2021-09-04 01:27:46 +05:30
# frozen_string_literal: true
require 'spec_helper'
2023-03-04 22:38:38 +05:30
RSpec . describe API :: HelmPackages , feature_category : :package_registry do
2021-09-04 01:27:46 +05:30
include_context 'helm api setup'
using RSpec :: Parameterized :: TableSyntax
let_it_be_with_reload ( :project ) { create ( :project , :public ) }
let_it_be ( :deploy_token ) { create ( :deploy_token , read_package_registry : true , write_package_registry : true ) }
let_it_be ( :project_deploy_token ) { create ( :project_deploy_token , deploy_token : deploy_token , project : project ) }
2021-11-11 11:23:49 +05:30
let_it_be ( :package ) { create ( :helm_package , project : project , without_package_files : true ) }
let_it_be ( :package_file1 ) { create ( :helm_package_file , package : package ) }
let_it_be ( :package_file2 ) { create ( :helm_package_file , package : package ) }
let_it_be ( :package2 ) { create ( :helm_package , project : project , without_package_files : true ) }
let_it_be ( :package_file2_1 ) { create ( :helm_package_file , package : package2 , file_sha256 : 'file2' , file_name : 'filename2.tgz' , description : 'hello from stable channel' ) }
let_it_be ( :package_file2_2 ) { create ( :helm_package_file , package : package2 , file_sha256 : 'file2' , file_name : 'filename2.tgz' , channel : 'test' , description : 'hello from test channel' ) }
let_it_be ( :other_package ) { create ( :npm_package , project : project ) }
2021-09-04 01:27:46 +05:30
2023-05-27 22:25:52 +05:30
let ( :snowplow_gitlab_standard_context ) { snowplow_context }
def snowplow_context ( user_role : :developer )
if user_role == :anonymous
{ project : project , namespace : project . namespace , property : 'i_package_helm_user' }
else
{ project : project , namespace : project . namespace , property : 'i_package_helm_user' , user : user }
end
end
2023-03-04 22:38:38 +05:30
2021-09-30 23:02:18 +05:30
describe 'GET /api/v4/projects/:id/packages/helm/:channel/index.yaml' do
2021-11-18 22:05:49 +05:30
let ( :project_id ) { project . id }
let ( :channel ) { 'stable' }
let ( :url ) { " /projects/ #{ project_id } /packages/helm/ #{ channel } /index.yaml " }
2021-11-11 11:23:49 +05:30
context 'with a project id' do
it_behaves_like 'handling helm chart index requests'
end
context 'with an url encoded project id' do
let ( :project_id ) { ERB :: Util . url_encode ( project . full_path ) }
it_behaves_like 'handling helm chart index requests'
2021-09-30 23:02:18 +05:30
end
2021-11-18 22:05:49 +05:30
context 'with dot in channel' do
let ( :channel ) { 'with.dot' }
subject { get api ( url ) }
before do
project . update! ( visibility : 'public' )
end
it_behaves_like 'returning response status' , :success
end
2021-09-30 23:02:18 +05:30
end
2021-09-04 01:27:46 +05:30
2021-09-30 23:02:18 +05:30
describe 'GET /api/v4/projects/:id/packages/helm/:channel/charts/:file_name.tgz' do
2021-11-11 11:23:49 +05:30
let ( :url ) { " /projects/ #{ project . id } /packages/helm/stable/charts/ #{ package . name } - #{ package . version } .tgz " }
2021-09-04 01:27:46 +05:30
2021-09-30 23:02:18 +05:30
subject { get api ( url ) , headers : headers }
2021-09-04 01:27:46 +05:30
context 'with valid project' do
2021-09-30 23:02:18 +05:30
where ( :visibility , :user_role , :shared_examples_name , :expected_status ) do
:public | :guest | 'process helm download content request' | :success
:public | :not_a_member | 'process helm download content request' | :success
:public | :anonymous | 'process helm download content request' | :success
:private | :reporter | 'process helm download content request' | :success
:private | :guest | 'rejects helm packages access' | :forbidden
:private | :not_a_member | 'rejects helm packages access' | :not_found
:private | :anonymous | 'rejects helm packages access' | :unauthorized
2021-09-04 01:27:46 +05:30
end
with_them do
2021-09-30 23:02:18 +05:30
let ( :headers ) { user_role == :anonymous ? { } : basic_auth_header ( user . username , personal_access_token . token ) }
2023-05-27 22:25:52 +05:30
let ( :snowplow_gitlab_standard_context ) { snowplow_context ( user_role : user_role ) }
2021-09-04 01:27:46 +05:30
before do
project . update! ( visibility : visibility . to_s )
end
2021-09-30 23:02:18 +05:30
it_behaves_like params [ :shared_examples_name ] , params [ :user_role ] , params [ :expected_status ]
2021-09-04 01:27:46 +05:30
end
end
2022-11-25 23:54:43 +05:30
context 'with access to package registry for everyone' do
2023-05-27 22:25:52 +05:30
let ( :snowplow_gitlab_standard_context ) { snowplow_context ( user_role : :anonymous ) }
2022-11-25 23:54:43 +05:30
before do
project . update! ( visibility : Gitlab :: VisibilityLevel :: PRIVATE )
project . project_feature . update! ( package_registry_access_level : ProjectFeature :: PUBLIC )
end
it_behaves_like 'process helm download content request' , :anonymous , :success
end
2021-09-30 23:02:18 +05:30
context 'when an invalid token is passed' do
let ( :headers ) { basic_auth_header ( user . username , 'wrong' ) }
it_behaves_like 'returning response status' , :unauthorized
end
2021-09-04 01:27:46 +05:30
it_behaves_like 'deploy token for package GET requests'
2021-09-30 23:02:18 +05:30
end
describe 'POST /api/v4/projects/:id/packages/helm/api/:channel/charts/authorize' do
include_context 'workhorse headers'
let ( :channel ) { 'stable' }
let ( :url ) { " /projects/ #{ project . id } /packages/helm/api/ #{ channel } /charts/authorize " }
let ( :headers ) { { } }
subject { post api ( url ) , headers : headers }
context 'with valid project' do
where ( :visibility_level , :user_role , :shared_examples_name , :expected_status ) do
:public | :developer | 'process helm workhorse authorization' | :success
:public | :reporter | 'rejects helm packages access' | :forbidden
:public | :not_a_member | 'rejects helm packages access' | :forbidden
:public | :anonymous | 'rejects helm packages access' | :unauthorized
:private | :developer | 'process helm workhorse authorization' | :success
:private | :reporter | 'rejects helm packages access' | :forbidden
:private | :not_a_member | 'rejects helm packages access' | :not_found
:private | :anonymous | 'rejects helm packages access' | :unauthorized
end
with_them do
let ( :user_headers ) { user_role == :anonymous ? { } : basic_auth_header ( user . username , personal_access_token . token ) }
let ( :headers ) { user_headers . merge ( workhorse_headers ) }
2023-05-27 22:25:52 +05:30
let ( :snowplow_gitlab_standard_context ) { snowplow_context ( user_role : user_role ) }
2021-09-30 23:02:18 +05:30
before do
project . update_column ( :visibility_level , Gitlab :: VisibilityLevel . level_value ( visibility_level . to_s ) )
end
it_behaves_like params [ :shared_examples_name ] , params [ :user_role ] , params [ :expected_status ]
end
end
context 'when an invalid token is passed' do
let ( :headers ) { basic_auth_header ( user . username , 'wrong' ) }
it_behaves_like 'returning response status' , :unauthorized
end
it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads' , authorize_endpoint : true , accept_invalid_username : true do
let_it_be ( :job ) { create ( :ci_build , :running , user : user , project : project ) }
end
2021-09-04 01:27:46 +05:30
it_behaves_like 'rejects helm access with unknown project id'
end
2021-09-30 23:02:18 +05:30
describe 'POST /api/v4/projects/:id/packages/helm/api/:channel/charts' do
include_context 'workhorse headers'
let_it_be ( :file_name ) { 'package.tgz' }
let ( :channel ) { 'stable' }
let ( :url ) { " /projects/ #{ project . id } /packages/helm/api/ #{ channel } /charts " }
let ( :headers ) { { } }
let ( :params ) { { chart : temp_file ( file_name ) } }
let ( :file_key ) { :chart }
let ( :send_rewritten_field ) { true }
subject do
workhorse_finalize (
api ( url ) ,
method : :post ,
file_key : file_key ,
params : params ,
headers : headers ,
send_rewritten_field : send_rewritten_field
)
end
context 'with valid project' do
where ( :visibility_level , :user_role , :shared_examples_name , :expected_status ) do
:public | :developer | 'process helm upload' | :created
:public | :reporter | 'rejects helm packages access' | :forbidden
:public | :not_a_member | 'rejects helm packages access' | :forbidden
:public | :anonymous | 'rejects helm packages access' | :unauthorized
:private | :developer | 'process helm upload' | :created
:private | :guest | 'rejects helm packages access' | :forbidden
:private | :not_a_member | 'rejects helm packages access' | :not_found
:private | :anonymous | 'rejects helm packages access' | :unauthorized
end
with_them do
let ( :user_headers ) { user_role == :anonymous ? { } : basic_auth_header ( user . username , personal_access_token . token ) }
let ( :headers ) { user_headers . merge ( workhorse_headers ) }
2023-05-27 22:25:52 +05:30
let ( :snowplow_gitlab_standard_context ) { snowplow_context ( user_role : user_role ) }
2021-09-30 23:02:18 +05:30
before do
project . update_column ( :visibility_level , Gitlab :: VisibilityLevel . level_value ( visibility_level . to_s ) )
end
it_behaves_like params [ :shared_examples_name ] , params [ :user_role ] , params [ :expected_status ]
end
end
context 'when an invalid token is passed' do
let ( :headers ) { basic_auth_header ( user . username , 'wrong' ) }
it_behaves_like 'returning response status' , :unauthorized
end
it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads' , accept_invalid_username : true do
let_it_be ( :job ) { create ( :ci_build , :running , user : user , project : project ) }
end
it_behaves_like 'rejects helm access with unknown project id'
context 'file size above maximum limit' do
let ( :headers ) { basic_auth_header ( deploy_token . username , deploy_token . token ) . merge ( workhorse_headers ) }
before do
allow_next_instance_of ( UploadedFile ) do | uploaded_file |
allow ( uploaded_file ) . to receive ( :size ) . and_return ( project . actual_limits . helm_max_file_size + 1 )
end
end
it_behaves_like 'returning response status' , :bad_request
end
end
2021-09-04 01:27:46 +05:30
end