debian-mirror-gitlab/spec/requests/api/project_container_repositories_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

444 lines
15 KiB
Ruby
Raw Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2019-03-02 22:35:43 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe API::ProjectContainerRepositories do
2019-09-30 21:07:59 +05:30
include ExclusiveLeaseHelpers
2020-03-13 15:44:24 +05:30
let_it_be(:project) { create(:project, :private) }
2021-06-08 01:23:25 +05:30
let_it_be(:project2) { create(:project, :public) }
2020-03-13 15:44:24 +05:30
let_it_be(:maintainer) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:reporter) { create(:user) }
let_it_be(:guest) { create(:user) }
2021-09-30 23:02:18 +05:30
2019-03-02 22:35:43 +05:30
let(:root_repository) { create(:container_repository, :root, project: project) }
let(:test_repository) { create(:container_repository, project: project) }
2021-06-08 01:23:25 +05:30
let(:root_repository2) { create(:container_repository, :root, project: project2) }
2019-03-02 22:35:43 +05:30
2019-10-12 21:52:04 +05:30
let(:users) do
{
anonymous: nil,
developer: developer,
guest: guest,
maintainer: maintainer,
reporter: reporter
}
end
2019-03-02 22:35:43 +05:30
let(:api_user) { maintainer }
2021-06-08 01:23:25 +05:30
let(:job) { create(:ci_build, :running, user: api_user, project: project) }
let(:job2) { create(:ci_build, :running, user: api_user, project: project2) }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
let(:method) { :get }
let(:params) { {} }
2021-09-04 01:27:46 +05:30
let(:snowplow_gitlab_standard_context) { { user: api_user, project: project, namespace: project.namespace } }
2021-06-08 01:23:25 +05:30
before_all do
2019-03-02 22:35:43 +05:30
project.add_maintainer(maintainer)
project.add_developer(developer)
project.add_reporter(reporter)
project.add_guest(guest)
2021-06-08 01:23:25 +05:30
project2.add_maintainer(maintainer)
project2.add_developer(developer)
project2.add_reporter(reporter)
project2.add_guest(guest)
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
before do
2019-03-02 22:35:43 +05:30
root_repository
test_repository
2021-06-08 01:23:25 +05:30
stub_container_registry_config(enabled: true)
2021-11-18 22:05:49 +05:30
stub_container_registry_info
2021-06-08 01:23:25 +05:30
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
shared_context 'using API user' do
subject { public_send(method, api(url, api_user), params: params) }
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
shared_context 'using job token' do
before do
stub_exclusive_lease
stub_feature_flags(ci_job_token_scope: true)
2019-03-02 22:35:43 +05:30
end
2021-06-08 01:23:25 +05:30
subject { public_send(method, api(url), params: params.merge({ job_token: job.token })) }
2019-03-02 22:35:43 +05:30
end
2021-06-08 01:23:25 +05:30
shared_context 'using job token from another project' do
before do
stub_exclusive_lease
stub_feature_flags(ci_job_token_scope: true)
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
subject { public_send(method, api(url), params: { job_token: job2.token }) }
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
shared_context 'using job token while ci_job_token_scope feature flag is disabled' do
before do
stub_exclusive_lease
stub_feature_flags(ci_job_token_scope: false)
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
subject { public_send(method, api(url), params: params.merge({ job_token: job.token })) }
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
shared_examples 'rejected job token scopes' do
include_context 'using job token from another project' do
it_behaves_like 'rejected container repository access', :maintainer, :forbidden
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
include_context 'using job token while ci_job_token_scope feature flag is disabled' do
it_behaves_like 'rejected container repository access', :maintainer, :forbidden
2019-03-02 22:35:43 +05:30
end
end
2021-06-08 01:23:25 +05:30
describe 'GET /projects/:id/registry/repositories' do
let(:url) { "/projects/#{project.id}/registry/repositories" }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
['using API user', 'using job token'].each do |context|
context context do
include_context context
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'rejected container repository access', :guest, :forbidden unless context == 'using job token'
it_behaves_like 'rejected container repository access', :anonymous, :not_found
it_behaves_like 'a package tracking event', described_class.name, 'list_repositories'
2021-11-18 22:05:49 +05:30
it_behaves_like 'handling network errors with the container registry' do
let(:params) { { tags: true } }
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'returns repositories for allowed users', :reporter, 'project' do
let(:object) { project }
end
2022-07-16 23:28:13 +05:30
it_behaves_like 'returns tags for allowed users', :reporter, 'project' do
let(:object) { project }
end
2019-03-02 22:35:43 +05:30
end
end
2021-06-08 01:23:25 +05:30
include_examples 'rejected job token scopes'
2019-03-02 22:35:43 +05:30
end
2021-06-08 01:23:25 +05:30
describe 'DELETE /projects/:id/registry/repositories/:repository_id' do
let(:method) { :delete }
let(:url) { "/projects/#{project.id}/registry/repositories/#{root_repository.id}" }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
['using API user', 'using job token'].each do |context|
context context do
include_context context
2019-10-12 21:52:04 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'rejected container repository access', :developer, :forbidden
it_behaves_like 'rejected container repository access', :anonymous, :not_found
it_behaves_like 'a package tracking event', described_class.name, 'delete_repository'
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
context 'for maintainer' do
let(:api_user) { maintainer }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it 'schedules removal of repository' do
expect(DeleteContainerRepositoryWorker).to receive(:perform_async)
.with(maintainer.id, root_repository.id)
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
subject
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:accepted)
end
2019-03-02 22:35:43 +05:30
end
end
2021-06-08 01:23:25 +05:30
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
include_examples 'rejected job token scopes'
end
2020-04-08 14:13:33 +05:30
2021-06-08 01:23:25 +05:30
describe 'GET /projects/:id/registry/repositories/:repository_id/tags' do
let(:url) { "/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags" }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
['using API user', 'using job token'].each do |context|
context context do
include_context context
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'rejected container repository access', :guest, :forbidden unless context == 'using job token'
it_behaves_like 'rejected container repository access', :anonymous, :not_found
2021-11-18 22:05:49 +05:30
it_behaves_like 'handling network errors with the container registry'
2019-09-30 21:07:59 +05:30
2021-06-08 01:23:25 +05:30
context 'for reporter' do
let(:api_user) { reporter }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
before do
stub_container_registry_tags(repository: root_repository.path, tags: %w(rootA latest))
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'a package tracking event', described_class.name, 'list_tags'
2019-09-30 21:07:59 +05:30
2021-06-08 01:23:25 +05:30
it 'returns a list of tags' do
2019-09-30 21:07:59 +05:30
subject
2021-06-08 01:23:25 +05:30
expect(json_response.length).to eq(2)
expect(json_response.map { |repository| repository['name'] }).to eq %w(latest rootA)
2019-09-30 21:07:59 +05:30
end
2021-06-08 01:23:25 +05:30
it 'returns a matching schema' do
subject
2019-09-30 21:07:59 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('registry/tags')
2019-09-30 21:07:59 +05:30
end
end
2019-03-02 22:35:43 +05:30
end
2021-06-08 01:23:25 +05:30
end
2020-04-08 14:13:33 +05:30
2021-06-08 01:23:25 +05:30
include_examples 'rejected job token scopes'
end
2020-04-08 14:13:33 +05:30
2021-06-08 01:23:25 +05:30
describe 'DELETE /projects/:id/registry/repositories/:repository_id/tags' do
let(:method) { :delete }
let(:url) { "/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags" }
2020-04-08 14:13:33 +05:30
2021-06-08 01:23:25 +05:30
['using API user', 'using job token'].each do |context|
context context do
include_context context
2020-04-08 14:13:33 +05:30
2021-06-08 01:23:25 +05:30
context 'disallowed' do
let(:params) do
{ name_regex_delete: 'v10.*' }
end
2020-04-08 14:13:33 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'rejected container repository access', :developer, :forbidden
it_behaves_like 'rejected container repository access', :anonymous, :not_found
it_behaves_like 'a package tracking event', described_class.name, 'delete_tag_bulk'
2020-04-08 14:13:33 +05:30
end
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
context 'for maintainer' do
let(:api_user) { maintainer }
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
context 'without required parameters' do
it 'returns bad request' do
subject
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
end
2020-06-23 00:09:42 +05:30
end
2021-06-08 01:23:25 +05:30
context 'without name_regex' do
let(:params) do
{ keep_n: 100,
older_than: '1 day',
other: 'some value' }
end
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
it 'returns bad request' do
subject
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
end
2020-06-23 00:09:42 +05:30
end
2021-06-08 01:23:25 +05:30
context 'passes all declared parameters' do
let(:params) do
{ name_regex_delete: 'v10.*',
name_regex_keep: 'v10.1.*',
keep_n: 100,
older_than: '1 day',
other: 'some value' }
end
let(:worker_params) do
{ name_regex: nil,
name_regex_delete: 'v10.*',
name_regex_keep: 'v10.1.*',
keep_n: 100,
2022-07-16 23:28:13 +05:30
older_than: '1 day' }
2021-06-08 01:23:25 +05:30
end
let(:lease_key) { "container_repository:cleanup_tags:#{root_repository.id}" }
it 'schedules cleanup of tags repository' do
stub_last_activity_update
expect(CleanupContainerRepositoryWorker).to receive(:perform_async)
.with(maintainer.id, root_repository.id, worker_params)
subject
expect(response).to have_gitlab_http_status(:accepted)
end
context 'called multiple times in one hour', :clean_gitlab_redis_shared_state do
it 'returns 400 with an error message' do
stub_exclusive_lease_taken(lease_key, timeout: 1.hour)
subject
expect(response).to have_gitlab_http_status(:bad_request)
expect(response.body).to include('This request has already been made.')
end
it 'executes service only for the first time' do
expect(CleanupContainerRepositoryWorker).to receive(:perform_async).once
2.times { subject }
end
end
end
context 'with deprecated name_regex param' do
let(:params) do
{ name_regex: 'v10.*',
name_regex_keep: 'v10.1.*',
keep_n: 100,
older_than: '1 day',
other: 'some value' }
end
let(:worker_params) do
{ name_regex: 'v10.*',
name_regex_delete: nil,
name_regex_keep: 'v10.1.*',
keep_n: 100,
2022-07-16 23:28:13 +05:30
older_than: '1 day' }
2021-06-08 01:23:25 +05:30
end
it 'schedules cleanup of tags repository' do
stub_last_activity_update
expect(CleanupContainerRepositoryWorker).to receive(:perform_async)
.with(maintainer.id, root_repository.id, worker_params)
subject
expect(response).to have_gitlab_http_status(:accepted)
end
end
context 'with invalid regex' do
let(:invalid_regex) { '*v10.' }
RSpec.shared_examples 'rejecting the invalid regex' do |param_name|
it 'does not enqueue a job' do
expect(CleanupContainerRepositoryWorker).not_to receive(:perform_async)
subject
end
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'returning response status', :bad_request
2020-06-23 00:09:42 +05:30
2021-06-08 01:23:25 +05:30
it 'returns an error message' do
subject
expect(json_response['error']).to include("#{param_name} is an invalid regexp")
end
end
before do
stub_last_activity_update
end
%i[name_regex_delete name_regex name_regex_keep].each do |param_name|
context "for #{param_name}" do
let(:params) { { param_name => invalid_regex } }
it_behaves_like 'rejecting the invalid regex', param_name
end
end
2020-06-23 00:09:42 +05:30
end
end
end
2019-03-02 22:35:43 +05:30
end
2021-06-08 01:23:25 +05:30
include_examples 'rejected job token scopes'
2019-03-02 22:35:43 +05:30
end
describe 'GET /projects/:id/registry/repositories/:repository_id/tags/:tag_name' do
2021-06-08 01:23:25 +05:30
let(:url) { "/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags/rootA" }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
['using API user', 'using job token'].each do |context|
context context do
include_context context
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'rejected container repository access', :guest, :forbidden unless context == 'using job token'
it_behaves_like 'rejected container repository access', :anonymous, :not_found
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
context 'for reporter' do
let(:api_user) { reporter }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
before do
stub_container_registry_tags(repository: root_repository.path, tags: %w(rootA), with_manifest: true)
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it 'returns a details of tag' do
subject
expect(json_response).to include(
'name' => 'rootA',
'digest' => 'sha256:4c8e63ca4cb663ce6c688cb06f1c372b088dac5b6d7ad7d49cd620d85cf72a15',
'revision' => 'd7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac',
'total_size' => 2319870)
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it 'returns a matching schema' do
subject
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('registry/tag')
end
end
2019-03-02 22:35:43 +05:30
end
end
2021-06-08 01:23:25 +05:30
include_examples 'rejected job token scopes'
2019-03-02 22:35:43 +05:30
end
describe 'DELETE /projects/:id/registry/repositories/:repository_id/tags/:tag_name' do
2021-06-08 01:23:25 +05:30
let(:method) { :delete }
let(:url) { "/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags/rootA" }
2019-12-21 20:55:43 +05:30
let(:service) { double('service') }
2021-06-08 01:23:25 +05:30
['using API user', 'using job token'].each do |context|
context context do
include_context context
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it_behaves_like 'rejected container repository access', :reporter, :forbidden
it_behaves_like 'rejected container repository access', :anonymous, :not_found
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
context 'for developer', :snowplow do
let(:api_user) { developer }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
context 'when there are multiple tags' do
before do
stub_container_registry_tags(repository: root_repository.path, tags: %w(rootA rootB), with_manifest: true)
end
2019-12-21 20:55:43 +05:30
2021-06-08 01:23:25 +05:30
it 'properly removes tag' do
expect(service).to receive(:execute).with(root_repository) { { status: :success } }
expect(Projects::ContainerRepository::DeleteTagsService).to receive(:new).with(root_repository.project, api_user, tags: %w[rootA]) { service }
2019-12-21 20:55:43 +05:30
2021-06-08 01:23:25 +05:30
subject
2019-12-21 20:55:43 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:ok)
2021-09-04 01:27:46 +05:30
expect_snowplow_event(category: described_class.name, action: 'delete_tag', project: project, user: api_user, namespace: project.namespace)
2021-06-08 01:23:25 +05:30
end
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
context 'when there\'s only one tag' do
before do
stub_container_registry_tags(repository: root_repository.path, tags: %w(rootA), with_manifest: true)
end
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
it 'properly removes tag' do
expect(service).to receive(:execute).with(root_repository) { { status: :success } }
expect(Projects::ContainerRepository::DeleteTagsService).to receive(:new).with(root_repository.project, api_user, tags: %w[rootA]) { service }
2019-03-02 22:35:43 +05:30
2021-06-08 01:23:25 +05:30
subject
2019-12-21 20:55:43 +05:30
2021-06-08 01:23:25 +05:30
expect(response).to have_gitlab_http_status(:ok)
2021-09-04 01:27:46 +05:30
expect_snowplow_event(category: described_class.name, action: 'delete_tag', project: project, user: api_user, namespace: project.namespace)
2021-06-08 01:23:25 +05:30
end
end
2019-12-21 20:55:43 +05:30
end
2019-03-02 22:35:43 +05:30
end
end
2021-06-08 01:23:25 +05:30
include_examples 'rejected job token scopes'
2019-03-02 22:35:43 +05:30
end
end