Commit 0aa5aead authored by Robert Speicher's avatar Robert Speicher

Merge branch 'workhorse-shared-context' into 'master'

Move workhorse test params to shared context

See merge request gitlab-org/gitlab!53658
parents 03a09778 9e744e4e
...@@ -536,15 +536,14 @@ RSpec.describe API::Issues, :mailer do ...@@ -536,15 +536,14 @@ RSpec.describe API::Issues, :mailer do
include WorkhorseHelpers include WorkhorseHelpers
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
include_context 'workhorse headers'
let(:issue) { create(:incident, project: project) } let(:issue) { create(:incident, project: project) }
let(:file) { fixture_file_upload('spec/fixtures/rails_sample.jpg', 'image/jpg') } let(:file) { fixture_file_upload('spec/fixtures/rails_sample.jpg', 'image/jpg') }
let(:file_name) { 'rails_sample.jpg' } let(:file_name) { 'rails_sample.jpg' }
let(:url) { 'http://gitlab.com' } let(:url) { 'http://gitlab.com' }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:params) { { url: url } } let(:params) { { url: url } }
subject do subject do
...@@ -553,7 +552,7 @@ RSpec.describe API::Issues, :mailer do ...@@ -553,7 +552,7 @@ RSpec.describe API::Issues, :mailer do
method: :post, method: :post,
file_key: :file, file_key: :file,
params: params.merge(file: file), params: params.merge(file: file),
headers: workhorse_header, headers: workhorse_headers,
send_rewritten_field: true send_rewritten_field: true
) )
end end
......
...@@ -6,15 +6,14 @@ RSpec.describe API::ProjectImport do ...@@ -6,15 +6,14 @@ RSpec.describe API::ProjectImport do
include ExternalAuthorizationServiceHelpers include ExternalAuthorizationServiceHelpers
include WorkhorseHelpers include WorkhorseHelpers
include_context 'workhorse headers'
let(:user) { create(:user) } let(:user) { create(:user) }
let(:namespace) { create(:group) } let(:namespace) { create(:group) }
let(:file) { File.join('spec', 'features', 'projects', 'import_export', 'test_project_export.tar.gz') } let(:file) { File.join('spec', 'features', 'projects', 'import_export', 'test_project_export.tar.gz') }
let(:file_name) { 'project_export.tar.gz' } let(:file_name) { 'project_export.tar.gz' }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:file_upload) { fixture_file_upload(file) } let(:file_upload) { fixture_file_upload(file) }
before do before do
......
...@@ -5,10 +5,10 @@ require 'spec_helper' ...@@ -5,10 +5,10 @@ require 'spec_helper'
RSpec.describe Projects::RequirementsManagement::RequirementsController do RSpec.describe Projects::RequirementsManagement::RequirementsController do
include WorkhorseHelpers include WorkhorseHelpers
include_context 'workhorse headers'
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :public) } let_it_be(:project) { create(:project, :public) }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
shared_examples 'response with 404 status' do shared_examples 'response with 404 status' do
it 'returns 404' do it 'returns 404' do
......
...@@ -6,6 +6,8 @@ RSpec.describe API::GenericPackages do ...@@ -6,6 +6,8 @@ RSpec.describe API::GenericPackages do
include HttpBasicAuthHelpers include HttpBasicAuthHelpers
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
include_context 'workhorse headers'
let_it_be(:personal_access_token) { create(:personal_access_token) } let_it_be(:personal_access_token) { create(:personal_access_token) }
let_it_be(:project, reload: true) { create(:project) } let_it_be(:project, reload: true) { create(:project) }
let_it_be(:deploy_token_rw) { create(:deploy_token, read_package_registry: true, write_package_registry: true) } let_it_be(:deploy_token_rw) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
...@@ -14,8 +16,6 @@ RSpec.describe API::GenericPackages do ...@@ -14,8 +16,6 @@ RSpec.describe API::GenericPackages do
let_it_be(:project_deploy_token_ro) { create(:project_deploy_token, deploy_token: deploy_token_ro, project: project) } let_it_be(:project_deploy_token_ro) { create(:project_deploy_token, deploy_token: deploy_token_ro, project: project) }
let_it_be(:deploy_token_wo) { create(:deploy_token, read_package_registry: false, write_package_registry: true) } let_it_be(:deploy_token_wo) { create(:deploy_token, read_package_registry: false, write_package_registry: true) }
let_it_be(:project_deploy_token_wo) { create(:project_deploy_token, deploy_token: deploy_token_wo, project: project) } let_it_be(:project_deploy_token_wo) { create(:project_deploy_token, deploy_token: deploy_token_wo, project: project) }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:user) { personal_access_token.user } let(:user) { personal_access_token.user }
let(:ci_build) { create(:ci_build, :running, user: user) } let(:ci_build) { create(:ci_build, :running, user: user) }
...@@ -129,7 +129,7 @@ RSpec.describe API::GenericPackages do ...@@ -129,7 +129,7 @@ RSpec.describe API::GenericPackages do
end end
it "responds with #{params[:expected_status]}" do it "responds with #{params[:expected_status]}" do
authorize_upload_file(workhorse_header.merge(auth_header)) authorize_upload_file(workhorse_headers.merge(auth_header))
expect(response).to have_gitlab_http_status(expected_status) expect(response).to have_gitlab_http_status(expected_status)
end end
...@@ -144,7 +144,7 @@ RSpec.describe API::GenericPackages do ...@@ -144,7 +144,7 @@ RSpec.describe API::GenericPackages do
with_them do with_them do
it "responds with #{params[:expected_status]}" do it "responds with #{params[:expected_status]}" do
authorize_upload_file(workhorse_header.merge(deploy_token_auth_header)) authorize_upload_file(workhorse_headers.merge(deploy_token_auth_header))
expect(response).to have_gitlab_http_status(expected_status) expect(response).to have_gitlab_http_status(expected_status)
end end
...@@ -162,7 +162,7 @@ RSpec.describe API::GenericPackages do ...@@ -162,7 +162,7 @@ RSpec.describe API::GenericPackages do
end end
with_them do with_them do
subject { authorize_upload_file(workhorse_header.merge(personal_access_token_header), param_name => param_value) } subject { authorize_upload_file(workhorse_headers.merge(personal_access_token_header), param_name => param_value) }
it_behaves_like 'secure endpoint' it_behaves_like 'secure endpoint'
end end
...@@ -173,7 +173,7 @@ RSpec.describe API::GenericPackages do ...@@ -173,7 +173,7 @@ RSpec.describe API::GenericPackages do
stub_feature_flags(generic_packages: false) stub_feature_flags(generic_packages: false)
project.add_developer(user) project.add_developer(user)
authorize_upload_file(workhorse_header.merge(personal_access_token_header)) authorize_upload_file(workhorse_headers.merge(personal_access_token_header))
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
...@@ -239,7 +239,7 @@ RSpec.describe API::GenericPackages do ...@@ -239,7 +239,7 @@ RSpec.describe API::GenericPackages do
end end
it "responds with #{params[:expected_status]}" do it "responds with #{params[:expected_status]}" do
headers = workhorse_header.merge(auth_header) headers = workhorse_headers.merge(auth_header)
upload_file(params, headers) upload_file(params, headers)
...@@ -254,7 +254,7 @@ RSpec.describe API::GenericPackages do ...@@ -254,7 +254,7 @@ RSpec.describe API::GenericPackages do
with_them do with_them do
it "responds with #{params[:expected_status]}" do it "responds with #{params[:expected_status]}" do
headers = workhorse_header.merge(deploy_token_auth_header) headers = workhorse_headers.merge(deploy_token_auth_header)
upload_file(params, headers) upload_file(params, headers)
...@@ -270,7 +270,7 @@ RSpec.describe API::GenericPackages do ...@@ -270,7 +270,7 @@ RSpec.describe API::GenericPackages do
shared_examples 'creates a package and package file' do shared_examples 'creates a package and package file' do
it 'creates a package and package file' do it 'creates a package and package file' do
headers = workhorse_header.merge(auth_header) headers = workhorse_headers.merge(auth_header)
expect { upload_file(params, headers) } expect { upload_file(params, headers) }
.to change { project.packages.generic.count }.by(1) .to change { project.packages.generic.count }.by(1)
...@@ -324,26 +324,26 @@ RSpec.describe API::GenericPackages do ...@@ -324,26 +324,26 @@ RSpec.describe API::GenericPackages do
end end
context 'event tracking' do context 'event tracking' do
subject { upload_file(params, workhorse_header.merge(personal_access_token_header)) } subject { upload_file(params, workhorse_headers.merge(personal_access_token_header)) }
it_behaves_like 'a gitlab tracking event', described_class.name, 'push_package' it_behaves_like 'a gitlab tracking event', described_class.name, 'push_package'
end end
it 'rejects request without a file from workhorse' do it 'rejects request without a file from workhorse' do
headers = workhorse_header.merge(personal_access_token_header) headers = workhorse_headers.merge(personal_access_token_header)
upload_file({}, headers) upload_file({}, headers)
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
end end
it 'rejects request without an auth token' do it 'rejects request without an auth token' do
upload_file(params, workhorse_header) upload_file(params, workhorse_headers)
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:unauthorized)
end end
it 'rejects request without workhorse rewritten fields' do it 'rejects request without workhorse rewritten fields' do
headers = workhorse_header.merge(personal_access_token_header) headers = workhorse_headers.merge(personal_access_token_header)
upload_file(params, headers, send_rewritten_field: false) upload_file(params, headers, send_rewritten_field: false)
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
...@@ -354,7 +354,7 @@ RSpec.describe API::GenericPackages do ...@@ -354,7 +354,7 @@ RSpec.describe API::GenericPackages do
allow(uploaded_file).to receive(:size).and_return(project.actual_limits.generic_packages_max_file_size + 1) allow(uploaded_file).to receive(:size).and_return(project.actual_limits.generic_packages_max_file_size + 1)
end end
headers = workhorse_header.merge(personal_access_token_header) headers = workhorse_headers.merge(personal_access_token_header)
upload_file(params, headers) upload_file(params, headers)
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:bad_request)
...@@ -378,7 +378,7 @@ RSpec.describe API::GenericPackages do ...@@ -378,7 +378,7 @@ RSpec.describe API::GenericPackages do
end end
with_them do with_them do
subject { upload_file(params, workhorse_header.merge(personal_access_token_header), param_name => param_value) } subject { upload_file(params, workhorse_headers.merge(personal_access_token_header), param_name => param_value) }
it_behaves_like 'secure endpoint' it_behaves_like 'secure endpoint'
end end
......
...@@ -5,13 +5,13 @@ require 'spec_helper' ...@@ -5,13 +5,13 @@ require 'spec_helper'
RSpec.describe API::GroupImport do RSpec.describe API::GroupImport do
include WorkhorseHelpers include WorkhorseHelpers
include_context 'workhorse headers'
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:group) { create(:group) } let_it_be(:group) { create(:group) }
let(:path) { '/groups/import' } let(:path) { '/groups/import' }
let(:file) { File.join('spec', 'fixtures', 'group_export.tar.gz') } let(:file) { File.join('spec', 'fixtures', 'group_export.tar.gz') }
let(:export_path) { "#{Dir.tmpdir}/group_export_spec" } let(:export_path) { "#{Dir.tmpdir}/group_export_spec" }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
before do before do
allow_next_instance_of(Gitlab::ImportExport) do |import_export| allow_next_instance_of(Gitlab::ImportExport) do |import_export|
......
...@@ -4,6 +4,8 @@ require 'spec_helper' ...@@ -4,6 +4,8 @@ require 'spec_helper'
RSpec.describe API::MavenPackages do RSpec.describe API::MavenPackages do
include WorkhorseHelpers include WorkhorseHelpers
include_context 'workhorse headers'
let_it_be_with_refind(:package_settings) { create(:namespace_package_setting, :group) } let_it_be_with_refind(:package_settings) { create(:namespace_package_setting, :group) }
let_it_be(:group) { package_settings.namespace } let_it_be(:group) { package_settings.namespace }
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
...@@ -20,8 +22,7 @@ RSpec.describe API::MavenPackages do ...@@ -20,8 +22,7 @@ RSpec.describe API::MavenPackages do
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: deploy_token_for_group, group: group) } let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: deploy_token_for_group, group: group) }
let(:package_name) { 'com/example/my-app' } let(:package_name) { 'com/example/my-app' }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } let(:headers) { workhorse_headers }
let(:headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:headers_with_token) { headers.merge('Private-Token' => personal_access_token.token) } let(:headers_with_token) { headers.merge('Private-Token' => personal_access_token.token) }
let(:group_deploy_token_headers) { { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => deploy_token_for_group.token } } let(:group_deploy_token_headers) { { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => deploy_token_for_group.token } }
...@@ -548,8 +549,8 @@ RSpec.describe API::MavenPackages do ...@@ -548,8 +549,8 @@ RSpec.describe API::MavenPackages do
end end
describe 'PUT /api/v4/projects/:id/packages/maven/*path/:file_name' do describe 'PUT /api/v4/projects/:id/packages/maven/*path/:file_name' do
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } include_context 'workhorse headers'
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:send_rewritten_field) { true } let(:send_rewritten_field) { true }
let(:file_upload) { fixture_file_upload('spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.jar') } let(:file_upload) { fixture_file_upload('spec/fixtures/packages/maven/my-app-1.0-20180724.124855-1.jar') }
...@@ -602,7 +603,7 @@ RSpec.describe API::MavenPackages do ...@@ -602,7 +603,7 @@ RSpec.describe API::MavenPackages do
end end
context 'without workhorse header' do context 'without workhorse header' do
let(:workhorse_header) { {} } let(:workhorse_headers) { {} }
subject { upload_file_with_token(params: params) } subject { upload_file_with_token(params: params) }
......
...@@ -144,8 +144,8 @@ RSpec.describe API::NugetProjectPackages do ...@@ -144,8 +144,8 @@ RSpec.describe API::NugetProjectPackages do
end end
describe 'PUT /api/v4/projects/:id/packages/nuget/authorize' do describe 'PUT /api/v4/projects/:id/packages/nuget/authorize' do
let_it_be(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } include_context 'workhorse headers'
let_it_be(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:url) { "/projects/#{target.id}/packages/nuget/authorize" } let(:url) { "/projects/#{target.id}/packages/nuget/authorize" }
let(:headers) { {} } let(:headers) { {} }
...@@ -176,7 +176,7 @@ RSpec.describe API::NugetProjectPackages do ...@@ -176,7 +176,7 @@ RSpec.describe API::NugetProjectPackages do
with_them do with_them do
let(:token) { user_token ? personal_access_token.token : 'wrong' } let(:token) { user_token ? personal_access_token.token : 'wrong' }
let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) } let(:headers) { user_headers.merge(workhorse_headers) }
before do before do
update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false)) update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false))
...@@ -194,8 +194,8 @@ RSpec.describe API::NugetProjectPackages do ...@@ -194,8 +194,8 @@ RSpec.describe API::NugetProjectPackages do
end end
describe 'PUT /api/v4/projects/:id/packages/nuget' do describe 'PUT /api/v4/projects/:id/packages/nuget' do
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } include_context 'workhorse headers'
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let_it_be(:file_name) { 'package.nupkg' } let_it_be(:file_name) { 'package.nupkg' }
let(:url) { "/projects/#{target.id}/packages/nuget" } let(:url) { "/projects/#{target.id}/packages/nuget" }
let(:headers) { {} } let(:headers) { {} }
...@@ -239,7 +239,7 @@ RSpec.describe API::NugetProjectPackages do ...@@ -239,7 +239,7 @@ RSpec.describe API::NugetProjectPackages do
with_them do with_them do
let(:token) { user_token ? personal_access_token.token : 'wrong' } let(:token) { user_token ? personal_access_token.token : 'wrong' }
let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) } let(:headers) { user_headers.merge(workhorse_headers) }
before do before do
update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false)) update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false))
...@@ -256,7 +256,7 @@ RSpec.describe API::NugetProjectPackages do ...@@ -256,7 +256,7 @@ RSpec.describe API::NugetProjectPackages do
it_behaves_like 'rejects nuget access with invalid target id' it_behaves_like 'rejects nuget access with invalid target id'
context 'file size above maximum limit' do context 'file size above maximum limit' do
let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_header) } let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_headers) }
before do before do
allow_next_instance_of(UploadedFile) do |uploaded_file| allow_next_instance_of(UploadedFile) do |uploaded_file|
......
...@@ -5,13 +5,12 @@ require 'spec_helper' ...@@ -5,13 +5,12 @@ require 'spec_helper'
RSpec.describe API::ProjectImport do RSpec.describe API::ProjectImport do
include WorkhorseHelpers include WorkhorseHelpers
include_context 'workhorse headers'
let(:user) { create(:user) } let(:user) { create(:user) }
let(:file) { File.join('spec', 'features', 'projects', 'import_export', 'test_project_export.tar.gz') } let(:file) { File.join('spec', 'features', 'projects', 'import_export', 'test_project_export.tar.gz') }
let(:namespace) { create(:group) } let(:namespace) { create(:group) }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
before do before do
namespace.add_owner(user) namespace.add_owner(user)
end end
......
...@@ -74,8 +74,8 @@ RSpec.describe API::PypiPackages do ...@@ -74,8 +74,8 @@ RSpec.describe API::PypiPackages do
end end
describe 'POST /api/v4/projects/:id/packages/pypi/authorize' do describe 'POST /api/v4/projects/:id/packages/pypi/authorize' do
let_it_be(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } include_context 'workhorse headers'
let_it_be(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:url) { "/projects/#{project.id}/packages/pypi/authorize" } let(:url) { "/projects/#{project.id}/packages/pypi/authorize" }
let(:headers) { {} } let(:headers) { {} }
...@@ -106,7 +106,7 @@ RSpec.describe API::PypiPackages do ...@@ -106,7 +106,7 @@ RSpec.describe API::PypiPackages do
with_them do with_them do
let(:token) { user_token ? personal_access_token.token : 'wrong' } let(:token) { user_token ? personal_access_token.token : 'wrong' }
let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) } let(:headers) { user_headers.merge(workhorse_headers) }
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false))
...@@ -124,8 +124,8 @@ RSpec.describe API::PypiPackages do ...@@ -124,8 +124,8 @@ RSpec.describe API::PypiPackages do
end end
describe 'POST /api/v4/projects/:id/packages/pypi' do describe 'POST /api/v4/projects/:id/packages/pypi' do
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } include_context 'workhorse headers'
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let_it_be(:file_name) { 'package.whl' } let_it_be(:file_name) { 'package.whl' }
let(:url) { "/projects/#{project.id}/packages/pypi" } let(:url) { "/projects/#{project.id}/packages/pypi" }
let(:headers) { {} } let(:headers) { {} }
...@@ -170,7 +170,7 @@ RSpec.describe API::PypiPackages do ...@@ -170,7 +170,7 @@ RSpec.describe API::PypiPackages do
with_them do with_them do
let(:token) { user_token ? personal_access_token.token : 'wrong' } let(:token) { user_token ? personal_access_token.token : 'wrong' }
let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) } let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) } let(:headers) { user_headers.merge(workhorse_headers) }
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false))
...@@ -184,7 +184,7 @@ RSpec.describe API::PypiPackages do ...@@ -184,7 +184,7 @@ RSpec.describe API::PypiPackages do
let(:requires_python) { 'x' * 256 } let(:requires_python) { 'x' * 256 }
let(:token) { personal_access_token.token } let(:token) { personal_access_token.token }
let(:user_headers) { basic_auth_header(user.username, token) } let(:user_headers) { basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) } let(:headers) { user_headers.merge(workhorse_headers) }
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
...@@ -196,7 +196,7 @@ RSpec.describe API::PypiPackages do ...@@ -196,7 +196,7 @@ RSpec.describe API::PypiPackages do
context 'with an invalid package' do context 'with an invalid package' do
let(:token) { personal_access_token.token } let(:token) { personal_access_token.token }
let(:user_headers) { basic_auth_header(user.username, token) } let(:user_headers) { basic_auth_header(user.username, token) }
let(:headers) { user_headers.merge(workhorse_header) } let(:headers) { user_headers.merge(workhorse_headers) }
before do before do
params[:name] = '.$/@!^*' params[:name] = '.$/@!^*'
...@@ -213,7 +213,7 @@ RSpec.describe API::PypiPackages do ...@@ -213,7 +213,7 @@ RSpec.describe API::PypiPackages do
it_behaves_like 'rejects PyPI access with unknown project id' it_behaves_like 'rejects PyPI access with unknown project id'
context 'file size above maximum limit' do context 'file size above maximum limit' do
let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_header) } let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_headers) }
before do before do
allow_next_instance_of(UploadedFile) do |uploaded_file| allow_next_instance_of(UploadedFile) do |uploaded_file|
......
...@@ -5,12 +5,10 @@ require 'spec_helper' ...@@ -5,12 +5,10 @@ require 'spec_helper'
RSpec.describe Import::GitlabGroupsController do RSpec.describe Import::GitlabGroupsController do
include WorkhorseHelpers include WorkhorseHelpers
include_context 'workhorse headers'
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let(:import_path) { "#{Dir.tmpdir}/gitlab_groups_controller_spec" } let(:import_path) { "#{Dir.tmpdir}/gitlab_groups_controller_spec" }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_headers) do
{ 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token }
end
before do before do
allow_next_instance_of(Gitlab::ImportExport) do |import_export| allow_next_instance_of(Gitlab::ImportExport) do |import_export|
......
...@@ -5,8 +5,7 @@ require 'spec_helper' ...@@ -5,8 +5,7 @@ require 'spec_helper'
RSpec.describe Import::GitlabProjectsController do RSpec.describe Import::GitlabProjectsController do
include WorkhorseHelpers include WorkhorseHelpers
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } include_context 'workhorse headers'
let(:workhorse_headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let_it_be(:namespace) { create(:namespace) } let_it_be(:namespace) { create(:namespace) }
let_it_be(:user) { namespace.owner } let_it_be(:user) { namespace.owner }
......
...@@ -67,9 +67,9 @@ RSpec.shared_context 'conan file upload endpoints' do ...@@ -67,9 +67,9 @@ RSpec.shared_context 'conan file upload endpoints' do
include WorkhorseHelpers include WorkhorseHelpers
include HttpBasicAuthHelpers include HttpBasicAuthHelpers
include_context 'workhorse headers'
let(:jwt) { build_jwt(personal_access_token) } let(:jwt) { build_jwt(personal_access_token) }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } let(:headers_with_token) { build_token_auth_header(jwt.encoded).merge(workhorse_headers) }
let(:workhorse_header) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
let(:headers_with_token) { build_token_auth_header(jwt.encoded).merge(workhorse_header) }
let(:recipe_path) { "foo/bar/#{project.full_path.tr('/', '+')}/baz"} let(:recipe_path) { "foo/bar/#{project.full_path.tr('/', '+')}/baz"}
end end
# frozen_string_literal: true
RSpec.shared_context 'workhorse headers' do
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:workhorse_headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } }
end
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_context 'Debian repository shared context' do |object_type| RSpec.shared_context 'Debian repository shared context' do |object_type|
include_context 'workhorse headers'
before do before do
stub_feature_flags(debian_packages: true) stub_feature_flags(debian_packages: true)
end end
...@@ -37,16 +39,15 @@ RSpec.shared_context 'Debian repository shared context' do |object_type| ...@@ -37,16 +39,15 @@ RSpec.shared_context 'Debian repository shared context' do |object_type|
let(:params) { workhorse_params } let(:params) { workhorse_params }
let(:auth_headers) { {} } let(:auth_headers) { {} }
let(:workhorse_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } let(:wh_headers) do
let(:workhorse_headers) do
if method == :put if method == :put
{ 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => workhorse_token } workhorse_headers
else else
{} {}
end end
end end
let(:headers) { auth_headers.merge(workhorse_headers) } let(:headers) { auth_headers.merge(wh_headers) }
let(:send_rewritten_field) { true } let(:send_rewritten_field) { true }
......
...@@ -123,7 +123,7 @@ RSpec.shared_examples 'process nuget workhorse authorization' do |user_type, sta ...@@ -123,7 +123,7 @@ RSpec.shared_examples 'process nuget workhorse authorization' do |user_type, sta
context 'with a request that bypassed gitlab-workhorse' do context 'with a request that bypassed gitlab-workhorse' do
let(:headers) do let(:headers) do
basic_auth_header(user.username, personal_access_token.token) basic_auth_header(user.username, personal_access_token.token)
.merge(workhorse_header) .merge(workhorse_headers)
.tap { |h| h.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER) } .tap { |h| h.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER) }
end end
......
...@@ -24,7 +24,7 @@ end ...@@ -24,7 +24,7 @@ end
RSpec.shared_examples 'deploy token for package uploads' do RSpec.shared_examples 'deploy token for package uploads' do
context 'with deploy token headers' do context 'with deploy token headers' do
let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_header) } let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_headers) }
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
...@@ -35,7 +35,7 @@ RSpec.shared_examples 'deploy token for package uploads' do ...@@ -35,7 +35,7 @@ RSpec.shared_examples 'deploy token for package uploads' do
end end
context 'invalid token' do context 'invalid token' do
let(:headers) { basic_auth_header(deploy_token.username, 'bar').merge(workhorse_header) } let(:headers) { basic_auth_header(deploy_token.username, 'bar').merge(workhorse_headers) }
it_behaves_like 'returning response status', :unauthorized it_behaves_like 'returning response status', :unauthorized
end end
...@@ -102,7 +102,7 @@ end ...@@ -102,7 +102,7 @@ end
RSpec.shared_examples 'job token for package uploads' do RSpec.shared_examples 'job token for package uploads' do
context 'with job token headers' do context 'with job token headers' do
let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_header) } let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) }
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
...@@ -114,13 +114,13 @@ RSpec.shared_examples 'job token for package uploads' do ...@@ -114,13 +114,13 @@ RSpec.shared_examples 'job token for package uploads' do
end end
context 'invalid token' do context 'invalid token' do
let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, 'bar').merge(workhorse_header) } let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, 'bar').merge(workhorse_headers) }
it_behaves_like 'returning response status', :unauthorized it_behaves_like 'returning response status', :unauthorized
end end
context 'invalid user' do context 'invalid user' do
let(:headers) { basic_auth_header('foo', job.token).merge(workhorse_header) } let(:headers) { basic_auth_header('foo', job.token).merge(workhorse_headers) }
it_behaves_like 'returning response status', :unauthorized it_behaves_like 'returning response status', :unauthorized
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment