Merge branch 'qa/rate_limits_spec' into 'master'

Proposes change to rate_limits_spec

See merge request gitlab-org/gitlab!81333

qa/qa/runtime/api/client.rb

@@ -8,12 +8,11 @@ module QA
 
         AuthorizationError = Class.new(RuntimeError)
 
-        def initialize(address = :gitlab, personal_access_token: nil, is_new_session: true, user: nil, ip_limits: false)
+        def initialize(address = :gitlab, personal_access_token: nil, is_new_session: true, user: nil)
           @address = address
           @personal_access_token = personal_access_token
           @is_new_session = is_new_session
           @user = user
-          enable_ip_limits if ip_limits
         end
 
         # Personal access token
@@ -68,24 +67,6 @@ module QA
 
         private
 
-        def enable_ip_limits
-          Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform { |p| p.has_personal_area?(wait: 0) }
-
-          Runtime::Browser.visit(@address, Page::Main::Login)
-          Page::Main::Login.perform(&:sign_in_using_admin_credentials)
-          Page::Main::Menu.perform(&:go_to_admin_area)
-          Page::Admin::Menu.perform(&:go_to_network_settings)
-
-          Page::Admin::Settings::Network.perform do |setting|
-            setting.expand_ip_limits do |page|
-              page.enable_throttles
-              page.save_settings
-            end
-          end
-
-          Page::Main::Menu.perform(&:sign_out)
-        end
-
         # Create PAT
         #
         # Use api if admin personal access token is present and skip any UI actions otherwise perform creation via UI

qa/qa/specs/features/api/1_manage/rate_limits_spec.rb

 # frozen_string_literal: true
 
-require 'airborne'
-
 module QA
-  RSpec.describe 'Manage with IP rate limits', :requires_admin, :skip_live_env do
-    describe 'Users API' do
-      let(:api_client) { Runtime::API::Client.new(:gitlab, ip_limits: true) }
-      let(:request) { Runtime::API::Request.new(api_client, '/users') }
+  RSpec.describe 'Manage', :requires_admin, :skip_live_env, except: { job: 'review-qa-*' } do
+    describe 'rate limits' do
+      let(:rate_limited_user) { Resource::User.fabricate_via_api! }
+      let(:api_client) { Runtime::API::Client.new(:gitlab, user: rate_limited_user) }
+      let!(:request) { Runtime::API::Request.new(api_client, '/users') }
+
+      after do
+        rate_limited_user.remove_via_api!
+      end
 
-      it 'GET /users', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347881' do
+      it 'throttles authenticated api requests by user', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347881' do
+        with_application_settings(
+          throttle_authenticated_api_requests_per_period: 5,
+          throttle_authenticated_api_period_in_seconds: 60,
+          throttle_authenticated_api_enabled: true
+        ) do
           5.times do
-          get request.url
-          expect_status(200)
+            res = RestClient.get request.url
+            expect(res.code).to be(200)
+          end
+
+          expect { RestClient.get request.url }.to raise_error do |e|
+            expect(e.class).to be(RestClient::TooManyRequests)
           end
         end
       end
     end
+
+    private
+
+    def with_application_settings(**hargs)
+      QA::Runtime::ApplicationSettings.set_application_settings(**hargs)
+      yield
+    ensure
+      QA::Runtime::ApplicationSettings.restore_application_settings(*hargs.keys)
+    end
+  end
 end