Merge branch '205302-update-model-and-finder-tests' into 'master'

Support 'license_scanning' in model tests See merge request gitlab-org/gitlab!27828

Merge branch '205302-update-model-and-finder-tests' into 'master'
Support 'license_scanning' in model tests See merge request gitlab-org/gitlab!27828
befbd1f4 · James Fargher · c036703a · eaa6119c · befbd1f4 · befbd1f4
Commit befbd1f4 authored Apr 01, 2020 by James Fargher
13 changed files
--- a/ee/spec/factories/ci/builds.rb
+++ b/ee/spec/factories/ci/builds.rb
@@ -96,13 +96,13 @@ FactoryBot.define do
      end
    end

-    trait :license_management_feature_branch do
+    trait :license_scanning_feature_branch do
      after(:build) do |build|
-        build.job_artifacts << create(:ee_ci_job_artifact, :license_management_feature_branch, job: build)
+        build.job_artifacts << create(:ee_ci_job_artifact, :license_scanning_feature_branch, job: build)
      end
    end

-    trait :corrupted_license_management_report do
+    trait :corrupted_license_scanning_report do
      after(:build) do |build|
        build.job_artifacts << create(:ee_ci_job_artifact, :license_scan, :with_corrupted_data, job: build)
      end

--- a/ee/spec/factories/ci/job_artifacts.rb
+++ b/ee/spec/factories/ci/job_artifacts.rb
@@ -159,13 +159,13 @@ FactoryBot.define do
      end
    end

-    trait :license_management_feature_branch do
-      file_type { :license_management }
+    trait :license_scanning_feature_branch do
+      file_type { :license_scanning }
      file_format { :raw }

      after(:build) do |artifact, _|
        artifact.file = fixture_file_upload(
-          Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json'), 'application/json')
+          Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-license-scanning-report.json'), 'application/json')
      end
    end

@@ -300,7 +300,7 @@ FactoryBot.define do
    end

    trait :license_scan do
-      file_type { :license_management }
+      file_type { :license_scanning }
      file_format { :raw }
    end


--- a/ee/spec/factories/ci/pipelines.rb
+++ b/ee/spec/factories/ci/pipelines.rb
@@ -69,7 +69,7 @@ FactoryBot.define do
      status { :success }

      after(:build) do |pipeline, evaluator|
-        pipeline.builds << build(:ee_ci_build, :license_management_feature_branch, pipeline: pipeline, project: pipeline.project)
+        pipeline.builds << build(:ee_ci_build, :license_scanning_feature_branch, pipeline: pipeline, project: pipeline.project)
      end
    end

@@ -77,7 +77,7 @@ FactoryBot.define do
      status { :success }

      after(:build) do |pipeline, evaluator|
-        pipeline.builds << build(:ee_ci_build, :corrupted_license_management_report, pipeline: pipeline, project: pipeline.project)
+        pipeline.builds << build(:ee_ci_build, :corrupted_license_scanning_report, pipeline: pipeline, project: pipeline.project)
      end
    end


--- a/ee/spec/features/projects/licenses/maintainer_views_policies_spec.rb
+++ b/ee/spec/features/projects/licenses/maintainer_views_policies_spec.rb
@@ -29,7 +29,7 @@ describe 'EE > Projects > Licenses > Maintainer views policies', :js do
    let_it_be(:mit) { create(:software_license, :mit) }
    let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
    let_it_be(:pipeline) { create(:ee_ci_pipeline, project: project, builds: [create(:ee_ci_build, :license_scan_v2, :success)]) }
-    let(:report) { JSON.parse(fixture_file('security_reports/gl-license-management-report-v2.json', dir: 'ee')) }
+    let(:report) { JSON.parse(fixture_file('security_reports/gl-license-scanning-report-v2.json', dir: 'ee')) }
    let(:known_licenses) { report['licenses'].find_all { |license| license['url'].present? } }

    it 'displays licenses detected in the most recent scan report' do

--- a/ee/spec/finders/security/license_management_jobs_finder_spec.rb
+++ b/ee/spec/finders/security/license_management_jobs_finder_spec.rb
@@ -6,25 +6,19 @@ describe Security::LicenseManagementJobsFinder do
  it_behaves_like ::Security::JobsFinder, described_class.allowed_job_types

  describe "#execute" do
-    let(:pipeline) { create(:ci_pipeline) }
-    let(:finder) { described_class.new(pipeline: pipeline) }
-
    subject { finder.execute }

-    context 'with multiple secure builds' do
-      let!(:sast_build) { create(:ci_build, :sast, pipeline: pipeline) }
-      let!(:container_scanning_build) { create(:ci_build, :container_scanning, pipeline: pipeline) }
-      let!(:dast_build) { create(:ci_build, :dast, pipeline: pipeline) }
-
-      let!(:license_management_build) { create(:ci_build, :license_management, pipeline: pipeline) }
+    let(:pipeline) { create(:ci_pipeline) }
+    let(:finder) { described_class.new(pipeline: pipeline) }

-      it 'returns only the license_management jobs' do
-        is_expected.to include(license_management_build)
+    let!(:sast_build) { create(:ci_build, :sast, pipeline: pipeline) }
+    let!(:container_scanning_build) { create(:ci_build, :container_scanning, pipeline: pipeline) }
+    let!(:dast_build) { create(:ci_build, :dast, pipeline: pipeline) }
+    let!(:license_scanning_build) { create(:ci_build, :license_scanning, pipeline: pipeline) }
+    let!(:license_management_build) { create(:ci_build, :license_management, pipeline: pipeline) }

-        is_expected.not_to include(container_scanning_build)
-        is_expected.not_to include(dast_build)
-        is_expected.not_to include(sast_build)
-      end
+    it 'returns only the license_scanning jobs' do
+      is_expected.to contain_exactly(license_scanning_build, license_management_build)
    end
  end
 end
--- a/ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json
+++ b/ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json
--- a/ee/spec/fixtures/security_reports/gl-license-management-report-v1.1.json
+++ b/ee/spec/fixtures/security_reports/gl-license-management-report-v1.1.json
--- a/ee/spec/fixtures/security_reports/gl-license-management-report-v2.json
+++ b/ee/spec/fixtures/security_reports/gl-license-management-report-v2.json
--- a/ee/spec/lib/gitlab/ci/parsers/license_compliance/license_scanning_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/license_compliance/license_scanning_spec.rb
@@ -42,7 +42,7 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
    end

    context 'when parsing a valid v1.1 report' do
-      let(:v1_1_data) { fixture_file('security_reports/gl-license-management-report-v1.1.json', dir: 'ee') }
+      let(:v1_1_data) { fixture_file('security_reports/gl-license-scanning-report-v1.1.json', dir: 'ee') }

      before do
        subject.parse!(v1_1_data, report)
@@ -74,7 +74,7 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
    end

    context 'when parsing a valid v2 report' do
-      let(:v2_data) { fixture_file('security_reports/gl-license-management-report-v2.json', dir: 'ee') }
+      let(:v2_data) { fixture_file('security_reports/gl-license-scanning-report-v2.json', dir: 'ee') }

      before do
        subject.parse!(v2_data, report)

--- a/ee/spec/lib/gitlab/ci/reports/license_scanning/report_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/license_scanning/report_spec.rb
@@ -279,7 +279,7 @@ describe Gitlab::Ci::Reports::LicenseScanning::Report do
    context 'when parsing a v2 report' do
      subject { described_class.parse_from(v2_json) }

-      let(:v2_json) { fixture_file('security_reports/gl-license-management-report-v2.json', dir: 'ee') }
+      let(:v2_json) { fixture_file('security_reports/gl-license-scanning-report-v2.json', dir: 'ee') }

      it { expect(subject.version).to eql('2.0') }
      it { expect(subject.licenses.count).to eq(3) }

--- a/ee/spec/models/ci/build_spec.rb
+++ b/ee/spec/models/ci/build_spec.rb
@@ -203,8 +203,22 @@ describe Ci::Build do

    it { expect(license_scanning_report.licenses.count).to eq(0) }

-    context 'when build has a license management report' do
-      context 'when there is a license scanning report' do
+    context 'when build has a license scanning report' do
+      context 'when there is a new type report' do
+        before do
+          create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
+        end
+
+        it 'parses blobs and add the results to the report' do
+          expect { subject }.not_to raise_error
+
+          expect(license_scanning_report.licenses.count).to eq(4)
+          expect(license_scanning_report.licenses.map(&:name)).to contain_exactly("Apache 2.0", "MIT", "New BSD", "unknown")
+          expect(license_scanning_report.licenses.find { |x| x.name == 'MIT' }.dependencies.count).to eq(52)
+        end
+      end
+
+      context 'when there is an old type report' do
        before do
          create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
        end
@@ -218,7 +232,7 @@ describe Ci::Build do
        end
      end

-      context 'when there is a corrupted license management report' do
+      context 'when there is a corrupted report' do
        before do
          create(:ee_ci_job_artifact, :license_scan, :with_corrupted_data, job: job, project: job.project)
        end
@@ -231,7 +245,7 @@ describe Ci::Build do
      context 'when Feature flag is disabled for License Scanning reports parsing' do
        before do
          stub_feature_flags(parse_license_management_reports: false)
-          create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
+          create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
        end

        it 'does NOT parse license scanning report' do
@@ -241,10 +255,10 @@ describe Ci::Build do
        end
      end

-      context 'when the license management feature is disabled' do
+      context 'when the license scanning feature is disabled' do
        before do
          stub_licensed_features(license_scanning: false)
-          create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
+          create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
        end

        it 'does NOT parse license scanning report' do
@@ -289,7 +303,7 @@ describe Ci::Build do
  end

  describe '#collect_licenses_for_dependency_list!' do
-    let!(:lm_artifact) { create(:ee_ci_job_artifact, :license_management, job: job, project: job.project) }
+    let!(:license_scan_artifact) { create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project) }
    let(:dependency_list_report) { Gitlab::Ci::Reports::DependencyList::Report.new }
    let(:dependency) { build(:dependency, :nokogiri) }

@@ -378,7 +392,7 @@ describe Ci::Build do
  describe ".license_scan" do
    it 'returns only license artifacts' do
      create(:ci_build, job_artifacts: [create(:ci_job_artifact, :zip)])
-      build_with_license_scan = create(:ci_build, job_artifacts: [create(:ci_job_artifact, file_type: :license_management, file_format: :raw)])
+      build_with_license_scan = create(:ci_build, job_artifacts: [create(:ci_job_artifact, file_type: :license_scanning, file_format: :raw)])

      expect(described_class.license_scan).to contain_exactly(build_with_license_scan)
    end

--- a/ee/spec/models/ci/pipeline_spec.rb
+++ b/ee/spec/models/ci/pipeline_spec.rb
@@ -250,14 +250,9 @@ describe Ci::Pipeline do
      stub_licensed_features(license_scanning: true)
    end

-    context 'when pipeline has multiple builds with license management reports' do
-      let!(:build_1) { create(:ci_build, :success, name: 'license_management', pipeline: pipeline, project: project) }
-      let!(:build_2) { create(:ci_build, :success, name: 'license_management2', pipeline: pipeline, project: project) }
-
-      before do
-        create(:ee_ci_job_artifact, :license_management, job: build_1, project: project)
-        create(:ee_ci_job_artifact, :license_management_feature_branch, job: build_2, project: project)
-      end
+    context 'when pipeline has multiple builds with license scanning reports' do
+      let!(:build_1) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }
+      let!(:build_2) { create(:ee_ci_build, :success, :license_scanning_feature_branch, pipeline: pipeline, project: project) }

      it 'returns a license scanning report with collected data' do
        expect(subject.licenses.count).to eq(5)
@@ -265,8 +260,10 @@ describe Ci::Pipeline do
      end

      context 'when builds are retried' do
-        let!(:build_1) { create(:ci_build, :retried, :success, name: 'license_management', pipeline: pipeline, project: project) }
-        let!(:build_2) { create(:ci_build, :retried, :success, name: 'license_management2', pipeline: pipeline, project: project) }
+        before do
+          build_1.update(retried: true)
+          build_2.update(retried: true)
+        end

        it 'does not take retried builds into account' do
          expect(subject.licenses).to be_empty
@@ -274,7 +271,7 @@ describe Ci::Pipeline do
      end
    end

-    context 'when pipeline does not have any builds with license management reports' do
+    context 'when pipeline does not have any builds with license scanning reports' do
      it 'returns an empty license scanning report' do
        expect(subject.licenses).to be_empty
      end
@@ -289,10 +286,8 @@ describe Ci::Pipeline do
    end

    context 'when pipeline has a build with dependency list reports' do
-      let!(:build) { create(:ci_build, :success, name: 'dependency_list', pipeline: pipeline, project: project) }
-      let!(:artifact) { create(:ee_ci_job_artifact, :dependency_list, job: build, project: project) }
-      let!(:build2) { create(:ci_build, :success, name: 'license_management', pipeline: pipeline, project: project) }
-      let!(:artifact2) { create(:ee_ci_job_artifact, :license_management, job: build, project: project) }
+      let!(:build) { create(:ee_ci_build, :success, :dependency_list, pipeline: pipeline, project: project) }
+      let!(:build2) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }

      it 'returns a dependency list report with collected data' do
        expect(subject.dependencies.count).to eq(21)
@@ -301,8 +296,9 @@ describe Ci::Pipeline do
      end

      context 'when builds are retried' do
-        let!(:build) { create(:ci_build, :retried, :success, name: 'dependency_list', pipeline: pipeline, project: project) }
-        let!(:artifact) { create(:ee_ci_job_artifact, :dependency_list, job: build, project: project) }
+        before do
+          build.update(retried: true)
+        end

        it 'does not take retried builds into account' do
          expect(subject.dependencies).to be_empty

--- a/ee/spec/models/sca/license_compliance_spec.rb
+++ b/ee/spec/models/sca/license_compliance_spec.rb
@@ -43,13 +43,13 @@ RSpec.describe SCA::LicenseCompliance do

      context "when the license scan job has not finished" do
        let(:builds) { [create(:ci_build, :running, job_artifacts: [artifact])] }
-        let(:artifact) { create(:ci_job_artifact, file_type: :license_management, file_format: :raw) }
+        let(:artifact) { create(:ci_job_artifact, file_type: :license_scanning, file_format: :raw) }

        it { expect(subject.policies).to be_empty }
      end

      context "when the license scan produces a poorly formatted report" do
-        let(:builds) { [create(:ee_ci_build, :running, :corrupted_license_management_report)] }
+        let(:builds) { [create(:ee_ci_build, :running, :corrupted_license_scanning_report)] }

        it { expect(subject.policies).to be_empty }
      end