Verify that rack attack logging does not perform additional queries

There is a user lookup in the rack attack logging code, but if there is a user, we will have already looked up their details earlier in the request cycle. That means that this will use the ActiveRecord cache and not actually hit the database again. This spec ensures we don't add more queries when logging than we do when simply running normally.

Verify that rack attack logging does not perform additional queries
There is a user lookup in the rack attack logging code, but if there is a user, we will have already looked up their details earlier in the request cycle. That means that this will use the ActiveRecord cache and not actually hit the database again. This spec ensures we don't add more queries when logging than we do when simply running normally.
adfdaeb8 · Sean McGivern · 81642e91 · adfdaeb8
Commit adfdaeb8 authored Oct 28, 2020 by Sean McGivern
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 7 deletions

spec/support/shared_examples/requests/rack_attack_shared_examples.rb ...t/shared_examples/requests/rack_attack_shared_examples.rb +22 -7

No files found.
--- a/spec/support/shared_examples/requests/rack_attack_shared_examples.rb
+++ b/spec/support/shared_examples/requests/rack_attack_shared_examples.rb
@@ -81,8 +81,15 @@ RSpec.shared_examples 'rate-limited token-authenticated requests' do
    end

    it 'logs RackAttack info into structured logs' do
-      requests_per_period.times do
-        make_request(request_args)
+      control_count = 0
+
+      requests_per_period.times do |i|
+        if i == 0
+          control_count = ActiveRecord::QueryRecorder.new { make_request(request_args) }.count
+        else
+          make_request(request_args)
+        end
+
        expect(response).not_to have_gitlab_http_status(:too_many_requests)
      end

@@ -99,7 +106,9 @@ RSpec.shared_examples 'rate-limited token-authenticated requests' do

      expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once

-      expect_rejection { make_request(request_args) }
+      expect_rejection do
+        expect { make_request(request_args) }.not_to exceed_query_limit(control_count)
+      end
    end
  end

@@ -210,8 +219,15 @@ RSpec.shared_examples 'rate-limited web authenticated requests' do
    end

    it 'logs RackAttack info into structured logs' do
-      requests_per_period.times do
-        request_authenticated_web_url
+      control_count = 0
+
+      requests_per_period.times do |i|
+        if i == 0
+          control_count = ActiveRecord::QueryRecorder.new { request_authenticated_web_url }.count
+        else
+          request_authenticated_web_url
+        end
+
        expect(response).not_to have_gitlab_http_status(:too_many_requests)
      end

@@ -227,8 +243,7 @@ RSpec.shared_examples 'rate-limited web authenticated requests' do
      }

      expect(Gitlab::AuthLogger).to receive(:error).with(arguments).once
-
-      request_authenticated_web_url
+      expect { request_authenticated_web_url }.not_to exceed_query_limit(control_count)
    end
  end