From 7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 17 Nov 2022 11:33:21 +0000
Subject: Add latest changes from gitlab-org/gitlab@15-6-stable-ee

---
 spec/requests/api/admin/ci/variables_spec.rb | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'spec/requests/api/admin/ci/variables_spec.rb')

diff --git a/spec/requests/api/admin/ci/variables_spec.rb b/spec/requests/api/admin/ci/variables_spec.rb
index f89964411f8..4bdc44cb583 100644
--- a/spec/requests/api/admin/ci/variables_spec.rb
+++ b/spec/requests/api/admin/ci/variables_spec.rb
@@ -71,7 +71,8 @@ RSpec.describe ::API::Admin::Ci::Variables do
               key: 'TEST_VARIABLE_2',
               value: 'PROTECTED_VALUE_2',
               protected: true,
-              masked: true
+              masked: true,
+              raw: true
             }
         end.to change { ::Ci::InstanceVariable.count }.by(1)
 
@@ -80,9 +81,19 @@ RSpec.describe ::API::Admin::Ci::Variables do
         expect(json_response['value']).to eq('PROTECTED_VALUE_2')
         expect(json_response['protected']).to be_truthy
         expect(json_response['masked']).to be_truthy
+        expect(json_response['raw']).to be_truthy
         expect(json_response['variable_type']).to eq('env_var')
       end
 
+      it 'masks the new value when logging' do
+        masked_params = { 'key' => 'VAR_KEY', 'value' => '[FILTERED]', 'protected' => 'true', 'masked' => 'true' }
+
+        expect(::API::API::LOGGER).to receive(:info).with(include(params: include(masked_params)))
+
+        post api("/admin/ci/variables", user),
+          params: { key: 'VAR_KEY', value: 'SENSITIVE', protected: true, masked: true }
+      end
+
       it 'creates variable with optional attributes', :aggregate_failures do
         expect do
           post api('/admin/ci/variables', admin),
@@ -98,6 +109,7 @@ RSpec.describe ::API::Admin::Ci::Variables do
         expect(json_response['value']).to eq('VALUE_2')
         expect(json_response['protected']).to be_falsey
         expect(json_response['masked']).to be_falsey
+        expect(json_response['raw']).to be_falsey
         expect(json_response['variable_type']).to eq('file')
       end
 
@@ -153,7 +165,8 @@ RSpec.describe ::API::Admin::Ci::Variables do
             variable_type: 'file',
             value: 'VALUE_1_UP',
             protected: true,
-            masked: true
+            masked: true,
+            raw: true
           }
 
         expect(response).to have_gitlab_http_status(:ok)
@@ -161,6 +174,16 @@ RSpec.describe ::API::Admin::Ci::Variables do
         expect(variable.reload).to be_protected
         expect(json_response['variable_type']).to eq('file')
         expect(json_response['masked']).to be_truthy
+        expect(json_response['raw']).to be_truthy
+      end
+
+      it 'masks the new value when logging' do
+        masked_params = { 'value' => '[FILTERED]', 'protected' => 'true', 'masked' => 'true' }
+
+        expect(::API::API::LOGGER).to receive(:info).with(include(params: include(masked_params)))
+
+        put api("/admin/ci/variables/#{variable.key}", admin),
+          params: { value: 'SENSITIVE', protected: true, masked: true }
       end
 
       it 'responds with 404 Not Found if requesting non-existing variable' do
-- 
cgit v1.2.3