PageRenderTime 36ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/ee/spec/lib/gitlab/ci/templates/dast_api_latest_gitlab_ci_yaml_spec.rb

https://gitlab.com/zillemarco/gitlab
Ruby | 130 lines | 117 code | 6 blank | 7 comment | 0 complexity | f7d3feefe8c18b9079811bc26ea9881e MD5 | raw file
    

  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'spec_helper'
    4. 

  4. 

  5. RSpec.describe 'DAST-API.latest.gitlab-ci.yml' do
    6. 

  6.   subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('DAST-API.latest') }
    7. 

  7. 

  8.   specify { expect(template).not_to be_nil }
    9. 

  9. 

  10.   describe 'the template file' do
    11. 

  11.     let(:template_filename) { Rails.root.join("lib/gitlab/ci/templates/" + template.full_name) }
    12. 

  12.     let(:contents) { File.read(template_filename) }
    13. 

  13.     let(:production_registry) { 'DAST_API_IMAGE: api-security' }
    14. 

  14.     let(:staging_registry) { 'DAST_API_IMAGE: api-fuzzing-src' }
    15. 

  15. 

  16.     # Make sure future changes to the template use the production container registry.
    17. 

  17.     #
    18. 

  18.     # The DAST API template is developed against a dev container registry.
    19. 

  19.     # The registry is switched when releasing new versions. The difference in
    20. 

  20.     # names between development and production is also quite small making it
    21. 

  21.     # easy to miss during review.
    22. 

  22.     it 'uses the production repository' do
    23. 

  23.       expect(contents.include?(production_registry)).to be true
    24. 

  24.     end
    25. 

  25. 

  26.     it "doesn't use the staging repository" do
    27. 

  27.       expect(contents.include?(staging_registry)).to be false
    28. 

  28.     end
    29. 

  29.   end
    30. 

  30. 

  31.   describe 'the created pipeline' do
    32. 

  32.     let(:default_branch) { 'master' }
    33. 

  33.     let(:pipeline_branch) { default_branch }
    34. 

  34.     let_it_be(:project) { create(:project, :custom_repo, files: { 'README.txt' => '' }) }
    35. 

  35. 

  36.     let(:user) { project.first_owner }
    37. 

  37.     let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
    38. 

  38.     let(:pipeline) { service.execute!(:push).payload }
    39. 

  39.     let(:build_names) { pipeline.builds.pluck(:name) }
    40. 

  40. 

  41.     before do
    42. 

  42.       allow_next_instance_of(Ci::BuildScheduleWorker) do |worker|
    43. 

  43.         allow(worker).to receive(:perform).and_return(true)
    44. 

  44.       end
    45. 

  45. 

  46.       allow(project).to receive(:default_branch).and_return(default_branch)
    47. 

  47.     end
    48. 

  48. 

  49.     context 'when no stages' do
    50. 

  50.       before do
    51. 

  51.         stub_ci_pipeline_yaml_file(template.content)
    52. 

  52.       end
    53. 

  53. 

  54.       context 'when project has no stages' do
    55. 

  55.         it 'includes no jobs' do
    56. 

  56.           expect(build_names).to be_empty
    57. 

  57.         end
    58. 

  58.       end
    59. 

  59.     end
    60. 

  60. 

  61.     context 'when stages includes dast' do
    62. 

  62.       let(:ci_pipeline_yaml) { "stages: [\"dast\"]\n" }
    63. 

  63. 

  64.       before do
    65. 

  65.         stub_ci_pipeline_yaml_file(ci_pipeline_yaml + template.content)
    66. 

  66.       end
    67. 

  67. 

  68.       context 'when project has no license' do
    69. 

  69.         before do
    70. 

  70.           create(:ci_variable, project: project, key: 'DAST_API_HAR', value: 'testing.har')
    71. 

  71.           create(:ci_variable, project: project, key: 'DAST_API_TARGET_URL', value: 'http://example.com')
    72. 

  72.         end
    73. 

  73. 

  74.         it 'includes job to display error' do
    75. 

  75.           expect(build_names).to match_array(%w[dast_api])
    76. 

  76.         end
    77. 

  77.       end
    78. 

  78. 

  79.       context 'when project has Ultimate license' do
    80. 

  80.         before do
    81. 

  81.           stub_licensed_features(dast: true)
    82. 

  82.         end
    83. 

  83. 

  84.         context 'by default' do
    85. 

  85.           it 'includes a job' do
    86. 

  86.             expect(build_names).to match_array(%w[dast_api])
    87. 

  87.           end
    88. 

  88.         end
    89. 

  89. 

  90.         context 'when DAST_API_DISABLED=1' do
    91. 

  91.           before do
    92. 

  92.             create(:ci_variable, project: project, key: 'DAST_API_DISABLED', value: '1')
    93. 

  93.             create(:ci_variable, project: project, key: 'DAST_API_HAR', value: 'testing.har')
    94. 

  94.             create(:ci_variable, project: project, key: 'DAST_API_TARGET_URL', value: 'http://example.com')
    95. 

  95.           end
    96. 

  96. 

  97.           it 'includes no jobs' do
    98. 

  98.             expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
    99. 

  99.           end
    100. 

  100.         end
    101. 

  101. 

  102.         context 'when CI_GITLAB_FIPS_MODE=false' do
    103. 

  103.           let(:build_dast_api) { pipeline.builds.find_by(name: 'dast_api') }
    104. 

  104.           let(:build_variables) { build_dast_api.variables.pluck(:key, :value) }
    105. 

  105. 

  106.           before do
    107. 

  107.             create(:ci_variable, project: project, key: 'CI_GITLAB_FIPS_MODE', value: 'false')
    108. 

  108.           end
    109. 

  109. 

  110.           it 'sets DAST_API_IMAGE_SUFFIX to ""' do
    111. 

  111.             expect(build_variables).to be_include(['DAST_API_IMAGE_SUFFIX', ''])
    112. 

  112.           end
    113. 

  113.         end
    114. 

  114. 

  115.         context 'when CI_GITLAB_FIPS_MODE=true' do
    116. 

  116.           let(:build_dast_api) { pipeline.builds.find_by(name: 'dast_api') }
    117. 

  117.           let(:build_variables) { build_dast_api.variables.pluck(:key, :value) }
    118. 

  118. 

  119.           before do
    120. 

  120.             create(:ci_variable, project: project, key: 'CI_GITLAB_FIPS_MODE', value: 'true')
    121. 

  121.           end
    122. 

  122. 

  123.           it 'sets DAST_API_IMAGE_SUFFIX to "-fips"' do
    124. 

  124.             expect(build_variables).to be_include(['DAST_API_IMAGE_SUFFIX', '-fips'])
    125. 

  125.           end
    126. 

  126.         end
    127. 

  127.       end
    128. 

  128.     end
    129. 

  129.   end
    130. 

  130. end
    131. 

  131.