debian-mirror-gitlab/spec/controllers/projects/pipeline_schedules_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

554 lines
18 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2017-08-17 22:00:37 +05:30
require 'spec_helper'
2023-04-23 21:23:45 +05:30
RSpec.describe Projects::PipelineSchedulesController, feature_category: :continuous_integration do
2017-09-10 17:25:29 +05:30
include AccessMatchersForController
2023-09-09 17:08:58 +05:30
using RSpec::Parameterized::TableSyntax
2017-09-10 17:25:29 +05:30
2019-12-21 20:55:43 +05:30
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :public, :repository) }
let_it_be(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project) }
2017-08-17 22:00:37 +05:30
2019-02-02 18:00:53 +05:30
before do
project.add_developer(user)
end
2022-05-03 16:02:30 +05:30
shared_examples 'access update schedule' do
describe 'security' do
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
it { expect { go }.to be_denied_for(:owner).of(project) }
it { expect { go }.to be_denied_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
it { expect { go }.to be_denied_for(:visitor) }
context 'when user is schedule owner' do
it { expect { go }.to be_allowed_for(:owner).of(project).own(pipeline_schedule) }
it { expect { go }.to be_allowed_for(:maintainer).of(project).own(pipeline_schedule) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:reporter).of(project).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:guest).of(project).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:user).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:external).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:visitor).own(pipeline_schedule) }
end
end
end
2023-09-09 17:08:58 +05:30
shared_examples 'protecting ref' do
where(:branch_access_levels, :tag_access_level, :maintainer_accessible, :developer_accessible) do
[:no_one_can_push, :no_one_can_merge] | :no_one_can_create | \
:be_denied_for | :be_denied_for
[:maintainers_can_push, :maintainers_can_merge] | :maintainers_can_create | \
:be_allowed_for | :be_denied_for
[:developers_can_push, :developers_can_merge] | :developers_can_create | \
:be_allowed_for | :be_allowed_for
end
with_them do
context 'when branch is protected' do
let(:ref_prefix) { 'heads' }
let(:ref_name) { 'master' }
before do
create(:protected_branch, *branch_access_levels, name: ref_name, project: project)
end
it { expect { go }.to try(maintainer_accessible, :maintainer).of(project) }
it { expect { go }.to try(developer_accessible, :developer).of(project) }
end
context 'when tag is protected' do
let(:ref_prefix) { 'tags' }
let(:ref_name) { 'v1.0.0' }
before do
create(:protected_tag, tag_access_level, name: ref_name, project: project)
end
it { expect { go }.to try(maintainer_accessible, :maintainer).of(project) }
it { expect { go }.to try(developer_accessible, :developer).of(project) }
end
end
end
2017-08-17 22:00:37 +05:30
describe 'GET #index' do
2018-03-17 18:26:18 +05:30
render_views
2017-08-17 22:00:37 +05:30
let(:scope) { nil }
2022-05-03 16:02:30 +05:30
2017-08-17 22:00:37 +05:30
let!(:inactive_pipeline_schedule) do
create(:ci_pipeline_schedule, :inactive, project: project)
end
2019-02-02 18:00:53 +05:30
before do
sign_in(user)
end
2017-08-17 22:00:37 +05:30
it 'renders the index view' do
visit_pipelines_schedules
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:ok)
2017-08-17 22:00:37 +05:30
expect(response).to render_template(:index)
end
2019-02-02 18:00:53 +05:30
it 'avoids N + 1 queries', :request_store do
2017-09-10 17:25:29 +05:30
control_count = ActiveRecord::QueryRecorder.new { visit_pipelines_schedules }.count
create_list(:ci_pipeline_schedule, 2, project: project)
expect { visit_pipelines_schedules }.not_to exceed_query_limit(control_count)
end
2017-08-17 22:00:37 +05:30
context 'when the scope is set to active' do
let(:scope) { 'active' }
before do
visit_pipelines_schedules
end
it 'only shows active pipeline schedules' do
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:ok)
2017-08-17 22:00:37 +05:30
expect(assigns(:schedules)).to include(pipeline_schedule)
expect(assigns(:schedules)).not_to include(inactive_pipeline_schedule)
end
end
def visit_pipelines_schedules
2019-02-15 15:39:39 +05:30
get :index, params: { namespace_id: project.namespace.to_param, project_id: project, scope: scope }
2017-08-17 22:00:37 +05:30
end
end
2017-09-10 17:25:29 +05:30
describe 'GET #new' do
2017-08-17 22:00:37 +05:30
before do
2017-09-10 17:25:29 +05:30
project.add_developer(user)
2017-08-17 22:00:37 +05:30
sign_in(user)
end
2017-09-10 17:25:29 +05:30
it 'initializes a pipeline schedule model' do
2019-02-15 15:39:39 +05:30
get :new, params: { namespace_id: project.namespace.to_param, project_id: project }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:ok)
2017-09-10 17:25:29 +05:30
expect(assigns(:schedule)).to be_a_new(Ci::PipelineSchedule)
end
end
describe 'POST #create' do
describe 'functionality' do
before do
project.add_developer(user)
sign_in(user)
end
let(:basic_param) do
attributes_for(:ci_pipeline_schedule)
end
context 'when variables_attributes has one variable' do
let(:schedule) do
basic_param.merge({
2019-07-31 22:56:46 +05:30
variables_attributes: [{ key: 'AAA', secret_value: 'AAA123', variable_type: 'file' }]
2017-09-10 17:25:29 +05:30
})
end
it 'creates a new schedule' do
expect { go }
.to change { Ci::PipelineSchedule.count }.by(1)
.and change { Ci::PipelineScheduleVariable.count }.by(1)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:found)
2017-09-10 17:25:29 +05:30
Ci::PipelineScheduleVariable.last.tap do |v|
expect(v.key).to eq("AAA")
expect(v.value).to eq("AAA123")
2019-07-31 22:56:46 +05:30
expect(v.variable_type).to eq("file")
2017-09-10 17:25:29 +05:30
end
end
end
2018-03-17 18:26:18 +05:30
context 'when variables_attributes has two variables and duplicated' do
2017-09-10 17:25:29 +05:30
let(:schedule) do
basic_param.merge({
2018-05-09 12:01:36 +05:30
variables_attributes: [{ key: 'AAA', secret_value: 'AAA123' },
{ key: 'AAA', secret_value: 'BBB123' }]
2017-09-10 17:25:29 +05:30
})
end
it 'returns an error that the keys of variable are duplicated' do
expect { go }
.to change { Ci::PipelineSchedule.count }.by(0)
.and change { Ci::PipelineScheduleVariable.count }.by(0)
expect(assigns(:schedule).errors['variables']).not_to be_empty
end
end
end
describe 'security' do
2023-09-09 17:08:58 +05:30
let(:schedule) { attributes_for(:ci_pipeline_schedule, ref: "refs/#{ref_prefix}/#{ref_name}") }
let(:ref_prefix) { 'heads' }
let(:ref_name) { "master" }
2017-09-10 17:25:29 +05:30
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
2022-05-03 16:02:30 +05:30
2020-04-22 19:07:51 +05:30
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2022-05-03 16:02:30 +05:30
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_allowed_for(:developer).of(project) }
2022-05-03 16:02:30 +05:30
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
it { expect { go }.to be_denied_for(:visitor) }
2023-09-09 17:08:58 +05:30
it_behaves_like 'protecting ref'
2017-09-10 17:25:29 +05:30
end
def go
2019-02-15 15:39:39 +05:30
post :create, params: { namespace_id: project.namespace.to_param, project_id: project, schedule: schedule }
2017-09-10 17:25:29 +05:30
end
end
describe 'PUT #update' do
describe 'functionality' do
let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: user) }
before do
project.add_developer(user)
sign_in(user)
end
context 'when a pipeline schedule has no variables' do
let(:basic_param) do
{ description: 'updated_desc', cron: '0 1 * * *', cron_timezone: 'UTC', ref: 'patch-x', active: true }
end
context 'when params include one variable' do
let(:schedule) do
basic_param.merge({
2018-05-09 12:01:36 +05:30
variables_attributes: [{ key: 'AAA', secret_value: 'AAA123' }]
2017-09-10 17:25:29 +05:30
})
end
it 'inserts new variable to the pipeline schedule' do
expect { go }.to change { Ci::PipelineScheduleVariable.count }.by(1)
pipeline_schedule.reload
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:found)
2017-09-10 17:25:29 +05:30
expect(pipeline_schedule.variables.last.key).to eq('AAA')
expect(pipeline_schedule.variables.last.value).to eq('AAA123')
end
end
context 'when params include two duplicated variables' do
let(:schedule) do
basic_param.merge({
2018-05-09 12:01:36 +05:30
variables_attributes: [{ key: 'AAA', secret_value: 'AAA123' },
{ key: 'AAA', secret_value: 'BBB123' }]
2017-09-10 17:25:29 +05:30
})
end
it 'returns an error that variables are duplciated' do
go
expect(assigns(:schedule).errors['variables']).not_to be_empty
end
end
end
context 'when a pipeline schedule has one variable' do
let(:basic_param) do
{ description: 'updated_desc', cron: '0 1 * * *', cron_timezone: 'UTC', ref: 'patch-x', active: true }
end
let!(:pipeline_schedule_variable) do
create(:ci_pipeline_schedule_variable,
key: 'CCC', pipeline_schedule: pipeline_schedule)
end
context 'when adds a new variable' do
let(:schedule) do
basic_param.merge({
2018-05-09 12:01:36 +05:30
variables_attributes: [{ key: 'AAA', secret_value: 'AAA123' }]
2017-09-10 17:25:29 +05:30
})
end
it 'adds the new variable' do
expect { go }.to change { Ci::PipelineScheduleVariable.count }.by(1)
pipeline_schedule.reload
expect(pipeline_schedule.variables.last.key).to eq('AAA')
end
end
context 'when adds a new duplicated variable' do
let(:schedule) do
basic_param.merge({
2023-03-04 22:38:38 +05:30
variables_attributes: [{ key: 'dup_key', secret_value: 'value_one' }, { key: 'dup_key', secret_value: 'value_two' }]
2017-09-10 17:25:29 +05:30
})
end
it 'returns an error' do
expect { go }.not_to change { Ci::PipelineScheduleVariable.count }
pipeline_schedule.reload
expect(assigns(:schedule).errors['variables']).not_to be_empty
end
end
context 'when updates a variable' do
let(:schedule) do
basic_param.merge({
2018-05-09 12:01:36 +05:30
variables_attributes: [{ id: pipeline_schedule_variable.id, secret_value: 'new_value' }]
2017-09-10 17:25:29 +05:30
})
end
it 'updates the variable' do
expect { go }.not_to change { Ci::PipelineScheduleVariable.count }
pipeline_schedule_variable.reload
expect(pipeline_schedule_variable.value).to eq('new_value')
end
end
context 'when deletes a variable' do
let(:schedule) do
basic_param.merge({
variables_attributes: [{ id: pipeline_schedule_variable.id, _destroy: true }]
})
end
it 'delete the existsed variable' do
expect { go }.to change { Ci::PipelineScheduleVariable.count }.by(-1)
end
end
context 'when deletes and creates a same key simultaneously' do
let(:schedule) do
basic_param.merge({
variables_attributes: [{ id: pipeline_schedule_variable.id, _destroy: true },
2023-03-04 22:38:38 +05:30
{ key: 'AAA', secret_value: 'AAA123' }]
2017-09-10 17:25:29 +05:30
})
end
it 'updates the variable' do
expect { go }.not_to change { Ci::PipelineScheduleVariable.count }
pipeline_schedule.reload
2023-03-04 22:38:38 +05:30
expect(pipeline_schedule.variables.last.key).to eq('AAA')
expect(pipeline_schedule.variables.last.value).to eq('AAA123')
2017-09-10 17:25:29 +05:30
end
end
end
end
describe 'security' do
let(:schedule) { { description: 'updated_desc' } }
2022-05-03 16:02:30 +05:30
it_behaves_like 'access update schedule'
2017-09-10 17:25:29 +05:30
context 'when a developer created a pipeline schedule' do
let(:developer_1) { create(:user) }
let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: developer_1) }
before do
project.add_developer(developer_1)
end
it { expect { go }.to be_allowed_for(developer_1) }
2022-05-03 16:02:30 +05:30
it { expect { go }.to be_denied_for(:owner).of(project) }
it { expect { go }.to be_denied_for(:maintainer).of(project) }
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
end
2018-11-18 11:00:15 +05:30
context 'when a maintainer created a pipeline schedule' do
let(:maintainer_1) { create(:user) }
let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: maintainer_1) }
2017-09-10 17:25:29 +05:30
before do
2018-11-18 11:00:15 +05:30
project.add_maintainer(maintainer_1)
2017-09-10 17:25:29 +05:30
end
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(maintainer_1) }
2022-05-03 16:02:30 +05:30
it { expect { go }.to be_denied_for(:owner).of(project) }
it { expect { go }.to be_denied_for(:maintainer).of(project) }
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
end
end
def go
2022-10-11 01:57:18 +05:30
put :update,
params: {
2022-05-03 16:02:30 +05:30
namespace_id: project.namespace.to_param,
project_id: project,
id: pipeline_schedule,
schedule: schedule
},
as: :html
2017-09-10 17:25:29 +05:30
end
end
describe 'GET #edit' do
describe 'functionality' do
let(:user) { create(:user) }
before do
2018-11-18 11:00:15 +05:30
project.add_maintainer(user)
2022-05-03 16:02:30 +05:30
pipeline_schedule.update!(owner: user)
2017-09-10 17:25:29 +05:30
sign_in(user)
end
it 'loads the pipeline schedule' do
2019-02-15 15:39:39 +05:30
get :edit, params: { namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id }
2017-09-10 17:25:29 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:ok)
2017-09-10 17:25:29 +05:30
expect(assigns(:schedule)).to eq(pipeline_schedule)
end
end
2022-05-03 16:02:30 +05:30
it_behaves_like 'access update schedule'
2017-09-10 17:25:29 +05:30
def go
2019-02-15 15:39:39 +05:30
get :edit, params: { namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id }
2017-09-10 17:25:29 +05:30
end
end
describe 'GET #take_ownership' do
describe 'security' do
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
2022-05-03 16:02:30 +05:30
2020-04-22 19:07:51 +05:30
it 'is denied for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2022-05-03 16:02:30 +05:30
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2022-05-03 16:02:30 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
2017-09-10 17:25:29 +05:30
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
it { expect { go }.to be_denied_for(:visitor) }
2022-05-03 16:02:30 +05:30
context 'when user is schedule owner' do
2023-05-27 22:25:52 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project).own(pipeline_schedule) }
it { expect { go }.to be_allowed_for(:maintainer).of(project).own(pipeline_schedule) }
it { expect { go }.to be_allowed_for(:developer).of(project).own(pipeline_schedule) }
2022-05-03 16:02:30 +05:30
it { expect { go }.to be_denied_for(:reporter).of(project).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:guest).of(project).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:user).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:external).own(pipeline_schedule) }
it { expect { go }.to be_denied_for(:visitor).own(pipeline_schedule) }
end
2017-09-10 17:25:29 +05:30
end
def go
2019-02-15 15:39:39 +05:30
post :take_ownership, params: { namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id }
2017-08-17 22:00:37 +05:30
end
end
2021-11-18 22:05:49 +05:30
describe 'POST #play', :clean_gitlab_redis_rate_limiting do
2023-09-09 17:08:58 +05:30
let(:ref_name) { 'master' }
2018-03-17 18:26:18 +05:30
before do
project.add_developer(user)
sign_in(user)
end
context 'when an anonymous user makes the request' do
before do
sign_out(user)
end
it 'does not allow pipeline to be executed' do
expect(RunPipelineScheduleWorker).not_to receive(:perform_async)
2023-09-09 17:08:58 +05:30
go
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2018-03-17 18:26:18 +05:30
end
end
context 'when a developer makes the request' do
it 'executes a new pipeline' do
expect(RunPipelineScheduleWorker).to receive(:perform_async).with(pipeline_schedule.id, user.id).and_return('job-123')
2023-09-09 17:08:58 +05:30
go
2018-03-17 18:26:18 +05:30
expect(flash[:notice]).to start_with 'Successfully scheduled a pipeline to run'
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2018-03-17 18:26:18 +05:30
end
it 'prevents users from scheduling the same pipeline repeatedly' do
2023-09-09 17:08:58 +05:30
2.times { go }
2018-03-17 18:26:18 +05:30
expect(flash.to_a.size).to eq(2)
2020-01-01 13:55:28 +05:30
expect(flash[:alert]).to eq _('You cannot play this scheduled pipeline at the moment. Please wait a minute.')
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2018-03-17 18:26:18 +05:30
end
end
2023-09-09 17:08:58 +05:30
describe 'security' do
let!(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, ref: "refs/#{ref_prefix}/#{ref_name}") }
2018-03-17 18:26:18 +05:30
2023-09-09 17:08:58 +05:30
it_behaves_like 'protecting ref'
end
2018-03-17 18:26:18 +05:30
2023-09-09 17:08:58 +05:30
def go
post :play, params: { namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id }
2018-03-17 18:26:18 +05:30
end
end
2017-08-17 22:00:37 +05:30
describe 'DELETE #destroy' do
context 'when a developer makes the request' do
before do
project.add_developer(user)
sign_in(user)
2019-02-15 15:39:39 +05:30
delete :destroy, params: { namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id }
2017-08-17 22:00:37 +05:30
end
it 'does not delete the pipeline schedule' do
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2017-08-17 22:00:37 +05:30
end
end
2018-11-18 11:00:15 +05:30
context 'when a maintainer makes the request' do
2017-08-17 22:00:37 +05:30
before do
2018-11-18 11:00:15 +05:30
project.add_maintainer(user)
2017-08-17 22:00:37 +05:30
sign_in(user)
end
it 'destroys the pipeline schedule' do
expect do
2019-02-15 15:39:39 +05:30
delete :destroy, params: { namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id }
2017-08-17 22:00:37 +05:30
end.to change { project.pipeline_schedules.count }.by(-1)
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2017-08-17 22:00:37 +05:30
end
end
end
end