Add e2e specs for ip restricted access via API and SSH

c9626f9c · Sanad Liaquat · a62203ed · c9626f9c · c9626f9c
Commit c9626f9c authored Jun 08, 2020 by Sanad Liaquat
2 changed files
--- a/qa/qa/resource/repository/project_push.rb
+++ b/qa/qa/resource/repository/project_push.rb
@@ -9,8 +9,11 @@ module QA
        attr_accessor :project_name
        attr_writer :wait_for_push

+        attribute :group
+
        attribute :project do
          Project.fabricate! do |resource|
+            resource.group = group if @group
            resource.name = project_name
            resource.description = 'Project with repository'
          end
@@ -24,6 +27,7 @@ module QA
          @new_branch = true
          @project_name = 'project-with-code'
          @wait_for_push = true
+          @group = nil
        end

        def repository_http_uri

--- a/qa/qa/specs/features/ee/browser_ui/1_manage/group/restrict_by_ip_address_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/1_manage/group/restrict_by_ip_address_spec.rb
@@ -32,38 +32,110 @@ module QA
        page.visit Runtime::Scenario.gitlab_address

        set_ip_address_restriction_to(ip_address)
-
-        Flow::Login.sign_in(as: @user)
      end

      context 'when restricted by another ip address' do
        let(:ip_address) { get_next_ip_address(fetch_current_ip_address) }

-        it 'denies access' do
-          @group.sandbox.visit!
-          expect(page).to have_text('Page Not Found')
-          page.go_back
+        context 'via the UI' do
+          it 'denies access' do
+            Flow::Login.sign_in(as: @user)
+
+            @group.sandbox.visit!
+            expect(page).to have_text('Page Not Found')
+            page.go_back

-          @group.visit!
-          expect(page).to have_text('Page Not Found')
-          page.go_back
+            @group.visit!
+            expect(page).to have_text('Page Not Found')
+            page.go_back
+          end
+        end
+
+        context 'via the API' do
+          before do
+            @api_client ||= Runtime::API::Client.new(:gitlab, user: @user)
+          end
+
+          it 'denies access' do
+            request = create_request("/groups/#{@sandbox_group.id}")
+            response = get request.url
+            expect(response.code).to eq(404)
+
+            request = create_request("/groups/#{@group.id}")
+            response = get request.url
+            expect(response.code).to eq(404)
+          end
+        end
+
+        # Note: If you run this test against GDK make sure you've enabled sshd
+        # See: https://gitlab.com/gitlab-org/gitlab-qa/blob/master/docs/run_qa_against_gdk.md
+        context 'via the SSH' do
+          let(:key) { Resource::SSHKey.fabricate_via_api! }
+
+          it 'denies access' do
+            Flow::Login.sign_in
+
+            expect { push_a_project_with_ssh_key(key) }.to raise_error(QA::Git::Repository::RepositoryCommandError, /fatal: Could not read from remote repository/)
+          end
        end
      end

      context 'when restricted by user\'s ip address' do
        let(:ip_address) { fetch_current_ip_address }

-        it 'allows access' do
-          @group.sandbox.visit!
-          expect(page).to have_text(@group.sandbox.path)
+        context 'via the UI' do
+          it 'allows access' do
+            Flow::Login.sign_in(as: @user)
+
+            @group.sandbox.visit!
+            expect(page).to have_text(@group.sandbox.path)

-          @group.visit!
-          expect(page).to have_text(@group.path)
+            @group.visit!
+            expect(page).to have_text(@group.path)
+          end
+        end
+
+        context 'via the API' do
+          before do
+            @api_client ||= Runtime::API::Client.new(:gitlab, user: @user)
+          end
+
+          it 'allows access' do
+            request = create_request("/groups/#{@sandbox_group.id}")
+            response = get request.url
+            expect(response.code).to eq(200)
+
+            request = create_request("/groups/#{@group.id}")
+            response = get request.url
+            expect(response.code).to eq(200)
+          end
+        end
+
+        # Note: If you run this test against GDK make sure you've enabled sshd
+        # See: https://gitlab.com/gitlab-org/gitlab-qa/blob/master/docs/run_qa_against_gdk.md
+        context 'via the SSH' do
+          let(:key) { Resource::SSHKey.fabricate_via_api! }
+
+          it 'allows access' do
+            Flow::Login.sign_in
+
+            expect { push_a_project_with_ssh_key(key) }.not_to raise_error
+          end
        end
      end

      private

+      def push_a_project_with_ssh_key(key)
+        Resource::Repository::ProjectPush.fabricate! do |push|
+          push.group = @sandbox_group
+          push.ssh_key = key
+          push.file_name = 'README.md'
+          push.file_content = '# Test Use SSH Key'
+          push.commit_message = 'Add README.md'
+        end
+      end
+
      def set_ip_address_restriction_to(ip_address)
        Flow::Login.while_signed_in_as_admin do
          @group.sandbox.visit!
@@ -102,6 +174,10 @@ module QA
          end
        end
      end
+
+      def create_request(api_endpoint)
+        Runtime::API::Request.new(@api_client, api_endpoint)
+      end
    end
  end
 end