diff options
Diffstat (limited to 'spec/uploaders/object_storage')
| -rw-r--r-- | spec/uploaders/object_storage/cdn/google_cdn_spec.rb | 95 | ||||
| -rw-r--r-- | spec/uploaders/object_storage/cdn/google_ip_cache_spec.rb | 84 | ||||
| -rw-r--r-- | spec/uploaders/object_storage/cdn_spec.rb | 85 |
3 files changed, 264 insertions, 0 deletions
diff --git a/spec/uploaders/object_storage/cdn/google_cdn_spec.rb b/spec/uploaders/object_storage/cdn/google_cdn_spec.rb new file mode 100644 index 00000000000..b72f6d66d69 --- /dev/null +++ b/spec/uploaders/object_storage/cdn/google_cdn_spec.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ObjectStorage::CDN::GoogleCDN, + :use_clean_rails_memory_store_caching, :use_clean_rails_redis_caching, :sidekiq_inline do + include StubRequests + + let(:key) { SecureRandom.hex } + let(:key_name) { 'test-key' } + let(:options) { { url: 'https://cdn.gitlab.example.com', key_name: key_name, key: Base64.urlsafe_encode64(key) } } + let(:google_cloud_ips) { File.read(Rails.root.join('spec/fixtures/cdn/google_cloud.json')) } + let(:headers) { { 'Content-Type' => 'application/json' } } + let(:public_ip) { '18.245.0.42' } + + subject { described_class.new(options) } + + before do + WebMock.stub_request(:get, GoogleCloud::FetchGoogleIpListService::GOOGLE_IP_RANGES_URL) + .to_return(status: 200, body: google_cloud_ips, headers: headers) + end + + describe '#use_cdn?' do + using RSpec::Parameterized::TableSyntax + + where(:ip_address, :expected) do + '34.80.0.1' | false + '18.245.0.42' | true + '2500:1900:4180:0000:0000:0000:0000:0000' | true + '2600:1900:4180:0000:0000:0000:0000:0000' | false + '10.10.1.5' | false + 'fc00:0000:0000:0000:0000:0000:0000:0000' | false + end + + with_them do + it { expect(subject.use_cdn?(ip_address)).to eq(expected) } + end + + context 'when the key name is missing' do + let(:options) { { url: 'https://cdn.gitlab.example.com', key: Base64.urlsafe_encode64(SecureRandom.hex) } } + + it 'returns false' do + expect(subject.use_cdn?(public_ip)).to be false + end + end + + context 'when the key is missing' do + let(:options) { { url: 'https://invalid.example.com' } } + + it 'returns false' do + expect(subject.use_cdn?(public_ip)).to be false + end + end + + context 'when the key is invalid' do + let(:options) { { key_name: key_name, key: '\0x1' } } + + it 'returns false' do + expect(Gitlab::ErrorTracking).to receive(:log_exception).and_call_original + expect(subject.use_cdn?(public_ip)).to be false + end + end + + context 'when the URL is missing' do + let(:options) { { key: Base64.urlsafe_encode64(SecureRandom.hex) } } + + it 'returns false' do + expect(subject.use_cdn?(public_ip)).to be false + end + end + end + + describe '#signed_url' do + let(:path) { '/path/to/file.txt' } + + it 'returns a valid signed URL' do + url = subject.signed_url(path) + + expect(url).to start_with("#{options[:url]}#{path}") + + uri = Addressable::URI.parse(url) + parsed_query = Rack::Utils.parse_nested_query(uri.query) + signature = parsed_query.delete('Signature') + + signed_url = "#{options[:url]}#{path}?Expires=#{parsed_query['Expires']}&KeyName=#{key_name}" + computed_signature = OpenSSL::HMAC.digest('SHA1', key, signed_url) + + aggregate_failures do + expect(parsed_query['Expires'].to_i).to be > 0 + expect(parsed_query['KeyName']).to eq(key_name) + expect(signature).to eq(Base64.urlsafe_encode64(computed_signature)) + end + end + end +end diff --git a/spec/uploaders/object_storage/cdn/google_ip_cache_spec.rb b/spec/uploaders/object_storage/cdn/google_ip_cache_spec.rb new file mode 100644 index 00000000000..d6568636bc0 --- /dev/null +++ b/spec/uploaders/object_storage/cdn/google_ip_cache_spec.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ObjectStorage::CDN::GoogleIpCache, + :use_clean_rails_memory_store_caching, :use_clean_rails_redis_caching do + include StubRequests + + let(:subnets) { [IPAddr.new("34.80.0.0/15"), IPAddr.new("2600:1900:4180::/44")] } + let(:public_ip) { '18.245.0.42' } + + describe '.update!' do + it 'caches to both L1 and L2 caches' do + expect(Gitlab::ProcessMemoryCache.cache_backend.exist?(described_class::GOOGLE_CDN_LIST_KEY)).to be false + expect(Rails.cache.exist?(described_class::GOOGLE_CDN_LIST_KEY)).to be false + + described_class.update!(subnets) + + expect(Gitlab::ProcessMemoryCache.cache_backend.fetch(described_class::GOOGLE_CDN_LIST_KEY)).to eq(subnets) + expect(Rails.cache.fetch(described_class::GOOGLE_CDN_LIST_KEY)).to eq(subnets) + end + end + + describe '.ready?' do + it 'returns false' do + expect(described_class.ready?).to be false + end + + it 'returns true' do + described_class.update!(subnets) + + expect(described_class.ready?).to be true + end + end + + describe '.google_ip?' do + using RSpec::Parameterized::TableSyntax + + where(:ip_address, :expected) do + '34.80.0.1' | true + '18.245.0.42' | false + '2500:1900:4180:0000:0000:0000:0000:0000' | false + '2600:1900:4180:0000:0000:0000:0000:0000' | true + '10.10.1.5' | false + 'fc00:0000:0000:0000:0000:0000:0000:0000' | false + end + + before do + described_class.update!(subnets) + end + + with_them do + it { expect(described_class.google_ip?(ip_address)).to eq(expected) } + end + + it 'uses the L2 cache and updates the L1 cache when L1 is missing' do + Gitlab::ProcessMemoryCache.cache_backend.delete(described_class::GOOGLE_CDN_LIST_KEY) + expect(Rails.cache.fetch(described_class::GOOGLE_CDN_LIST_KEY)).to eq(subnets) + + expect(described_class.google_ip?(public_ip)).to be false + + expect(Gitlab::ProcessMemoryCache.cache_backend.fetch(described_class::GOOGLE_CDN_LIST_KEY)).to eq(subnets) + expect(Rails.cache.fetch(described_class::GOOGLE_CDN_LIST_KEY)).to eq(subnets) + end + + it 'avoids populating L1 cache if L2 is missing' do + Gitlab::ProcessMemoryCache.cache_backend.delete(described_class::GOOGLE_CDN_LIST_KEY) + Rails.cache.delete(described_class::GOOGLE_CDN_LIST_KEY) + + expect(described_class.google_ip?(public_ip)).to be false + + expect(Gitlab::ProcessMemoryCache.cache_backend.exist?(described_class::GOOGLE_CDN_LIST_KEY)).to be false + expect(Rails.cache.exist?(described_class::GOOGLE_CDN_LIST_KEY)).to be false + end + end + + describe '.async_refresh' do + it 'schedules the worker' do + expect(::GoogleCloud::FetchGoogleIpListWorker).to receive(:perform_async) + + described_class.async_refresh + end + end +end diff --git a/spec/uploaders/object_storage/cdn_spec.rb b/spec/uploaders/object_storage/cdn_spec.rb new file mode 100644 index 00000000000..246cb1bf349 --- /dev/null +++ b/spec/uploaders/object_storage/cdn_spec.rb @@ -0,0 +1,85 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ObjectStorage::CDN do + let(:cdn_options) do + { + 'object_store' => { + 'cdn' => { + 'provider' => 'google', + 'url' => 'https://gitlab.example.com', + 'key_name' => 'test-key', + 'key' => '12345' + } + } + }.freeze + end + + let(:uploader_class) do + Class.new(GitlabUploader) do + include ObjectStorage::Concern + include ObjectStorage::CDN::Concern + + private + + # user/:id + def dynamic_segment + File.join(model.class.underscore, model.id.to_s) + end + end + end + + let(:object) { build_stubbed(:user) } + + subject { uploader_class.new(object, :file) } + + context 'with CDN config' do + before do + uploader_class.options = Settingslogic.new(Gitlab.config.uploads.deep_merge(cdn_options)) + end + + describe '#use_cdn?' do + it 'returns true' do + expect_next_instance_of(ObjectStorage::CDN::GoogleCDN) do |cdn| + expect(cdn).to receive(:use_cdn?).and_return(true) + end + + expect(subject.use_cdn?('18.245.0.1')).to be true + end + end + + describe '#cdn_signed_url' do + it 'returns a URL' do + expect_next_instance_of(ObjectStorage::CDN::GoogleCDN) do |cdn| + expect(cdn).to receive(:signed_url).and_return("https://cdn.example.com/path") + end + + expect(subject.cdn_signed_url).to eq("https://cdn.example.com/path") + end + end + end + + context 'without CDN config' do + before do + uploader_class.options = Gitlab.config.uploads + end + + describe '#use_cdn?' do + it 'returns false' do + expect(subject.use_cdn?('18.245.0.1')).to be false + end + end + end + + context 'with an unknown CDN provider' do + before do + cdn_options['object_store']['cdn']['provider'] = 'amazon' + uploader_class.options = Settingslogic.new(Gitlab.config.uploads.deep_merge(cdn_options)) + end + + it 'raises an error' do + expect { subject.use_cdn?('18.245.0.1') }.to raise_error("Unknown CDN provider: amazon") + end + end +end |