BigW Consortium Gitlab

triggers_spec.rb 10.4 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::Triggers do
4 5
  let(:user) { create(:user) }
  let(:user2) { create(:user) }
6 7
  let!(:trigger_token) { 'secure_token' }
  let!(:trigger_token_2) { 'secure_token_2' }
8
  let!(:project) { create(:project, :repository, creator: user) }
9 10
  let!(:master) { create(:project_member, :master, user: user, project: project) }
  let!(:developer) { create(:project_member, :developer, user: user2, project: project) }
11 12
  let!(:trigger) { create(:ci_trigger, project: project, token: trigger_token, owner: user) }
  let!(:trigger2) { create(:ci_trigger, project: project, token: trigger_token_2, owner: user2) }
13 14
  let!(:trigger_request) { create(:ci_trigger_request, trigger: trigger, created_at: '2015-01-01 12:13:14') }

15
  describe 'POST /projects/:project_id/trigger/pipeline' do
16
    let!(:project2) { create(:project, :repository) }
17 18 19 20 21 22 23
    let(:options) do
      {
        token: trigger_token
      }
    end

    before do
24
      stub_ci_pipeline_to_return_yaml_file
25 26 27
    end

    context 'Handles errors' do
28
      it 'returns bad request if token is missing' do
29 30
        post api("/projects/#{project.id}/trigger/pipeline"), ref: 'master'

31
        expect(response).to have_http_status(400)
32 33
      end

34
      it 'returns not found if project is not found' do
35 36
        post api('/projects/0/trigger/pipeline'), options.merge(ref: 'master')

37
        expect(response).to have_http_status(404)
38 39 40 41
      end
    end

    context 'Have a commit' do
42
      let(:pipeline) { project.pipelines.last }
43

44 45 46
      it 'creates pipeline' do
        post api("/projects/#{project.id}/trigger/pipeline"), options.merge(ref: 'master')

47
        expect(response).to have_http_status(201)
48
        expect(json_response).to include('id' => pipeline.id)
49
        pipeline.builds.reload
50 51
        expect(pipeline.builds.pending.size).to eq(2)
        expect(pipeline.builds.size).to eq(5)
52 53
      end

54 55 56
      it 'returns bad request with no pipeline created if there\'s no commit for that ref' do
        post api("/projects/#{project.id}/trigger/pipeline"), options.merge(ref: 'other-branch')

57
        expect(response).to have_http_status(400)
Shinya Maeda committed
58
        expect(json_response['message']).to eq('base' => ["Reference not found"])
59 60 61 62 63 64 65
      end

      context 'Validates variables' do
        let(:variables) do
          { 'TRIGGER_KEY' => 'TRIGGER_VALUE' }
        end

66
        it 'validates variables to be a hash' do
67 68
          post api("/projects/#{project.id}/trigger/pipeline"), options.merge(variables: 'value', ref: 'master')

69
          expect(response).to have_http_status(400)
Robert Schilling committed
70
          expect(json_response['error']).to eq('variables is invalid')
71 72
        end

73
        it 'validates variables needs to be a map of key-valued strings' do
74 75
          post api("/projects/#{project.id}/trigger/pipeline"), options.merge(variables: { key: %w(1 2) }, ref: 'master')

76
          expect(response).to have_http_status(400)
77 78 79
          expect(json_response['message']).to eq('variables needs to be a map of key-valued strings')
        end

80
        it 'creates trigger request with variables' do
81 82
          post api("/projects/#{project.id}/trigger/pipeline"), options.merge(variables: variables, ref: 'master')

83
          expect(response).to have_http_status(201)
Shinya Maeda committed
84
          expect(pipeline.variables.map { |v| { v.key => v.value } }.last).to eq(variables)
85 86 87
        end
      end
    end
88 89

    context 'when triggering a pipeline from a trigger token' do
Shinya Maeda committed
90 91 92 93 94 95
      it 'does not leak the presence of project when token is for different project' do
        post api("/projects/#{project2.id}/ref/master/trigger/pipeline?token=#{trigger_token}"), { ref: 'refs/heads/other-branch' }

        expect(response).to have_http_status(404)
      end

96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
      it 'creates builds from the ref given in the URL, not in the body' do
        expect do
          post api("/projects/#{project.id}/ref/master/trigger/pipeline?token=#{trigger_token}"), { ref: 'refs/heads/other-branch' }
        end.to change(project.builds, :count).by(5)

        expect(response).to have_http_status(201)
      end

      context 'when ref contains a dot' do
        it 'creates builds from the ref given in the URL, not in the body' do
          project.repository.create_file(user, '.gitlab/gitlabhq/new_feature.md', 'something valid', message: 'new_feature', branch_name: 'v.1-branch')

          expect do
            post api("/projects/#{project.id}/ref/v.1-branch/trigger/pipeline?token=#{trigger_token}"), { ref: 'refs/heads/other-branch' }
          end.to change(project.builds, :count).by(4)

          expect(response).to have_http_status(201)
        end
      end
    end
116
  end
117

118
  describe 'GET /projects/:id/triggers' do
119
    context 'authenticated user with valid permissions' do
120
      it 'returns list of triggers' do
121 122
        get api("/projects/#{project.id}/triggers", user)

123
        expect(response).to have_http_status(200)
124
        expect(response).to include_pagination_headers
125
        expect(json_response).to be_a(Array)
126
        expect(json_response[0]).to have_key('token')
127 128 129 130
      end
    end

    context 'authenticated user with invalid permissions' do
131
      it 'does not return triggers list' do
132 133
        get api("/projects/#{project.id}/triggers", user2)

134
        expect(response).to have_http_status(403)
135 136 137
      end
    end

138
    context 'unauthenticated user' do
139
      it 'does not return triggers list' do
140 141
        get api("/projects/#{project.id}/triggers")

142
        expect(response).to have_http_status(401)
143 144 145
      end
    end
  end
146

147
  describe 'GET /projects/:id/triggers/:trigger_id' do
148
    context 'authenticated user with valid permissions' do
149
      it 'returns trigger details' do
150
        get api("/projects/#{project.id}/triggers/#{trigger.id}", user)
151

152
        expect(response).to have_http_status(200)
153
        expect(json_response).to be_a(Hash)
154 155
      end

156
      it 'responds with 404 Not Found if requesting non-existing trigger' do
157
        get api("/projects/#{project.id}/triggers/-5", user)
158

159
        expect(response).to have_http_status(404)
160 161 162 163
      end
    end

    context 'authenticated user with invalid permissions' do
164
      it 'does not return triggers list' do
165
        get api("/projects/#{project.id}/triggers/#{trigger.id}", user2)
166

167
        expect(response).to have_http_status(403)
168 169 170
      end
    end

171
    context 'unauthenticated user' do
172
      it 'does not return triggers list' do
173
        get api("/projects/#{project.id}/triggers/#{trigger.id}")
174

175
        expect(response).to have_http_status(401)
176 177 178 179 180
      end
    end
  end

  describe 'POST /projects/:id/triggers' do
181
    context 'authenticated user with valid permissions' do
182 183 184 185 186
      context 'with required parameters' do
        it 'creates trigger' do
          expect do
            post api("/projects/#{project.id}/triggers", user),
              description: 'trigger'
187
          end.to change {project.triggers.count}.by(1)
188 189 190 191 192 193 194

          expect(response).to have_http_status(201)
          expect(json_response).to include('description' => 'trigger')
        end
      end

      context 'without required parameters' do
Kamil Trzcinski committed
195
        it 'does not create trigger' do
196 197
          post api("/projects/#{project.id}/triggers", user)

198 199
          expect(response).to have_http_status(:bad_request)
        end
200 201 202 203
      end
    end

    context 'authenticated user with invalid permissions' do
204
      it 'does not create trigger' do
205 206
        post api("/projects/#{project.id}/triggers", user2),
          description: 'trigger'
207

208
        expect(response).to have_http_status(403)
209 210 211
      end
    end

212
    context 'unauthenticated user' do
213
      it 'does not create trigger' do
214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252
        post api("/projects/#{project.id}/triggers"),
          description: 'trigger'

        expect(response).to have_http_status(401)
      end
    end
  end

  describe 'PUT /projects/:id/triggers/:trigger_id' do
    context 'authenticated user with valid permissions' do
      let(:new_description) { 'new description' }

      it 'updates description' do
        put api("/projects/#{project.id}/triggers/#{trigger.id}", user),
          description: new_description

        expect(response).to have_http_status(200)
        expect(json_response).to include('description' => new_description)
        expect(trigger.reload.description).to eq(new_description)
      end
    end

    context 'authenticated user with invalid permissions' do
      it 'does not update trigger' do
        put api("/projects/#{project.id}/triggers/#{trigger.id}", user2)

        expect(response).to have_http_status(403)
      end
    end

    context 'unauthenticated user' do
      it 'does not update trigger' do
        put api("/projects/#{project.id}/triggers/#{trigger.id}")

        expect(response).to have_http_status(401)
      end
    end
  end

253
  describe 'POST /projects/:id/triggers/:trigger_id/take_ownership' do
254 255
    context 'authenticated user with valid permissions' do
      it 'updates owner' do
256
        post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership", user)
257 258 259 260 261 262 263 264 265

        expect(response).to have_http_status(200)
        expect(json_response).to include('owner')
        expect(trigger.reload.owner).to eq(user)
      end
    end

    context 'authenticated user with invalid permissions' do
      it 'does not update owner' do
266
        post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership", user2)
267 268 269 270 271 272 273

        expect(response).to have_http_status(403)
      end
    end

    context 'unauthenticated user' do
      it 'does not update owner' do
274
        post api("/projects/#{project.id}/triggers/#{trigger.id}/take_ownership")
275

276
        expect(response).to have_http_status(401)
277 278 279 280
      end
    end
  end

281
  describe 'DELETE /projects/:id/triggers/:trigger_id' do
282
    context 'authenticated user with valid permissions' do
283
      it 'deletes trigger' do
284
        expect do
285
          delete api("/projects/#{project.id}/triggers/#{trigger.id}", user)
286 287

          expect(response).to have_http_status(204)
288
        end.to change {project.triggers.count}.by(-1)
289 290
      end

291
      it 'responds with 404 Not Found if requesting non-existing trigger' do
292
        delete api("/projects/#{project.id}/triggers/-5", user)
293

294
        expect(response).to have_http_status(404)
295 296 297 298
      end
    end

    context 'authenticated user with invalid permissions' do
299
      it 'does not delete trigger' do
300
        delete api("/projects/#{project.id}/triggers/#{trigger.id}", user2)
301

302
        expect(response).to have_http_status(403)
303 304 305
      end
    end

306
    context 'unauthenticated user' do
307
      it 'does not delete trigger' do
308
        delete api("/projects/#{project.id}/triggers/#{trigger.id}")
309

310
        expect(response).to have_http_status(401)
311 312 313
      end
    end
  end
314
end