blob: 5ae0b8b10b640ffba9573647b8d18ad2888d98b0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
# frozen_string_literal: true
RSpec.shared_examples 'MLflow|an endpoint that requires authentication' do
context 'when not authenticated' do
let(:headers) { {} }
it "is Unauthorized" do
is_expected.to have_gitlab_http_status(:unauthorized)
end
end
context 'when user does not have access' do
let(:access_token) { tokens[:different_user] }
it "is Not Found" do
is_expected.to have_gitlab_http_status(:not_found)
end
end
end
RSpec.shared_examples 'MLflow|an endpoint that requires read_model_registry' do
context 'when user does not have read_model_registry' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(current_user, :read_model_registry, project)
.and_return(false)
end
it "is Not Found" do
is_expected.to have_gitlab_http_status(:not_found)
end
end
end
RSpec.shared_examples 'MLflow|an endpoint that requires write_model_registry' do
context 'when user does not have read_model_registry' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(current_user, :write_model_registry, project)
.and_return(false)
end
it "is Not Found" do
is_expected.to have_gitlab_http_status(:unauthorized)
end
end
end
RSpec.shared_examples 'MLflow|Not Found - Resource Does Not Exist' do
it "is Resource Does Not Exist", :aggregate_failures do
is_expected.to have_gitlab_http_status(:not_found)
expect(json_response).to include({ "error_code" => 'RESOURCE_DOES_NOT_EXIST' })
end
end
RSpec.shared_examples 'MLflow|Requires api scope and write permission' do
context 'when user has access but token has wrong scope' do
let(:access_token) { tokens[:read] }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when user has access but is not allowed to write' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(current_user, :write_model_experiments, project)
.and_return(false)
end
it "is Unauthorized" do
is_expected.to have_gitlab_http_status(:unauthorized)
end
end
end
RSpec.shared_examples 'MLflow|Requires read_api scope' do
context 'when user has access but token has wrong scope' do
let(:access_token) { tokens[:no_access] }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
end
RSpec.shared_examples 'MLflow|Bad Request' do
it "is Bad Request" do
is_expected.to have_gitlab_http_status(:bad_request)
end
end
RSpec.shared_examples 'MLflow|shared error cases' do
it_behaves_like 'MLflow|an endpoint that requires authentication'
context 'when model experiments is unavailable' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(current_user, :read_model_experiments, project)
.and_return(false)
end
it "is Not Found" do
is_expected.to have_gitlab_http_status(:not_found)
end
end
end
RSpec.shared_examples 'MLflow|shared model registry error cases' do
it_behaves_like 'MLflow|an endpoint that requires authentication'
it_behaves_like 'MLflow|an endpoint that requires read_model_registry'
end
RSpec.shared_examples 'MLflow|Bad Request on missing required' do |keys|
keys.each do |key|
context "when \"#{key}\" is missing" do
let(:params) { default_params.tap { |p| p.delete(key) } }
it_behaves_like 'MLflow|Bad Request'
end
end
end
RSpec.shared_examples 'MLflow|an invalid request' do
it_behaves_like 'MLflow|Bad Request'
end
RSpec.shared_examples 'MLflow|an authenticated resource' do
it_behaves_like 'MLflow|an endpoint that requires authentication'
it_behaves_like 'MLflow|Requires read_api scope'
end
RSpec.shared_examples 'MLflow|a read-only model registry resource' do
it_behaves_like 'MLflow|an endpoint that requires authentication'
it_behaves_like 'MLflow|an endpoint that requires read_model_registry'
end
RSpec.shared_examples 'MLflow|a read/write model registry resource' do
it_behaves_like 'MLflow|an endpoint that requires authentication'
it_behaves_like 'MLflow|an endpoint that requires read_model_registry'
it_behaves_like 'MLflow|an endpoint that requires write_model_registry'
end
|