From 4d90876cc6b35bc418ccb6ea2536581289b272fb Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 22 Jan 2024 00:10:19 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- app/models/integration.rb | 4 +- .../integrations/gitlab_slack_application.rb | 4 ++ app/models/organizations/organization_user.rb | 11 ++++ app/models/user.rb | 15 ++++++ .../update_default_organization_users.yml | 9 ++++ .../backup_restore/restore_gitlab.md | 5 ++ doc/administration/gitaly/troubleshooting.md | 41 +++++++++++++++ doc/api/integrations.md | 52 +++++++++++++++++- .../lib/gitlab/housekeeper/gitlab_client.rb | 3 +- .../spec/gitlab/housekeeper/gitlab_client_spec.rb | 3 +- lib/api/helpers/integrations_helpers.rb | 5 ++ lib/api/integrations.rb | 8 +++ lib/gitlab/blob_helper.rb | 2 +- spec/factories/users.rb | 10 ++++ spec/lib/gitlab/blob_helper_spec.rb | 7 +++ .../fix_broken_user_achievements_awarded_spec.rb | 26 ++++++--- .../fix_broken_user_achievements_revoked_spec.rb | 36 ++++++++----- spec/models/member_spec.rb | 8 +-- .../models/organizations/organization_user_spec.rb | 61 ++++++++++++++++++++++ spec/models/user_spec.rb | 35 +++++++++++++ spec/requests/api/integrations_spec.rb | 57 ++++++++++++++++++-- 21 files changed, 371 insertions(+), 31 deletions(-) create mode 100644 config/feature_flags/gitlab_com_derisk/update_default_organization_users.yml diff --git a/app/models/integration.rb b/app/models/integration.rb index aa02db949bf..2491e961bc3 100644 --- a/app/models/integration.rb +++ b/app/models/integration.rb @@ -547,7 +547,9 @@ class Integration < ApplicationRecord end def self.api_fields - fields.map do |field| + fields.filter_map do |field| + next if field.if != true + { required: field.required?, name: field.name.to_sym, diff --git a/app/models/integrations/gitlab_slack_application.rb b/app/models/integrations/gitlab_slack_application.rb index d008a28a226..66746117c00 100644 --- a/app/models/integrations/gitlab_slack_application.rb +++ b/app/models/integrations/gitlab_slack_application.rb @@ -71,6 +71,10 @@ module Integrations super.drop(1) end + def self.webhook_help + # no-op + end + override :configurable_events def configurable_events return [] unless editable? diff --git a/app/models/organizations/organization_user.rb b/app/models/organizations/organization_user.rb index 9e06870dcc6..5916f8c950f 100644 --- a/app/models/organizations/organization_user.rb +++ b/app/models/organizations/organization_user.rb @@ -16,5 +16,16 @@ module Organizations } scope :owners, -> { where(access_level: Gitlab::Access::OWNER) } + + def self.create_default_organization_record_for(user_id, access_level) + Organizations::OrganizationUser.upsert( + { + organization_id: Organizations::Organization::DEFAULT_ORGANIZATION_ID, + user_id: user_id, + access_level: access_level + }, + unique_by: [:organization_id, :user_id] + ) + end end end diff --git a/app/models/user.rb b/app/models/user.rb index 8289776b959..ab5572e5b19 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -373,6 +373,8 @@ class User < MainClusterwide::ApplicationRecord update_invalid_gpg_signatures if previous_changes.key?('email') end + after_create_commit :create_default_organization_user + # User's Layout preference enum layout: { fixed: 0, fluid: 1 } @@ -2600,6 +2602,19 @@ class User < MainClusterwide::ApplicationRecord FEED_TOKEN_PREFIX end + def create_default_organization_user + return unless Feature.enabled?(:update_default_organization_users, self, type: :gitlab_com_derisk) + + organization_access_level = if admin? + :owner + else + :default + end + + Organizations::OrganizationUser + .create_default_organization_record_for(id, organization_access_level) + end + # method overriden in EE def audit_lock_access(reason: nil); end diff --git a/config/feature_flags/gitlab_com_derisk/update_default_organization_users.yml b/config/feature_flags/gitlab_com_derisk/update_default_organization_users.yml new file mode 100644 index 00000000000..d4112a9a352 --- /dev/null +++ b/config/feature_flags/gitlab_com_derisk/update_default_organization_users.yml @@ -0,0 +1,9 @@ +--- +name: update_default_organization_users +feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/437891 +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141500 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/437896 +milestone: '16.9' +group: group::tenant scale +type: gitlab_com_derisk +default_enabled: false diff --git a/doc/administration/backup_restore/restore_gitlab.md b/doc/administration/backup_restore/restore_gitlab.md index 0b5bf3cc0ff..c779c81c169 100644 --- a/doc/administration/backup_restore/restore_gitlab.md +++ b/doc/administration/backup_restore/restore_gitlab.md @@ -475,3 +475,8 @@ The error looks like: ``` To resolve this, you can update the Git [server hooks](../server_hooks.md) for GitLab version 15.11 and later, and create a new backup. + +### Successful restore with repositories showing as empty when using `fapolicyd` + +When using `fapolicyd` for increased security, GitLab can report that a restore was successful but repositories show as empty. For more troubleshooting help, see +[Gitaly Troubleshooting documentation](../../administration/gitaly/troubleshooting.md#repositories-are-shown-as-empty-after-a-gitlab-restore). diff --git a/doc/administration/gitaly/troubleshooting.md b/doc/administration/gitaly/troubleshooting.md index c8e000ad9e1..2266d3ad1b2 100644 --- a/doc/administration/gitaly/troubleshooting.md +++ b/doc/administration/gitaly/troubleshooting.md @@ -498,3 +498,44 @@ Execution traces can be viewed by running: ```shell go tool trace heap.bin ``` + +## Repositories are shown as empty after a GitLab restore + +When using `fapolicyd` for increased security, GitLab can report that a restore from a GitLab backup file was successful but: + +- Repositories show as empty. +- Creating new files causes an error similar to: + + ```plaintext + 13:commit: commit: starting process [/var/opt/gitlab/gitaly/run/gitaly-5428/gitaly-git2go -log-format json -log-level -correlation-id + 01GP1383JV6JD6MQJBH2E1RT03 -enabled-feature-flags -disabled-feature-flags commit]: fork/exec /var/opt/gitlab/gitaly/run/gitaly-5428/gitaly-git2go: operation not permitted. + ``` + +- Gitaly logs might contain errors similar to: + + ```plaintext + "error": "exit status 128, stderr: \"fatal: cannot exec '/var/opt/gitlab/gitaly/run/gitaly-5428/hooks-1277154941.d/reference-transaction': + + Operation not permitted\\nfatal: cannot exec '/var/opt/gitlab/gitaly/run/gitaly-5428/hooks-1277154941.d/reference-transaction': Operation + not permitted\\nfatal: ref updates aborted by hook\\n\"", + "grpc.code": "Internal", + "grpc.meta.deadline_type": "none", + "grpc.meta.method_type": "client_stream", + "grpc.method": "FetchBundle", + "grpc.request.fullMethod": "/gitaly.RepositoryService/FetchBundle", + ... + ``` + +You can use +[debug mode](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/assembly_blocking-and-allowing-applications-using-fapolicyd_security-hardening#ref_troubleshooting-problems-related-to-fapolicyd_assembly_blocking-and-allowing-applications-using-fapolicyd) +to help determine if `fapolicyd` is denying execution based on current rules. + +If you find that `fapolicyd` is denying execution, consider the following: + +1. Allow all executables in `/var/opt/gitlab/gitaly` in your `fapolicyd` configuration: + + ```plaintext + allow perm=any all : ftype=application/x-executable dir=/var/opt/gitlab/gitaly/ + ``` + +1. Restart the service. diff --git a/doc/api/integrations.md b/doc/api/integrations.md index 3e2286fa0a5..d94e0836d69 100644 --- a/doc/api/integrations.md +++ b/doc/api/integrations.md @@ -10,7 +10,7 @@ This API enables you to work with external services that integrate with GitLab. NOTE: In GitLab 14.4, the `services` endpoint was [renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/334500) to `integrations`. -Calls to the Integrations API can be made to both `/projects/:id/services` and `/projects/:id/integrations`. +Calls to the integrations API can be made to both `/projects/:id/services` and `/projects/:id/integrations`. The examples in this document refer to the endpoint at `/projects/:id/integrations`. This API requires an access token with the Maintainer or Owner role. @@ -730,6 +730,56 @@ Get the GitHub integration settings for a project. GET /projects/:id/integrations/github ``` +## GitLab for Slack app + +### Set up GitLab for Slack app + +Update the GitLab for Slack app integration for a project. + +You cannot create a GitLab for Slack app. You must [install the app](../user/project/integrations/gitlab_slack_application.md#install-the-gitlab-for-slack-app) from the GitLab UI. + +```plaintext +PUT /projects/:id/integrations/gitlab-slack-application +``` + +Parameters: + +| Parameter | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `channel` | string | false | Default channel to use if no other channel is configured. | +| `notify_only_broken_pipelines` | boolean | false | Send notifications for broken pipelines. | +| `notify_only_default_branch` | boolean | false | **Deprecated:** This parameter has been replaced with `branches_to_be_notified`. | +| `branches_to_be_notified` | string | false | Branches to send notifications for. Valid options are `all`, `default`, `protected`, and `default_and_protected`. The default value is `default`. | +| `alert_events` | boolean | false | Enable notifications for alert events. | +| `issues_events` | boolean | false | Enable notifications for issue events. | +| `confidential_issues_events` | boolean | false | Enable notifications for confidential issue events. | +| `merge_requests_events` | boolean | false | Enable notifications for merge request events. | +| `note_events` | boolean | false | Enable notifications for note events. | +| `confidential_note_events` | boolean | false | Enable notifications for confidential note events. | +| `deployment_events` | boolean | false | Enable notifications for deployment events. | +| `incidents_events` | boolean | false | Enable notifications for incident events. | +| `pipeline_events` | boolean | false | Enable notifications for pipeline events. | +| `push_events` | boolean | false | Enable notifications for push events. | +| `tag_push_events` | boolean | false | Enable notifications for tag push events. | +| `vulnerability_events` | boolean | false | Enable notifications for vulnerability events. | +| `wiki_page_events` | boolean | false | Enable notifications for wiki page events. | + +### Disable GitLab for Slack app + +Disable the GitLab for Slack app integration for a project. Integration settings are reset. + +```plaintext +DELETE /projects/:id/integrations/gitlab-slack-application +``` + +### Get GitLab for Slack app settings + +Get the GitLab for Slack app integration settings for a project. + +```plaintext +GET /projects/:id/integrations/gitlab-slack-application +``` + ## Google Chat ### Set up Google Chat diff --git a/gems/gitlab-housekeeper/lib/gitlab/housekeeper/gitlab_client.rb b/gems/gitlab-housekeeper/lib/gitlab/housekeeper/gitlab_client.rb index d2bb5065824..697ab9043ef 100644 --- a/gems/gitlab-housekeeper/lib/gitlab/housekeeper/gitlab_client.rb +++ b/gems/gitlab-housekeeper/lib/gitlab/housekeeper/gitlab_client.rb @@ -206,7 +206,8 @@ module Gitlab labels: Array(labels).join(','), source_branch: source_branch, target_branch: target_branch, - target_project_id: target_project_id + target_project_id: target_project_id, + remove_source_branch: true }.to_json, headers: { 'Private-Token' => @token, diff --git a/gems/gitlab-housekeeper/spec/gitlab/housekeeper/gitlab_client_spec.rb b/gems/gitlab-housekeeper/spec/gitlab/housekeeper/gitlab_client_spec.rb index ffb9d2f8d23..2a1d2cb79fb 100644 --- a/gems/gitlab-housekeeper/spec/gitlab/housekeeper/gitlab_client_spec.rb +++ b/gems/gitlab-housekeeper/spec/gitlab/housekeeper/gitlab_client_spec.rb @@ -241,7 +241,8 @@ RSpec.describe ::Gitlab::Housekeeper::GitlabClient do labels: "label-1,label-2", source_branch: "the-source-branch", target_branch: "the-target-branch", - target_project_id: 456 + target_project_id: 456, + remove_source_branch: true }, headers: { 'Content-Type' => 'application/json', diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb index b450718a7d0..85a13edfd89 100644 --- a/lib/api/helpers/integrations_helpers.rb +++ b/lib/api/helpers/integrations_helpers.rb @@ -222,6 +222,10 @@ module API } ], 'external-wiki' => ::Integrations::ExternalWiki.api_fields, + 'gitlab-slack-application' => [ + ::Integrations::GitlabSlackApplication.api_fields, + chat_notification_channels + ].flatten, 'google-play' => ::Integrations::GooglePlay.api_fields, 'hangouts-chat' => [ { @@ -638,6 +642,7 @@ module API ::Integrations::EmailsOnPush, ::Integrations::Ewm, ::Integrations::ExternalWiki, + ::Integrations::GitlabSlackApplication, ::Integrations::GooglePlay, ::Integrations::HangoutsChat, ::Integrations::Harbor, diff --git a/lib/api/integrations.rb b/lib/api/integrations.rb index a73e34f54a3..0d182ade558 100644 --- a/lib/api/integrations.rb +++ b/lib/api/integrations.rb @@ -113,6 +113,14 @@ module API integration = user_project.find_or_initialize_integration(slug.underscore) params = declared_params(include_missing: false).merge(active: true) + if integration.is_a?(::Integrations::GitlabSlackApplication) + if integration.new_record? + render_api_error!('You cannot create the GitLab for Slack app from the API', 422) + end + + params.delete(:active) + end + if integration.update(params) present integration, with: Entities::ProjectIntegration else diff --git a/lib/gitlab/blob_helper.rb b/lib/gitlab/blob_helper.rb index 9e4ea934edb..25d79c1085a 100644 --- a/lib/gitlab/blob_helper.rb +++ b/lib/gitlab/blob_helper.rb @@ -47,7 +47,7 @@ module Gitlab end def image? - ['.png', '.jpg', '.jpeg', '.gif', '.svg', '.webp'].include?(extname.downcase) + ['.png', '.jpg', '.jpeg', '.gif', '.svg', '.bmp', '.webp'].include?(extname.downcase) end # Internal: Lookup mime type for extension. diff --git a/spec/factories/users.rb b/spec/factories/users.rb index 7ade859dcf2..6bad16f8176 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -23,6 +23,16 @@ FactoryBot.define do user.assign_personal_namespace if assign_ns end + trait :without_default_org do + after(:build) do + User.skip_callback(:commit, :after, :create_default_organization_user) + end + + after(:create) do + User.set_callback(:commit, :after, :create_default_organization_user) + end + end + trait :with_namespace do namespace { assign_personal_namespace } end diff --git a/spec/lib/gitlab/blob_helper_spec.rb b/spec/lib/gitlab/blob_helper_spec.rb index e18277ba8d2..6d1e6ea59a3 100644 --- a/spec/lib/gitlab/blob_helper_spec.rb +++ b/spec/lib/gitlab/blob_helper_spec.rb @@ -7,6 +7,7 @@ RSpec.describe Gitlab::BlobHelper do let(:project) { create(:project) } let(:blob) { fake_blob(path: 'file.txt') } + let(:bmp_blob) { fake_blob(path: 'file.bmp') } let(:webp_blob) { fake_blob(path: 'file.webp') } let(:large_blob) { fake_blob(path: 'test.pdf', size: 2.megabytes, binary: true) } @@ -69,6 +70,12 @@ RSpec.describe Gitlab::BlobHelper do end end + context 'with a .bmp file' do + it 'returns true' do + expect(bmp_blob.image?).to be_truthy + end + end + context 'with a .webp file' do it 'returns true' do expect(webp_blob.image?).to be_truthy diff --git a/spec/migrations/fix_broken_user_achievements_awarded_spec.rb b/spec/migrations/fix_broken_user_achievements_awarded_spec.rb index cb31ca44a9f..8f9d2d30c48 100644 --- a/spec/migrations/fix_broken_user_achievements_awarded_spec.rb +++ b/spec/migrations/fix_broken_user_achievements_awarded_spec.rb @@ -32,15 +32,27 @@ RSpec.describe FixBrokenUserAchievementsAwarded, migration: :gitlab_main, featur awarding_user.delete end - it 'migrates the invalid user achievement' do - expect { migrate! } - .to change { user_achievement_invalid.reload.awarded_by_user_id } - .from(nil).to(Users::Internal.ghost.id) + context 'when ghost user exists' do + let!(:ghost_user) do + users_table.create!(username: generate(:username), email: 'ghost@example.com', projects_limit: 0, user_type: 5) + end + + it 'migrates the invalid user achievement' do + expect { migrate! } + .to change { user_achievement_invalid.reload.awarded_by_user_id } + .from(nil).to(ghost_user.id) + end + + it 'does not migrate the valid user achievement' do + expect { migrate! } + .not_to change { user_achievement_valid.reload.awarded_by_user_id } + end end - it 'does not migrate the valid user achievement' do - expect { migrate! } - .not_to change { user_achievement_valid.reload.awarded_by_user_id } + context 'when ghost user does not exist' do + it 'does not migrate the invalid user achievement' do + expect { migrate! }.not_to change { user_achievement_invalid.reload.awarded_by_user_id } + end end end end diff --git a/spec/migrations/fix_broken_user_achievements_revoked_spec.rb b/spec/migrations/fix_broken_user_achievements_revoked_spec.rb index 34517ae67b4..dd8c4b75c7a 100644 --- a/spec/migrations/fix_broken_user_achievements_revoked_spec.rb +++ b/spec/migrations/fix_broken_user_achievements_revoked_spec.rb @@ -25,20 +25,32 @@ RSpec.describe FixBrokenUserAchievementsRevoked, migration: :gitlab_main, featur let(:not_revoked) { user_achievements_table.create!(user_id: user.id, achievement_id: achievement.id) } describe '#up' do - it 'migrates the invalid user achievement' do - expect { migrate! } - .to change { revoked_invalid.reload.revoked_by_user_id } - .from(nil).to(Users::Internal.ghost.id) + context 'when ghost user exists' do + let!(:ghost_user) do + users_table.create!(username: generate(:username), email: 'ghost@example.com', projects_limit: 0, user_type: 5) + end + + it 'migrates the invalid user achievement' do + expect { migrate! } + .to change { revoked_invalid.reload.revoked_by_user_id } + .from(nil).to(ghost_user.id) + end + + it 'does not migrate valid revoked user achievement' do + expect { migrate! } + .not_to change { revoked_valid.reload.revoked_by_user_id } + end + + it 'does not migrate the not revoked user achievement' do + expect { migrate! } + .not_to change { not_revoked.reload.revoked_by_user_id } + end end - it 'does not migrate valid revoked user achievement' do - expect { migrate! } - .not_to change { revoked_valid.reload.revoked_by_user_id } - end - - it 'does not migrate the not revoked user achievement' do - expect { migrate! } - .not_to change { not_revoked.reload.revoked_by_user_id } + context 'when ghost user does not exist' do + it 'does not migrate the invalid user achievement' do + expect { migrate! }.not_to change { revoked_invalid.reload.revoked_by_user_id } + end end end end diff --git a/spec/models/member_spec.rb b/spec/models/member_spec.rb index 3c15992bab2..eb227f22b8a 100644 --- a/spec/models/member_spec.rb +++ b/spec/models/member_spec.rb @@ -1086,6 +1086,8 @@ RSpec.describe Member, feature_category: :groups_and_projects do context 'for updating organization_users' do let_it_be(:group) { create(:group, :with_organization) } + let_it_be(:user) { create(:user) } + let(:member) { create(:group_member, source: group, user: user) } let(:update_organization_users_enabled) { true } subject(:commit_member) { member } @@ -1102,8 +1104,6 @@ RSpec.describe Member, feature_category: :groups_and_projects do end context 'when creating' do - let(:member) { create(:group_member, source: group) } - context 'when update_organization_users is enabled' do it 'inserts new record on member creation' do expect { member }.to change { Organizations::OrganizationUser.count }.by(1) @@ -1175,13 +1175,13 @@ RSpec.describe Member, feature_category: :groups_and_projects do end context 'when member is an invite' do - let(:member) { create(:group_member, :invited, source: group) } + let(:member) { create(:group_member, :invited, source: group, user: nil) } it_behaves_like 'does not create an organization_user entry' end context 'when organization does not exist' do - let(:member) { create(:group_member) } + let(:member) { create(:group_member, user: user) } it_behaves_like 'does not create an organization_user entry' end diff --git a/spec/models/organizations/organization_user_spec.rb b/spec/models/organizations/organization_user_spec.rb index c3416c93ec9..da337c04bc5 100644 --- a/spec/models/organizations/organization_user_spec.rb +++ b/spec/models/organizations/organization_user_spec.rb @@ -44,4 +44,65 @@ RSpec.describe Organizations::OrganizationUser, type: :model, feature_category: end it_behaves_like 'having unique enum values' + + describe '.create_default_organization_record_for' do + let_it_be(:default_organization) { create(:organization, :default) } + let_it_be(:user) { create(:user, :without_default_org) } + let(:access_level) { :default } + let(:user_id) { user.id } + + subject(:create_entry) { described_class.create_default_organization_record_for(user_id, access_level) } + + context 'when creating as as default user' do + it 'creates record with correct attributes' do + expect { create_entry }.to change { described_class.count }.by(1) + expect(default_organization.user?(user)).to be(true) + end + end + + context 'when creating as an owner' do + let(:access_level) { :owner } + + it 'creates record with correct attributes' do + expect { create_entry }.to change { described_class.count }.by(1) + expect(default_organization.owner?(user)).to be(true) + end + end + + context 'when entry already exists' do + let_it_be(:organization_user) { create(:organization_user, user: user, organization: default_organization) } + + it 'does not create or update existing record' do + expect { create_entry }.not_to change { described_class.count } + end + + context 'when access_level changes' do + let(:access_level) { :owner } + + it 'changes access_level on the existing record' do + expect(default_organization.owner?(user)).to be(false) + + expect { create_entry }.not_to change { described_class.count } + + expect(default_organization.owner?(user)).to be(true) + end + end + end + + context 'when creating with invalid access_level' do + let(:access_level) { :foo } + + it 'raises and error' do + expect { create_entry }.to raise_error(ActiveRecord::NotNullViolation) + end + end + + context 'when creating with invalid user_id' do + let(:user_id) { nil } + + it 'raises and error' do + expect { create_entry }.to raise_error(ActiveRecord::NotNullViolation) + end + end + end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 670256c7e65..a17245495d6 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1755,6 +1755,41 @@ RSpec.describe User, feature_category: :user_profile do end end + context 'when after_create_commit :create_default_organization_user on default organization' do + let_it_be(:default_organization) { create(:organization, :default) } + let(:user) { create(:user) } + + subject(:create_user) { user } + + context 'when user is created as an instance admin' do + let(:user) { create(:admin) } + + it 'adds user to organization_users as an owner of default organization' do + expect { create_user }.to change { Organizations::OrganizationUser.count }.by(1) + expect(default_organization.owner?(user)).to be(true) + end + end + + context 'when user is created as a regular user' do + it 'adds user to organization_users as a regular user of default organization' do + expect { create_user }.to change { Organizations::OrganizationUser.count }.by(1) + expect(default_organization.owner?(user)).to be(false) + expect(default_organization.user?(user)).to be(true) + end + end + + context 'when feature flag update_default_organization_users is disabled' do + before do + stub_feature_flags(update_default_organization_users: false) + end + + it 'adds user to organization_users as a regular user of default organization' do + expect { create_user }.not_to change { Organizations::OrganizationUser.count } + expect(default_organization.user?(user)).to be(false) + end + end + end + describe 'name getters' do let(:user) { create(:user, name: 'Kane Martin William') } diff --git a/spec/requests/api/integrations_spec.rb b/spec/requests/api/integrations_spec.rb index 36667022fc5..3ae9e6b5229 100644 --- a/spec/requests/api/integrations_spec.rb +++ b/spec/requests/api/integrations_spec.rb @@ -44,9 +44,8 @@ RSpec.describe API::Integrations, feature_category: :integrations do end where(:integration) do - # The Project Integrations API supports all integrations except: - # - The GitLab Slack Application integration, as it must be installed via the UI. - # - ZenTao integration, as new integration is blocked from being created. + # The integrations API supports all project integrations. + # You cannot create a GitLab for Slack app. You must install the app from the GitLab UI. unavailable_integration_names = [ Integrations::GitlabSlackApplication.to_param, Integrations::Zentao.to_param @@ -402,6 +401,58 @@ RSpec.describe API::Integrations, feature_category: :integrations do end end + describe 'GitLab for Slack app integration' do + before do + stub_application_setting(slack_app_enabled: true) + create(:gitlab_slack_application_integration, project: project) + end + + describe "PUT /projects/:id/#{endpoint}/gitlab-slack-application" do + context 'for integration creation' do + before do + project.gitlab_slack_application_integration.destroy! + end + + it 'returns 422' do + put api("/projects/#{project.id}/#{endpoint}/gitlab-slack-application", user) + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + end + end + + context 'for integration update' do + before do + project.gitlab_slack_application_integration.update!(active: false) + end + + it "does not enable the integration" do + put api("/projects/#{project.id}/#{endpoint}/gitlab-slack-application", user) + + expect(response).to have_gitlab_http_status(:ok) + expect(project.gitlab_slack_application_integration.reload).to have_attributes(active: false) + end + end + end + + describe "GET /projects/:id/#{endpoint}/gitlab-slack-application" do + it "fetches the integration and returns the correct fields" do + get api("/projects/#{project.id}/#{endpoint}/gitlab-slack-application", user) + + expect(response).to have_gitlab_http_status(:ok) + assert_correct_response_fields(json_response['properties'].keys, project.gitlab_slack_application_integration) + end + end + + describe "DELETE /projects/:id/#{endpoint}/gitlab-slack-application" do + it "disables the integration" do + expect { delete api("/projects/#{project.id}/#{endpoint}/gitlab-slack-application", user) } + .to change { project.gitlab_slack_application_integration.reload.activated? }.from(true).to(false) + + expect(response).to have_gitlab_http_status(:no_content) + end + end + end + private def assert_correct_response_fields(response_keys, integration) -- cgit v1.2.3