diff options
Diffstat (limited to 'spec/requests/api/admin/ci/variables_spec.rb')
-rw-r--r-- | spec/requests/api/admin/ci/variables_spec.rb | 131 |
1 files changed, 50 insertions, 81 deletions
diff --git a/spec/requests/api/admin/ci/variables_spec.rb b/spec/requests/api/admin/ci/variables_spec.rb index 4bdc44cb583..cd57cde74ff 100644 --- a/spec/requests/api/admin/ci/variables_spec.rb +++ b/spec/requests/api/admin/ci/variables_spec.rb @@ -2,71 +2,63 @@ require 'spec_helper' -RSpec.describe ::API::Admin::Ci::Variables do +RSpec.describe ::API::Admin::Ci::Variables, :aggregate_failures, feature_category: :pipeline_composition do let_it_be(:admin) { create(:admin) } let_it_be(:user) { create(:user) } + let_it_be(:variable) { create(:ci_instance_variable) } + let_it_be(:path) { '/admin/ci/variables' } describe 'GET /admin/ci/variables' do - let!(:variable) { create(:ci_instance_variable) } + it_behaves_like 'GET request permissions for admin mode' - it 'returns instance-level variables for admins', :aggregate_failures do - get api('/admin/ci/variables', admin) + it 'returns instance-level variables for admins' do + get api(path, admin, admin_mode: true) - expect(response).to have_gitlab_http_status(:ok) expect(json_response).to be_a(Array) end - it 'does not return instance-level variables for regular users' do - get api('/admin/ci/variables', user) - - expect(response).to have_gitlab_http_status(:forbidden) - end - it 'does not return instance-level variables for unauthorized users' do - get api('/admin/ci/variables') + get api(path, admin_mode: true) expect(response).to have_gitlab_http_status(:unauthorized) end end describe 'GET /admin/ci/variables/:key' do - let!(:variable) { create(:ci_instance_variable) } + let_it_be(:path) { "/admin/ci/variables/#{variable.key}" } + + it_behaves_like 'GET request permissions for admin mode' - it 'returns instance-level variable details for admins', :aggregate_failures do - get api("/admin/ci/variables/#{variable.key}", admin) + it 'returns instance-level variable details for admins' do + get api(path, admin, admin_mode: true) - expect(response).to have_gitlab_http_status(:ok) expect(json_response['value']).to eq(variable.value) expect(json_response['protected']).to eq(variable.protected?) expect(json_response['variable_type']).to eq(variable.variable_type) end it 'responds with 404 Not Found if requesting non-existing variable' do - get api('/admin/ci/variables/non_existing_variable', admin) + get api('/admin/ci/variables/non_existing_variable', admin, admin_mode: true) expect(response).to have_gitlab_http_status(:not_found) end - it 'does not return instance-level variable details for regular users' do - get api("/admin/ci/variables/#{variable.key}", user) - - expect(response).to have_gitlab_http_status(:forbidden) - end - it 'does not return instance-level variable details for unauthorized users' do - get api("/admin/ci/variables/#{variable.key}") + get api(path, admin_mode: true) expect(response).to have_gitlab_http_status(:unauthorized) end end describe 'POST /admin/ci/variables' do - context 'authorized user with proper permissions' do - let!(:variable) { create(:ci_instance_variable) } + it_behaves_like 'POST request permissions for admin mode' do + let(:params) { { key: 'KEY', value: 'VALUE' } } + end - it 'creates variable for admins', :aggregate_failures do + context 'authorized user with proper permissions' do + it 'creates variable for admins' do expect do - post api('/admin/ci/variables', admin), + post api(path, admin, admin_mode: true), params: { key: 'TEST_VARIABLE_2', value: 'PROTECTED_VALUE_2', @@ -76,7 +68,6 @@ RSpec.describe ::API::Admin::Ci::Variables do } end.to change { ::Ci::InstanceVariable.count }.by(1) - expect(response).to have_gitlab_http_status(:created) expect(json_response['key']).to eq('TEST_VARIABLE_2') expect(json_response['value']).to eq('PROTECTED_VALUE_2') expect(json_response['protected']).to be_truthy @@ -90,13 +81,13 @@ RSpec.describe ::API::Admin::Ci::Variables do expect(::API::API::LOGGER).to receive(:info).with(include(params: include(masked_params))) - post api("/admin/ci/variables", user), + post api(path, user, admin_mode: true), params: { key: 'VAR_KEY', value: 'SENSITIVE', protected: true, masked: true } end - it 'creates variable with optional attributes', :aggregate_failures do + it 'creates variable with optional attributes' do expect do - post api('/admin/ci/variables', admin), + post api(path, admin, admin_mode: true), params: { variable_type: 'file', key: 'TEST_VARIABLE_2', @@ -104,7 +95,6 @@ RSpec.describe ::API::Admin::Ci::Variables do } end.to change { ::Ci::InstanceVariable.count }.by(1) - expect(response).to have_gitlab_http_status(:created) expect(json_response['key']).to eq('TEST_VARIABLE_2') expect(json_response['value']).to eq('VALUE_2') expect(json_response['protected']).to be_falsey @@ -115,7 +105,7 @@ RSpec.describe ::API::Admin::Ci::Variables do it 'does not allow to duplicate variable key' do expect do - post api('/admin/ci/variables', admin), + post api(path, admin, admin_mode: true), params: { key: variable.key, value: 'VALUE_2' } end.not_to change { ::Ci::InstanceVariable.count } @@ -128,7 +118,7 @@ RSpec.describe ::API::Admin::Ci::Variables do MESSAGE expect do - post api('/admin/ci/variables', admin), + post api(path, admin, admin_mode: true), params: { key: 'too_long', value: SecureRandom.hex(10_001) } end.not_to change { ::Ci::InstanceVariable.count } @@ -138,17 +128,9 @@ RSpec.describe ::API::Admin::Ci::Variables do end end - context 'authorized user with invalid permissions' do - it 'does not create variable' do - post api('/admin/ci/variables', user) - - expect(response).to have_gitlab_http_status(:forbidden) - end - end - context 'unauthorized user' do it 'does not create variable' do - post api('/admin/ci/variables') + post api(path, admin_mode: true) expect(response).to have_gitlab_http_status(:unauthorized) end @@ -156,20 +138,23 @@ RSpec.describe ::API::Admin::Ci::Variables do end describe 'PUT /admin/ci/variables/:key' do - let!(:variable) { create(:ci_instance_variable) } + let_it_be(:path) { "/admin/ci/variables/#{variable.key}" } + let_it_be(:params) do + { + variable_type: 'file', + value: 'VALUE_1_UP', + protected: true, + masked: true, + raw: true + } + end + + it_behaves_like 'PUT request permissions for admin mode' context 'authorized user with proper permissions' do - it 'updates variable data', :aggregate_failures do - put api("/admin/ci/variables/#{variable.key}", admin), - params: { - variable_type: 'file', - value: 'VALUE_1_UP', - protected: true, - masked: true, - raw: true - } - - expect(response).to have_gitlab_http_status(:ok) + it 'updates variable data' do + put api(path, admin, admin_mode: true), params: params + expect(variable.reload.value).to eq('VALUE_1_UP') expect(variable.reload).to be_protected expect(json_response['variable_type']).to eq('file') @@ -182,28 +167,20 @@ RSpec.describe ::API::Admin::Ci::Variables do expect(::API::API::LOGGER).to receive(:info).with(include(params: include(masked_params))) - put api("/admin/ci/variables/#{variable.key}", admin), + put api(path, admin, admin_mode: true), params: { value: 'SENSITIVE', protected: true, masked: true } end it 'responds with 404 Not Found if requesting non-existing variable' do - put api('/admin/ci/variables/non_existing_variable', admin) + put api('/admin/ci/variables/non_existing_variable', admin, admin_mode: true) expect(response).to have_gitlab_http_status(:not_found) end end - context 'authorized user with invalid permissions' do - it 'does not update variable' do - put api("/admin/ci/variables/#{variable.key}", user) - - expect(response).to have_gitlab_http_status(:forbidden) - end - end - context 'unauthorized user' do it 'does not update variable' do - put api("/admin/ci/variables/#{variable.key}") + put api(path, admin_mode: true) expect(response).to have_gitlab_http_status(:unauthorized) end @@ -211,35 +188,27 @@ RSpec.describe ::API::Admin::Ci::Variables do end describe 'DELETE /admin/ci/variables/:key' do - let!(:variable) { create(:ci_instance_variable) } + let_it_be(:path) { "/admin/ci/variables/#{variable.key}" } + + it_behaves_like 'DELETE request permissions for admin mode' context 'authorized user with proper permissions' do it 'deletes variable' do expect do - delete api("/admin/ci/variables/#{variable.key}", admin) - - expect(response).to have_gitlab_http_status(:no_content) + delete api(path, admin, admin_mode: true) end.to change { ::Ci::InstanceVariable.count }.by(-1) end it 'responds with 404 Not Found if requesting non-existing variable' do - delete api('/admin/ci/variables/non_existing_variable', admin) + delete api('/admin/ci/variables/non_existing_variable', admin, admin_mode: true) expect(response).to have_gitlab_http_status(:not_found) end end - context 'authorized user with invalid permissions' do - it 'does not delete variable' do - delete api("/admin/ci/variables/#{variable.key}", user) - - expect(response).to have_gitlab_http_status(:forbidden) - end - end - context 'unauthorized user' do it 'does not delete variable' do - delete api("/admin/ci/variables/#{variable.key}") + delete api(path, admin_mode: true) expect(response).to have_gitlab_http_status(:unauthorized) end |