Commit f51eb540 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'api-push-rules' into 'master'

Add more push rules to the API

Closes #493 and #948

See merge request !1022
parents 9887ff42 5da06598
---
title: Add more push rules to the API
merge_request: 1022
author: Robert Schilling
......@@ -1429,7 +1429,12 @@ Parameters:
"project_id": 3,
"commit_message_regex": "Fixes \d +\",
"deny_delete_tag": false,
"created_at": "2012-10-12T17:04:47Z"
"created_at": "2012-10-12T17:04:47Z",
"member_check": false,
"prevent_secrets": false,
"author_email_regex": "",
"file_name_regex": "",
"max_file_size": 5
}
```
......@@ -1443,9 +1448,16 @@ POST /projects/:id/push_rule
Parameters:
- `id` (required) - The ID of a project
- `deny_delete_tag` - Do not allow users to remove git tags with git push
- `commit_message_regex` - Commit message regex
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID of the project or NAMESPACE/PROJECT_NAME |
| `deny_delete_tag` | boolean | no | Deny deleting a tag |
| `member_check` | boolean | no | Restrict commits by author (email) to existing GitLab users |
| `prevent_secrets` | boolean | no | GitLab will reject any files that are likely to contain secrets |
| `commit_message_regex` | string | no | All commit messages must match this, e.g. `Fixed \d+\..*` |
| `author_email_regex` | string | no | All commit author emails must match this, e.g. `@my-company.com$` |
| `file_name_regex` | string | no | All commited filenames must **not** match this, e.g. `(jar|exe)$` |
| `max_file_size` | integer | no | Maximum file size (MB) |
### Edit project push rule
......@@ -1457,9 +1469,16 @@ PUT /projects/:id/push_rule
Parameters:
- `id` (required) - The ID of a project
- `deny_delete_tag` - Do not allow users to remove git tags with git push
- `commit_message_regex` - Commit message regex
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID of the project or NAMESPACE/PROJECT_NAME |
| `deny_delete_tag` | boolean | no | Deny deleting a tag |
| `member_check` | boolean | no | Restrict commits by author (email) to existing GitLab users |
| `prevent_secrets` | boolean | no | GitLab will reject any files that are likely to contain secrets |
| `commit_message_regex` | string | no | All commit messages must match this, e.g. `Fixed \d+\..*` |
| `author_email_regex` | string | no | All commit author emails must match this, e.g. `@my-company.com$` |
| `file_name_regex` | string | no | All commited filenames must **not** match this, e.g. `(jar|exe)$` |
| `max_file_size` | integer | no | Maximum file size (MB) |
### Delete project push rule
......
......@@ -60,6 +60,8 @@ module API
class ProjectPushRule < Grape::Entity
expose :id, :project_id, :created_at
expose :commit_message_regex, :deny_delete_tag
expose :member_check, :prevent_secrets, :author_email_regex
expose :file_name_regex, :max_file_size
end
class BasicProjectDetails < Grape::Entity
......
module API
# Projects push rule API
class ProjectPushRule < Grape::API
before { authenticate! }
before { authorize_admin_project }
......@@ -10,9 +9,16 @@ module API
resource :projects do
helpers do
params :push_rule_params do
optional :commit_message_regex, type: String, desc: 'The commit message regex'
optional :deny_delete_tag, type: Boolean, desc: 'Deny deleting a tag'
at_least_one_of :commit_message_regex, :deny_delete_tag
optional :member_check, type: Boolean, desc: 'Restrict commits by author (email) to existing GitLab users'
optional :prevent_secrets, type: Boolean, desc: 'GitLab will reject any files that are likely to contain secrets'
optional :commit_message_regex, type: String, desc: 'All commit messages must match this'
optional :author_email_regex, type: String, desc: 'All commit author emails must match this'
optional :file_name_regex, type: String, desc: 'All commited filenames must not match this'
optional :max_file_size, type: Integer, desc: 'Maximum file size (MB)'
at_least_one_of :deny_delete_tag, :member_check, :prevent_secrets,
:commit_message_regex, :author_email_regex,
:file_name_regex, :max_file_size
end
end
......
......@@ -19,8 +19,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "authorized user" do
it "returns project push rule" do
get api("/projects/#{project.id}/push_rule", user)
expect(response.status).to eq(200)
expect(response).to have_http_status(200)
expect(json_response).to be_an Hash
expect(json_response['project_id']).to eq(project.id)
end
......@@ -29,7 +29,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "unauthorized user" do
it "does not have access to project push rule" do
get api("/projects/#{project.id}/push_rule", user3)
expect(response.status).to eq(403)
expect(response).to have_http_status(403)
end
end
end
......@@ -38,20 +39,35 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "authorized user" do
it "adds push rule to project" do
post api("/projects/#{project.id}/push_rule", user),
deny_delete_tag: true
expect(response.status).to eq(201)
deny_delete_tag: true, member_check: true, prevent_secrets: true,
commit_message_regex: 'JIRA\-\d+',
author_email_regex: '[a-zA-Z0-9]+@gitlab.com',
file_name_regex: '[a-zA-Z0-9]+.key',
max_file_size: 5
expect(json_response).to be_an Hash
expect(response).to have_http_status(201)
expect(json_response['project_id']).to eq(project.id)
expect(json_response['deny_delete_tag']).to eq(true)
expect(json_response['member_check']).to eq(true)
expect(json_response['prevent_secrets']).to eq(true)
expect(json_response['commit_message_regex']).to eq('JIRA\-\d+')
expect(json_response['author_email_regex']).to eq('[a-zA-Z0-9]+@gitlab.com')
expect(json_response['file_name_regex']).to eq('[a-zA-Z0-9]+.key')
expect(json_response['max_file_size']).to eq(5)
end
end
it 'returns 400 if no parameter is given' do
post api("/projects/#{project.id}/push_rule", user)
expect(response).to have_http_status(400)
end
context "unauthorized user" do
it "does not add push rule to project" do
post api("/projects/#{project.id}/push_rule", user3),
deny_delete_tag: true
expect(response.status).to eq(403)
post api("/projects/#{project.id}/push_rule", user3), deny_delete_tag: true
expect(response).to have_http_status(403)
end
end
end
......@@ -63,9 +79,9 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "with existing push rule" do
it "does not add push rule to project" do
post api("/projects/#{project.id}/push_rule", user),
deny_delete_tag: true
expect(response.status).to eq(422)
post api("/projects/#{project.id}/push_rule", user), deny_delete_tag: true
expect(response).to have_http_status(422)
end
end
end
......@@ -78,24 +94,31 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
it "updates an existing project push rule" do
put api("/projects/#{project.id}/push_rule", user),
deny_delete_tag: false, commit_message_regex: 'Fixes \d+\..*'
expect(response.status).to eq(200)
expect(response).to have_http_status(200)
expect(json_response['deny_delete_tag']).to eq(false)
expect(json_response['commit_message_regex']).to eq('Fixes \d+\..*')
end
it 'returns 400 if no parameter is given' do
put api("/projects/#{project.id}/push_rule", user)
expect(response).to have_http_status(400)
end
end
describe "PUT /projects/:id/push_rule" do
it "gets error on non existing project push rule" do
put api("/projects/#{project.id}/push_rule", user),
deny_delete_tag: false, commit_message_regex: 'Fixes \d+\..*'
expect(response.status).to eq(404)
expect(response).to have_http_status(404)
end
it "does not update push rule for unauthorized user" do
post api("/projects/#{project.id}/push_rule", user3),
deny_delete_tag: true
expect(response.status).to eq(403)
post api("/projects/#{project.id}/push_rule", user3), deny_delete_tag: true
expect(response).to have_http_status(403)
end
end
......@@ -107,8 +130,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "authorized user" do
it "deletes push rule from project" do
delete api("/projects/#{project.id}/push_rule", user)
expect(response.status).to eq(200)
expect(response).to have_http_status(200)
expect(json_response).to be_an Hash
end
end
......@@ -116,7 +139,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "unauthorized user" do
it "returns a 403 error" do
delete api("/projects/#{project.id}/push_rule", user3)
expect(response.status).to eq(403)
expect(response).to have_http_status(403)
end
end
end
......@@ -125,15 +149,16 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true do
context "for non existing push rule" do
it "deletes push rule from project" do
delete api("/projects/#{project.id}/push_rule", user)
expect(response.status).to eq(404)
expect(response).to have_http_status(404)
expect(json_response).to be_an Hash
expect(json_response['message']).to eq('404 Push Rule Not Found')
end
it "returns a 403 error if not authorized" do
delete api("/projects/#{project.id}/push_rule", user3)
expect(response.status).to eq(403)
expect(response).to have_http_status(403)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment