diff options
Diffstat (limited to 'spec/lib/gitlab/ci/variables/builder_spec.rb')
-rw-r--r-- | spec/lib/gitlab/ci/variables/builder_spec.rb | 100 |
1 files changed, 93 insertions, 7 deletions
diff --git a/spec/lib/gitlab/ci/variables/builder_spec.rb b/spec/lib/gitlab/ci/variables/builder_spec.rb index 6e144d62ac0..8552a06eab3 100644 --- a/spec/lib/gitlab/ci/variables/builder_spec.rb +++ b/spec/lib/gitlab/ci/variables/builder_spec.rb @@ -158,7 +158,6 @@ RSpec.describe Gitlab::Ci::Variables::Builder do allow(pipeline).to receive(:predefined_variables) { [var('C', 3), var('D', 3)] } allow(job).to receive(:runner) { double(predefined_variables: [var('D', 4), var('E', 4)]) } allow(builder).to receive(:kubernetes_variables) { [var('E', 5), var('F', 5)] } - allow(builder).to receive(:deployment_variables) { [var('F', 6), var('G', 6)] } allow(job).to receive(:yaml_variables) { [var('G', 7), var('H', 7)] } allow(builder).to receive(:user_variables) { [var('H', 8), var('I', 8)] } allow(job).to receive(:dependency_variables) { [var('I', 9), var('J', 9)] } @@ -177,7 +176,6 @@ RSpec.describe Gitlab::Ci::Variables::Builder do var('C', 3), var('D', 3), var('D', 4), var('E', 4), var('E', 5), var('F', 5), - var('F', 6), var('G', 6), var('G', 7), var('H', 7), var('H', 8), var('I', 8), var('I', 9), var('J', 9), @@ -193,7 +191,7 @@ RSpec.describe Gitlab::Ci::Variables::Builder do expect(subject.to_hash).to match( 'A' => '1', 'B' => '2', 'C' => '3', 'D' => '4', - 'E' => '5', 'F' => '6', + 'E' => '5', 'F' => '5', 'G' => '7', 'H' => '8', 'I' => '9', 'J' => '10', 'K' => '11', 'L' => '12', @@ -231,7 +229,7 @@ RSpec.describe Gitlab::Ci::Variables::Builder do let(:template) { double(to_yaml: 'example-kubeconfig', valid?: template_valid) } let(:template_valid) { true } - subject { builder.kubernetes_variables(job) } + subject { builder.kubernetes_variables(environment: nil, job: job) } before do allow(Ci::GenerateKubeconfigService).to receive(:new).with(job).and_return(service) @@ -244,6 +242,16 @@ RSpec.describe Gitlab::Ci::Variables::Builder do it { is_expected.not_to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) } end + + it 'includes #deployment_variables and merges the KUBECONFIG values', :aggregate_failures do + expect(builder).to receive(:deployment_variables).and_return([ + { key: 'KUBECONFIG', value: 'deployment-kubeconfig' }, + { key: 'OTHER', value: 'some value' } + ]) + expect(template).to receive(:merge_yaml).with('deployment-kubeconfig') + expect(subject['KUBECONFIG'].value).to eq('example-kubeconfig') + expect(subject['OTHER'].value).to eq('some value') + end end describe '#deployment_variables' do @@ -342,10 +350,88 @@ RSpec.describe Gitlab::Ci::Variables::Builder do let_it_be(:protected_variable) { create(:ci_group_variable, protected: true, group: group) } let_it_be(:unprotected_variable) { create(:ci_group_variable, protected: false, group: group) } - let(:protected_variable_item) { protected_variable } - let(:unprotected_variable_item) { unprotected_variable } + context 'with ci_variables_builder_memoize_secret_variables disabled' do + before do + stub_feature_flags(ci_variables_builder_memoize_secret_variables: false) + end + + let(:protected_variable_item) { protected_variable } + let(:unprotected_variable_item) { unprotected_variable } - include_examples "secret CI variables" + include_examples "secret CI variables" + end + + context 'with ci_variables_builder_memoize_secret_variables enabled' do + before do + stub_feature_flags(ci_variables_builder_memoize_secret_variables: true) + end + + let(:protected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(protected_variable) } + let(:unprotected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(unprotected_variable) } + + include_examples "secret CI variables" + + context 'variables memoization' do + let_it_be(:scoped_variable) { create(:ci_group_variable, group: group, environment_scope: 'scoped') } + + let(:ref) { job.git_ref } + let(:environment) { job.expanded_environment_name } + let(:scoped_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(scoped_variable) } + + context 'with protected environments' do + it 'memoizes the result by environment' do + expect(pipeline.project) + .to receive(:protected_for?) + .with(pipeline.jobs_git_ref) + .once.and_return(true) + + expect_next_instance_of(described_class::Group) do |group_variables_builder| + expect(group_variables_builder) + .to receive(:secret_variables) + .with(environment: 'production', protected_ref: true) + .once + .and_call_original + end + + 2.times do + expect(builder.secret_group_variables(ref: ref, environment: 'production')) + .to contain_exactly(unprotected_variable_item, protected_variable_item) + end + end + end + + context 'with unprotected environments' do + it 'memoizes the result by environment' do + expect(pipeline.project) + .to receive(:protected_for?) + .with(pipeline.jobs_git_ref) + .once.and_return(false) + + expect_next_instance_of(described_class::Group) do |group_variables_builder| + expect(group_variables_builder) + .to receive(:secret_variables) + .with(environment: nil, protected_ref: false) + .once + .and_call_original + + expect(group_variables_builder) + .to receive(:secret_variables) + .with(environment: 'scoped', protected_ref: false) + .once + .and_call_original + end + + 2.times do + expect(builder.secret_group_variables(ref: 'other', environment: nil)) + .to contain_exactly(unprotected_variable_item) + + expect(builder.secret_group_variables(ref: 'other', environment: 'scoped')) + .to contain_exactly(unprotected_variable_item, scoped_variable_item) + end + end + end + end + end end describe '#secret_project_variables' do |