diff options
Diffstat (limited to 'spec/requests/groups')
-rw-r--r-- | spec/requests/groups/observability_controller_spec.rb | 218 | ||||
-rw-r--r-- | spec/requests/groups/settings/access_tokens_controller_spec.rb | 25 |
2 files changed, 117 insertions, 126 deletions
diff --git a/spec/requests/groups/observability_controller_spec.rb b/spec/requests/groups/observability_controller_spec.rb index 9be013d4385..a08231fe939 100644 --- a/spec/requests/groups/observability_controller_spec.rb +++ b/spec/requests/groups/observability_controller_spec.rb @@ -8,23 +8,16 @@ RSpec.describe Groups::ObservabilityController do let_it_be(:group) { create(:group) } let_it_be(:user) { create(:user) } - subject do - get group_observability_index_path(group) - response - end + let(:observability_url) { Gitlab::Observability.observability_url } + let(:expected_observability_path) { "/" } - describe 'GET #index' do - context 'when user is not authenticated' do - it 'returns 404' do - expect(subject).to have_gitlab_http_status(:not_found) - end + shared_examples 'observability route request' do + subject do + get path + response end - context 'when observability url is missing' do - before do - allow(described_class).to receive(:observability_url).and_return("") - end - + context 'when user is not authenticated' do it 'returns 404' do expect(subject).to have_gitlab_http_status(:not_found) end @@ -46,6 +39,16 @@ RSpec.describe Groups::ObservabilityController do group.add_developer(user) end + context 'when observability url is missing' do + before do + allow(Gitlab::Observability).to receive(:observability_url).and_return("") + end + + it 'returns 404' do + expect(subject).to have_gitlab_http_status(:not_found) + end + end + it 'returns 200' do expect(subject).to have_gitlab_http_status(:ok) end @@ -55,135 +58,112 @@ RSpec.describe Groups::ObservabilityController do expect(subject).to render_template("layouts/fullscreen") expect(subject).not_to render_template('layouts/nav/breadcrumbs') expect(subject).to render_template("nav/sidebar/_group") + expect(subject).to render_template("groups/observability/observability") end - describe 'iframe' do - subject do - get group_observability_index_path(group) - Nokogiri::HTML.parse(response.body).at_css('iframe#observability-ui-iframe') - end - - it 'sets the iframe src to the proper URL' do - expect(subject.attributes['src'].value).to eq("https://observe.gitlab.com/-/#{group.id}") - end - - it 'when the env is staging, sets the iframe src to the proper URL' do - stub_config_setting(url: Gitlab::Saas.staging_com_url) - expect(subject.attributes['src'].value).to eq("https://staging.observe.gitlab.com/-/#{group.id}") - end - - it 'overrides the iframe src url if specified by OVERRIDE_OBSERVABILITY_URL env' do - stub_env('OVERRIDE_OBSERVABILITY_URL', 'http://foo.test') - - expect(subject.attributes['src'].value).to eq("http://foo.test/-/#{group.id}") - end + it 'renders the js-observability-app element correctly' do + element = Nokogiri::HTML.parse(subject.body).at_css('#js-observability-app') + expect(element.attributes['data-observability-iframe-src'].value).to eq(expected_observability_path) end + end + end - describe 'CSP' do - before do - setup_existing_csp_for_controller(described_class, csp) - end + describe 'GET #dashboards' do + let(:path) { group_observability_dashboards_path(group) } + let(:expected_observability_path) { "#{observability_url}/#{group.id}/" } - subject do - get group_observability_index_path(group) - response.headers['Content-Security-Policy'] - end + it_behaves_like 'observability route request' + end - context 'when there is no CSP config' do - let(:csp) { ActionDispatch::ContentSecurityPolicy.new } + describe 'GET #manage' do + let(:path) { group_observability_manage_path(group) } + let(:expected_observability_path) { "#{observability_url}/#{group.id}/dashboards" } - it 'does not add any csp header' do - expect(subject).to be_blank - end - end + it_behaves_like 'observability route request' + end - context 'when frame-src exists in the CSP config' do - let(:csp) do - ActionDispatch::ContentSecurityPolicy.new do |p| - p.frame_src 'https://something.test' - end - end + describe 'GET #explore' do + let(:path) { group_observability_explore_path(group) } + let(:expected_observability_path) { "#{observability_url}/#{group.id}/explore" } - it 'appends the proper url to frame-src CSP directives' do - expect(subject).to include( - "frame-src https://something.test https://observe.gitlab.com 'self'") - end + it_behaves_like 'observability route request' + end - it 'appends the proper url to frame-src CSP directives when Gilab.staging?' do - stub_config_setting(url: Gitlab::Saas.staging_com_url) + describe 'CSP' do + before do + setup_csp_for_controller(described_class, csp) + end - expect(subject).to include( - "frame-src https://something.test https://staging.observe.gitlab.com 'self'") - end + subject do + get group_observability_dashboards_path(group) + response.headers['Content-Security-Policy'] + end - it 'appends the proper url to frame-src CSP directives when OVERRIDE_OBSERVABILITY_URL is specified' do - stub_env('OVERRIDE_OBSERVABILITY_URL', 'http://foo.test') + context 'when there is no CSP config' do + let(:csp) { ActionDispatch::ContentSecurityPolicy.new } - expect(subject).to include( - "frame-src https://something.test http://foo.test 'self'") - end - end + it 'does not add any csp header' do + expect(subject).to be_blank + end + end - context 'when self is already present in the policy' do - let(:csp) do - ActionDispatch::ContentSecurityPolicy.new do |p| - p.frame_src "'self'" - end - end - - it 'does not append self again' do - expect(subject).to include( - "frame-src 'self' https://observe.gitlab.com;") - end + context 'when frame-src exists in the CSP config' do + let(:csp) do + ActionDispatch::ContentSecurityPolicy.new do |p| + p.frame_src 'https://something.test' end + end - context 'when default-src exists in the CSP config' do - let(:csp) do - ActionDispatch::ContentSecurityPolicy.new do |p| - p.default_src 'https://something.test' - end - end + it 'appends the proper url to frame-src CSP directives' do + expect(subject).to include( + "frame-src https://something.test #{observability_url} 'self'") + end + end - it 'does not change default-src' do - expect(subject).to include( - "default-src https://something.test;") - end + context 'when self is already present in the policy' do + let(:csp) do + ActionDispatch::ContentSecurityPolicy.new do |p| + p.frame_src "'self'" + end + end - it 'appends the proper url to frame-src CSP directives' do - expect(subject).to include( - "frame-src https://something.test https://observe.gitlab.com 'self'") - end + it 'does not append self again' do + expect(subject).to include( + "frame-src 'self' #{observability_url};") + end + end - it 'appends the proper url to frame-src CSP directives when Gilab.staging?' do - stub_config_setting(url: Gitlab::Saas.staging_com_url) + context 'when default-src exists in the CSP config' do + let(:csp) do + ActionDispatch::ContentSecurityPolicy.new do |p| + p.default_src 'https://something.test' + end + end - expect(subject).to include( - "frame-src https://something.test https://staging.observe.gitlab.com 'self'") - end + it 'does not change default-src' do + expect(subject).to include( + "default-src https://something.test;") + end - it 'appends the proper url to frame-src CSP directives when OVERRIDE_OBSERVABILITY_URL is specified' do - stub_env('OVERRIDE_OBSERVABILITY_URL', 'http://foo.test') + it 'appends the proper url to frame-src CSP directives' do + expect(subject).to include( + "frame-src https://something.test #{observability_url} 'self'") + end + end - expect(subject).to include( - "frame-src https://something.test http://foo.test 'self'") - end + context 'when frame-src and default-src exist in the CSP config' do + let(:csp) do + ActionDispatch::ContentSecurityPolicy.new do |p| + p.default_src 'https://something_default.test' + p.frame_src 'https://something.test' end + end - context 'when frame-src and default-src exist in the CSP config' do - let(:csp) do - ActionDispatch::ContentSecurityPolicy.new do |p| - p.default_src 'https://something_default.test' - p.frame_src 'https://something.test' - end - end - - it 'appends to frame-src CSP directives' do - expect(subject).to include( - "frame-src https://something.test https://observe.gitlab.com 'self'") - expect(subject).to include( - "default-src https://something_default.test") - end - end + it 'appends to frame-src CSP directives' do + expect(subject).to include( + "frame-src https://something.test #{observability_url} 'self'") + expect(subject).to include( + "default-src https://something_default.test") end end end diff --git a/spec/requests/groups/settings/access_tokens_controller_spec.rb b/spec/requests/groups/settings/access_tokens_controller_spec.rb index cf728b3935f..6b150e0acb6 100644 --- a/spec/requests/groups/settings/access_tokens_controller_spec.rb +++ b/spec/requests/groups/settings/access_tokens_controller_spec.rb @@ -5,11 +5,11 @@ require 'spec_helper' RSpec.describe Groups::Settings::AccessTokensController do let_it_be(:user) { create(:user) } let_it_be(:resource) { create(:group) } - let_it_be(:bot_user) { create(:user, :project_bot) } + let_it_be(:access_token_user) { create(:user, :project_bot) } before_all do resource.add_owner(user) - resource.add_maintainer(bot_user) + resource.add_maintainer(access_token_user) end before do @@ -27,13 +27,24 @@ RSpec.describe Groups::Settings::AccessTokensController do end describe 'GET /:namespace/-/settings/access_tokens' do - subject do + let(:get_access_tokens) do get group_settings_access_tokens_path(resource) response end + let(:get_access_tokens_json) do + get group_settings_access_tokens_path(resource), params: { format: :json } + response + end + + subject(:get_access_tokens_with_page) do + get group_settings_access_tokens_path(resource), params: { page: 1 } + response + end + it_behaves_like 'feature unavailable' it_behaves_like 'GET resource access tokens available' + it_behaves_like 'GET access tokens are paginated and ordered' end describe 'POST /:namespace/-/settings/access_tokens' do @@ -77,7 +88,7 @@ RSpec.describe Groups::Settings::AccessTokensController do end describe 'PUT /:namespace/-/settings/access_tokens/:id', :sidekiq_inline do - let(:resource_access_token) { create(:personal_access_token, user: bot_user) } + let(:resource_access_token) { create(:personal_access_token, user: access_token_user) } subject do put revoke_group_settings_access_token_path(resource, resource_access_token) @@ -89,17 +100,17 @@ RSpec.describe Groups::Settings::AccessTokensController do end describe '#index' do - let_it_be(:resource_access_tokens) { create_list(:personal_access_token, 3, user: bot_user) } + let_it_be(:resource_access_tokens) { create_list(:personal_access_token, 3, user: access_token_user) } before do get group_settings_access_tokens_path(resource) end it 'includes details of the active group access tokens' do - active_resource_access_tokens = + active_access_tokens = ::GroupAccessTokenSerializer.new.represent(resource_access_tokens.reverse, group: resource) - expect(assigns(:active_resource_access_tokens).to_json).to eq(active_resource_access_tokens.to_json) + expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json) end end end |