diff options
Diffstat (limited to 'spec/requests/api/internal')
-rw-r--r-- | spec/requests/api/internal/base_spec.rb | 39 | ||||
-rw-r--r-- | spec/requests/api/internal/error_tracking_spec.rb | 2 | ||||
-rw-r--r-- | spec/requests/api/internal/kubernetes_spec.rb | 178 | ||||
-rw-r--r-- | spec/requests/api/internal/workhorse_spec.rb | 1 |
4 files changed, 207 insertions, 13 deletions
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index acfe476a864..e100684018a 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -376,10 +376,17 @@ RSpec.describe API::Internal::Base do shared_examples 'rate limited request' do let(:action) { 'git-upload-pack' } let(:actor) { key } + let(:rate_limiter) { double(:rate_limiter, ip: "127.0.0.1", trusted_ip?: false) } + + before do + allow(::Gitlab::Auth::IpRateLimiter).to receive(:new).with("127.0.0.1").and_return(rate_limiter) + end it 'is throttled by rate limiter' do allow(::Gitlab::ApplicationRateLimiter).to receive(:threshold).and_return(1) + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:gitlab_shell_operation, scope: [action, project.full_path, actor]).twice.and_call_original + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:gitlab_shell_operation, scope: [action, project.full_path, "127.0.0.1"]).and_call_original request @@ -402,6 +409,28 @@ RSpec.describe API::Internal::Base do subject end end + + context 'when rate_limit_gitlab_shell_by_ip feature flag is disabled' do + before do + stub_feature_flags(rate_limit_gitlab_shell_by_ip: false) + end + + it 'is not throttled by rate limiter' do + expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?) + + subject + end + end + + context 'when the IP is in a trusted range' do + let(:rate_limiter) { double(:rate_limiter, ip: "127.0.0.1", trusted_ip?: true) } + + it 'is not throttled by rate limiter' do + expect(::Gitlab::ApplicationRateLimiter).not_to receive(:throttled?) + + subject + end + end end context "access granted" do @@ -1451,7 +1480,7 @@ RSpec.describe API::Internal::Base do describe 'POST /internal/two_factor_otp_check' do let(:key_id) { key.id } - let(:otp) { '123456'} + let(:otp) { '123456' } subject do post api('/internal/two_factor_otp_check'), @@ -1472,7 +1501,7 @@ RSpec.describe API::Internal::Base do describe 'POST /internal/two_factor_manual_otp_check' do let(:key_id) { key.id } - let(:otp) { '123456'} + let(:otp) { '123456' } subject do post api('/internal/two_factor_manual_otp_check'), @@ -1493,7 +1522,7 @@ RSpec.describe API::Internal::Base do describe 'POST /internal/two_factor_push_otp_check' do let(:key_id) { key.id } - let(:otp) { '123456'} + let(:otp) { '123456' } subject do post api('/internal/two_factor_push_otp_check'), @@ -1514,7 +1543,7 @@ RSpec.describe API::Internal::Base do describe 'POST /internal/two_factor_manual_otp_check' do let(:key_id) { key.id } - let(:otp) { '123456'} + let(:otp) { '123456' } subject do post api('/internal/two_factor_manual_otp_check'), @@ -1534,7 +1563,7 @@ RSpec.describe API::Internal::Base do describe 'POST /internal/two_factor_push_otp_check' do let(:key_id) { key.id } - let(:otp) { '123456'} + let(:otp) { '123456' } subject do post api('/internal/two_factor_push_otp_check'), diff --git a/spec/requests/api/internal/error_tracking_spec.rb b/spec/requests/api/internal/error_tracking_spec.rb index 69eb54d5ed2..4c420eb8505 100644 --- a/spec/requests/api/internal/error_tracking_spec.rb +++ b/spec/requests/api/internal/error_tracking_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe API::Internal::ErrorTracking do let(:secret_token) { Gitlab::CurrentSettings.error_tracking_access_token } let(:headers) do - { ::API::Internal::ErrorTracking::GITLAB_ERROR_TRACKING_TOKEN_HEADER => Base64.encode64(secret_token) } + { ::API::Internal::ErrorTracking::GITLAB_ERROR_TRACKING_TOKEN_HEADER => secret_token } end describe 'GET /internal/error_tracking/allowed' do diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb index c0a979995c9..67d8a18dfd8 100644 --- a/spec/requests/api/internal/kubernetes_spec.rb +++ b/spec/requests/api/internal/kubernetes_spec.rb @@ -59,7 +59,7 @@ RSpec.describe API::Internal::Kubernetes do end end - describe 'POST /internal/kubernetes/usage_metrics' do + describe 'POST /internal/kubernetes/usage_metrics', :clean_gitlab_redis_shared_state do def send_request(headers: {}, params: {}) post api('/internal/kubernetes/usage_metrics'), params: params, headers: headers.reverse_merge(jwt_auth_headers) end @@ -69,29 +69,102 @@ RSpec.describe API::Internal::Kubernetes do context 'is authenticated for an agent' do let!(:agent_token) { create(:cluster_agent_token) } + # Todo: Remove gitops_sync_count and k8s_api_proxy_request_count in the next milestone + # https://gitlab.com/gitlab-org/gitlab/-/issues/369489 + # We're only keeping it for backwards compatibility until KAS is released + # using `counts:` instead + context 'deprecated events' do + it 'returns no_content for valid events' do + send_request(params: { gitops_sync_count: 10, k8s_api_proxy_request_count: 5 }) + + expect(response).to have_gitlab_http_status(:no_content) + end + + it 'returns no_content for counts of zero' do + send_request(params: { gitops_sync_count: 0, k8s_api_proxy_request_count: 0 }) + + expect(response).to have_gitlab_http_status(:no_content) + end + + it 'returns 400 for non number' do + send_request(params: { gitops_sync_count: 'string', k8s_api_proxy_request_count: 1 }) + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'returns 400 for negative number' do + send_request(params: { gitops_sync_count: -1, k8s_api_proxy_request_count: 1 }) + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'tracks events' do + counters = { gitops_sync_count: 10, k8s_api_proxy_request_count: 5 } + expected_counters = { + kubernetes_agent_gitops_sync: counters[:gitops_sync_count], + kubernetes_agent_k8s_api_proxy_request: counters[:k8s_api_proxy_request_count] + } + + send_request(params: counters) + + expect(Gitlab::UsageDataCounters::KubernetesAgentCounter.totals).to eq(expected_counters) + end + end + it 'returns no_content for valid events' do - send_request(params: { gitops_sync_count: 10, k8s_api_proxy_request_count: 5 }) + counters = { gitops_sync: 10, k8s_api_proxy_request: 5 } + unique_counters = { agent_users_using_ci_tunnel: [10] } + + send_request(params: { counters: counters, unique_counters: unique_counters }) expect(response).to have_gitlab_http_status(:no_content) end it 'returns no_content for counts of zero' do - send_request(params: { gitops_sync_count: 0, k8s_api_proxy_request_count: 0 }) + counters = { gitops_sync: 0, k8s_api_proxy_request: 0 } + unique_counters = { agent_users_using_ci_tunnel: [] } + + send_request(params: { counters: counters, unique_counters: unique_counters }) expect(response).to have_gitlab_http_status(:no_content) end - it 'returns 400 for non number' do - send_request(params: { gitops_sync_count: 'string', k8s_api_proxy_request_count: 1 }) + it 'returns 400 for non counter number' do + counters = { gitops_sync: 'string', k8s_api_proxy_request: 0 } + + send_request(params: { counters: counters }) expect(response).to have_gitlab_http_status(:bad_request) end - it 'returns 400 for negative number' do - send_request(params: { gitops_sync_count: -1, k8s_api_proxy_request_count: 1 }) + it 'returns 400 for non unique_counter set' do + unique_counters = { agent_users_using_ci_tunnel: 1 } + + send_request(params: { unique_counters: unique_counters }) expect(response).to have_gitlab_http_status(:bad_request) end + + it 'tracks events' do + counters = { gitops_sync: 10, k8s_api_proxy_request: 5 } + unique_counters = { agent_users_using_ci_tunnel: [10] } + expected_counters = { + kubernetes_agent_gitops_sync: counters[:gitops_sync], + kubernetes_agent_k8s_api_proxy_request: counters[:k8s_api_proxy_request] + } + + send_request(params: { counters: counters, unique_counters: unique_counters }) + + expect(Gitlab::UsageDataCounters::KubernetesAgentCounter.totals).to eq(expected_counters) + + expect( + Gitlab::UsageDataCounters::HLLRedisCounter + .unique_events( + event_names: 'agent_users_using_ci_tunnel', + start_date: Date.current, end_date: Date.current + 10 + ) + ).to eq(1) + end end end @@ -180,4 +253,95 @@ RSpec.describe API::Internal::Kubernetes do end end end + + describe 'GET /internal/kubernetes/project_info' do + def send_request(headers: {}, params: {}) + get api('/internal/kubernetes/project_info'), params: params, headers: headers.reverse_merge(jwt_auth_headers) + end + + include_examples 'authorization' + include_examples 'agent authentication' + + context 'an agent is found' do + let_it_be(:agent_token) { create(:cluster_agent_token) } + + shared_examples 'agent token tracking' + + context 'project is public' do + let(:project) { create(:project, :public) } + + it 'returns expected data', :aggregate_failures do + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:success) + + expect(json_response).to match( + a_hash_including( + 'project_id' => project.id, + 'gitaly_info' => a_hash_including( + 'address' => match(/\.socket$/), + 'token' => 'secret', + 'features' => {} + ), + 'gitaly_repository' => a_hash_including( + 'storage_name' => project.repository_storage, + 'relative_path' => project.disk_path + '.git', + 'gl_repository' => "project-#{project.id}", + 'gl_project_path' => project.full_path + ), + 'default_branch' => project.default_branch_or_main + ) + ) + end + + context 'repository is for project members only' do + let(:project) { create(:project, :public, :repository_private) } + + it 'returns 404' do + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'project is private' do + let(:project) { create(:project, :private) } + + it 'returns 404' do + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:not_found) + end + + context 'and agent belongs to project' do + let(:agent_token) { create(:cluster_agent_token, agent: create(:cluster_agent, project: project)) } + + it 'returns 200' do + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:success) + end + end + end + + context 'project is internal' do + let(:project) { create(:project, :internal) } + + it 'returns 404' do + send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'project does not exist' do + it 'returns 404' do + send_request(params: { id: non_existing_record_id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + end end diff --git a/spec/requests/api/internal/workhorse_spec.rb b/spec/requests/api/internal/workhorse_spec.rb index d40c14cc0fd..bcf63bf7c2f 100644 --- a/spec/requests/api/internal/workhorse_spec.rb +++ b/spec/requests/api/internal/workhorse_spec.rb @@ -32,6 +32,7 @@ RSpec.describe API::Internal::Workhorse, :allow_forgery_protection do end it { expect_status(:success) } + it 'returns the temp upload path' do subject expect(json_response['TempPath']).to eq(Rails.root.join('tmp/tests/public/uploads/tmp').to_s) |