | false | false | :unauthorized  | nil
-      :private | :anonymous  | false | true  | hidden_status  | nil
+    where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
+      :public  | :guest         | :basic         | success_status | success_body
+      :public  | :not_a_member  | :basic         | success_status | success_body
+      :public  | :anonymous     | :basic         | success_status | success_body
+      :public  | :invalid_token | :basic         | :unauthorized  | nil
+      :private | :developer     | :basic         | success_status | success_body
+      :private | :developer     | :private_token | :unauthorized  | nil
+      :private | :guest         | :basic         | :forbidden     | nil
+      :private | :not_a_member  | :basic         | :not_found     | nil
+      :private | :anonymous     | :basic         | :unauthorized  | nil
+      :private | :invalid_token | :basic         | :unauthorized  | nil
     end
 
     with_them do
-      include_context 'Debian repository access', params[:visibility_level], params[:user_role], params[:member], params[:user_token], :basic do
-        it_behaves_like "Debian repository #{desired_behavior}", params[:expected_status], params[:expected_body]
+      include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
+        it_behaves_like "Debian packages #{desired_behavior} request", params[:expected_status], params[:expected_body]
       end
     end
   end
 
-  it_behaves_like 'rejects Debian access with unknown container id', hidden_status
+  it_behaves_like 'rejects Debian access with unknown container id', :unauthorized, :basic
 end
 
-RSpec.shared_examples 'Debian repository maintainer write endpoint' do |desired_behavior, success_status, success_body, authenticate_non_public: true|
-  hidden_status = if authenticate_non_public
-                    :unauthorized
-                  else
-                    :not_found
-                  end
-
+RSpec.shared_examples 'Debian packages write endpoint' do |desired_behavior, success_status, success_body|
   context 'with valid container' do
     using RSpec::Parameterized::TableSyntax
 
-    where(:visibility_level, :user_role, :member, :user_token, :expected_status, :expected_body) do
-      :public  | :maintainer | true  | true  | success_status | success_body
-      :public  | :developer  | true  | true  | :forbidden     | nil
-      :public  | :guest      | true  | true  | :forbidden     | nil
-      :public  | :maintainer | true  | false | :unauthorized  | nil
-      :public  | :guest      | true  | false | :unauthorized  | nil
-      :public  | :maintainer | false | true  | :forbidden     | nil
-      :public  | :guest      | false | true  | :forbidden     | nil
-      :public  | :maintainer | false | false | :unauthorized  | nil
-      :public  | :guest      | false | false | :unauthorized  | nil
-      :public  | :anonymous  | false | true  | :unauthorized  | nil
-      :private | :maintainer | true  | true  | success_status | success_body
-      :private | :developer  | true  | true  | :forbidden     | nil
-      :private | :guest      | true  | true  | :forbidden     | nil
-      :private | :maintainer | true  | false | :unauthorized  | nil
-      :private | :guest      | true  | false | :unauthorized  | nil
-      :private | :maintainer | false | true  | :not_found     | nil
-      :private | :guest      | false | true  | :not_found     | nil
-      :private | :maintainer | false | false | :unauthorized  | nil
-      :private | :guest      | false | false | :unauthorized  | nil
-      :private | :anonymous  | false | true  | hidden_status  | nil
+    where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
+      :public  | :developer     | :basic         | success_status | success_body
+      :public  | :developer     | :private_token | :unauthorized  | nil
+      :public  | :guest         | :basic         | :forbidden     | nil
+      :public  | :not_a_member  | :basic         | :forbidden     | nil
+      :public  | :anonymous     | :basic         | :unauthorized  | nil
+      :public  | :invalid_token | :basic         | :unauthorized  | nil
+      :private | :developer     | :basic         | success_status | success_body
+      :private | :guest         | :basic         | :forbidden     | nil
+      :private | :not_a_member  | :basic         | :not_found     | nil
+      :private | :anonymous     | :basic         | :unauthorized  | nil
+      :private | :invalid_token | :basic         | :unauthorized  | nil
     end
 
     with_them do
-      include_context 'Debian repository access', params[:visibility_level], params[:user_role], params[:member], params[:user_token], :basic do
-        it_behaves_like "Debian repository #{desired_behavior}", params[:expected_status], params[:expected_body]
+      include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
+        it_behaves_like "Debian packages #{desired_behavior} request", params[:expected_status], params[:expected_body]
       end
     end
   end
 
-  it_behaves_like 'rejects Debian access with unknown container id', hidden_status
+  it_behaves_like 'rejects Debian access with unknown container id', :unauthorized, :basic
 end