diff options
Diffstat (limited to 'spec/requests/api/jobs_spec.rb')
| -rw-r--r-- | spec/requests/api/jobs_spec.rb | 308 |
1 files changed, 232 insertions, 76 deletions
diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb index 8d647eb1c7e..6192bbd4abb 100644 --- a/spec/requests/api/jobs_spec.rb +++ b/spec/requests/api/jobs_spec.rb @@ -1,17 +1,17 @@ require 'spec_helper' -describe API::Jobs, :api do - let!(:project) do +describe API::Jobs do + set(:project) do create(:project, :repository, public_builds: false) end - let!(:pipeline) do + set(:pipeline) do create(:ci_empty_pipeline, project: project, sha: project.commit.id, ref: project.default_branch) end - let!(:job) { create(:ci_build, pipeline: pipeline) } + let!(:job) { create(:ci_build, :success, pipeline: pipeline) } let(:user) { create(:user) } let(:api_user) { user } @@ -25,13 +25,15 @@ describe API::Jobs, :api do describe 'GET /projects/:id/jobs' do let(:query) { Hash.new } - before do - get api("/projects/#{project.id}/jobs", api_user), query + before do |example| + unless example.metadata[:skip_before_request] + get api("/projects/#{project.id}/jobs", api_user), query + end end context 'authorized user' do it 'returns project jobs' do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array end @@ -51,11 +53,28 @@ describe API::Jobs, :api do expect(json_job['pipeline']['status']).to eq job.pipeline.status end + it 'avoids N+1 queries', :skip_before_request do + first_build = create(:ci_build, :artifacts, pipeline: pipeline) + first_build.runner = create(:ci_runner) + first_build.user = create(:user) + first_build.save + + control_count = ActiveRecord::QueryRecorder.new { go }.count + + second_pipeline = create(:ci_empty_pipeline, project: project, sha: project.commit.id, ref: project.default_branch) + second_build = create(:ci_build, :artifacts, pipeline: second_pipeline) + second_build.runner = create(:ci_runner) + second_build.user = create(:user) + second_build.save + + expect { go }.not_to exceed_query_limit(control_count) + end + context 'filter project with one scope element' do let(:query) { { 'scope' => 'pending' } } it do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(json_response).to be_an Array end end @@ -64,7 +83,7 @@ describe API::Jobs, :api do let(:query) { { scope: %w(pending running) } } it do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(json_response).to be_an Array end end @@ -72,7 +91,7 @@ describe API::Jobs, :api do context 'respond 400 when scope contains invalid state' do let(:query) { { scope: %w(unknown running) } } - it { expect(response).to have_http_status(400) } + it { expect(response).to have_gitlab_http_status(400) } end end @@ -80,9 +99,13 @@ describe API::Jobs, :api do let(:api_user) { nil } it 'does not return project jobs' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(401) end end + + def go + get api("/projects/#{project.id}/jobs", api_user), query + end end describe 'GET /projects/:id/pipelines/:pipeline_id/jobs' do @@ -94,7 +117,7 @@ describe API::Jobs, :api do context 'authorized user' do it 'returns pipeline jobs' do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array end @@ -118,7 +141,7 @@ describe API::Jobs, :api do let(:query) { { 'scope' => 'pending' } } it do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(json_response).to be_an Array end end @@ -127,7 +150,7 @@ describe API::Jobs, :api do let(:query) { { scope: %w(pending running) } } it do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(json_response).to be_an Array end end @@ -135,7 +158,7 @@ describe API::Jobs, :api do context 'respond 400 when scope contains invalid state' do let(:query) { { scope: %w(unknown running) } } - it { expect(response).to have_http_status(400) } + it { expect(response).to have_gitlab_http_status(400) } end context 'jobs in different pipelines' do @@ -152,7 +175,7 @@ describe API::Jobs, :api do let(:api_user) { nil } it 'does not return jobs' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(401) end end end @@ -164,8 +187,18 @@ describe API::Jobs, :api do context 'authorized user' do it 'returns specific job data' do - expect(response).to have_http_status(200) - expect(json_response['name']).to eq('test') + expect(response).to have_gitlab_http_status(200) + expect(json_response['id']).to eq(job.id) + expect(json_response['status']).to eq(job.status) + expect(json_response['stage']).to eq(job.stage) + expect(json_response['name']).to eq(job.name) + expect(json_response['ref']).to eq(job.ref) + expect(json_response['tag']).to eq(job.tag) + expect(json_response['coverage']).to eq(job.coverage) + expect(Time.parse(json_response['created_at'])).to be_like_time(job.created_at) + expect(Time.parse(json_response['started_at'])).to be_like_time(job.started_at) + expect(Time.parse(json_response['finished_at'])).to be_like_time(job.finished_at) + expect(json_response['duration']).to eq(job.duration) end it 'returns pipeline data' do @@ -183,49 +216,137 @@ describe API::Jobs, :api do let(:api_user) { nil } it 'does not return specific job data' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(401) end end end - describe 'GET /projects/:id/jobs/:job_id/artifacts' do - before do - get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - end - - context 'job with artifacts' do + describe 'GET /projects/:id/jobs/:job_id/artifacts/:artifact_path' do + context 'when job has artifacts' do let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } - context 'authorized user' do - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' } + let(:artifact) do + 'other_artifacts_0.1.2/another-subdirectory/banana_sample.gif' + end + + context 'when user is anonymous' do + let(:api_user) { nil } + + context 'when project is public' do + it 'allows to access artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(200) + end + end + + context 'when project is public with builds access disabled' do + it 'rejects access to artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PUBLIC) + project.update_column(:public_builds, false) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(403) + end end - it 'returns specific job artifacts' do - expect(response).to have_http_status(200) - expect(response.headers).to include(download_headers) - expect(response.body).to match_file(job.artifacts_file.file.file) + context 'when project is private' do + it 'rejects access and hides existence of artifacts' do + project.update_column(:visibility_level, + Gitlab::VisibilityLevel::PRIVATE) + project.update_column(:public_builds, true) + + get_artifact_file(artifact) + + expect(response).to have_gitlab_http_status(404) + end end end - context 'unauthorized user' do - let(:api_user) { nil } + context 'when user is authorized' do + it 'returns a specific artifact file for a valid path' do + expect(Gitlab::Workhorse) + .to receive(:send_artifacts_entry) + .and_call_original + + get_artifact_file(artifact) - it 'does not return specific job artifacts' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(200) + expect(response.headers) + .to include('Content-Type' => 'application/json', + 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) end end end - it 'does not return job artifacts if not uploaded' do - expect(response).to have_http_status(404) + context 'when job does not have artifacts' do + it 'does not return job artifact file' do + get_artifact_file('some/artifact') + + expect(response).to have_gitlab_http_status(404) + end + end + + def get_artifact_file(artifact_path) + get api("/projects/#{project.id}/jobs/#{job.id}/" \ + "artifacts/#{artifact_path}", api_user) + end + end + + describe 'GET /projects/:id/jobs/:job_id/artifacts' do + shared_examples 'downloads artifact' do + let(:download_headers) do + { 'Content-Transfer-Encoding' => 'binary', + 'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' } + end + + it 'returns specific job artifacts' do + expect(response).to have_gitlab_http_status(200) + expect(response.headers).to include(download_headers) + expect(response.body).to match_file(job.artifacts_file.file.file) + end + end + + context 'normal authentication' do + context 'job with artifacts' do + context 'when artifacts are stored locally' do + let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } + + before do + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + context 'authorized user' do + it_behaves_like 'downloads artifact' + end + + context 'unauthorized user' do + let(:api_user) { nil } + + it 'does not return specific job artifacts' do + expect(response).to have_gitlab_http_status(404) + end + end + end + + it 'does not return job artifacts if not uploaded' do + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + + expect(response).to have_gitlab_http_status(404) + end + end end end describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do let(:api_user) { reporter } - let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) } + let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } before do job.success @@ -242,8 +363,9 @@ describe API::Jobs, :api do get_for_ref end - it 'gives 401' do - expect(response).to have_http_status(401) + it 'does not find a resource in a private project' do + expect(project).to be_private + expect(response).to have_gitlab_http_status(404) end end @@ -255,13 +377,13 @@ describe API::Jobs, :api do end it 'gives 403' do - expect(response).to have_http_status(403) + expect(response).to have_gitlab_http_status(403) end end context 'non-existing job' do shared_examples 'not found' do - it { expect(response).to have_http_status(:not_found) } + it { expect(response).to have_gitlab_http_status(:not_found) } end context 'has no such ref' do @@ -283,14 +405,16 @@ describe API::Jobs, :api do context 'find proper job' do shared_examples 'a valid file' do - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => - "attachment; filename=#{job.artifacts_file.filename}" } - end + context 'when artifacts are stored locally' do + let(:download_headers) do + { 'Content-Transfer-Encoding' => 'binary', + 'Content-Disposition' => + "attachment; filename=#{job.artifacts_file.filename}" } + end - it { expect(response).to have_http_status(200) } - it { expect(response.headers).to include(download_headers) } + it { expect(response).to have_gitlab_http_status(200) } + it { expect(response.headers).to include(download_headers) } + end end context 'with regular branch' do @@ -322,16 +446,27 @@ describe API::Jobs, :api do end describe 'GET /projects/:id/jobs/:job_id/trace' do - let(:job) { create(:ci_build, :trace, pipeline: pipeline) } - before do get api("/projects/#{project.id}/jobs/#{job.id}/trace", api_user) end context 'authorized user' do - it 'returns specific job trace' do - expect(response).to have_http_status(200) - expect(response.body).to eq(job.trace.raw) + context 'when trace is artifact' do + let(:job) { create(:ci_build, :trace_artifact, pipeline: pipeline) } + + it 'returns specific job trace' do + expect(response).to have_gitlab_http_status(200) + expect(response.body).to eq(job.trace.raw) + end + end + + context 'when trace is file' do + let(:job) { create(:ci_build, :trace_live, pipeline: pipeline) } + + it 'returns specific job trace' do + expect(response).to have_gitlab_http_status(200) + expect(response.body).to eq(job.trace.raw) + end end end @@ -339,7 +474,7 @@ describe API::Jobs, :api do let(:api_user) { nil } it 'does not return specific job trace' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(401) end end end @@ -352,8 +487,8 @@ describe API::Jobs, :api do context 'authorized user' do context 'user with :update_build persmission' do it 'cancels running or pending job' do - expect(response).to have_http_status(201) - expect(project.builds.first.status).to eq('canceled') + expect(response).to have_gitlab_http_status(201) + expect(project.builds.first.status).to eq('success') end end @@ -361,7 +496,7 @@ describe API::Jobs, :api do let(:api_user) { reporter } it 'does not cancel job' do - expect(response).to have_http_status(403) + expect(response).to have_gitlab_http_status(403) end end end @@ -370,7 +505,7 @@ describe API::Jobs, :api do let(:api_user) { nil } it 'does not cancel job' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(401) end end end @@ -385,7 +520,7 @@ describe API::Jobs, :api do context 'authorized user' do context 'user with :update_build permission' do it 'retries non-running job' do - expect(response).to have_http_status(201) + expect(response).to have_gitlab_http_status(201) expect(project.builds.first.status).to eq('canceled') expect(json_response['status']).to eq('pending') end @@ -395,7 +530,7 @@ describe API::Jobs, :api do let(:api_user) { reporter } it 'does not retry job' do - expect(response).to have_http_status(403) + expect(response).to have_gitlab_http_status(403) end end end @@ -404,22 +539,26 @@ describe API::Jobs, :api do let(:api_user) { nil } it 'does not retry job' do - expect(response).to have_http_status(401) + expect(response).to have_gitlab_http_status(401) end end end describe 'POST /projects/:id/jobs/:job_id/erase' do + let(:role) { :master } + before do + project.add_role(user, role) + post api("/projects/#{project.id}/jobs/#{job.id}/erase", user) end context 'job is erasable' do - let(:job) { create(:ci_build, :trace, :artifacts, :success, project: project, pipeline: pipeline) } + let(:job) { create(:ci_build, :trace_artifact, :artifacts, :success, project: project, pipeline: pipeline) } it 'erases job content' do - expect(response).to have_http_status(201) - expect(job).not_to have_trace + expect(response).to have_gitlab_http_status(201) + expect(job.trace.exist?).to be_falsy expect(job.artifacts_file.exists?).to be_falsy expect(job.artifacts_metadata.exists?).to be_falsy end @@ -433,10 +572,27 @@ describe API::Jobs, :api do end context 'job is not erasable' do - let(:job) { create(:ci_build, :trace, project: project, pipeline: pipeline) } + let(:job) { create(:ci_build, :trace_live, project: project, pipeline: pipeline) } it 'responds with forbidden' do - expect(response).to have_http_status(403) + expect(response).to have_gitlab_http_status(403) + end + end + + context 'when a developer erases a build' do + let(:role) { :developer } + let(:job) { create(:ci_build, :trace_artifact, :artifacts, :success, project: project, pipeline: pipeline, user: owner) } + + context 'when the build was created by the developer' do + let(:owner) { user } + + it { expect(response).to have_gitlab_http_status(201) } + end + + context 'when the build was created by the other' do + let(:owner) { create(:user) } + + it { expect(response).to have_gitlab_http_status(403) } end end end @@ -448,12 +604,12 @@ describe API::Jobs, :api do context 'artifacts did not expire' do let(:job) do - create(:ci_build, :trace, :artifacts, :success, + create(:ci_build, :trace_artifact, :artifacts, :success, project: project, pipeline: pipeline, artifacts_expire_at: Time.now + 7.days) end it 'keeps artifacts' do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(job.reload.artifacts_expire_at).to be_nil end end @@ -462,7 +618,7 @@ describe API::Jobs, :api do let(:job) { create(:ci_build, project: project, pipeline: pipeline) } it 'responds with not found' do - expect(response).to have_http_status(404) + expect(response).to have_gitlab_http_status(404) end end end @@ -477,7 +633,7 @@ describe API::Jobs, :api do context 'when user is authorized to trigger a manual action' do it 'plays the job' do - expect(response).to have_http_status(200) + expect(response).to have_gitlab_http_status(200) expect(json_response['user']['id']).to eq(user.id) expect(json_response['id']).to eq(job.id) expect(job.reload).to be_pending @@ -490,7 +646,7 @@ describe API::Jobs, :api do it 'does not trigger a manual action' do expect(job.reload).to be_manual - expect(response).to have_http_status(404) + expect(response).to have_gitlab_http_status(404) end end @@ -499,7 +655,7 @@ describe API::Jobs, :api do it 'does not trigger a manual action' do expect(job.reload).to be_manual - expect(response).to have_http_status(403) + expect(response).to have_gitlab_http_status(403) end end end @@ -507,7 +663,7 @@ describe API::Jobs, :api do context 'on a non-playable job' do it 'returns a status code 400, Bad Request' do - expect(response).to have_http_status 400 + expect(response).to have_gitlab_http_status 400 expect(response.body).to match("Unplayable Job") end end |