From fce23e13968a87a1e2de96a6e945166c372736f4 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 30 Oct 2023 13:00:37 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@16-5-stable-ee

---
 spec/helpers/version_check_helper_spec.rb | 52 +++++++++++++++++--------------
 spec/lib/gitlab/ci/jwt_spec.rb            | 19 ++++++++++-
 2 files changed, 47 insertions(+), 24 deletions(-)

(limited to 'spec')

diff --git a/spec/helpers/version_check_helper_spec.rb b/spec/helpers/version_check_helper_spec.rb
index ce5aade2b1c..9c697dbe21e 100644
--- a/spec/helpers/version_check_helper_spec.rb
+++ b/spec/helpers/version_check_helper_spec.rb
@@ -38,43 +38,49 @@ RSpec.describe VersionCheckHelper do
   end
 
   describe '#gitlab_version_check' do
+    let(:show_version_check) { false }
+
     before do
-      allow_next_instance_of(VersionCheck) do |instance|
-        allow(instance).to receive(:response).and_return({ "severity" => "success" })
-      end
+      allow(helper).to receive(:show_version_check?).and_return(show_version_check)
     end
 
-    it 'returns an instance of the VersionCheck class' do
-      expect(helper.gitlab_version_check).to eq({ "severity" => "success" })
+    it 'when show_version_check? is false it returns nil' do
+      expect(helper.gitlab_version_check).to be nil
+    end
+
+    context 'when show_version_check? is true' do
+      let(:show_version_check) { true }
+
+      before do
+        allow_next_instance_of(VersionCheck) do |instance|
+          allow(instance).to receive(:response).and_return({ "severity" => "success" })
+        end
+      end
+
+      it 'returns an instance of the VersionCheck class if the user has access' do
+        expect(helper.gitlab_version_check).to eq({ "severity" => "success" })
+      end
     end
   end
 
   describe '#show_security_patch_upgrade_alert?' do
     describe 'return conditions' do
-      where(:show_version_check, :gitlab_version_check, :result) do
+      where(:gitlab_version_check, :result) do
         [
-          [false, nil, false],
-          [false, { "severity" => "success" }, false],
-          [false, { "severity" => "danger" }, false],
-          [false, { "severity" => "danger", "critical_vulnerability" => 'some text' }, false],
-          [false, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
-          [false, { "severity" => "danger", "critical_vulnerability" => false }, false],
-          [false, { "severity" => "danger", "critical_vulnerability" => 'true' }, false],
-          [false, { "severity" => "danger", "critical_vulnerability" => true }, false],
-          [true, nil, false],
-          [true, { "severity" => "success" }, nil],
-          [true, { "severity" => "danger" }, nil],
-          [true, { "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
-          [true, { "severity" => "danger", "critical_vulnerability" => 'false' }, false],
-          [true, { "severity" => "danger", "critical_vulnerability" => false }, false],
-          [true, { "severity" => "danger", "critical_vulnerability" => 'true' }, true],
-          [true, { "severity" => "danger", "critical_vulnerability" => true }, true]
+          [nil, false],
+          [{}, nil],
+          [{ "severity" => "success" }, nil],
+          [{ "severity" => "danger" }, nil],
+          [{ "severity" => "danger", "critical_vulnerability" => 'some text' }, nil],
+          [{ "severity" => "danger", "critical_vulnerability" => 'false' }, false],
+          [{ "severity" => "danger", "critical_vulnerability" => false }, false],
+          [{ "severity" => "danger", "critical_vulnerability" => 'true' }, true],
+          [{ "severity" => "danger", "critical_vulnerability" => true }, true]
         ]
       end
 
       with_them do
         before do
-          allow(helper).to receive(:show_version_check?).and_return(show_version_check)
           allow(helper).to receive(:gitlab_version_check).and_return(gitlab_version_check)
         end
 
diff --git a/spec/lib/gitlab/ci/jwt_spec.rb b/spec/lib/gitlab/ci/jwt_spec.rb
index a6de5b9879c..f0b203961b4 100644
--- a/spec/lib/gitlab/ci/jwt_spec.rb
+++ b/spec/lib/gitlab/ci/jwt_spec.rb
@@ -49,6 +49,7 @@ RSpec.describe Gitlab::Ci::Jwt do
         expect(payload[:environment]).to be_nil
         expect(payload[:environment_protected]).to be_nil
         expect(payload[:deployment_tier]).to be_nil
+        expect(payload[:environment_action]).to be_nil
       end
     end
 
@@ -109,7 +110,10 @@ RSpec.describe Gitlab::Ci::Jwt do
           project: project,
           user: user,
           pipeline: pipeline,
-          environment: environment.name
+          environment: {
+            name: environment.name,
+            action: 'start'
+          }
         )
       end
 
@@ -121,6 +125,7 @@ RSpec.describe Gitlab::Ci::Jwt do
         expect(payload[:environment]).to eq('production')
         expect(payload[:environment_protected]).to eq('false')
         expect(payload[:deployment_tier]).to eq('production')
+        expect(payload[:environment_action]).to eq('start')
       end
 
       describe 'deployment_tier' do
@@ -134,6 +139,18 @@ RSpec.describe Gitlab::Ci::Jwt do
           end
         end
       end
+
+      describe 'environment_action' do
+        context 'when build options specifies a different environment_action' do
+          before do
+            build.options[:environment] = { name: environment.name, action: 'prepare' }
+          end
+
+          it 'uses environment_action from build options' do
+            expect(payload[:environment_action]).to eq('prepare')
+          end
+        end
+      end
     end
   end
 
-- 
cgit v1.2.3