Merge branch '30595-api-for-protected-environments' into 'master'

Resolve "API for protected environments" See merge request gitlab-org/gitlab!22336

Merge branch '30595-api-for-protected-environments' into 'master'
Resolve "API for protected environments" See merge request gitlab-org/gitlab!22336
ea128cdc · Bob Van Landuyt · 33ecd17c · 63cbdce4 · ea128cdc · ea128cdc
Commit ea128cdc authored Jan 23, 2020 by Bob Van Landuyt
6 changed files
--- a/ee/lib/api/protected_environments.rb
+++ b/ee/lib/api/protected_environments.rb
+# frozen_string_literal: true
+
+module API
+  class ProtectedEnvironments < Grape::API
+    include PaginationParams
+
+    ENVIRONMENT_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(name: API::NO_SLASH_URL_PART_REGEX)
+
+    before { authorize_admin_project }
+
+    before do
+      not_found! unless Feature.enabled?(:protected_environments_api, user_project)
+    end
+
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+
+    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
+      desc "Get a project's protected environments" do
+        detail 'This feature is gated by the :protected_environments_api feature flag.'
+        success ::EE::API::Entities::ProtectedEnvironment
+      end
+      params do
+        use :pagination
+      end
+      get ':id/protected_environments' do
+        protected_environments = user_project.protected_environments.sorted_by_name
+
+        present paginate(protected_environments), with: ::EE::API::Entities::ProtectedEnvironment, project: user_project
+      end
+
+      desc 'Get a single protected environment' do
+        detail 'This feature is gated by the :protected_environments_api feature flag.'
+        success ::EE::API::Entities::ProtectedEnvironment
+      end
+      params do
+        requires :name, type: String, desc: 'The name of the protected environment'
+      end
+      get ':id/protected_environments/:name', requirements: ENVIRONMENT_ENDPOINT_REQUIREMENTS do
+        protected_environment = user_project.protected_environments.find_by_name!(params[:name])
+
+        present protected_environment, with: ::EE::API::Entities::ProtectedEnvironment, project: user_project
+      end
+    end
+  end
+end
--- a/ee/lib/ee/api/api.rb
+++ b/ee/lib/ee/api/api.rb
@@ -50,6 +50,7 @@ module EE
        mount ::API::Dependencies
        mount ::API::VisualReviewDiscussions
        mount ::API::Analytics::CodeReviewAnalytics
+        mount ::API::ProtectedEnvironments

        version 'v3', using: :path do
          # Although the following endpoints are kept behind V3 namespace,

--- a/ee/lib/ee/api/entities.rb
+++ b/ee/lib/ee/api/entities.rb
@@ -117,6 +117,11 @@ module EE
        end
      end

+      class ProtectedEnvironment < Grape::Entity
+        expose :name
+        expose :deploy_access_levels, using: ::API::Entities::ProtectedRefAccess
+      end
+
      module IssueBasic
        extend ActiveSupport::Concern


--- a/ee/spec/fixtures/api/schemas/public_api/v4/protected_environment.json
+++ b/ee/spec/fixtures/api/schemas/public_api/v4/protected_environment.json
+{
+  "type": "object",
+  "required": [
+    "name",
+    "deploy_access_levels"
+  ],
+  "properties": {
+    "name": { "type": "string" },
+    "deploy_access_levels": { "type": "array", "items": { "$ref": "protected_ref_access.json" } }
+  },
+  "additionalProperties": false
+}
--- a/ee/spec/fixtures/api/schemas/public_api/v4/protected_ref_access.json
+++ b/ee/spec/fixtures/api/schemas/public_api/v4/protected_ref_access.json
+{
+  "type": "object",
+  "required": [ "access_level_description" ],
+  "properties": {
+    "access_level": { "type": ["integer", "null"] },
+    "access_level_description": { "type": ["string", "null"] },
+    "user_id": { "type": ["integer", "null"] },
+    "group_id": { "type": ["integer", "null"] }
+  },
+  "additionalProperties": false
+}
--- a/ee/spec/requests/api/protected_environments_spec.rb
+++ b/ee/spec/requests/api/protected_environments_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe API::ProtectedEnvironments do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :repository) }
+  let(:protected_environment_name) { 'production' }
+
+  before do
+    create(:protected_environment, :maintainers_can_deploy, project: project, name: protected_environment_name)
+  end
+
+  shared_examples 'requests for non-maintainers' do
+    context 'when authenticated as a guest' do
+      before do
+        project.add_guest(user)
+      end
+
+      it_behaves_like '403 response'
+    end
+
+    context 'when authenticated as a developer' do
+      before do
+        project.add_developer(user)
+      end
+
+      it_behaves_like '403 response'
+    end
+
+    context 'when authenticated as a reporter' do
+      before do
+        project.add_reporter(user)
+      end
+
+      it_behaves_like '403 response'
+    end
+
+    context 'when user has no access to project' do
+      it_behaves_like '404 response'
+    end
+
+    context 'when unauthenticated' do
+      let(:user) { nil }
+
+      it_behaves_like '404 response'
+    end
+  end
+
+  describe "GET /projects/:id/protected_environments" do
+    let(:route) { "/projects/#{project.id}/protected_environments" }
+    let(:request) { get api(route, user), params: { per_page: 100 } }
+
+    context 'when authenticated as a maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it 'returns the protected environments' do
+        request
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to include_pagination_headers
+        expect(json_response).to be_an Array
+
+        protected_environment_names = json_response.map { |x| x['name'] }
+        expect(protected_environment_names).to match_array([protected_environment_name])
+      end
+
+      context 'when feature is disabled' do
+        before do
+          stub_feature_flags(protected_environments_api: false)
+        end
+
+        it_behaves_like '404 response'
+      end
+    end
+
+    it_behaves_like 'requests for non-maintainers'
+  end
+
+  describe "GET /projects/:id/protected_environments/:environment" do
+    let(:requested_environment_name) { protected_environment_name }
+    let(:route) { "/projects/#{project.id}/protected_environments/#{requested_environment_name}" }
+    let(:request) { get api(route, user) }
+
+    context 'when authenticated as a maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it 'returns the protected environment' do
+        request
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to match_response_schema('public_api/v4/protected_environment', dir: 'ee')
+        expect(json_response['name']).to eq(protected_environment_name)
+        expect(json_response['deploy_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)
+      end
+
+      context 'when protected environment does not exist' do
+        let(:requested_environment_name) { 'unknown' }
+
+        it_behaves_like '404 response' do
+          let(:message) { '404 Not found' }
+        end
+      end
+    end
+
+    it_behaves_like 'requests for non-maintainers'
+  end
+end