Add latest changes from gitlab-org/gitlab@master

12 files changed, 367 insertions, 5 deletions

diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
index 6d588c8f915..ceab9754617 100644
--- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
@@ -11,6 +11,14 @@ describe Ldap::OmniauthCallbacksController do
     expect(request.env['warden']).to be_authenticated
   end
 
+  context 'with sign in prevented' do
+    let(:ldap_settings) { ldap_setting_defaults.merge(prevent_ldap_sign_in: true) }
+
+    it 'does not allow sign in' do
+      expect { post provider }.to raise_error(ActionController::UrlGenerationError)
+    end
+  end
+
   it 'respects remember me checkbox' do
     expect do
       post provider, params: { remember_me: '1' }
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 53847e30a5c..1e47df150b4 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -4,6 +4,7 @@ require 'spec_helper'
 
 describe SessionsController do
   include DeviseHelpers
+  include LdapHelpers
 
   describe '#new' do
     before do
@@ -35,6 +36,30 @@ describe SessionsController do
       end
     end
 
+    context 'with LDAP enabled' do
+      before do
+        stub_ldap_setting(enabled: true)
+      end
+
+      it 'assigns ldap_servers' do
+        get(:new)
+
+        expect(assigns[:ldap_servers].first.to_h).to include('label' => 'ldap', 'provider_name' => 'ldapmain')
+      end
+
+      context 'with sign_in disabled' do
+        before do
+          stub_ldap_setting(prevent_ldap_sign_in: true)
+        end
+
+        it 'assigns no ldap_servers' do
+          get(:new)
+
+          expect(assigns[:ldap_servers]).to eq []
+        end
+      end
+    end
+
     describe 'tracking data' do
       context 'when the user is part of the experimental group' do
         before do
diff --git a/spec/helpers/auth_helper_spec.rb b/spec/helpers/auth_helper_spec.rb
index aae515def0c..cb7c670198d 100644
--- a/spec/helpers/auth_helper_spec.rb
+++ b/spec/helpers/auth_helper_spec.rb
@@ -54,6 +54,23 @@ describe AuthHelper do
     end
   end
 
+  describe 'any_form_based_providers_enabled?' do
+    before do
+      allow(Gitlab::Auth::LDAP::Config).to receive(:enabled?).and_return(true)
+    end
+
+    it 'detects form-based providers' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
+      expect(helper.any_form_based_providers_enabled?).to be(true)
+    end
+
+    it 'ignores ldap providers when ldap web sign in is disabled' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
+      allow(helper).to receive(:ldap_sign_in_enabled?).and_return(false)
+      expect(helper.any_form_based_providers_enabled?).to be(false)
+    end
+  end
+
   describe 'enabled_button_based_providers' do
     before do
       allow(helper).to receive(:auth_providers) { [:twitter, :github] }
diff --git a/spec/javascripts/monitoring/charts/heatmap_spec.js b/spec/javascripts/monitoring/charts/heatmap_spec.js
new file mode 100644
index 00000000000..9a98fc6fb05
--- /dev/null
+++ b/spec/javascripts/monitoring/charts/heatmap_spec.js
@@ -0,0 +1,69 @@
+import { shallowMount } from '@vue/test-utils';
+import { GlHeatmap } from '@gitlab/ui/dist/charts';
+import Heatmap from '~/monitoring/components/charts/heatmap.vue';
+import { graphDataPrometheusQueryRangeMultiTrack } from '../mock_data';
+
+describe('Heatmap component', () => {
+  let heatmapChart;
+  let store;
+
+  beforeEach(() => {
+    heatmapChart = shallowMount(Heatmap, {
+      propsData: {
+        graphData: graphDataPrometheusQueryRangeMultiTrack,
+        containerWidth: 100,
+      },
+      store,
+    });
+  });
+
+  afterEach(() => {
+    heatmapChart.destroy();
+  });
+
+  describe('wrapped components', () => {
+    describe('GitLab UI heatmap chart', () => {
+      let glHeatmapChart;
+
+      beforeEach(() => {
+        glHeatmapChart = heatmapChart.find(GlHeatmap);
+      });
+
+      it('is a Vue instance', () => {
+        expect(glHeatmapChart.isVueInstance()).toBe(true);
+      });
+
+      it('should display a label on the x axis', () => {
+        expect(heatmapChart.vm.xAxisName).toBe(graphDataPrometheusQueryRangeMultiTrack.x_label);
+      });
+
+      it('should display a label on the y axis', () => {
+        expect(heatmapChart.vm.yAxisName).toBe(graphDataPrometheusQueryRangeMultiTrack.y_label);
+      });
+
+      // According to the echarts docs https://echarts.apache.org/en/option.html#series-heatmap.data
+      // each row of the heatmap chart is represented by an array inside another parent array
+      // e.g. [[0, 0, 10]], the format represents the column, the row and finally the value
+      // corresponding to the cell
+
+      it('should return chartData with a length of x by y, with a length of 3 per array', () => {
+        const row = heatmapChart.vm.chartData[0];
+
+        expect(row.length).toBe(3);
+        expect(heatmapChart.vm.chartData.length).toBe(30);
+      });
+
+      it('returns a series of labels for the x axis', () => {
+        const { xAxisLabels } = heatmapChart.vm;
+
+        expect(xAxisLabels.length).toBe(5);
+      });
+
+      it('returns a series of labels for the y axis', () => {
+        const { yAxisLabels } = heatmapChart.vm;
+
+        expect(yAxisLabels.length).toBe(6);
+      });
+    });
+  });
+});
diff --git a/spec/javascripts/monitoring/mock_data.js b/spec/javascripts/monitoring/mock_data.js
index 6f9a2a34ef5..4d63f91f658 100644
--- a/spec/javascripts/monitoring/mock_data.js
+++ b/spec/javascripts/monitoring/mock_data.js
@@ -1013,3 +1013,82 @@ export const graphDataPrometheusQueryRange = {
     },
   ],
 };
+
+export const graphDataPrometheusQueryRangeMultiTrack = {
+  title: 'Super Chart A3',
+  type: 'heatmap',
+  weight: 3,
+  x_label: 'Status Code',
+  y_label: 'Time',
+  metrics: [],
+  queries: [
+    {
+      metricId: '1',
+      id: 'response_metrics_nginx_ingress_throughput_status_code',
+      query_range:
+        'sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[60m])) by (status_code)',
+      unit: 'req / sec',
+      label: 'Status Code',
+      metric_id: 1,
+      prometheus_endpoint_path:
+        '/root/rails_nodb/environments/3/prometheus/api/v1/query_range?query=sum%28rate%28nginx_upstream_responses_total%7Bupstream%3D~%22%25%7Bkube_namespace%7D-%25%7Bci_environment_slug%7D-.%2A%22%7D%5B2m%5D%29%29+by+%28status_code%29',
+      result: [
+        {
+          metric: { status_code: '1xx' },
+          values: [
+            ['2019-08-30T15:00:00.000Z', 0],
+            ['2019-08-30T16:00:00.000Z', 2],
+            ['2019-08-30T17:00:00.000Z', 0],
+            ['2019-08-30T18:00:00.000Z', 0],
+            ['2019-08-30T19:00:00.000Z', 0],
+            ['2019-08-30T20:00:00.000Z', 3],
+          ],
+        },
+        {
+          metric: { status_code: '2xx' },
+          values: [
+            ['2019-08-30T15:00:00.000Z', 1],
+            ['2019-08-30T16:00:00.000Z', 3],
+            ['2019-08-30T17:00:00.000Z', 6],
+            ['2019-08-30T18:00:00.000Z', 10],
+            ['2019-08-30T19:00:00.000Z', 8],
+            ['2019-08-30T20:00:00.000Z', 6],
+          ],
+        },
+        {
+          metric: { status_code: '3xx' },
+          values: [
+            ['2019-08-30T15:00:00.000Z', 1],
+            ['2019-08-30T16:00:00.000Z', 2],
+            ['2019-08-30T17:00:00.000Z', 3],
+            ['2019-08-30T18:00:00.000Z', 3],
+            ['2019-08-30T19:00:00.000Z', 2],
+            ['2019-08-30T20:00:00.000Z', 1],
+          ],
+        },
+        {
+          metric: { status_code: '4xx' },
+          values: [
+            ['2019-08-30T15:00:00.000Z', 2],
+            ['2019-08-30T16:00:00.000Z', 0],
+            ['2019-08-30T17:00:00.000Z', 0],
+            ['2019-08-30T18:00:00.000Z', 2],
+            ['2019-08-30T19:00:00.000Z', 0],
+            ['2019-08-30T20:00:00.000Z', 2],
+          ],
+        },
+        {
+          metric: { status_code: '5xx' },
+          values: [
+            ['2019-08-30T15:00:00.000Z', 0],
+            ['2019-08-30T16:00:00.000Z', 1],
+            ['2019-08-30T17:00:00.000Z', 0],
+            ['2019-08-30T18:00:00.000Z', 0],
+            ['2019-08-30T19:00:00.000Z', 0],
+            ['2019-08-30T20:00:00.000Z', 2],
+          ],
+        },
+      ],
+    },
+  ],
+};
diff --git a/spec/javascripts/monitoring/shared/prometheus_header_spec.js b/spec/javascripts/monitoring/shared/prometheus_header_spec.js
new file mode 100644
index 00000000000..9f916a4dfbb
--- /dev/null
+++ b/spec/javascripts/monitoring/shared/prometheus_header_spec.js
@@ -0,0 +1,26 @@
+import { shallowMount } from '@vue/test-utils';
+import PrometheusHeader from '~/monitoring/components/shared/prometheus_header.vue';
+
+describe('Prometheus Header component', () => {
+  let prometheusHeader;
+
+  beforeEach(() => {
+    prometheusHeader = shallowMount(PrometheusHeader, {
+      propsData: {
+        graphTitle: 'graph header',
+      },
+    });
+  });
+
+  afterEach(() => {
+    prometheusHeader.destroy();
+  });
+
+  describe('Prometheus header component', () => {
+    it('should show a title', () => {
+      const title = prometheusHeader.vm.$el.querySelector('.js-graph-title').textContent;
+
+      expect(title).toBe('graph header');
+    });
+  });
+});
diff --git a/spec/lib/gitlab/auth/ldap/config_spec.rb b/spec/lib/gitlab/auth/ldap/config_spec.rb
index 577dfe51949..e4a90d4018d 100644
--- a/spec/lib/gitlab/auth/ldap/config_spec.rb
+++ b/spec/lib/gitlab/auth/ldap/config_spec.rb
@@ -535,4 +535,23 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK
       end
     end
   end
+
+  describe 'sign_in_enabled?' do
+    using RSpec::Parameterized::TableSyntax
+
+    where(:enabled, :prevent_ldap_sign_in, :result) do
+      true | false | true
+      'true' | false | true
+      true | true | false
+      false | nil | false
+    end
+
+    with_them do
+      it do
+        stub_ldap_setting(enabled: enabled, prevent_ldap_sign_in: prevent_ldap_sign_in)
+
+        expect(described_class.sign_in_enabled?).to eq(result)
+      end
+    end
+  end
 end
diff --git a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
index 64cadcc011c..0bba9d6e858 100644
--- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
@@ -30,7 +30,7 @@ describe Gitlab::Kubernetes::Helm::Pod do
       it 'generates the appropriate specifications for the container' do
         container = subject.generate.spec.containers.first
         expect(container.name).to eq('helm')
-        expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.14.3-kube-1.11.10')
+        expect(container.image).to eq('registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/2.15.1-kube-1.13.12')
         expect(container.env.count).to eq(3)
         expect(container.env.map(&:name)).to match_array([:HELM_VERSION, :TILLER_NAMESPACE, :COMMAND_SCRIPT])
         expect(container.command).to match_array(["/bin/sh"])
diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb
index e8333232b90..6f67cdb1222 100644
--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -277,6 +277,33 @@ describe "Authentication", "routing" do
   it "PUT /users/password" do
     expect(put("/users/password")).to route_to('passwords#update')
   end
+
+  context 'with LDAP configured' do
+    include LdapHelpers
+
+    let(:ldap_settings) { { enabled: true } }
+
+    before do
+      stub_ldap_setting(ldap_settings)
+      Rails.application.reload_routes!
+    end
+
+    after(:all) do
+      Rails.application.reload_routes!
+    end
+
+    it 'POST /users/auth/ldapmain/callback' do
+      expect(post("/users/auth/ldapmain/callback")).to route_to('ldap/omniauth_callbacks#ldapmain')
+    end
+
+    context 'with LDAP sign-in disabled' do
+      let(:ldap_settings) { { enabled: true, prevent_ldap_sign_in: true } }
+
+      it 'prevents POST /users/auth/ldapmain/callback' do
+        expect(post("/users/auth/ldapmain/callback")).not_to be_routable
+      end
+    end
+  end
 end
 
 describe HealthCheckController, 'routing' do
diff --git a/spec/support/controllers/ldap_omniauth_callbacks_controller_shared_context.rb b/spec/support/controllers/ldap_omniauth_callbacks_controller_shared_context.rb
index d636c1cf6cd..8a8a2f714bc 100644
--- a/spec/support/controllers/ldap_omniauth_callbacks_controller_shared_context.rb
+++ b/spec/support/controllers/ldap_omniauth_callbacks_controller_shared_context.rb
@@ -10,6 +10,8 @@ shared_context 'Ldap::OmniauthCallbacksController' do
   let(:provider) { 'ldapmain' }
   let(:valid_login?) { true }
   let(:user) { create(:omniauth_user, extern_uid: uid, provider: provider) }
+  let(:ldap_setting_defaults) { { enabled: true, servers: ldap_server_config } }
+  let(:ldap_settings) { ldap_setting_defaults }
   let(:ldap_server_config) do
     { main: ldap_config_defaults(:main) }
   end
@@ -23,7 +25,7 @@ shared_context 'Ldap::OmniauthCallbacksController' do
   end
 
   before do
-    stub_ldap_setting(enabled: true, servers: ldap_server_config)
+    stub_ldap_setting(ldap_settings)
     described_class.define_providers!
     Rails.application.reload_routes!
 
@@ -36,4 +38,8 @@ shared_context 'Ldap::OmniauthCallbacksController' do
   after do
     Rails.application.env_config['omniauth.auth'] = @original_env_config_omniauth_auth
   end
+
+  after(:all) do
+    Rails.application.reload_routes!
+  end
 end
diff --git a/spec/views/devise/sessions/new.html.haml_spec.rb b/spec/views/devise/sessions/new.html.haml_spec.rb
new file mode 100644
index 00000000000..66afc2af7ce
--- /dev/null
+++ b/spec/views/devise/sessions/new.html.haml_spec.rb
@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'devise/sessions/new' do
+  describe 'ldap' do
+    include LdapHelpers
+
+    let(:server) { { provider_name: 'ldapmain', label: 'LDAP' }.with_indifferent_access }
+
+    before do
+      enable_ldap
+      stub_devise
+      disable_captcha
+      disable_sign_up
+      disable_other_signin_methods
+
+      allow(view).to receive(:experiment_enabled?).and_return(false)
+    end
+
+    it 'is shown when enabled' do
+      render
+
+      expect(rendered).to have_selector('.new-session-tabs')
+      expect(rendered).to have_selector('[data-qa-selector="ldap_tab"]')
+      expect(rendered).to have_field('LDAP Username')
+    end
+
+    it 'is not shown when LDAP sign in is disabled' do
+      disable_ldap_sign_in
+
+      render
+
+      expect(rendered).to have_content('No authentication methods configured')
+      expect(rendered).not_to have_selector('[data-qa-selector="ldap_tab"]')
+      expect(rendered).not_to have_field('LDAP Username')
+    end
+  end
+
+  def disable_other_signin_methods
+    allow(view).to receive(:password_authentication_enabled_for_web?).and_return(false)
+    allow(view).to receive(:omniauth_enabled?).and_return(false)
+  end
+
+  def disable_sign_up
+    allow(view).to receive(:allow_signup?).and_return(false)
+  end
+
+  def stub_devise
+    allow(view).to receive(:devise_mapping).and_return(Devise.mappings[:user])
+    allow(view).to receive(:resource).and_return(spy)
+    allow(view).to receive(:resource_name).and_return(:user)
+  end
+
+  def enable_ldap
+    stub_ldap_setting(enabled: true)
+    assign(:ldap_servers, [server])
+    allow(view).to receive(:form_based_providers).and_return([:ldapmain])
+    allow(view).to receive(:omniauth_callback_path).with(:user, 'ldapmain').and_return('/ldapmain')
+  end
+
+  def disable_ldap_sign_in
+    allow(view).to receive(:ldap_sign_in_enabled?).and_return(false)
+    assign(:ldap_servers, [])
+  end
+
+  def disable_captcha
+    allow(view).to receive(:captcha_enabled?).and_return(false)
+    allow(view).to receive(:captcha_on_login_required?).and_return(false)
+  end
+end
diff --git a/spec/workers/stuck_ci_jobs_worker_spec.rb b/spec/workers/stuck_ci_jobs_worker_spec.rb
index c3d577e2dae..59707409b5a 100644
--- a/spec/workers/stuck_ci_jobs_worker_spec.rb
+++ b/spec/workers/stuck_ci_jobs_worker_spec.rb
@@ -18,15 +18,30 @@ describe StuckCiJobsWorker do
   end
 
   shared_examples 'job is dropped' do
-    before do
+    it "changes status" do
       worker.perform
       job.reload
-    end
 
-    it "changes status" do
       expect(job).to be_failed
       expect(job).to be_stuck_or_timeout_failure
     end
+
+    context 'when job have data integrity problem' do
+      it "does drop the job and logs the reason" do
+        job.update_columns(yaml_variables: '[{"key" => "value"}]')
+
+        expect(Gitlab::Sentry).to receive(:track_acceptable_exception)
+                                          .with(anything, a_hash_including(extra: a_hash_including(build_id: job.id)))
+                                          .once
+                                          .and_call_original
+
+        worker.perform
+        job.reload
+
+        expect(job).to be_failed
+        expect(job).to be_data_integrity_failure
+      end
+    end
   end
 
   shared_examples 'job is unchanged' do