diff options
Diffstat (limited to 'spec')
49 files changed, 355 insertions, 94 deletions
diff --git a/spec/controllers/admin/sessions_controller_spec.rb b/spec/controllers/admin/sessions_controller_spec.rb index dc1bed63850..5fa7a7f278d 100644 --- a/spec/controllers/admin/sessions_controller_spec.rb +++ b/spec/controllers/admin/sessions_controller_spec.rb @@ -179,7 +179,7 @@ RSpec.describe Admin::SessionsController, :do_not_mock_admin_mode do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not attempt to write to the database with valid otp' do diff --git a/spec/controllers/repositories/git_http_controller_spec.rb b/spec/controllers/repositories/git_http_controller_spec.rb index f80f5956c43..04d5008cb34 100644 --- a/spec/controllers/repositories/git_http_controller_spec.rb +++ b/spec/controllers/repositories/git_http_controller_spec.rb @@ -24,7 +24,7 @@ RSpec.describe Repositories::GitHttpController do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not update project statistics' do diff --git a/spec/features/admin/admin_mode/logout_spec.rb b/spec/features/admin/admin_mode/logout_spec.rb index 5e0c43cdee2..58bea5c4b5f 100644 --- a/spec/features/admin/admin_mode/logout_spec.rb +++ b/spec/features/admin/admin_mode/logout_spec.rb @@ -37,7 +37,7 @@ RSpec.describe 'Admin Mode Logout', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'disable removes admin mode and redirects to root page' do diff --git a/spec/features/admin/admin_mode_spec.rb b/spec/features/admin/admin_mode_spec.rb index e2653e6b3a8..24a10d3677d 100644 --- a/spec/features/admin/admin_mode_spec.rb +++ b/spec/features/admin/admin_mode_spec.rb @@ -57,7 +57,7 @@ RSpec.describe 'Admin mode', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'can enter admin mode' do @@ -117,7 +117,7 @@ RSpec.describe 'Admin mode', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'can leave admin mode' do diff --git a/spec/features/projects/branches_spec.rb b/spec/features/projects/branches_spec.rb index 37d76a0a8ed..0a79719f14a 100644 --- a/spec/features/projects/branches_spec.rb +++ b/spec/features/projects/branches_spec.rb @@ -315,7 +315,7 @@ RSpec.describe 'Branches' do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it_behaves_like 'compares branches' diff --git a/spec/features/projects/compare_spec.rb b/spec/features/projects/compare_spec.rb index 0c93f6284bb..bc3ef2af9b0 100644 --- a/spec/features/projects/compare_spec.rb +++ b/spec/features/projects/compare_spec.rb @@ -40,7 +40,7 @@ RSpec.describe "Compare", :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it_behaves_like 'compares branches' diff --git a/spec/features/projects/settings/registry_settings_spec.rb b/spec/features/projects/settings/registry_settings_spec.rb index 3f9f2dae453..509729d526d 100644 --- a/spec/features/projects/settings/registry_settings_spec.rb +++ b/spec/features/projects/settings/registry_settings_spec.rb @@ -9,12 +9,12 @@ RSpec.describe 'Project > Settings > CI/CD > Container registry tag expiration p let_it_be(:project, reload: true) { create(:project, namespace: user.namespace) } let(:container_registry_enabled) { true } - let(:container_registry_enabled_on_project) { true } + let(:container_registry_enabled_on_project) { ProjectFeature::ENABLED } subject { visit project_settings_packages_and_registries_path(project) } before do - project.update!(container_registry_enabled: container_registry_enabled_on_project) + project.project_feature.update!(container_registry_access_level: container_registry_enabled_on_project) project.container_expiration_policy.update!(enabled: true) sign_in(user) @@ -104,7 +104,7 @@ RSpec.describe 'Project > Settings > CI/CD > Container registry tag expiration p end context 'when container registry is disabled on project' do - let(:container_registry_enabled_on_project) { false } + let(:container_registry_enabled_on_project) { ProjectFeature::DISABLED } it 'does not exists' do subject diff --git a/spec/features/read_only_spec.rb b/spec/features/read_only_spec.rb index 95b8e14c07f..11686552062 100644 --- a/spec/features/read_only_spec.rb +++ b/spec/features/read_only_spec.rb @@ -11,7 +11,7 @@ RSpec.describe 'read-only message' do context 'when database is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it_behaves_like 'Read-only instance', /You are on a read\-only GitLab instance./ @@ -19,7 +19,7 @@ RSpec.describe 'read-only message' do context 'when database is in read-write mode' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(false) + allow(Gitlab::Database).to receive(:read_only?).and_return(false) end it_behaves_like 'Read-write instance', /You are on a read\-only GitLab instance./ diff --git a/spec/features/users/logout_spec.rb b/spec/features/users/logout_spec.rb index b23eeb9b30e..ffb8785b277 100644 --- a/spec/features/users/logout_spec.rb +++ b/spec/features/users/logout_spec.rb @@ -24,7 +24,7 @@ RSpec.describe 'Logout/Sign out', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'sign out redirects to sign in page' do diff --git a/spec/lib/banzai/renderer_spec.rb b/spec/lib/banzai/renderer_spec.rb index 316f3248b8f..52bf3087875 100644 --- a/spec/lib/banzai/renderer_spec.rb +++ b/spec/lib/banzai/renderer_spec.rb @@ -65,7 +65,7 @@ RSpec.describe Banzai::Renderer do end it "skips database caching on a GitLab read-only instance" do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(object).to receive(:refresh_markdown_cache!) is_expected.to eq('field_html') diff --git a/spec/lib/gitlab/auth/ldap/access_spec.rb b/spec/lib/gitlab/auth/ldap/access_spec.rb index 9d3c6855e9f..9e269f84b7e 100644 --- a/spec/lib/gitlab/auth/ldap/access_spec.rb +++ b/spec/lib/gitlab/auth/ldap/access_spec.rb @@ -22,7 +22,7 @@ RSpec.describe Gitlab::Auth::Ldap::Access do end it "does not update user's `last_credential_check_at` when in a read-only GitLab instance" do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect { described_class.allowed?(user) } .not_to change { user.last_credential_check_at } diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 94f3710b8d2..2e3dce3f418 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -844,7 +844,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do context 'when the database is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not increment failed_attempts when true and password is incorrect' do diff --git a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb index e8c127f0444..62de4d2e96d 100644 --- a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb @@ -107,7 +107,6 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Populate do context 'when ref is protected' do before do allow(project).to receive(:protected_for?).with('master').and_return(true) - allow(project).to receive(:protected_for?).with('b83d6e391c22777fca1ed3012fce84f633d7fed0').and_return(true) allow(project).to receive(:protected_for?).with('refs/heads/master').and_return(true) dependencies.map(&:perform!) diff --git a/spec/lib/gitlab/database/connection_spec.rb b/spec/lib/gitlab/database/connection_spec.rb index 4cbc94660c3..517d40deb1c 100644 --- a/spec/lib/gitlab/database/connection_spec.rb +++ b/spec/lib/gitlab/database/connection_spec.rb @@ -162,18 +162,6 @@ RSpec.describe Gitlab::Database::Connection do end end - describe '#read_only?' do - it 'returns false' do - expect(connection.read_only?).to eq(false) - end - end - - describe '#read_write' do - it 'returns true' do - expect(connection.read_write?).to eq(true) - end - end - describe '#db_read_only?' do it 'detects a read-only database' do allow(connection.scope.connection) diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb index 7487fa0f022..c67b5af5e3c 100644 --- a/spec/lib/gitlab/database_spec.rb +++ b/spec/lib/gitlab/database_spec.rb @@ -190,6 +190,18 @@ RSpec.describe Gitlab::Database do end end + describe '.read_only?' do + it 'returns false' do + expect(described_class.read_only?).to eq(false) + end + end + + describe '.read_write' do + it 'returns true' do + expect(described_class.read_write?).to eq(true) + end + end + describe 'ActiveRecordBaseTransactionMetrics' do def subscribe_events events = [] diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index a562865cd16..bf682e4e4c6 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -392,7 +392,7 @@ RSpec.describe Gitlab::GitAccess do context 'when in a read-only GitLab instance' do before do create(:protected_branch, name: 'feature', project: project) - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it { expect { push_access_check }.to raise_forbidden(described_class::ERROR_MESSAGES[:cannot_push_to_read_only]) } diff --git a/spec/lib/gitlab/git_access_wiki_spec.rb b/spec/lib/gitlab/git_access_wiki_spec.rb index c6e15e4f0cc..5ada8a6ef40 100644 --- a/spec/lib/gitlab/git_access_wiki_spec.rb +++ b/spec/lib/gitlab/git_access_wiki_spec.rb @@ -31,7 +31,7 @@ RSpec.describe Gitlab::GitAccessWiki do let(:message) { "You can't push code to a read-only GitLab instance." } before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'forbidden git access' diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb index 917cd5b5a83..55102554508 100644 --- a/spec/lib/gitlab/gpg/commit_spec.rb +++ b/spec/lib/gitlab/gpg/commit_spec.rb @@ -91,7 +91,7 @@ RSpec.describe Gitlab::Gpg::Commit do context 'read-only mode' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not create a cached signature' do diff --git a/spec/lib/gitlab/kas_spec.rb b/spec/lib/gitlab/kas_spec.rb index 24d2b03fe2a..bf70b83fb73 100644 --- a/spec/lib/gitlab/kas_spec.rb +++ b/spec/lib/gitlab/kas_spec.rb @@ -65,6 +65,12 @@ RSpec.describe Gitlab::Kas do end end + describe '.tunnel_url' do + it 'returns gitlab_kas external_url with proxy path appended' do + expect(described_class.tunnel_url).to eq(Gitlab.config.gitlab_kas.external_url + '/k8s-proxy') + end + end + describe '.internal_url' do it 'returns gitlab_kas internal_url config' do expect(described_class.internal_url).to eq(Gitlab.config.gitlab_kas.internal_url) diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb new file mode 100644 index 00000000000..508808be1be --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::Cluster do + describe '#to_h' do + let(:name) { 'name' } + let(:url) { 'url' } + + subject { described_class.new(name: name, url: url).to_h } + + it { is_expected.to eq({ name: name, cluster: { server: url } }) } + + context 'with a certificate' do + let(:cert) { 'certificate' } + let(:cert_encoded) { Base64.strict_encode64(cert) } + + subject { described_class.new(name: name, url: url, ca_pem: cert).to_h } + + it { is_expected.to eq({ name: name, cluster: { server: url, 'certificate-authority-data': cert_encoded } }) } + end + end +end diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb new file mode 100644 index 00000000000..43d4c46fda1 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::Context do + describe '#to_h' do + let(:name) { 'name' } + let(:user) { 'user' } + let(:cluster) { 'cluster' } + + subject { described_class.new(name: name, user: user, cluster: cluster).to_h } + + it { is_expected.to eq({ name: name, context: { cluster: cluster, user: user } }) } + + context 'with a namespace' do + let(:namespace) { 'namespace' } + + subject { described_class.new(name: name, user: user, cluster: cluster, namespace: namespace).to_h } + + it { is_expected.to eq({ name: name, context: { cluster: cluster, user: user, namespace: namespace } }) } + end + end +end diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb new file mode 100644 index 00000000000..3d6acc80823 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::User do + describe '#to_h' do + let(:name) { 'name' } + let(:token) { 'token' } + + subject { described_class.new(name: name, token: token).to_h } + + it { is_expected.to eq({ name: name, user: { token: token } }) } + end +end diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb new file mode 100644 index 00000000000..057c4373329 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Template do + let(:template) { described_class.new } + + describe '#valid?' do + subject { template.valid? } + + it { is_expected.to be_falsey } + + context 'with configuration added' do + before do + template.add_context(name: 'name', cluster: 'cluster', user: 'user') + end + + it { is_expected.to be_truthy } + end + end + + describe '#to_h' do + subject { described_class.new.to_h } + + it do + is_expected.to eq( + apiVersion: 'v1', + kind: 'Config', + clusters: [], + users: [], + contexts: [] + ) + end + end + + describe '#to_yaml' do + subject { template.to_yaml } + + it { is_expected.to eq(YAML.dump(template.to_h.deep_stringify_keys)) } + end + + describe 'adding entries' do + let(:entry) { instance_double(entry_class, to_h: attributes) } + let(:attributes) do + { name: 'name', other: 'other' } + end + + subject { template.to_h } + + before do + expect(entry_class).to receive(:new).with(attributes).and_return(entry) + end + + describe '#add_cluster' do + let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::Cluster } + + before do + template.add_cluster(**attributes) + end + + it { is_expected.to include(clusters: [attributes]) } + end + + describe '#add_user' do + let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::User } + + before do + template.add_user(**attributes) + end + + it { is_expected.to include(users: [attributes]) } + end + + describe '#add_context' do + let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::Context } + + before do + template.add_context(**attributes) + end + + it { is_expected.to include(contexts: [attributes]) } + end + end +end diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb index 00c2cee1ef0..642b47fe087 100644 --- a/spec/lib/gitlab/middleware/read_only_spec.rb +++ b/spec/lib/gitlab/middleware/read_only_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe Gitlab::Middleware::ReadOnly do context 'when database is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'write access for a read-only GitLab instance' diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index dca4a4ed0d7..33a88f7c16e 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -3151,6 +3151,17 @@ RSpec.describe Ci::Build do end context 'when container registry is enabled' do + let_it_be_with_reload(:project) { create(:project, :public, :repository, group: group) } + + let_it_be_with_reload(:pipeline) do + create(:ci_pipeline, project: project, + sha: project.commit.id, + ref: project.default_branch, + status: 'success') + end + + let_it_be_with_refind(:build) { create(:ci_build, pipeline: pipeline) } + let(:container_registry_enabled) { true } let(:ci_registry) do { key: 'CI_REGISTRY', value: 'registry.example.com', public: true, masked: false } @@ -3162,7 +3173,7 @@ RSpec.describe Ci::Build do context 'and is disabled for project' do before do - project.update!(container_registry_enabled: false) + project.project_feature.update_column(:container_registry_access_level, ProjectFeature::DISABLED) end it { is_expected.to include(ci_registry) } @@ -3171,7 +3182,16 @@ RSpec.describe Ci::Build do context 'and is enabled for project' do before do - project.update!(container_registry_enabled: true) + project.project_feature.update_column(:container_registry_access_level, ProjectFeature::ENABLED) + end + + it { is_expected.to include(ci_registry) } + it { is_expected.to include(ci_registry_image) } + end + + context 'and is private for project' do + before do + project.project_feature.update_column(:container_registry_access_level, ProjectFeature::PRIVATE) end it { is_expected.to include(ci_registry) } diff --git a/spec/models/concerns/deprecated_assignee_spec.rb b/spec/models/concerns/deprecated_assignee_spec.rb index 5ca741cdfdf..630d9ea601f 100644 --- a/spec/models/concerns/deprecated_assignee_spec.rb +++ b/spec/models/concerns/deprecated_assignee_spec.rb @@ -99,7 +99,7 @@ RSpec.describe DeprecatedAssignee do context 'when DB is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it 'returns a users relation' do @@ -139,7 +139,7 @@ RSpec.describe DeprecatedAssignee do context 'when DB is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it 'returns a list of user IDs' do diff --git a/spec/models/project_statistics_spec.rb b/spec/models/project_statistics_spec.rb index 48097bb3c94..cb1baa02e96 100644 --- a/spec/models/project_statistics_spec.rb +++ b/spec/models/project_statistics_spec.rb @@ -214,7 +214,7 @@ RSpec.describe ProjectStatistics do context 'when the database is read-only' do it 'does nothing' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(statistics).not_to receive(:update_commit_count) expect(statistics).not_to receive(:update_repository_size) diff --git a/spec/models/snippet_statistics_spec.rb b/spec/models/snippet_statistics_spec.rb index e703de453f1..1fb4ed47169 100644 --- a/spec/models/snippet_statistics_spec.rb +++ b/spec/models/snippet_statistics_spec.rb @@ -86,7 +86,7 @@ RSpec.describe SnippetStatistics do context 'when the database is read-only' do it 'does nothing' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(statistics).not_to receive(:update_commit_count) expect(statistics).not_to receive(:update_file_count) diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 8361b523a13..87b3aea178c 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1466,7 +1466,7 @@ RSpec.describe User do end it 'does not write if the DB is in read-only mode' do - expect(Gitlab::Database.main).to receive(:read_only?).and_return(true) + expect(Gitlab::Database).to receive(:read_only?).and_return(true) expect do user.update_tracked_fields!(request) @@ -2864,7 +2864,7 @@ RSpec.describe User do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not block user' do @@ -4968,7 +4968,7 @@ RSpec.describe User do end it 'does not log failed sign-in attempts when in a GitLab read-only instance' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect { user.increment_failed_attempts! }.not_to change(user, :failed_attempts) end diff --git a/spec/requests/api/graphql/project/merge_requests_spec.rb b/spec/requests/api/graphql/project/merge_requests_spec.rb index 2b5e7b8128d..7fc1ef05fa7 100644 --- a/spec/requests/api/graphql/project/merge_requests_spec.rb +++ b/spec/requests/api/graphql/project/merge_requests_spec.rb @@ -331,7 +331,7 @@ RSpec.describe 'getting merge request listings nested in a project' do before do # Confounding factor: makes DB calls in EE - allow(Gitlab::Database.main).to receive(:read_only?).and_return(false) + allow(Gitlab::Database).to receive(:read_only?).and_return(false) end def query_context diff --git a/spec/requests/api/graphql/read_only_spec.rb b/spec/requests/api/graphql/read_only_spec.rb index 6dddc16d137..d2a45603886 100644 --- a/spec/requests/api/graphql/read_only_spec.rb +++ b/spec/requests/api/graphql/read_only_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe 'Requests on a read-only node' do context 'when db is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'graphql on a read-only GitLab instance' diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb index c4d1841ffda..02eb4262690 100644 --- a/spec/requests/lfs_http_spec.rb +++ b/spec/requests/lfs_http_spec.rb @@ -625,7 +625,7 @@ RSpec.describe 'Git LFS API and storage' do subject { post_lfs_json(batch_url(project), body, headers) } before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } project.add_maintainer(user) diff --git a/spec/services/ci/create_pipeline_service_spec.rb b/spec/services/ci/create_pipeline_service_spec.rb index 74e3b7cbca1..aec51751868 100644 --- a/spec/services/ci/create_pipeline_service_spec.rb +++ b/spec/services/ci/create_pipeline_service_spec.rb @@ -1328,7 +1328,7 @@ RSpec.describe Ci::CreatePipelineService do end context 'when ref is tag' do - let(:ref_name) { 'refs/tags/v1.1.0' } + let(:ref_name) { 'refs/tags/v1.0.0' } it 'does not create an extrnal pull request pipeline', :aggregate_failures do expect(response).to be_error @@ -1516,7 +1516,7 @@ RSpec.describe Ci::CreatePipelineService do end context 'when ref is tag' do - let(:ref_name) { 'refs/tags/v1.1.0' } + let(:ref_name) { 'refs/tags/v1.0.0' } it 'does not create a merge request pipeline', :aggregate_failures do expect(response).to be_error diff --git a/spec/services/merge_requests/mergeability_check_service_spec.rb b/spec/services/merge_requests/mergeability_check_service_spec.rb index 8300d0383c1..65599b7e046 100644 --- a/spec/services/merge_requests/mergeability_check_service_spec.rb +++ b/spec/services/merge_requests/mergeability_check_service_spec.rb @@ -89,7 +89,7 @@ RSpec.describe MergeRequests::MergeabilityCheckService, :clean_gitlab_redis_shar context 'when read-only DB' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'no job is enqueued' @@ -260,7 +260,7 @@ RSpec.describe MergeRequests::MergeabilityCheckService, :clean_gitlab_redis_shar context 'when read-only DB' do it 'returns ServiceResponse.error' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } result = subject diff --git a/spec/services/packages/create_event_service_spec.rb b/spec/services/packages/create_event_service_spec.rb index 6978cf3ec32..122f1e88ad0 100644 --- a/spec/services/packages/create_event_service_spec.rb +++ b/spec/services/packages/create_event_service_spec.rb @@ -46,7 +46,7 @@ RSpec.describe Packages::CreateEventService do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not create an event' do diff --git a/spec/services/personal_access_tokens/last_used_service_spec.rb b/spec/services/personal_access_tokens/last_used_service_spec.rb index 729b631b816..6fc74e27dd9 100644 --- a/spec/services/personal_access_tokens/last_used_service_spec.rb +++ b/spec/services/personal_access_tokens/last_used_service_spec.rb @@ -14,7 +14,7 @@ RSpec.describe PersonalAccessTokens::LastUsedService do end it 'does not run on read-only GitLab instances' do - allow(::Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(::Gitlab::Database).to receive(:read_only?).and_return(true) expect { subject }.not_to change { personal_access_token.last_used_at } end diff --git a/spec/services/repositories/destroy_service_spec.rb b/spec/services/repositories/destroy_service_spec.rb index cba1a5f54c3..240f837e973 100644 --- a/spec/services/repositories/destroy_service_spec.rb +++ b/spec/services/repositories/destroy_service_spec.rb @@ -37,7 +37,7 @@ RSpec.describe Repositories::DestroyService do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'schedules the repository deletion' do diff --git a/spec/services/users/activity_service_spec.rb b/spec/services/users/activity_service_spec.rb index 9af710e3e4f..cfafa9eff45 100644 --- a/spec/services/users/activity_service_spec.rb +++ b/spec/services/users/activity_service_spec.rb @@ -66,7 +66,7 @@ RSpec.describe Users::ActivityService do let(:last_activity_on) { nil } before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not update last_activity_on' do diff --git a/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb b/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb index c377fa992d8..a4eb6a839c0 100644 --- a/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb +++ b/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb @@ -36,7 +36,7 @@ RSpec.shared_examples 'issuable notes filter' do end it 'does not set notes filter when database is in read-only mode' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) notes_filter = UserPreference::NOTES_FILTERS[:only_comments] get :discussions, params: params.merge(notes_filter: notes_filter) diff --git a/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb b/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb index 421886d8da8..9b5f957d489 100644 --- a/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb +++ b/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb @@ -7,7 +7,7 @@ RSpec.shared_examples 'set sort order from user preference' do context 'when database is in read-only mode' do it 'does not update user preference' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect_any_instance_of(UserPreference).not_to receive(:update).with({ controller.send(:sorting_field) => sorting_param }) @@ -17,7 +17,7 @@ RSpec.shared_examples 'set sort order from user preference' do context 'when database is not in read-only mode' do it 'updates user preference' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(false) + allow(Gitlab::Database).to receive(:read_only?).and_return(false) expect_any_instance_of(UserPreference).to receive(:update).with({ controller.send(:sorting_field) => sorting_param }) diff --git a/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb b/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb index f27f907a240..0a07a56d417 100644 --- a/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb +++ b/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb @@ -212,7 +212,7 @@ RSpec.shared_examples 'write access for a read-only GitLab instance' do let(:content_json) { { 'CONTENT_TYPE' => 'application/json' } } before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it 'expects PATCH requests to be disallowed' do diff --git a/spec/support/shared_examples/services/boards/create_service_shared_examples.rb b/spec/support/shared_examples/services/boards/create_service_shared_examples.rb index d899236d19a..63b5e3a5a84 100644 --- a/spec/support/shared_examples/services/boards/create_service_shared_examples.rb +++ b/spec/support/shared_examples/services/boards/create_service_shared_examples.rb @@ -12,7 +12,7 @@ RSpec.shared_examples 'boards recent visit create service' do end it 'returns nil when database is read only' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(service.execute(board)).to be_nil end diff --git a/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb b/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb index e514afee04f..04596319f38 100644 --- a/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb +++ b/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb @@ -203,9 +203,7 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for private project' do - let_it_be(:project) { create(:project) } - + shared_examples 'private project' do context 'allow to use scope-less authentication' do it_behaves_like 'a valid token' end @@ -345,8 +343,20 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for private project' do + let_it_be_with_reload(:project) { create(:project) } + + it_behaves_like 'private project' + end + + context 'for public project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + it_behaves_like 'private project' + end + + context 'for public project with container_registry `enabled`' do + let_it_be(:project) { create(:project, :public, :container_registry_enabled) } context 'allow anyone to pull images' do let(:current_params) do @@ -394,8 +404,8 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for internal project' do - let_it_be(:project) { create(:project, :internal) } + context 'for internal project with container_registry `enabled`' do + let_it_be(:project) { create(:project, :internal, :container_registry_enabled) } context 'for internal user' do context 'allow anyone to pull images' do @@ -470,6 +480,12 @@ RSpec.shared_examples 'a container registry auth service' do end end end + + context 'for internal project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :internal, :container_registry_private) } + + it_behaves_like 'private project' + end end context 'delete authorized as maintainer' do @@ -630,12 +646,8 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for project with private container registry' do - let_it_be(:project, reload: true) { create(:project, :public) } - - before do - project.project_feature.update!(container_registry_access_level: ProjectFeature::PRIVATE) - end + context 'for public project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } it_behaves_like 'pullable for being team member' @@ -675,11 +687,7 @@ RSpec.shared_examples 'a container registry auth service' do end context 'for project without container registry' do - let_it_be(:project) { create(:project, :public, container_registry_enabled: false) } - - before do - project.update!(container_registry_enabled: false) - end + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_disabled) } context 'disallow when pulling' do let(:current_params) do @@ -719,12 +727,16 @@ RSpec.shared_examples 'a container registry auth service' do context 'support for multiple scopes' do let_it_be(:internal_project) { create(:project, :internal) } let_it_be(:private_project) { create(:project, :private) } + let_it_be(:public_project) { create(:project, :public) } + let_it_be(:public_project_private_container_registry) { create(:project, :public, :container_registry_private) } let(:current_params) do { scopes: [ "repository:#{internal_project.full_path}:pull", - "repository:#{private_project.full_path}:pull" + "repository:#{private_project.full_path}:pull", + "repository:#{public_project.full_path}:pull", + "repository:#{public_project_private_container_registry.full_path}:pull" ] } end @@ -744,13 +756,19 @@ RSpec.shared_examples 'a container registry auth service' do 'actions' => ['pull'] }, { 'type' => 'repository', 'name' => private_project.full_path, + 'actions' => ['pull'] }, + { 'type' => 'repository', + 'name' => public_project.full_path, + 'actions' => ['pull'] }, + { 'type' => 'repository', + 'name' => public_project_private_container_registry.full_path, 'actions' => ['pull'] } ] end end end - context 'user only has access to internal project' do + context 'user only has access to internal and public projects' do let_it_be(:current_user) { create(:user) } it_behaves_like 'a browsable' do @@ -758,16 +776,35 @@ RSpec.shared_examples 'a container registry auth service' do [ { 'type' => 'repository', 'name' => internal_project.full_path, + 'actions' => ['pull'] }, + { 'type' => 'repository', + 'name' => public_project.full_path, 'actions' => ['pull'] } ] end end end - context 'anonymous access is rejected' do + context 'anonymous user has access only to public project' do let(:current_user) { nil } - it_behaves_like 'a forbidden' + it_behaves_like 'a browsable' do + let(:access) do + [ + { 'type' => 'repository', + 'name' => public_project.full_path, + 'actions' => ['pull'] } + ] + end + end + + context 'with no public container registry' do + before do + public_project.project_feature.update_column(:container_registry_access_level, ProjectFeature::PRIVATE) + end + + it_behaves_like 'a forbidden' + end end end @@ -796,8 +833,8 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'a forbidden' end - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_enabled) } context 'when pulling and pushing' do let(:current_params) do @@ -818,6 +855,19 @@ RSpec.shared_examples 'a container registry auth service' do end end + context 'for public project with container registry `private`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling and pushing' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:pull,push"] } + end + + it_behaves_like 'a forbidden' + it_behaves_like 'not a container repository factory' + end + end + context 'for registry catalog' do let(:current_params) do { scopes: ["registry:catalog:*"] } @@ -898,6 +948,24 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'able to login' end + + context 'for public project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling' do + it_behaves_like 'a pullable' + end + + context 'when pushing' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:push"], deploy_token: deploy_token } + end + + it_behaves_like 'a pushable' + end + + it_behaves_like 'able to login' + end end context 'when deploy token does not have read_registry scope' do @@ -919,8 +987,8 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_enabled) } context 'when pulling' do it_behaves_like 'a pullable' @@ -929,6 +997,16 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'unable to login' end + context 'for public project with container registry `private`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling' do + it_behaves_like 'an inaccessible' + end + + it_behaves_like 'unable to login' + end + context 'for internal project' do let_it_be(:project) { create(:project, :internal) } @@ -960,14 +1038,22 @@ RSpec.shared_examples 'a container registry auth service' do context 'when deploy token is not related to the project' do let_it_be(:deploy_token) { create(:deploy_token, read_registry: false) } - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_enabled) } context 'when pulling' do it_behaves_like 'a pullable' end end + context 'for public project with container registry `private`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling' do + it_behaves_like 'an inaccessible' + end + end + context 'for internal project' do let_it_be(:project) { create(:project, :internal) } @@ -988,12 +1074,18 @@ RSpec.shared_examples 'a container registry auth service' do context 'when deploy token has been revoked' do let(:deploy_token) { create(:deploy_token, :revoked, projects: [project]) } - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be(:project) { create(:project, :public, :container_registry_enabled) } it_behaves_like 'a pullable' end + context 'for public project with container registry `private`' do + let_it_be(:project) { create(:project, :public, :container_registry_private) } + + it_behaves_like 'an inaccessible' + end + context 'for internal project' do let_it_be(:project) { create(:project, :internal) } diff --git a/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb b/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb index 27ee1f799a4..f2314793cb4 100644 --- a/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb +++ b/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb @@ -39,7 +39,7 @@ RSpec.shared_examples 'can collect git garbage' do |update_statistics: true| end it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(statistics_service_klass).not_to receive(:new) diff --git a/spec/tasks/gitlab/storage_rake_spec.rb b/spec/tasks/gitlab/storage_rake_spec.rb index 0fd9071aa6b..570f67c8bb7 100644 --- a/spec/tasks/gitlab/storage_rake_spec.rb +++ b/spec/tasks/gitlab/storage_rake_spec.rb @@ -48,7 +48,7 @@ RSpec.describe 'rake gitlab:storage:*', :silence_stdout do shared_examples "make sure database is writable" do context 'read-only database' do it 'does nothing' do - expect(Gitlab::Database.main).to receive(:read_only?).and_return(true) + expect(Gitlab::Database).to receive(:read_only?).and_return(true) expect(Project).not_to receive(:with_unmigrated_storage) diff --git a/spec/workers/pages_domain_verification_cron_worker_spec.rb b/spec/workers/pages_domain_verification_cron_worker_spec.rb index a7e5d02a743..01eaf984c90 100644 --- a/spec/workers/pages_domain_verification_cron_worker_spec.rb +++ b/spec/workers/pages_domain_verification_cron_worker_spec.rb @@ -11,7 +11,7 @@ RSpec.describe PagesDomainVerificationCronWorker do let!(:disabled) { create(:pages_domain, :disabled) } it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(PagesDomainVerificationWorker).not_to receive(:perform_async).with(reverify.id) worker.perform diff --git a/spec/workers/pages_domain_verification_worker_spec.rb b/spec/workers/pages_domain_verification_worker_spec.rb index c9a4b7a97b4..6d2f9ee2f8d 100644 --- a/spec/workers/pages_domain_verification_worker_spec.rb +++ b/spec/workers/pages_domain_verification_worker_spec.rb @@ -9,7 +9,7 @@ RSpec.describe PagesDomainVerificationWorker do describe '#perform' do it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(PagesDomain).not_to receive(:find_by).with(id: domain.id) worker.perform(domain.id) diff --git a/spec/workers/projects/git_garbage_collect_worker_spec.rb b/spec/workers/projects/git_garbage_collect_worker_spec.rb index 10525cf217b..7b54d7df4b2 100644 --- a/spec/workers/projects/git_garbage_collect_worker_spec.rb +++ b/spec/workers/projects/git_garbage_collect_worker_spec.rb @@ -67,7 +67,7 @@ RSpec.describe Projects::GitGarbageCollectWorker do end it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(Gitlab::Cleanup::OrphanLfsFileReferences).not_to receive(:new) subject.perform(*params) diff --git a/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb b/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb index 345b3f31353..ef515e43474 100644 --- a/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb +++ b/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb @@ -7,7 +7,7 @@ RSpec.describe ScheduleMergeRequestCleanupRefsWorker do describe '#perform' do it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(MergeRequestCleanupRefsWorker).not_to receive(:perform_with_capacity) worker.perform |