Commit 58d7b33a authored by Andrejs Cunskis's avatar Andrejs Cunskis

Merge branch 'mask-tokens-package-job-logs' into 'master'

Avoid leaking token data in CI logs

See merge request gitlab-org/gitlab!83526
parents 1270174a e3094dc6
......@@ -3,6 +3,8 @@
module QA
RSpec.describe 'Package', :orchestrated, :skip_live_env do
describe 'Self-managed Container Registry' do
include Support::Helpers::MaskToken
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'project-with-registry'
......@@ -110,9 +112,9 @@ module QA
let(:auth_token) do
case authentication_token_type
when :personal_access_token
"\"#{personal_access_token}\""
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token, project: project)
when :project_deploy_token
"\"#{project_deploy_token.token}\""
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: project)
when :ci_job_token
'$CI_JOB_TOKEN'
end
......
......@@ -5,6 +5,7 @@ module QA
describe 'Helm Registry' do
using RSpec::Parameterized::TableSyntax
include Runtime::Fixtures
include Support::Helpers::MaskToken
include_context 'packages registry qa scenario'
let(:package_name) { "gitlab_qa_helm-#{SecureRandom.hex(8)}" }
......@@ -32,11 +33,13 @@ module QA
let(:access_token) do
case authentication_token_type
when :personal_access_token
personal_access_token
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token, project: package_project)
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token, project: client_project)
when :ci_job_token
'${CI_JOB_TOKEN}'
when :project_deploy_token
project_deploy_token.token
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: package_project)
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: client_project)
end
end
......
......@@ -5,6 +5,7 @@ module QA
describe 'npm instance level endpoint' do
using RSpec::Parameterized::TableSyntax
include Runtime::Fixtures
include Support::Helpers::MaskToken
let!(:registry_scope) { Runtime::Namespace.sandbox_name }
let!(:personal_access_token) do
......@@ -78,11 +79,13 @@ module QA
let(:auth_token) do
case authentication_token_type
when :personal_access_token
"\"#{personal_access_token}\""
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token, project: project)
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token, project: another_project)
when :ci_job_token
'${CI_JOB_TOKEN}'
when :project_deploy_token
"\"#{project_deploy_token.token}\""
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: project)
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: another_project)
end
end
......
......@@ -5,6 +5,7 @@ module QA
describe 'npm project level endpoint' do
using RSpec::Parameterized::TableSyntax
include Runtime::Fixtures
include Support::Helpers::MaskToken
let!(:registry_scope) { Runtime::Namespace.sandbox_name }
let!(:personal_access_token) do
......@@ -69,11 +70,11 @@ module QA
let(:auth_token) do
case authentication_token_type
when :personal_access_token
"\"#{personal_access_token}\""
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token, project: project)
when :ci_job_token
'${CI_JOB_TOKEN}'
when :project_deploy_token
"\"#{project_deploy_token.token}\""
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: project)
end
end
......
......@@ -5,6 +5,7 @@ module QA
describe 'NuGet group level endpoint' do
using RSpec::Parameterized::TableSyntax
include Runtime::Fixtures
include Support::Helpers::MaskToken
let(:project) do
Resource::Project.fabricate_via_api! do |project|
......@@ -61,6 +62,8 @@ module QA
after do
runner.remove_via_api!
package.remove_via_api!
project.remove_via_api!
another_project.remove_via_api!
end
where(:case_name, :authentication_token_type, :token_name, :testcase) do
......@@ -73,11 +76,13 @@ module QA
let(:auth_token_password) do
case authentication_token_type
when :personal_access_token
"\"#{personal_access_token.token}\""
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token.token, project: project)
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token.token, project: another_project)
when :ci_job_token
'${CI_JOB_TOKEN}'
when :group_deploy_token
"\"#{group_deploy_token.token}\""
use_ci_variable(name: 'GROUP_DEPLOY_TOKEN', value: group_deploy_token.token, project: project)
use_ci_variable(name: 'GROUP_DEPLOY_TOKEN', value: group_deploy_token.token, project: another_project)
end
end
......
......@@ -3,6 +3,8 @@
module QA
RSpec.describe 'Package', :orchestrated, :packages, :object_storage do
describe 'NuGet project level endpoint' do
include Support::Helpers::MaskToken
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'nuget-package-project'
......@@ -77,11 +79,11 @@ module QA
let(:auth_token_password) do
case authentication_token_type
when :personal_access_token
"\"#{personal_access_token.token}\""
use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: personal_access_token.token, project: project)
when :ci_job_token
'${CI_JOB_TOKEN}'
when :project_deploy_token
"\"#{project_deploy_token.token}\""
use_ci_variable(name: 'PROJECT_DEPLOY_TOKEN', value: project_deploy_token.token, project: project)
end
end
......
......@@ -4,6 +4,7 @@ module QA
RSpec.describe 'Package', :orchestrated, :packages, :object_storage do
describe 'PyPI Repository' do
include Runtime::Fixtures
include Support::Helpers::MaskToken
let(:project) do
Resource::Project.fabricate_via_api! do |project|
......@@ -30,7 +31,7 @@ module QA
let(:uri) { URI.parse(Runtime::Scenario.gitlab_address) }
let(:gitlab_address_with_port) { "#{uri.scheme}://#{uri.host}:#{uri.port}" }
let(:gitlab_host_with_port) { "#{uri.host}:#{uri.port}" }
let(:personal_access_token) { Runtime::Env.personal_access_token }
let(:personal_access_token) { use_ci_variable(name: 'PERSONAL_ACCESS_TOKEN', value: Runtime::Env.personal_access_token, project: project) }
before do
Flow::Login.sign_in
......
# frozen_string_literal: true
module QA
module Support
module Helpers
module MaskToken
def use_ci_variable(name:, value:, project:)
Resource::CiVariable.fabricate_via_api! do |ci_variable|
ci_variable.project = project
ci_variable.key = name
ci_variable.value = value
ci_variable.protected = true
end
"$#{name}"
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment