diff options
Diffstat (limited to 'spec/lib/gitlab/ci/jwt_v2_spec.rb')
-rw-r--r-- | spec/lib/gitlab/ci/jwt_v2_spec.rb | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/spec/lib/gitlab/ci/jwt_v2_spec.rb b/spec/lib/gitlab/ci/jwt_v2_spec.rb index d45d8cacb88..c2ced10620b 100644 --- a/spec/lib/gitlab/ci/jwt_v2_spec.rb +++ b/spec/lib/gitlab/ci/jwt_v2_spec.rb @@ -33,14 +33,6 @@ RSpec.describe Gitlab::Ci::JwtV2, feature_category: :continuous_integration do describe '#payload' do subject(:payload) { ci_job_jwt_v2.payload } - it 'has correct values for the standard JWT attributes' do - aggregate_failures do - expect(payload[:iss]).to eq(Settings.gitlab.base_url) - expect(payload[:aud]).to eq(Settings.gitlab.base_url) - expect(payload[:sub]).to eq("project_path:#{project.full_path}:ref_type:branch:ref:#{pipeline.source_ref}") - end - end - it 'includes user identities when enabled' do expect(user).to receive(:pass_user_identities_to_ci_jwt).and_return(true) identities = payload[:user_identities].map { |identity| identity.slice(:extern_uid, :provider) } @@ -53,6 +45,34 @@ RSpec.describe Gitlab::Ci::JwtV2, feature_category: :continuous_integration do expect(payload).not_to include(:user_identities) end + context 'when oidc_issuer_url is disabled' do + before do + stub_feature_flags(oidc_issuer_url: false) + end + + it 'has correct values for the standard JWT attributes' do + aggregate_failures do + expect(payload[:iss]).to eq(Settings.gitlab.base_url) + expect(payload[:aud]).to eq(Settings.gitlab.base_url) + expect(payload[:sub]).to eq("project_path:#{project.full_path}:ref_type:branch:ref:#{pipeline.source_ref}") + end + end + end + + context 'when oidc_issuer_url is enabled' do + before do + stub_feature_flags(oidc_issuer_url: true) + end + + it 'has correct values for the standard JWT attributes' do + aggregate_failures do + expect(payload[:iss]).to eq(Gitlab.config.gitlab.url) + expect(payload[:aud]).to eq(Settings.gitlab.base_url) + expect(payload[:sub]).to eq("project_path:#{project.full_path}:ref_type:branch:ref:#{pipeline.source_ref}") + end + end + end + context 'when given an aud' do let(:aud) { 'AWS' } |