diff options
author | Kamil Trzciński <ayufan@ayufan.eu> | 2018-04-05 21:34:00 +0300 |
---|---|---|
committer | Kamil Trzciński <ayufan@ayufan.eu> | 2018-04-05 21:34:00 +0300 |
commit | 1367e4ff9fbcdbf8eaa376183d1a2ffca7041641 (patch) | |
tree | 1d0e1c8de45d27558fadda09ad8509b5cdcb0571 /spec | |
parent | 160b4827edad1984ddb4339622b93ace17870cb1 (diff) | |
parent | 9750006b1a7e78785256cf669c336c0075584d3b (diff) |
Merge branch '44389-always-allow-http-for-ci-git-operations' into 'master'
Resolve "Allow HTTPS cloning by Runners if it is disabled for users"
Closes #44389
See merge request gitlab-org/gitlab-ce!18021
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index f8f09d29c73..b845abab5ef 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -10,12 +10,13 @@ describe Gitlab::GitAccess do let(:protocol) { 'ssh' } let(:authentication_abilities) { %i[read_project download_code push_code] } let(:redirected_path) { nil } + let(:auth_result_type) { nil } let(:access) do described_class.new(actor, project, protocol, authentication_abilities: authentication_abilities, namespace_path: namespace_path, project_path: project_path, - redirected_path: redirected_path) + redirected_path: redirected_path, auth_result_type: auth_result_type) end let(:changes) { '_any' } @@ -45,6 +46,7 @@ describe Gitlab::GitAccess do before do disable_protocol('http') + project.add_master(user) end it 'blocks http push and pull' do @@ -53,6 +55,26 @@ describe Gitlab::GitAccess do expect { pull_access_check }.to raise_unauthorized('Git access over HTTP is not allowed') end end + + context 'when request is made from CI' do + let(:auth_result_type) { :build } + + it "doesn't block http pull" do + aggregate_failures do + expect { pull_access_check }.not_to raise_unauthorized('Git access over HTTP is not allowed') + end + end + + context 'when legacy CI credentials are used' do + let(:auth_result_type) { :ci } + + it "doesn't block http pull" do + aggregate_failures do + expect { pull_access_check }.not_to raise_unauthorized('Git access over HTTP is not allowed') + end + end + end + end end end |