Add latest changes from gitlab-org/gitlab@master

9 files changed, 326 insertions, 9 deletions

diff --git a/spec/finders/security/security_jobs_finder_spec.rb b/spec/finders/security/security_jobs_finder_spec.rb
index fa8253b96b5..3023c42341b 100644
--- a/spec/finders/security/security_jobs_finder_spec.rb
+++ b/spec/finders/security/security_jobs_finder_spec.rb
@@ -28,19 +28,19 @@ RSpec.describe Security::SecurityJobsFinder do
       end
     end
 
-    context 'with combination of security jobs and license management jobs' do
+    context 'with combination of security jobs and license scanning jobs' do
       let!(:sast_build) { create(:ci_build, :sast, pipeline: pipeline) }
       let!(:container_scanning_build) { create(:ci_build, :container_scanning, pipeline: pipeline) }
       let!(:dast_build) { create(:ci_build, :dast, pipeline: pipeline) }
       let!(:secret_detection_build) { create(:ci_build, :secret_detection, pipeline: pipeline) }
-      let!(:license_management_build) { create(:ci_build, :license_management, pipeline: pipeline) }
+      let!(:license_scanning_build) { create(:ci_build, :license_scanning, pipeline: pipeline) }
 
       it 'returns only the security jobs' do
         is_expected.to include(sast_build)
         is_expected.to include(container_scanning_build)
         is_expected.to include(dast_build)
         is_expected.to include(secret_detection_build)
-        is_expected.not_to include(license_management_build)
+        is_expected.not_to include(license_scanning_build)
       end
     end
   end
diff --git a/spec/frontend/security_configuration/components/redesigned_app_spec.js b/spec/frontend/security_configuration/components/redesigned_app_spec.js
new file mode 100644
index 00000000000..1b11f372d8d
--- /dev/null
+++ b/spec/frontend/security_configuration/components/redesigned_app_spec.js
@@ -0,0 +1,109 @@
+import { GlTab, GlTabs } from '@gitlab/ui';
+import { mount } from '@vue/test-utils';
+import { extendedWrapper } from 'helpers/vue_test_utils_helper';
+import {
+  SAST_NAME,
+  SAST_SHORT_NAME,
+  SAST_DESCRIPTION,
+  SAST_HELP_PATH,
+  SAST_CONFIG_HELP_PATH,
+} from '~/security_configuration/components/constants';
+import FeatureCard from '~/security_configuration/components/feature_card.vue';
+import RedesignedSecurityConfigurationApp, {
+  i18n,
+} from '~/security_configuration/components/redesigned_app.vue';
+import { REPORT_TYPE_SAST } from '~/vue_shared/security_reports/constants';
+
+describe('NewApp component', () => {
+  let wrapper;
+
+  const createComponent = (propsData) => {
+    wrapper = extendedWrapper(
+      mount(RedesignedSecurityConfigurationApp, {
+        propsData,
+      }),
+    );
+  };
+
+  const findMainHeading = () => wrapper.find('h1');
+  const findSubHeading = () => wrapper.find('h2');
+  const findTab = () => wrapper.findComponent(GlTab);
+  const findTabs = () => wrapper.findAllComponents(GlTabs);
+  const findByTestId = (id) => wrapper.findByTestId(id);
+  const findFeatureCards = () => wrapper.findAllComponents(FeatureCard);
+
+  const securityFeaturesMock = [
+    {
+      name: SAST_NAME,
+      shortName: SAST_SHORT_NAME,
+      description: SAST_DESCRIPTION,
+      helpPath: SAST_HELP_PATH,
+      configurationHelpPath: SAST_CONFIG_HELP_PATH,
+      type: REPORT_TYPE_SAST,
+      available: true,
+    },
+  ];
+
+  afterEach(() => {
+    wrapper.destroy();
+  });
+
+  describe('basic structure', () => {
+    beforeEach(() => {
+      createComponent({
+        augmentedSecurityFeatures: securityFeaturesMock,
+      });
+    });
+
+    it('renders main-heading with correct text', () => {
+      const mainHeading = findMainHeading();
+      expect(mainHeading).toExist();
+      expect(mainHeading.text()).toContain('Security Configuration');
+    });
+
+    it('renders GlTab Component ', () => {
+      expect(findTab()).toExist();
+    });
+
+    it('renders right amount of tabs with correct title ', () => {
+      expect(findTabs().length).toEqual(1);
+    });
+
+    it('renders security-testing tab', () => {
+      expect(findByTestId('security-testing-tab')).toExist();
+    });
+
+    it('renders sub-heading with correct text', () => {
+      const subHeading = findSubHeading();
+      expect(subHeading).toExist();
+      expect(subHeading.text()).toContain(i18n.securityTesting);
+    });
+
+    it('renders right amount of feature cards for given props with correct props', () => {
+      const cards = findFeatureCards();
+      expect(cards.length).toEqual(1);
+      expect(cards.at(0).props()).toEqual({ feature: securityFeaturesMock[0] });
+    });
+
+    it('should not show latest pipeline link when latestPipelinePath is not defined', () => {
+      expect(findByTestId('latest-pipeline-info').exists()).toBe(false);
+    });
+  });
+
+  describe('when given latestPipelinePath props', () => {
+    beforeEach(() => {
+      createComponent({
+        augmentedSecurityFeatures: securityFeaturesMock,
+        latestPipelinePath: 'test/path',
+      });
+    });
+
+    it('should show latest pipeline info with correct link when latestPipelinePath is defined', () => {
+      expect(findByTestId('latest-pipeline-info').exists()).toBe(true);
+      expect(findByTestId('latest-pipeline-info').text()).toMatchInterpolatedText(
+        i18n.securityTestingDescription,
+      );
+      expect(findByTestId('latest-pipeline-info').find('a').attributes('href')).toBe('test/path');
+    });
+  });
+});
diff --git a/spec/frontend/security_configuration/utils_spec.js b/spec/frontend/security_configuration/utils_spec.js
new file mode 100644
index 00000000000..6ad167cadda
--- /dev/null
+++ b/spec/frontend/security_configuration/utils_spec.js
@@ -0,0 +1,81 @@
+import { augmentFeatures } from '~/security_configuration/utils';
+
+const mockSecurityFeatures = [
+  {
+    name: 'SAST',
+    type: 'SAST',
+  },
+];
+
+const mockComplianceFeatures = [
+  {
+    name: 'LICENSE_COMPLIANCE',
+    type: 'LICENSE_COMPLIANCE',
+  },
+];
+
+const mockFeaturesWithSecondary = [
+  {
+    name: 'DAST',
+    type: 'DAST',
+    secondary: {
+      type: 'DAST PROFILES',
+      name: 'DAST PROFILES',
+    },
+  },
+];
+
+const mockInvalidCustomFeature = [
+  {
+    foo: 'bar',
+  },
+];
+
+const mockValidCustomFeature = [
+  {
+    name: 'SAST',
+    type: 'SAST',
+    customfield: 'customvalue',
+  },
+];
+
+const expectedOutputDefault = {
+  augmentedSecurityFeatures: mockSecurityFeatures,
+  augmentedComplianceFeatures: mockComplianceFeatures,
+};
+
+const expectedOutputSecondary = {
+  augmentedSecurityFeatures: mockSecurityFeatures,
+  augmentedComplianceFeatures: mockFeaturesWithSecondary,
+};
+
+const expectedOutputCustomFeature = {
+  augmentedSecurityFeatures: mockValidCustomFeature,
+  augmentedComplianceFeatures: mockComplianceFeatures,
+};
+
+describe('returns an object with augmentedSecurityFeatures and augmentedComplianceFeatures when', () => {
+  it('given an empty array', () => {
+    expect(augmentFeatures(mockSecurityFeatures, mockComplianceFeatures, [])).toEqual(
+      expectedOutputDefault,
+    );
+  });
+
+  it('given an invalid populated array', () => {
+    expect(
+      augmentFeatures(mockSecurityFeatures, mockComplianceFeatures, mockInvalidCustomFeature),
+    ).toEqual(expectedOutputDefault);
+  });
+
+  it('features have secondary key', () => {
+    expect(augmentFeatures(mockSecurityFeatures, mockFeaturesWithSecondary, [])).toEqual(
+      expectedOutputSecondary,
+    );
+  });
+
+  it('given a valid populated array', () => {
+    expect(
+      augmentFeatures(mockSecurityFeatures, mockComplianceFeatures, mockValidCustomFeature),
+    ).toEqual(expectedOutputCustomFeature);
+  });
+});
diff --git a/spec/graphql/mutations/ci/runner/update_spec.rb b/spec/graphql/mutations/ci/runner/update_spec.rb
index 302b680494d..3db0d552a05 100644
--- a/spec/graphql/mutations/ci/runner/update_spec.rb
+++ b/spec/graphql/mutations/ci/runner/update_spec.rb
@@ -66,14 +66,16 @@ RSpec.describe Mutations::Ci::Runner::Update do
 
       context 'with valid arguments' do
         it 'updates runner with correct values' do
-          expected_attributes = mutation_params.except(:id)
+          expected_attributes = mutation_params.except(:id, :tag_list)
 
           subject
 
           expect(subject[:errors]).to be_empty
           expect(subject[:runner]).to be_an_instance_of(Ci::Runner)
           expect(subject[:runner]).to have_attributes(expected_attributes)
+          expect(subject[:runner].tag_list).to contain_exactly(*mutation_params[:tag_list])
           expect(runner.reload).to have_attributes(expected_attributes)
+          expect(runner.tag_list).to contain_exactly(*mutation_params[:tag_list])
         end
       end
 
diff --git a/spec/lib/gitlab/background_migration/update_jira_tracker_data_deployment_type_based_on_url_spec.rb b/spec/lib/gitlab/background_migration/update_jira_tracker_data_deployment_type_based_on_url_spec.rb
new file mode 100644
index 00000000000..f7466a2ddfd
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/update_jira_tracker_data_deployment_type_based_on_url_spec.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::BackgroundMigration::UpdateJiraTrackerDataDeploymentTypeBasedOnUrl do
+  let(:services_table) { table(:services) }
+  let(:service_jira_cloud) { services_table.create!(id: 1, type: 'JiraService') }
+  let(:service_jira_server) { services_table.create!(id: 2, type: 'JiraService') }
+
+  before do
+    jira_tracker_data = Class.new(ApplicationRecord) do
+      self.table_name = 'jira_tracker_data'
+
+      def self.encryption_options
+        {
+          key: Settings.attr_encrypted_db_key_base_32,
+          encode: true,
+          mode: :per_attribute_iv,
+          algorithm: 'aes-256-gcm'
+        }
+      end
+
+      attr_encrypted :url, encryption_options
+      attr_encrypted :api_url, encryption_options
+      attr_encrypted :username, encryption_options
+      attr_encrypted :password, encryption_options
+    end
+
+    stub_const('JiraTrackerData', jira_tracker_data)
+  end
+
+  let!(:tracker_data_cloud) { JiraTrackerData.create!(id: 1, service_id: service_jira_cloud.id, url: "https://test-domain.atlassian.net", deployment_type: 0) }
+  let!(:tracker_data_server) { JiraTrackerData.create!(id: 2, service_id: service_jira_server.id, url: "http://totally-not-jira-server.company.org", deployment_type: 0) }
+
+  subject { described_class.new.perform(tracker_data_cloud.id, tracker_data_server.id) }
+
+  it "changes unknown deployment_types based on URL" do
+    expect(JiraTrackerData.pluck(:deployment_type)).to eq([0, 0])
+
+    subject
+
+    expect(JiraTrackerData.pluck(:deployment_type)).to eq([2, 1])
+  end
+end
diff --git a/spec/lib/gitlab/ci/ansi2json/line_spec.rb b/spec/lib/gitlab/ci/ansi2json/line_spec.rb
index d681447a0e8..909c0f1b3ea 100644
--- a/spec/lib/gitlab/ci/ansi2json/line_spec.rb
+++ b/spec/lib/gitlab/ci/ansi2json/line_spec.rb
@@ -76,10 +76,30 @@ RSpec.describe Gitlab::Ci::Ansi2json::Line do
   end
 
   describe '#set_section_duration' do
-    it 'sets and formats the section_duration' do
-      subject.set_section_duration(75)
+    shared_examples 'set_section_duration' do
+      it 'sets and formats the section_duration' do
+        subject.set_section_duration(75)
 
-      expect(subject.section_duration).to eq('01:15')
+        expect(subject.section_duration).to eq('01:15')
+      end
+    end
+
+    context 'with default timezone' do
+      it_behaves_like 'set_section_duration'
+    end
+
+    context 'with a timezone carrying minutes offset' do
+      before do
+        # The actual call by does use Time.at(...).utc that the following
+        # rubocop rule (Rails/TimeZone) suggests, but for this specific
+        # test's purposes we needed to mock at the Time.at call point.
+
+        # rubocop:disable Rails/TimeZone
+        allow(Time).to receive(:at).with(75).and_return(Time.at(75, in: '+05:30'))
+        # rubocop:enable Rails/TimeZone
+      end
+
+      it_behaves_like 'set_section_duration'
     end
   end
 
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
index 3ae780e16f5..f2d77c3fd6d 100644
--- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -47,7 +47,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         settings = described_class.default_settings_hash
         directives = settings['directives']
 
-        expect(directives['script_src']).to eq("'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net https://apis.google.com https://example.com")
+        expect(directives['script_src']).to eq("'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com https://example.com")
         expect(directives['style_src']).to eq("'self' 'unsafe-inline' https://example.com")
       end
     end
diff --git a/spec/migrations/20210421163509_schedule_update_jira_tracker_data_deployment_type_based_on_url_spec.rb b/spec/migrations/20210421163509_schedule_update_jira_tracker_data_deployment_type_based_on_url_spec.rb
new file mode 100644
index 00000000000..ae2e23ab539
--- /dev/null
+++ b/spec/migrations/20210421163509_schedule_update_jira_tracker_data_deployment_type_based_on_url_spec.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20210421163509_schedule_update_jira_tracker_data_deployment_type_based_on_url.rb')
+
+RSpec.describe ScheduleUpdateJiraTrackerDataDeploymentTypeBasedOnUrl, :migration do
+  let(:services_table) { table(:services) }
+  let(:service_jira_cloud) { services_table.create!(id: 1, type: 'JiraService') }
+  let(:service_jira_server) { services_table.create!(id: 2, type: 'JiraService') }
+
+  before do
+    jira_tracker_data = Class.new(ApplicationRecord) do
+      self.table_name = 'jira_tracker_data'
+
+      def self.encryption_options
+        {
+          key: Settings.attr_encrypted_db_key_base_32,
+          encode: true,
+          mode: :per_attribute_iv,
+          algorithm: 'aes-256-gcm'
+        }
+      end
+
+      attr_encrypted :url, encryption_options
+      attr_encrypted :api_url, encryption_options
+      attr_encrypted :username, encryption_options
+      attr_encrypted :password, encryption_options
+    end
+
+    stub_const('JiraTrackerData', jira_tracker_data)
+    stub_const("#{described_class}::BATCH_SIZE", 1)
+  end
+
+  let!(:tracker_data_cloud) { JiraTrackerData.create!(id: 1, service_id: service_jira_cloud.id, url: "https://test-domain.atlassian.net", deployment_type: 0) }
+  let!(:tracker_data_server) { JiraTrackerData.create!(id: 2, service_id: service_jira_server.id, url: "http://totally-not-jira-server.company.org", deployment_type: 0) }
+
+  around do |example|
+    freeze_time { Sidekiq::Testing.fake! { example.run } }
+  end
+
+  it 'schedules background migration' do
+    migrate!
+
+    expect(BackgroundMigrationWorker.jobs.size).to eq(2)
+    expect(described_class::MIGRATION).to be_scheduled_migration(tracker_data_cloud.id, tracker_data_cloud.id)
+    expect(described_class::MIGRATION).to be_scheduled_migration(tracker_data_server.id, tracker_data_server.id)
+  end
+end
diff --git a/spec/workers/authorized_project_update/user_refresh_over_user_range_worker_spec.rb b/spec/workers/authorized_project_update/user_refresh_over_user_range_worker_spec.rb
index 832d5afd957..925e7f96eee 100644
--- a/spec/workers/authorized_project_update/user_refresh_over_user_range_worker_spec.rb
+++ b/spec/workers/authorized_project_update/user_refresh_over_user_range_worker_spec.rb
@@ -3,7 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe AuthorizedProjectUpdate::UserRefreshOverUserRangeWorker do
-  let(:project) { create(:project) }
+  let_it_be(:project) { create(:project) }
+
   let(:user) { project.namespace.owner }
   let(:start_user_id) { user.id }
   let(:end_user_id) { start_user_id }
@@ -64,6 +65,18 @@ RSpec.describe AuthorizedProjectUpdate::UserRefreshOverUserRangeWorker do
 
         execute_worker
       end
+
+      context 'when load balancing is enabled' do
+        before do
+          allow(Gitlab::Database::LoadBalancing).to receive(:enable?).and_return(true)
+        end
+
+        it 'reads from the primary database' do
+          expect(Gitlab::Database::LoadBalancing::Session.current).to receive(:use_primary!)
+
+          execute_worker
+        end
+      end
     end
   end
 end