2020-04-22 19:07:51 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
RSpec.describe API::Terraform::State, :snowplow, feature_category: :infrastructure_as_code do
|
2020-06-23 00:09:42 +05:30
|
|
|
include HttpBasicAuthHelpers
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
let_it_be(:project) { create(:project) }
|
|
|
|
let_it_be(:developer) { create(:user, developer_projects: [project]) }
|
|
|
|
let_it_be(:maintainer) { create(:user, maintainer_projects: [project]) }
|
|
|
|
|
|
|
|
let(:current_user) { maintainer }
|
2020-06-23 00:09:42 +05:30
|
|
|
let(:auth_header) { user_basic_auth_header(current_user) }
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:project_id) { project.id }
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
let(:state_name) { "some-state" }
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:state_path) { "/projects/#{project_id}/terraform/state/#{state_name}" }
|
2023-03-04 22:38:38 +05:30
|
|
|
let!(:state) do
|
|
|
|
create(:terraform_state, :with_version, project: project, name: URI.decode_www_form_component(state_name))
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
before do
|
2021-01-03 14:25:43 +05:30
|
|
|
stub_terraform_state_object_storage
|
2023-05-27 22:25:52 +05:30
|
|
|
stub_config(terraform_state: { enabled: true })
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
2021-03-08 18:12:59 +05:30
|
|
|
shared_examples 'endpoint with unique user tracking' do
|
|
|
|
context 'without authentication' do
|
|
|
|
let(:auth_header) { basic_auth_header('bad', 'token') }
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
it 'does not track unique hll event' do
|
2021-03-08 18:12:59 +05:30
|
|
|
expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event)
|
|
|
|
|
|
|
|
request
|
|
|
|
end
|
2022-07-23 23:45:48 +05:30
|
|
|
|
|
|
|
it 'does not track Snowplow event' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect_no_snowplow_event
|
|
|
|
end
|
2021-03-08 18:12:59 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'with maintainer permissions' do
|
|
|
|
let(:current_user) { maintainer }
|
|
|
|
|
2021-03-11 19:13:27 +05:30
|
|
|
it_behaves_like 'tracking unique hll events' do
|
2022-05-07 20:08:51 +05:30
|
|
|
let(:target_event) { 'p_terraform_state_api_unique_users' }
|
|
|
|
let(:expected_value) { instance_of(Integer) }
|
2021-03-08 18:12:59 +05:30
|
|
|
end
|
2022-07-23 23:45:48 +05:30
|
|
|
|
2023-01-13 00:05:48 +05:30
|
|
|
it_behaves_like 'Snowplow event tracking with RedisHLL context' do
|
|
|
|
subject(:api_request) { request }
|
|
|
|
|
|
|
|
let(:category) { described_class.name }
|
|
|
|
let(:action) { 'terraform_state_api_request' }
|
|
|
|
let(:label) { 'redis_hll_counters.terraform.p_terraform_state_api_unique_users_monthly' }
|
|
|
|
let(:namespace) { project.namespace.reload }
|
|
|
|
let(:user) { current_user }
|
|
|
|
let(:context) do
|
|
|
|
payload = Gitlab::Tracking::ServicePingContext.new(data_source: :redis_hll,
|
|
|
|
event: 'p_terraform_state_api_unique_users').to_context
|
|
|
|
[Gitlab::Json.dump(payload)]
|
2022-07-23 23:45:48 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_context 'cannot access a state that is scheduled for deletion' do
|
|
|
|
before do
|
|
|
|
state.update!(deleted_at: Time.current)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns unprocessable entity' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
2021-03-08 18:12:59 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
describe 'GET /projects/:id/terraform/state/:name' do
|
|
|
|
subject(:request) { get api(state_path), headers: auth_header }
|
|
|
|
|
2021-03-08 18:12:59 +05:30
|
|
|
it_behaves_like 'endpoint with unique user tracking'
|
2023-05-27 22:25:52 +05:30
|
|
|
it_behaves_like 'it depends on value of the `terraform_state.enabled` config'
|
2021-03-08 18:12:59 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
context 'without authentication' do
|
2020-06-23 00:09:42 +05:30
|
|
|
let(:auth_header) { basic_auth_header('bad', 'token') }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
it 'returns 401 if user is not authenticated' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
shared_examples 'can access terraform state' do
|
|
|
|
it 'returns terraform state of a project of given state name' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response.body).to eq(state.reload.latest_file.read)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'personal access token authentication' do
|
2020-06-23 00:09:42 +05:30
|
|
|
context 'with maintainer permissions' do
|
|
|
|
let(:current_user) { maintainer }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
where(given_state_name: %w[test-state test.state test%2Ffoo])
|
|
|
|
with_them do
|
|
|
|
it_behaves_like 'can access terraform state' do
|
|
|
|
let(:state_name) { given_state_name }
|
|
|
|
end
|
|
|
|
end
|
2020-06-23 00:09:42 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
context 'allow_dots_on_tf_state_names is disabled, and the state name contains a dot' do
|
|
|
|
let(:state_name) { 'state-name-with-dot' }
|
|
|
|
let(:state_path) { "/projects/#{project_id}/terraform/state/#{state_name}.tfstate" }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'can access terraform state'
|
2020-06-23 00:09:42 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'for a project that does not exist' do
|
|
|
|
let(:project_id) { '0000' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
it 'returns not found' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
2022-07-23 23:45:48 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
context 'with invalid state name' do
|
|
|
|
let(:state_name) { 'foo/bar' }
|
|
|
|
|
|
|
|
it 'returns a 404 error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
it_behaves_like 'cannot access a state that is scheduled for deletion'
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
context 'with developer permissions' do
|
|
|
|
let(:current_user) { developer }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it_behaves_like 'can access terraform state'
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
context 'job token authentication' do
|
|
|
|
let(:auth_header) { job_basic_auth_header(job) }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
context 'with maintainer permissions' do
|
2020-09-03 11:15:55 +05:30
|
|
|
let(:job) { create(:ci_build, status: :running, project: project, user: maintainer) }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it_behaves_like 'can access terraform state'
|
2020-06-23 00:09:42 +05:30
|
|
|
|
2020-09-03 11:15:55 +05:30
|
|
|
it 'returns unauthorized if the the job is not running' do
|
|
|
|
job.update!(status: :failed)
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
context 'for a project that does not exist' do
|
|
|
|
let(:project_id) { '0000' }
|
|
|
|
|
|
|
|
it 'returns not found' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with developer permissions' do
|
2020-09-03 11:15:55 +05:30
|
|
|
let(:job) { create(:ci_build, status: :running, project: project, user: developer) }
|
2020-06-23 00:09:42 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it_behaves_like 'can access terraform state'
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST /projects/:id/terraform/state/:name' do
|
2021-01-29 00:20:46 +05:30
|
|
|
let(:params) { { 'instance': 'example-instance', 'serial': state.latest_version.version + 1 } }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
subject(:request) { post api(state_path), headers: auth_header, as: :json, params: params }
|
|
|
|
|
2021-03-08 18:12:59 +05:30
|
|
|
it_behaves_like 'endpoint with unique user tracking'
|
2023-05-27 22:25:52 +05:30
|
|
|
it_behaves_like 'it depends on value of the `terraform_state.enabled` config'
|
2021-03-08 18:12:59 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
context 'when terraform state with a given name is already present' do
|
|
|
|
context 'with maintainer permissions' do
|
|
|
|
let(:current_user) { maintainer }
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
where(given_state_name: %w[test-state test.state test%2Ffoo])
|
|
|
|
with_them do
|
|
|
|
let(:state_name) { given_state_name }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'updates the state' do
|
|
|
|
expect { request }.to change { Terraform::State.count }.by(0)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(Gitlab::Json.parse(response.body)).to be_empty
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with invalid state name' do
|
|
|
|
let(:state_name) { 'foo/bar' }
|
|
|
|
|
|
|
|
it 'returns a 404 error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
2022-01-26 12:08:38 +05:30
|
|
|
|
|
|
|
context 'when serial already exists' do
|
|
|
|
let(:params) { { 'instance': 'example-instance', 'serial': state.latest_version.version } }
|
|
|
|
|
|
|
|
it 'returns unprocessable entity' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
|
|
|
end
|
|
|
|
end
|
2022-07-23 23:45:48 +05:30
|
|
|
|
|
|
|
it_behaves_like 'cannot access a state that is scheduled for deletion'
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'without body' do
|
|
|
|
let(:params) { nil }
|
|
|
|
|
|
|
|
it 'returns no content if no body is provided' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:no_content)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with developer permissions' do
|
|
|
|
let(:current_user) { developer }
|
|
|
|
|
|
|
|
it 'returns forbidden' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when there is no terraform state of a given name' do
|
2023-03-04 22:38:38 +05:30
|
|
|
let(:non_existing_state_name) { 'non-existing-state' }
|
|
|
|
let(:non_existing_state_path) { "/projects/#{project_id}/terraform/state/#{non_existing_state_name}" }
|
|
|
|
|
|
|
|
subject(:request) { post api(non_existing_state_path), headers: auth_header, as: :json, params: params }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
context 'with maintainer permissions' do
|
|
|
|
let(:current_user) { maintainer }
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
where(given_state_name: %w[test-state test.state test%2Ffoo])
|
|
|
|
with_them do
|
|
|
|
let(:state_name) { given_state_name }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'creates a new state' do
|
|
|
|
expect { request }.to change { Terraform::State.count }.by(1)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(Gitlab::Json.parse(response.body)).to be_empty
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'allow_dots_on_tf_state_names is disabled, and the state name contains a dot' do
|
|
|
|
let(:non_existing_state_name) { 'state-name-with-dot.tfstate' }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'strips characters after the dot' do
|
|
|
|
expect { request }.to change { Terraform::State.count }.by(1)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(Terraform::State.last.name).to eq('state-name-with-dot')
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without body' do
|
|
|
|
let(:params) { nil }
|
|
|
|
|
|
|
|
it 'returns no content if no body is provided' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:no_content)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with developer permissions' do
|
|
|
|
let(:current_user) { developer }
|
|
|
|
|
|
|
|
it 'returns forbidden' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2021-01-29 00:20:46 +05:30
|
|
|
|
|
|
|
context 'when using job token authentication' do
|
|
|
|
let(:job) { create(:ci_build, status: :running, project: project, user: maintainer) }
|
|
|
|
let(:auth_header) { job_basic_auth_header(job) }
|
|
|
|
|
|
|
|
it 'associates the job with the newly created state version' do
|
|
|
|
expect { request }.to change { state.versions.count }.by(1)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(state.reload_latest_version.build).to eq(job)
|
|
|
|
end
|
|
|
|
end
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
describe 'response depending on the max allowed state size' do
|
|
|
|
let(:current_user) { maintainer }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_application_setting(max_terraform_state_size_bytes: max_allowed_state_size)
|
|
|
|
|
|
|
|
request
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the max allowed state size is unlimited (set as 0)' do
|
|
|
|
let(:max_allowed_state_size) { 0 }
|
|
|
|
|
|
|
|
it 'returns a success response' do
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the max allowed state size is greater than the request state size' do
|
|
|
|
let(:max_allowed_state_size) { params.to_json.size + 1 }
|
|
|
|
|
|
|
|
it 'returns a success response' do
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the max allowed state size is equal to the request state size' do
|
|
|
|
let(:max_allowed_state_size) { params.to_json.size }
|
|
|
|
|
|
|
|
it 'returns a success response' do
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the max allowed state size is less than the request state size' do
|
|
|
|
let(:max_allowed_state_size) { params.to_json.size - 1 }
|
|
|
|
|
|
|
|
it "returns a 'payload too large' response" do
|
|
|
|
expect(response).to have_gitlab_http_status(:payload_too_large)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE /projects/:id/terraform/state/:name' do
|
|
|
|
subject(:request) { delete api(state_path), headers: auth_header }
|
|
|
|
|
2021-03-08 18:12:59 +05:30
|
|
|
it_behaves_like 'endpoint with unique user tracking'
|
2023-05-27 22:25:52 +05:30
|
|
|
it_behaves_like 'it depends on value of the `terraform_state.enabled` config'
|
2021-03-08 18:12:59 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
shared_examples 'schedules the state for deletion' do
|
|
|
|
it 'returns empty body' do
|
2022-07-23 23:45:48 +05:30
|
|
|
expect(Terraform::States::TriggerDestroyService).to receive(:new).and_return(deletion_service)
|
|
|
|
expect(deletion_service).to receive(:execute).once
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
request
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2020-11-05 12:06:23 +05:30
|
|
|
expect(Gitlab::Json.parse(response.body)).to be_empty
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
2023-03-04 22:38:38 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'with maintainer permissions' do
|
|
|
|
let(:current_user) { maintainer }
|
|
|
|
let(:deletion_service) { instance_double(Terraform::States::TriggerDestroyService) }
|
|
|
|
|
|
|
|
where(given_state_name: %w[test-state test.state test%2Ffoo])
|
|
|
|
with_them do
|
|
|
|
let(:state_name) { given_state_name }
|
|
|
|
|
|
|
|
it_behaves_like 'schedules the state for deletion'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'allow_dots_on_tf_state_names is disabled, and the state name contains a dot' do
|
|
|
|
let(:state_name) { 'state-name-with-dot' }
|
|
|
|
let(:state_name_with_dot) { "#{state_name}.tfstate" }
|
|
|
|
let(:state_path) { "/projects/#{project_id}/terraform/state/#{state_name_with_dot}" }
|
|
|
|
|
|
|
|
before do
|
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'schedules the state for deletion'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with invalid state name' do
|
|
|
|
let(:state_name) { 'foo/bar' }
|
|
|
|
|
|
|
|
it 'returns a 404 error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
2022-07-23 23:45:48 +05:30
|
|
|
|
|
|
|
it_behaves_like 'cannot access a state that is scheduled for deletion'
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'with developer permissions' do
|
|
|
|
let(:current_user) { developer }
|
|
|
|
|
|
|
|
it 'returns forbidden' do
|
|
|
|
expect { request }.to change { Terraform::State.count }.by(0)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
describe 'POST /projects/:id/terraform/state/:name/lock' do
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
ID: '123-456',
|
|
|
|
Version: '0.1',
|
|
|
|
Operation: 'OperationTypePlan',
|
|
|
|
Info: '',
|
2023-01-13 00:05:48 +05:30
|
|
|
Who: current_user.username.to_s,
|
2020-04-22 19:07:51 +05:30
|
|
|
Created: Time.now.utc.iso8601(6),
|
|
|
|
Path: ''
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
subject(:request) { post api("#{state_path}/lock"), headers: auth_header, params: params }
|
|
|
|
|
2021-03-08 18:12:59 +05:30
|
|
|
it_behaves_like 'endpoint with unique user tracking'
|
2022-07-23 23:45:48 +05:30
|
|
|
it_behaves_like 'cannot access a state that is scheduled for deletion'
|
2021-03-08 18:12:59 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
context 'with invalid state name' do
|
|
|
|
let(:state_name) { 'foo/bar' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'returns a 404 error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
2020-07-28 23:09:34 +05:30
|
|
|
|
|
|
|
context 'state is already locked' do
|
|
|
|
before do
|
|
|
|
state.update!(lock_xid: 'locked', locked_by_user: current_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns an error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:conflict)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'user does not have permission to lock the state' do
|
|
|
|
let(:current_user) { developer }
|
|
|
|
|
|
|
|
it 'returns an error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
|
|
|
end
|
|
|
|
end
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
where(given_state_name: %w[test-state test%2Ffoo])
|
|
|
|
with_them do
|
|
|
|
let(:state_name) { given_state_name }
|
|
|
|
|
|
|
|
it 'locks the terraform state' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a dot in the state name' do
|
|
|
|
let(:state_name) { 'test.state' }
|
|
|
|
|
|
|
|
context 'with allow_dots_on_tf_state_names ff enabled' do
|
|
|
|
before do
|
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: true)
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:state_name) { 'test.state' }
|
|
|
|
|
|
|
|
it 'locks the terraform state' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with allow_dots_on_tf_state_names ff disabled' do
|
|
|
|
before do
|
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE /projects/:id/terraform/state/:name/lock' do
|
2020-07-28 23:09:34 +05:30
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
ID: lock_id,
|
|
|
|
Version: '0.1',
|
|
|
|
Operation: 'OperationTypePlan',
|
|
|
|
Info: '',
|
2023-01-13 00:05:48 +05:30
|
|
|
Who: current_user.username.to_s,
|
2020-07-28 23:09:34 +05:30
|
|
|
Created: Time.now.utc.iso8601(6),
|
|
|
|
Path: ''
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
before do
|
2023-03-04 22:38:38 +05:30
|
|
|
state.lock_xid = '123.456'
|
2020-04-22 19:07:51 +05:30
|
|
|
state.save!
|
2023-03-04 22:38:38 +05:30
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: true)
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
subject(:request) { delete api("#{state_path}/lock"), headers: auth_header, params: params }
|
|
|
|
|
2021-03-08 18:12:59 +05:30
|
|
|
it_behaves_like 'endpoint with unique user tracking' do
|
|
|
|
let(:lock_id) { 'irrelevant to this test, just needs to be present' }
|
|
|
|
end
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
it_behaves_like 'cannot access a state that is scheduled for deletion' do
|
|
|
|
let(:lock_id) { 'irrelevant to this test, just needs to be present' }
|
|
|
|
end
|
|
|
|
|
2023-05-27 22:25:52 +05:30
|
|
|
it_behaves_like 'it depends on value of the `terraform_state.enabled` config' do
|
|
|
|
let(:lock_id) { '123.456' }
|
|
|
|
end
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
where(given_state_name: %w[test-state test.state test%2Ffoo])
|
|
|
|
with_them do
|
|
|
|
let(:state_name) { given_state_name }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
context 'with the correct lock id' do
|
|
|
|
let(:lock_id) { '123.456' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'removes the terraform state lock' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with allow_dots_on_tf_state_names ff disabled' do
|
|
|
|
before do
|
|
|
|
stub_feature_flags(allow_dots_on_tf_state_names: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with dots in the state name' do
|
|
|
|
let(:lock_id) { '123.456' }
|
|
|
|
let(:state_name) { 'test.state' }
|
|
|
|
|
|
|
|
it 'returns 404' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with no lock id (force-unlock)' do
|
|
|
|
let(:params) { {} }
|
|
|
|
|
|
|
|
it 'removes the terraform state lock' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
context 'with invalid state name' do
|
|
|
|
let(:lock_id) { '123.456' }
|
|
|
|
let(:state_name) { 'foo/bar' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'returns a 404 error' do
|
2020-04-22 19:07:51 +05:30
|
|
|
request
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with an incorrect lock id' do
|
2023-03-04 22:38:38 +05:30
|
|
|
let(:lock_id) { '456.789' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
it 'returns an error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:conflict)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a longer than 255 character lock id' do
|
2020-07-28 23:09:34 +05:30
|
|
|
let(:lock_id) { '0' * 256 }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
it 'returns an error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
|
|
|
end
|
2020-07-28 23:09:34 +05:30
|
|
|
|
|
|
|
context 'user does not have permission to unlock the state' do
|
2023-03-04 22:38:38 +05:30
|
|
|
let(:lock_id) { '123.456' }
|
2020-07-28 23:09:34 +05:30
|
|
|
let(:current_user) { developer }
|
|
|
|
|
|
|
|
it 'returns an error' do
|
|
|
|
request
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:forbidden)
|
|
|
|
end
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
end
|