diff options
Diffstat (limited to 'spec/requests/api/internal')
-rw-r--r-- | spec/requests/api/internal/base_spec.rb | 139 | ||||
-rw-r--r-- | spec/requests/api/internal/kubernetes_spec.rb | 154 | ||||
-rw-r--r-- | spec/requests/api/internal/pages_spec.rb | 1 |
3 files changed, 294 insertions, 0 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index 7d219954e9d..873189af397 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -120,6 +120,138 @@ RSpec.describe API::Internal::Base do end end + describe 'POST /internal/personal_access_token' do + it 'returns an error message when the key does not exist' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: non_existing_record_id + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Could not find the given key') + end + + it 'returns an error message when the key is a deploy key' do + deploy_key = create(:deploy_key) + + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: deploy_key.id + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Deploy keys cannot be used to create personal access tokens') + end + + it 'returns an error message when the user does not exist' do + key_without_user = create(:key, user: nil) + + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key_without_user.id + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq('Could not find a user for the given key') + expect(json_response['token']).to be_nil + end + + it 'returns an error message when given an non existent user' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + user_id: 0 + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq("Could not find the given user") + end + + it 'returns an error message when no name parameter is received' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key.id + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq("No token name specified") + end + + it 'returns an error message when no scopes parameter is received' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key.id, + name: 'newtoken' + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq("No token scopes specified") + end + + it 'returns an error message when expires_at contains an invalid date' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key.id, + name: 'newtoken', + scopes: ['api'], + expires_at: 'invalid-date' + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to eq("Invalid token expiry date: 'invalid-date'") + end + + it 'returns an error message when it receives an invalid scope' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api badscope read_repository) + } + + expect(json_response['success']).to be_falsey + expect(json_response['message']).to match(/\AInvalid scope: 'badscope'. Valid scopes are: /) + end + + it 'returns a token without expiry when the expires_at parameter is missing' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api read_repository) + } + + expect(json_response['success']).to be_truthy + expect(json_response['token']).to match(/\A\S{20}\z/) + expect(json_response['scopes']).to match_array(%w(read_api read_repository)) + expect(json_response['expires_at']).to be_nil + end + + it 'returns a token with expiry when it receives a valid expires_at parameter' do + post api('/internal/personal_access_token'), + params: { + secret_token: secret_token, + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api read_repository), + expires_at: '9001-11-17' + } + + expect(json_response['success']).to be_truthy + expect(json_response['token']).to match(/\A\S{20}\z/) + expect(json_response['scopes']).to match_array(%w(read_api read_repository)) + expect(json_response['expires_at']).to eq('9001-11-17') + end + end + describe "POST /internal/lfs_authenticate" do before do project.add_developer(user) @@ -321,6 +453,8 @@ RSpec.describe API::Internal::Base do expect(json_response["status"]).to be_truthy expect(json_response["gl_project_path"]).to eq(project.wiki.full_path) expect(json_response["gl_repository"]).to eq("wiki-#{project.id}") + expect(json_response["gl_key_type"]).to eq("key") + expect(json_response["gl_key_id"]).to eq(key.id) expect(user.reload.last_activity_on).to be_nil end @@ -444,6 +578,8 @@ RSpec.describe API::Internal::Base do expect(json_response["status"]).to be_truthy expect(json_response["gl_repository"]).to eq("project-#{project.id}") expect(json_response["gl_project_path"]).to eq(project.full_path) + expect(json_response["gl_key_type"]).to eq("key") + expect(json_response["gl_key_id"]).to eq(key.id) expect(json_response["gitaly"]).not_to be_nil expect(json_response["gitaly"]["repository"]).not_to be_nil expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name) @@ -547,6 +683,7 @@ RSpec.describe API::Internal::Base do } } end + let(:console_messages) { ['informational message'] } let(:custom_action_result) { Gitlab::GitAccessResult::CustomAction.new(payload, console_messages) } @@ -706,6 +843,8 @@ RSpec.describe API::Internal::Base do expect(response).to have_gitlab_http_status(:ok) expect(json_response["status"]).to be_truthy expect(json_response["gitaly"]).not_to be_nil + expect(json_response["gl_key_type"]).to eq("deploy_key") + expect(json_response["gl_key_id"]).to eq(key.id) expect(json_response["gitaly"]["repository"]).not_to be_nil expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name) expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path) diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb new file mode 100644 index 00000000000..555ca441fe7 --- /dev/null +++ b/spec/requests/api/internal/kubernetes_spec.rb @@ -0,0 +1,154 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe API::Internal::Kubernetes do + describe "GET /internal/kubernetes/agent_info" do + context 'kubernetes_agent_internal_api feature flag disabled' do + before do + stub_feature_flags(kubernetes_agent_internal_api: false) + end + + it 'returns 404' do + get api('/internal/kubernetes/agent_info') + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + it 'returns 403 if Authorization header not sent' do + get api('/internal/kubernetes/agent_info') + + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'an agent is found' do + let!(:agent_token) { create(:cluster_agent_token) } + + let(:agent) { agent_token.agent } + let(:project) { agent.project } + + it 'returns expected data', :aggregate_failures do + get api('/internal/kubernetes/agent_info'), headers: { 'Authorization' => "Bearer #{agent_token.token}" } + + expect(response).to have_gitlab_http_status(:success) + + expect(json_response).to match( + a_hash_including( + 'project_id' => project.id, + 'agent_id' => agent.id, + 'agent_name' => agent.name, + 'gitaly_info' => a_hash_including( + 'address' => match(/\.socket$/), + 'token' => 'secret', + 'features' => {} + ), + 'gitaly_repository' => a_hash_including( + 'storage_name' => project.repository_storage, + 'relative_path' => project.disk_path + '.git', + 'gl_repository' => "project-#{project.id}", + 'gl_project_path' => project.full_path + ) + ) + ) + end + end + + context 'no such agent exists' do + it 'returns 404' do + get api('/internal/kubernetes/agent_info'), headers: { 'Authorization' => 'Bearer ABCD' } + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + + describe 'GET /internal/kubernetes/project_info' do + context 'kubernetes_agent_internal_api feature flag disabled' do + before do + stub_feature_flags(kubernetes_agent_internal_api: false) + end + + it 'returns 404' do + get api('/internal/kubernetes/project_info') + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + it 'returns 403 if Authorization header not sent' do + get api('/internal/kubernetes/project_info') + + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'no such agent exists' do + it 'returns 404' do + get api('/internal/kubernetes/project_info'), headers: { 'Authorization' => 'Bearer ABCD' } + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'an agent is found' do + let!(:agent_token) { create(:cluster_agent_token) } + + let(:agent) { agent_token.agent } + + context 'project is public' do + let(:project) { create(:project, :public) } + + it 'returns expected data', :aggregate_failures do + get api('/internal/kubernetes/project_info'), params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + + expect(response).to have_gitlab_http_status(:success) + + expect(json_response).to match( + a_hash_including( + 'project_id' => project.id, + 'gitaly_info' => a_hash_including( + 'address' => match(/\.socket$/), + 'token' => 'secret', + 'features' => {} + ), + 'gitaly_repository' => a_hash_including( + 'storage_name' => project.repository_storage, + 'relative_path' => project.disk_path + '.git', + 'gl_repository' => "project-#{project.id}", + 'gl_project_path' => project.full_path + ) + ) + ) + end + end + + context 'project is private' do + let(:project) { create(:project, :private) } + + it 'returns 404' do + get api('/internal/kubernetes/project_info'), params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'project is internal' do + let(:project) { create(:project, :internal) } + + it 'returns 404' do + get api('/internal/kubernetes/project_info'), params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'project does not exist' do + it 'returns 404' do + get api('/internal/kubernetes/project_info'), params: { id: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + end +end diff --git a/spec/requests/api/internal/pages_spec.rb b/spec/requests/api/internal/pages_spec.rb index 48fc95b6574..e58eba02132 100644 --- a/spec/requests/api/internal/pages_spec.rb +++ b/spec/requests/api/internal/pages_spec.rb @@ -7,6 +7,7 @@ RSpec.describe API::Internal::Pages do jwt_token = JWT.encode({ 'iss' => 'gitlab-pages' }, Gitlab::Pages.secret, 'HS256') { Gitlab::Pages::INTERNAL_API_REQUEST_HEADER => jwt_token } end + let(:pages_secret) { SecureRandom.random_bytes(Gitlab::Pages::SECRET_LENGTH) } before do |