Commit de990d4b authored by Marc Shaw's avatar Marc Shaw

Remove diff_check_with_paths_changed_rpc feature flag

Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/288827
MR: gitlab.com/gitlab-org/gitlab/-/merge_requests/50623
parent d71d8af3
---
name: diff_check_with_paths_changed_rpc
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46116
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/288827
milestone: '13.7'
type: development
group: group::code review
default_enabled: true
......@@ -9,7 +9,7 @@ module EE
private
def path_validations
def file_paths_validations
validations = [super].flatten
if validate_code_owners?
......@@ -48,8 +48,8 @@ module EE
push_rule.file_name_regex.present? || push_rule.prevent_secrets
end
override :validations_for_diff
def validations_for_diff
override :validations_for_path
def validations_for_path
super.tap do |validations|
validations.push(path_locks_validation) if validate_path_locks?
validations.push(file_name_validation) if push_rule_checks_commit?
......@@ -57,17 +57,8 @@ module EE
end
def path_locks_validation
lambda do |diff|
path = if ::Feature.enabled?(:diff_check_with_paths_changed_rpc, project, default_enabled: true)
diff.path
else
if diff.renamed_file?
diff.old_path
else
diff.new_path || diff.old_path
end
end
lambda do |changed_path|
path = changed_path.path
lock_info = project.find_path_lock(path)
if lock_info && lock_info.user != user_access.user
......@@ -76,24 +67,12 @@ module EE
end
end
def new_file?(path)
path.status == :ADDED
end
def file_name_validation
lambda do |diff|
if ::Feature.enabled?(:diff_check_with_paths_changed_rpc, project, default_enabled: true)
if new_file?(diff) && denylisted_regex = push_rule.filename_denylisted?(diff.path)
return unless denylisted_regex.present?
"File name #{diff.path} was blacklisted by the pattern #{denylisted_regex}."
end
else
if (diff.renamed_file || diff.new_file) && denylisted_regex = push_rule.filename_denylisted?(diff.new_path)
return unless denylisted_regex.present?
"File name #{diff.new_path} was blacklisted by the pattern #{denylisted_regex}."
end
lambda do |changed_path|
if changed_path.new_file? && denylisted_regex = push_rule.filename_denylisted?(changed_path.path)
return unless denylisted_regex.present?
"File name #{changed_path.path} was blacklisted by the pattern #{denylisted_regex}."
end
rescue ::PushRule::MatchError => e
raise ::Gitlab::GitAccess::ForbiddenError, e.message
......
......@@ -5,70 +5,60 @@ require 'spec_helper'
RSpec.describe Gitlab::Checks::DiffCheck do
include FakeBlobHelpers
shared_examples_for "diff check" do
include_context 'push rules checks context'
include_context 'push rules checks context'
describe '#validate!' do
let(:push_allowed) { false }
describe '#validate!' do
let(:push_allowed) { false }
before do
allow(user_access).to receive(:can_push_to_branch?).and_return(push_allowed)
end
before do
allow(user_access).to receive(:can_push_to_branch?).and_return(push_allowed)
end
shared_examples_for "returns codeowners validation message" do
it "returns an error message" do
expect(validation_result).to include("Pushes to protected branches")
end
shared_examples_for "returns codeowners validation message" do
it "returns an error message" do
expect(validation_result).to include("Pushes to protected branches")
end
end
context 'no push rules active' do
let_it_be(:push_rule) { create(:push_rule) }
context 'no push rules active' do
let_it_be(:push_rule) { create(:push_rule) }
it "does not attempt to check commits" do
expect(subject).not_to receive(:process_commits)
it "does not attempt to check commits" do
expect(subject).not_to receive(:process_commits)
subject.validate!
end
subject.validate!
end
end
describe '#validate_code_owners?' do
let_it_be(:push_rule) { create(:push_rule, file_name_regex: 'READ*') }
let(:validate_code_owners) { subject.send(:validate_code_owners?) }
let(:protocol) { 'ssh' }
let(:push_allowed) { false }
context 'when push_rules_supersede_code_owners is disabled' do
before do
stub_feature_flags(push_rules_supersede_code_owners: false)
end
it 'returns branch_requires_code_owner_approval?' do
expect(project).to receive(:branch_requires_code_owner_approval?).and_return(true)
describe '#validate_code_owners?' do
let_it_be(:push_rule) { create(:push_rule, file_name_regex: 'READ*') }
let(:validate_code_owners) { subject.send(:validate_code_owners?) }
let(:protocol) { 'ssh' }
let(:push_allowed) { false }
expect(validate_code_owners).to eq(true)
end
context 'when push_rules_supersede_code_owners is disabled' do
before do
stub_feature_flags(push_rules_supersede_code_owners: false)
end
context 'when user can not push to the branch' do
context 'when not updated from web' do
it 'checks if the branch requires code owner approval' do
expect(project).to receive(:branch_requires_code_owner_approval?).and_return(true)
it 'returns branch_requires_code_owner_approval?' do
expect(project).to receive(:branch_requires_code_owner_approval?).and_return(true)
expect(validate_code_owners).to eq(true)
end
end
expect(validate_code_owners).to eq(true)
end
end
context 'when updated from the web' do
let(:protocol) { 'web' }
context 'when user can not push to the branch' do
context 'when not updated from web' do
it 'checks if the branch requires code owner approval' do
expect(project).to receive(:branch_requires_code_owner_approval?).and_return(true)
it 'returns false' do
expect(validate_code_owners).to eq(false)
end
expect(validate_code_owners).to eq(true)
end
end
context 'when a user can push to the branch' do
let(:push_allowed) { true }
context 'when updated from the web' do
let(:protocol) { 'web' }
it 'returns false' do
expect(validate_code_owners).to eq(false)
......@@ -76,278 +66,276 @@ RSpec.describe Gitlab::Checks::DiffCheck do
end
end
describe "#validate_code_owners" do
let!(:code_owner) { create(:user, username: "owner-1") }
let(:project) { create(:project, :repository) }
let(:codeowner_content) { "*.rb @#{code_owner.username}\ndocs/CODEOWNERS @owner-1\n*.js.coffee @owner-1" }
let(:codeowner_blob) { fake_blob(path: "CODEOWNERS", data: codeowner_content) }
let(:codeowner_blob_ref) { fake_blob(path: "CODEOWNERS", data: codeowner_content) }
let(:codeowner_lookup_ref) { merge_request.target_branch }
let(:merge_request) do
build(
:merge_request,
source_project: project,
source_branch: 'feature',
target_project: project,
target_branch: 'master'
)
end
context 'when a user can push to the branch' do
let(:push_allowed) { true }
before do
allow(project.repository).to receive(:code_owners_blob)
.with(ref: codeowner_lookup_ref)
.and_return(codeowner_blob)
it 'returns false' do
expect(validate_code_owners).to eq(false)
end
end
end
context 'the MR contains a renamed file matching a file path' do
let(:diff_check) { described_class.new(change_access) }
let(:protected_branch) { build(:protected_branch, name: 'master', project: project) }
describe "#validate_code_owners" do
let!(:code_owner) { create(:user, username: "owner-1") }
let(:project) { create(:project, :repository) }
let(:codeowner_content) { "*.rb @#{code_owner.username}\ndocs/CODEOWNERS @owner-1\n*.js.coffee @owner-1" }
let(:codeowner_blob) { fake_blob(path: "CODEOWNERS", data: codeowner_content) }
let(:codeowner_blob_ref) { fake_blob(path: "CODEOWNERS", data: codeowner_content) }
let(:codeowner_lookup_ref) { merge_request.target_branch }
let(:merge_request) do
build(
:merge_request,
source_project: project,
source_branch: 'feature',
target_project: project,
target_branch: 'master'
)
end
before do
expect(project).to receive(:branch_requires_code_owner_approval?)
.at_least(:once).and_return(true)
before do
allow(project.repository).to receive(:code_owners_blob)
.with(ref: codeowner_lookup_ref)
.and_return(codeowner_blob)
end
# This particular commit renames a file:
allow(project.repository).to receive(:new_commits).and_return(
[project.repository.commit('6907208d755b60ebeacb2e9dfea74c92c3449a1f')]
)
end
context 'the MR contains a renamed file matching a file path' do
let(:diff_check) { described_class.new(change_access) }
let(:protected_branch) { build(:protected_branch, name: 'master', project: project) }
it "returns an error message" do
expect { diff_check.validate! }.to raise_error do |error|
expect(error).to be_a(Gitlab::GitAccess::ForbiddenError)
expect(error.message).to include("CODEOWNERS` were matched:\n- *.js.coffee")
end
end
before do
expect(project).to receive(:branch_requires_code_owner_approval?)
.at_least(:once).and_return(true)
# This particular commit renames a file:
allow(project.repository).to receive(:new_commits).and_return(
[project.repository.commit('6907208d755b60ebeacb2e9dfea74c92c3449a1f')]
)
end
context "the MR contains a matching file path" do
let(:validation_result) do
subject.send(:validate_code_owners).call(["docs/CODEOWNERS", "README"])
it "returns an error message" do
expect { diff_check.validate! }.to raise_error do |error|
expect(error).to be_a(Gitlab::GitAccess::ForbiddenError)
expect(error.message).to include("CODEOWNERS` were matched:\n- *.js.coffee")
end
end
end
before do
expect(project).to receive(:branch_requires_code_owner_approval?)
.at_least(:once).and_return(true)
end
context "the MR contains a matching file path" do
let(:validation_result) do
subject.send(:validate_code_owners).call(["docs/CODEOWNERS", "README"])
end
it_behaves_like "returns codeowners validation message"
before do
expect(project).to receive(:branch_requires_code_owner_approval?)
.at_least(:once).and_return(true)
end
context "the MR doesn't contain a matching file path" do
it "returns nil" do
expect(subject.send(:validate_code_owners)
.call(["docs/SAFE_FILE_NAME", "README"])).to be_nil
end
it_behaves_like "returns codeowners validation message"
end
context "the MR doesn't contain a matching file path" do
it "returns nil" do
expect(subject.send(:validate_code_owners)
.call(["docs/SAFE_FILE_NAME", "README"])).to be_nil
end
end
end
describe "#path_validations" do
include_context 'change access checks context'
describe "#file_paths_validations" do
include_context 'change access checks context'
context "when the feature isn't enabled on the project" do
context "when the feature isn't enabled on the project" do
before do
expect(project).to receive(:branch_requires_code_owner_approval?)
.once.and_return(false)
end
it "returns an empty array" do
expect(subject.send(:file_paths_validations)).to eq([])
end
end
context "when the feature is enabled on the project" do
context "updated_from_web? == false" do
before do
expect(subject).to receive(:updated_from_web?).and_return(false)
expect(project).to receive(:branch_requires_code_owner_approval?)
.once.and_return(false)
.once.and_return(true)
end
it "returns an empty array" do
expect(subject.send(:path_validations)).to eq([])
it "returns an array of Proc(s)" do
validations = subject.send(:file_paths_validations)
expect(validations.any?).to be_truthy
expect(validations.any? { |v| !v.is_a? Proc }).to be_falsy
end
end
context "when the feature is enabled on the project" do
context "updated_from_web? == false" do
before do
expect(subject).to receive(:updated_from_web?).and_return(false)
expect(project).to receive(:branch_requires_code_owner_approval?)
.once.and_return(true)
end
it "returns an array of Proc(s)" do
validations = subject.send(:path_validations)
expect(validations.any?).to be_truthy
expect(validations.any? { |v| !v.is_a? Proc }).to be_falsy
end
context "updated_from_web? == true" do
before do
expect(subject).to receive(:updated_from_web?).and_return(true)
end
context "updated_from_web? == true" do
before do
expect(subject).to receive(:updated_from_web?).and_return(true)
end
it "returns an empty array" do
expect(subject.send(:path_validations)).to eq([])
end
it "returns an empty array" do
expect(subject.send(:file_paths_validations)).to eq([])
end
end
end
end
context 'file name rules' do
# Notice that the commit used creates a file named 'README'
context 'file name regex check' do
let!(:push_rule) { create(:push_rule, file_name_regex: 'READ*') }
context 'file name rules' do
# Notice that the commit used creates a file named 'README'
context 'file name regex check' do
let!(:push_rule) { create(:push_rule, file_name_regex: 'READ*') }
it_behaves_like 'check ignored when push rule unlicensed'
it_behaves_like 'check ignored when push rule unlicensed'
it "returns an error if a new or renamed filed doesn't match the file name regex" do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "File name README was blacklisted by the pattern READ*.")
end
it "returns an error if a new or renamed filed doesn't match the file name regex" do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "File name README was blacklisted by the pattern READ*.")
end
it 'returns an error if the regex is invalid' do
push_rule.file_name_regex = '+'
it 'returns an error if the regex is invalid' do
push_rule.file_name_regex = '+'
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /\ARegular expression '\+' is invalid/)
end
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /\ARegular expression '\+' is invalid/)
end
end
context 'blacklisted files check' do
let(:push_rule) { create(:push_rule, prevent_secrets: true) }
context 'blacklisted files check' do
let(:push_rule) { create(:push_rule, prevent_secrets: true) }
it_behaves_like 'check ignored when push rule unlicensed'
it_behaves_like 'check ignored when push rule unlicensed'
it "returns true if there is no blacklisted files" do
new_rev = nil
it "returns true if there is no blacklisted files" do
new_rev = nil
white_listed =
[
'readme.txt', 'any/ida_rsa.pub', 'any/id_dsa.pub', 'any_2/id_ed25519.pub',
'random_file.pdf', 'folder/id_ecdsa.pub', 'docs/aws/credentials.md', 'ending_withhistory'
]
white_listed =
[
'readme.txt', 'any/ida_rsa.pub', 'any/id_dsa.pub', 'any_2/id_ed25519.pub',
'random_file.pdf', 'folder/id_ecdsa.pub', 'docs/aws/credentials.md', 'ending_withhistory'
]
white_listed.each do |file_path|
old_rev = 'be93687618e4b132087f430a4d8fc3a609c9b77c'
old_rev = new_rev if new_rev
new_rev = project.repository.create_file(user, file_path, "commit #{file_path}", message: "commit #{file_path}", branch_name: "master")
white_listed.each do |file_path|
old_rev = 'be93687618e4b132087f430a4d8fc3a609c9b77c'
old_rev = new_rev if new_rev
new_rev = project.repository.create_file(user, file_path, "commit #{file_path}", message: "commit #{file_path}", branch_name: "master")
allow(project.repository).to receive(:new_commits).and_return(
project.repository.commits_between(old_rev, new_rev)
)
allow(project.repository).to receive(:new_commits).and_return(
project.repository.commits_between(old_rev, new_rev)
)
expect(subject.validate!).to be_truthy
end
expect(subject.validate!).to be_truthy
end
end
it "returns an error if a new or renamed filed doesn't match the file name regex" do
new_rev = nil
it "returns an error if a new or renamed filed doesn't match the file name regex" do
new_rev = nil
black_listed =
[
'aws/credentials', '.ssh/personal_rsa', 'config/server_rsa', '.ssh/id_rsa', '.ssh/id_dsa',
'.ssh/personal_dsa', 'config/server_ed25519', 'any/id_ed25519', '.ssh/personal_ecdsa', 'config/server_ecdsa',
'any_place/id_ecdsa', 'some_pLace/file.key', 'other_PlAcE/other_file.pem', 'bye_bug.history', 'pg_sql_history'
]
black_listed =
[
'aws/credentials', '.ssh/personal_rsa', 'config/server_rsa', '.ssh/id_rsa', '.ssh/id_dsa',
'.ssh/personal_dsa', 'config/server_ed25519', 'any/id_ed25519', '.ssh/personal_ecdsa', 'config/server_ecdsa',
'any_place/id_ecdsa', 'some_pLace/file.key', 'other_PlAcE/other_file.pem', 'bye_bug.history', 'pg_sql_history'
]
black_listed.each do |file_path|
old_rev = 'be93687618e4b132087f430a4d8fc3a609c9b77c'
old_rev = new_rev if new_rev
new_rev = project.repository.create_file(user, file_path, "commit #{file_path}", message: "commit #{file_path}", branch_name: "master")
black_listed.each do |file_path|
old_rev = 'be93687618e4b132087f430a4d8fc3a609c9b77c'
old_rev = new_rev if new_rev
new_rev = project.repository.create_file(user, file_path, "commit #{file_path}", message: "commit #{file_path}", branch_name: "master")
allow(subject).to receive(:commits).and_return(
project.repository.commits_between(old_rev, new_rev)
)
allow(subject).to receive(:commits).and_return(
project.repository.commits_between(old_rev, new_rev)
)
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /File name #{file_path} was blacklisted by the pattern/)
end
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /File name #{file_path} was blacklisted by the pattern/)
end
end
end
end
context 'file lock rules' do
let_it_be(:push_rule) { create(:push_rule) }
let_it_be(:owner) { create(:user) }
let(:path_lock) { create(:path_lock, path: 'README', project: project) }
context 'file lock rules' do
let_it_be(:push_rule) { create(:push_rule) }
let_it_be(:owner) { create(:user) }
let(:path_lock) { create(:path_lock, path: 'README', project: project) }
before do
project.add_developer(owner)
end
before do
project.add_developer(owner)
end
shared_examples 'a locked file' do
let!(:path_lock) { create(:path_lock, path: filename, project: project, user: owner) }
shared_examples 'a locked file' do
let!(:path_lock) { create(:path_lock, path: filename, project: project, user: owner) }
before do
allow(project.repository).to receive(:new_commits).and_return(
[project.repository.commit(sha)]
)
end
before do
allow(project.repository).to receive(:new_commits).and_return(
[project.repository.commit(sha)]
)
end
context 'and path is locked by another user' do
it 'returns an error' do
path_lock
context 'and path is locked by another user' do
it 'returns an error' do
path_lock
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path '#{filename}' is locked by #{path_lock.user.name}")
end
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path '#{filename}' is locked by #{path_lock.user.name}")
end
end
context 'and path is locked by current user' do
let(:user) { owner }
context 'and path is locked by current user' do
let(:user) { owner }
it 'is allows changes' do
path_lock
it 'is allows changes' do
path_lock
expect { subject.validate! }.not_to raise_error
end
expect { subject.validate! }.not_to raise_error
end
end
end
context 'when file has changes' do
let_it_be(:filename) { 'files/ruby/popen.rb' }
let_it_be(:sha) { '570e7b2abdd848b95f2f578043fc23bd6f6fd24d' }
context 'when file has changes' do
let_it_be(:filename) { 'files/ruby/popen.rb' }
let_it_be(:sha) { '570e7b2abdd848b95f2f578043fc23bd6f6fd24d' }
it_behaves_like 'a locked file'
end
it_behaves_like 'a locked file'
end
context 'when file is renamed' do
let_it_be(:filename) { 'files/js/commit.js.coffee' }
let_it_be(:sha) { '6907208d755b60ebeacb2e9dfea74c92c3449a1f' }
context 'when file is renamed' do
let_it_be(:filename) { 'files/js/commit.js.coffee' }
let_it_be(:sha) { '6907208d755b60ebeacb2e9dfea74c92c3449a1f' }
it_behaves_like 'a locked file'
end
it_behaves_like 'a locked file'
end
context 'when file is deleted' do
let_it_be(:filename) { 'files/js/commit.js.coffee' }
let_it_be(:sha) { 'd59c60028b053793cecfb4022de34602e1a9218e' }
context 'when file is deleted' do
let_it_be(:filename) { 'files/js/commit.js.coffee' }
let_it_be(:sha) { 'd59c60028b053793cecfb4022de34602e1a9218e' }
it_behaves_like 'a locked file'
end
it_behaves_like 'a locked file'
end
it 'memoizes the validate_path_locks? call' do
expect(project).to receive(:any_path_locks?).once.and_call_original
it 'memoizes the validate_path_locks? call' do
expect(project).to receive(:any_path_locks?).once.and_call_original
2.times { subject.validate! }
end
2.times { subject.validate! }
end
context 'when the branch is being deleted' do
let(:newrev) { Gitlab::Git::BLANK_SHA }
context 'when the branch is being deleted' do
let(:newrev) { Gitlab::Git::BLANK_SHA }
it 'does not run' do
path_lock
it 'does not run' do
path_lock
expect { subject.validate! }.not_to raise_error
end
expect { subject.validate! }.not_to raise_error
end
end
context 'when there is no valid change' do
let(:changes) { { oldrev: '_any', newrev: nil, ref: nil } }
context 'when there is no valid change' do
let(:changes) { { oldrev: '_any', newrev: nil, ref: nil } }
it 'does not run' do
path_lock
it 'does not run' do
path_lock
expect { subject.validate! }.not_to raise_error
end
expect { subject.validate! }.not_to raise_error
end
end
end
end
it_behaves_like "diff check"
context 'when diff check with paths rpc feature flag is false' do
before do
stub_feature_flags(diff_check_with_paths_changed_rpc: false)
end
it_behaves_like "diff check"
end
end
......@@ -6,37 +6,20 @@ module Gitlab
include Gitlab::Utils::StrongMemoize
LOG_MESSAGES = {
validate_file_paths: "Validating diffs' file paths...",
diff_content_check: "Validating diff contents..."
validate_file_paths: "Validating diffs' file paths..."
}.freeze
def validate!
return if deletion?
return unless should_run_diff_validations?
return unless should_run_validations?
return if commits.empty?
file_paths = []
if ::Feature.enabled?(:diff_check_with_paths_changed_rpc, project, default_enabled: true)
paths = project.repository.find_changed_paths(commits.map(&:sha))
paths.each do |path|
file_paths.concat([path.path])
validate_diff(path)
end
else
process_commits do |commit|
validate_once(commit) do
commit.raw_deltas.each do |diff|
file_paths.concat([diff.new_path, diff.old_path].compact)
validate_diff(diff)
end
end
end
paths = project.repository.find_changed_paths(commits.map(&:sha))
paths.each do |path|
validate_path(path)
end
validate_file_paths(file_paths.uniq)
validate_file_paths(paths.map(&:path).uniq)
end
private
......@@ -47,43 +30,30 @@ module Gitlab
end
end
def should_run_diff_validations?
validations_for_diff.present? || path_validations.present?
def should_run_validations?
validations_for_path.present? || file_paths_validations.present?
end
def validate_diff(diff)
validations_for_diff.each do |validation|
if error = validation.call(diff)
def validate_path(path)
validations_for_path.each do |validation|
if error = validation.call(path)
raise ::Gitlab::GitAccess::ForbiddenError, error
end
end
end
# Method overwritten in EE to inject custom validations
def validations_for_diff
def validations_for_path
[]
end
def path_validations
def file_paths_validations
validate_lfs_file_locks? ? [lfs_file_locks_validation] : []
end
def process_commits
logger.log_timed(LOG_MESSAGES[:diff_content_check]) do
# n+1: https://gitlab.com/gitlab-org/gitlab/issues/3593
::Gitlab::GitalyClient.allow_n_plus_1_calls do
commits.each do |commit|
logger.check_timeout_reached
yield(commit)
end
end
end
end
def validate_file_paths(file_paths)
logger.log_timed(LOG_MESSAGES[__method__]) do
path_validations.each do |validation|
file_paths_validations.each do |validation|
if error = validation.call(file_paths)
raise ::Gitlab::GitAccess::ForbiddenError, error
end
......
# frozen_string_literal: true
module Gitlab
module Git
class ChangedPath
attr_reader :status, :path
def initialize(status:, path:)
@status = status
@path = path
end
def new_file?
status == :ADDED
end
end
end
end
......@@ -225,7 +225,7 @@ module Gitlab
response = GitalyClient.call(@repository.storage, :diff_service, :find_changed_paths, request, timeout: GitalyClient.medium_timeout)
response.flat_map do |msg|
msg.paths.map do |path|
OpenStruct.new(
Gitlab::Git::ChangedPath.new(
status: path.status,
path: EncodingHelper.encode!(path.path)
)
......
......@@ -6,96 +6,63 @@ RSpec.describe Gitlab::Checks::DiffCheck do
include_context 'change access checks context'
describe '#validate!' do
let(:owner) { create(:user) }
before do
allow(project.repository).to receive(:new_commits).and_return(
project.repository.commits_between('be93687618e4b132087f430a4d8fc3a609c9b77c', '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51')
)
end
context 'with LFS not enabled' do
before do
allow(project).to receive(:lfs_enabled?).and_return(false)
end
it 'does not invoke :lfs_file_locks_validation' do
expect(subject).not_to receive(:lfs_file_locks_validation)
context 'when commits is empty' do
it 'does not call find_changed_paths' do
expect(project.repository).not_to receive(:find_changed_paths)
subject.validate!
end
end
context 'with LFS enabled' do
let!(:lock) { create(:lfs_file_lock, user: owner, project: project, path: 'README') }
context 'when commits is not empty' do
before do
allow(project).to receive(:lfs_enabled?).and_return(true)
allow(project.repository).to receive(:new_commits).and_return(
project.repository.commits_between('be93687618e4b132087f430a4d8fc3a609c9b77c', '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51')
)
end
context 'when change is sent by a different user' do
context 'when diff check with paths rpc feature flag is true' do
it 'raises an error if the user is not allowed to update the file' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.name}")
end
end
context 'when deletion is true' do
let(:newrev) { Gitlab::Git::BLANK_SHA }
context 'when diff check with paths rpc feature flag is false' do
before do
stub_feature_flags(diff_check_with_paths_changed_rpc: false)
end
it 'does not call find_changed_paths' do
expect(project.repository).not_to receive(:find_changed_paths)
it 'raises an error if the user is not allowed to update the file' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.name}")
end
subject.validate!
end
end
context 'when change is sent by the author of the lock' do
let(:user) { owner }
it "doesn't raise any error" do
expect { subject.validate! }.not_to raise_error
context 'with LFS not enabled' do
before do
allow(project).to receive(:lfs_enabled?).and_return(false)
end
end
end
context 'commit diff validations' do
before do
allow(subject).to receive(:validations_for_diff).and_return([lambda { |diff| return }])
expect_any_instance_of(Commit).to receive(:raw_deltas).and_call_original
stub_feature_flags(diff_check_with_paths_changed_rpc: false)
subject.validate!
end
context 'when request store is inactive' do
it 'are run for every commit' do
expect_any_instance_of(Commit).to receive(:raw_deltas).and_call_original
it 'does not invoke :lfs_file_locks_validation' do
expect(subject).not_to receive(:lfs_file_locks_validation)
subject.validate!
end
end
context 'when request store is active', :request_store do
it 'are cached for every commit' do
expect_any_instance_of(Commit).not_to receive(:raw_deltas)
context 'with LFS enabled' do
let(:owner) { create(:user) }
let!(:lock) { create(:lfs_file_lock, user: owner, project: project, path: 'README') }
subject.validate!
before do
allow(project).to receive(:lfs_enabled?).and_return(true)
end
it 'are run for not cached commits' do
allow(project.repository).to receive(:new_commits).and_return(
project.repository.commits_between('be93687618e4b132087f430a4d8fc3a609c9b77c', 'a5391128b0ef5d21df5dd23d98557f4ef12fae20')
)
change_access.instance_variable_set(:@commits, project.repository.new_commits)
context 'when change is sent by a different user' do
it 'raises an error if the user is not allowed to update the file' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.name}")
end
end
expect(project.repository.new_commits.first).not_to receive(:raw_deltas).and_call_original
expect(project.repository.new_commits.last).to receive(:raw_deltas).and_call_original
context 'when change is sent by the author of the lock' do
let(:user) { owner }
subject.validate!
it "doesn't raise any error" do
expect { subject.validate! }.not_to raise_error
end
end
end
end
......
# frozen_string_literal: true
require "spec_helper"
RSpec.describe Gitlab::Git::ChangedPath do
subject(:changed_path) { described_class.new(path: path, status: status) }
let(:path) { 'test_path' }
describe '#new_file?' do
subject(:new_file?) { changed_path.new_file? }
context 'when it is a new file' do
let(:status) { :ADDED }
it 'returns true' do
expect(new_file?).to eq(true)
end
end
context 'when it is not a new file' do
let(:status) { :MODIFIED }
it 'returns false' do
expect(new_file?).to eq(false)
end
end
end
end
......@@ -1191,25 +1191,25 @@ RSpec.describe Gitlab::Git::Repository, :seed_helper do
let(:commit_3) { '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9' }
let(:commit_1_files) do
[
OpenStruct.new(status: :ADDED, path: "files/executables/ls"),
OpenStruct.new(status: :ADDED, path: "files/executables/touch"),
OpenStruct.new(status: :ADDED, path: "files/links/regex.rb"),
OpenStruct.new(status: :ADDED, path: "files/links/ruby-style-guide.md"),
OpenStruct.new(status: :ADDED, path: "files/links/touch"),
OpenStruct.new(status: :MODIFIED, path: ".gitmodules"),
OpenStruct.new(status: :ADDED, path: "deeper/nested/six"),
OpenStruct.new(status: :ADDED, path: "nested/six")
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "files/executables/ls"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "files/executables/touch"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "files/links/regex.rb"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "files/links/ruby-style-guide.md"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "files/links/touch"),
Gitlab::Git::ChangedPath.new(status: :MODIFIED, path: ".gitmodules"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "deeper/nested/six"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "nested/six")
]
end
let(:commit_2_files) do
[OpenStruct.new(status: :ADDED, path: "bin/executable")]
[Gitlab::Git::ChangedPath.new(status: :ADDED, path: "bin/executable")]
end
let(:commit_3_files) do
[
OpenStruct.new(status: :MODIFIED, path: ".gitmodules"),
OpenStruct.new(status: :ADDED, path: "gitlab-shell")
Gitlab::Git::ChangedPath.new(status: :MODIFIED, path: ".gitmodules"),
Gitlab::Git::ChangedPath.new(status: :ADDED, path: "gitlab-shell")
]
end
......@@ -1217,7 +1217,7 @@ RSpec.describe Gitlab::Git::Repository, :seed_helper do
collection = repository.find_changed_paths([commit_1, commit_2, commit_3])
expect(collection).to be_a(Enumerable)
expect(collection.to_a).to eq(commit_1_files + commit_2_files + commit_3_files)
expect(collection.as_json).to eq((commit_1_files + commit_2_files + commit_3_files).as_json)
end
it 'returns no paths when SHAs are invalid' do
......@@ -1231,7 +1231,7 @@ RSpec.describe Gitlab::Git::Repository, :seed_helper do
collection = repository.find_changed_paths([nil, commit_1])
expect(collection).to be_a(Enumerable)
expect(collection.to_a).to eq(commit_1_files)
expect(collection.as_json).to eq(commit_1_files.as_json)
end
it 'returns no paths when the commits are nil' do
......
......@@ -162,11 +162,9 @@ RSpec.describe Gitlab::GitalyClient::CommitService do
.with(request, kind_of(Hash)).and_return([changed_paths_response])
returned_value = described_class.new(repository).find_changed_paths(commits)
mapped_expected_value = changed_paths_response.paths.map { |path| Gitlab::Git::ChangedPath.new(status: path.status, path: path.path) }
mapped_returned_value = returned_value.map(&:to_h)
mapped_expected_value = changed_paths_response.paths.map(&:to_h)
expect(mapped_returned_value).to eq(mapped_expected_value)
expect(returned_value.as_json).to eq(mapped_expected_value.as_json)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment