Merge branch 'api-push-rules' into 'master'

Add more push rules to the API Closes #493 and #948 See merge request !1022

Merge branch 'api-push-rules' into 'master'
Add more push rules to the API Closes #493 and #948 See merge request !1022
f51eb540 · Sean McGivern · 9887ff42 · 5da06598 · f51eb540 · f51eb540
Commit f51eb540 authored Jan 05, 2017 by Sean McGivern
5 changed files
--- a/changelogs/unreleased-ee/api-push-rules.yml
+++ b/changelogs/unreleased-ee/api-push-rules.yml
+---
+title: Add more push rules to the API
+merge_request: 1022
+author: Robert Schilling
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -1429,7 +1429,12 @@ Parameters:
  "project_id": 3,
  "commit_message_regex": "Fixes \d +\",
  "deny_delete_tag": false,
-  "created_at": "2012-10-12T17:04:47Z"
+  "created_at": "2012-10-12T17:04:47Z",
+  "member_check": false,
+  "prevent_secrets": false,
+  "author_email_regex": "",
+  "file_name_regex": "",
+  "max_file_size": 5
 }
 ```
@@ -1443,9 +1448,16 @@ POST /projects/:id/push_rule
 Parameters:
- `id` (required) - The ID of a project
+| Attribute | Type | Required | Description |
- `deny_delete_tag` - Do not allow users to remove git tags with git push
+| --------- | ---- | -------- | ----------- |
- `commit_message_regex` - Commit message regex
+| `id` | integer/string | yes | The ID of the project or NAMESPACE/PROJECT_NAME |
+| `deny_delete_tag` | boolean | no | Deny deleting a tag |
+| `member_check` | boolean | no | Restrict commits by author (email) to existing GitLab users |
+| `prevent_secrets` | boolean | no | GitLab will reject any files that are likely to contain secrets |
+| `commit_message_regex` | string | no | All commit messages must match this, e.g. `Fixed \d+\..*` |
+| `author_email_regex` | string | no | All commit author emails must match this, e.g. `@my-company.com$` |
+| `file_name_regex` | string | no | All commited filenames must **not** match this, e.g. `(jar|exe)$` |
+| `max_file_size` | integer | no | Maximum file size (MB) |
 ### Edit project push rule
@@ -1457,9 +1469,16 @@ PUT /projects/:id/push_rule
 Parameters:
- `id` (required) - The ID of a project
+| Attribute | Type | Required | Description |
- `deny_delete_tag` - Do not allow users to remove git tags with git push
+| --------- | ---- | -------- | ----------- |
- `commit_message_regex` - Commit message regex
+| `id` | integer/string | yes | The ID of the project or NAMESPACE/PROJECT_NAME |
+| `deny_delete_tag` | boolean | no | Deny deleting a tag |
+| `member_check` | boolean | no | Restrict commits by author (email) to existing GitLab users |
+| `prevent_secrets` | boolean | no | GitLab will reject any files that are likely to contain secrets |
+| `commit_message_regex` | string | no | All commit messages must match this, e.g. `Fixed \d+\..*` |
+| `author_email_regex` | string | no | All commit author emails must match this, e.g. `@my-company.com$` |
+| `file_name_regex` | string | no | All commited filenames must **not** match this, e.g. `(jar|exe)$` |
+| `max_file_size` | integer | no | Maximum file size (MB) |
 ### Delete project push rule

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -60,6 +60,8 @@ module API
    class ProjectPushRule < Grape::Entity
      expose :id, :project_id, :created_at
      expose :commit_message_regex, :deny_delete_tag
+      expose :member_check, :prevent_secrets, :author_email_regex
+      expose :file_name_regex, :max_file_size
    end
    class BasicProjectDetails < Grape::Entity

--- a/lib/api/project_push_rule.rb
+++ b/lib/api/project_push_rule.rb
 module API
-  # Projects push rule API
  class ProjectPushRule < Grape::API
    before { authenticate! }
    before { authorize_admin_project }
@@ -10,9 +9,16 @@ module API
    resource :projects do
      helpers do
        params :push_rule_params do
-          optional :commit_message_regex, type: String, desc: 'The commit message regex'
          optional :deny_delete_tag, type: Boolean, desc: 'Deny deleting a tag'
-          at_least_one_of :commit_message_regex, :deny_delete_tag
+          optional :member_check, type: Boolean, desc: 'Restrict commits by author (email) to existing GitLab users'
+          optional :prevent_secrets, type: Boolean, desc: 'GitLab will reject any files that are likely to contain secrets'
+          optional :commit_message_regex, type: String, desc: 'All commit messages must match this'
+          optional :author_email_regex, type: String, desc: 'All commit author emails must match this'
+          optional :file_name_regex, type: String, desc: 'All commited filenames must not match this'
+          optional :max_file_size, type: Integer, desc: 'Maximum file size (MB)'
+          at_least_one_of :deny_delete_tag, :member_check, :prevent_secrets,
+                          :commit_message_regex, :author_email_regex,
+                          :file_name_regex, :max_file_size
        end
      end

--- a/spec/requests/api/project_push_rule_spec.rb
+++ b/spec/requests/api/project_push_rule_spec.rb
@@ -19,8 +19,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "authorized user" do
      it "returns project push rule" do
        get api("/projects/#{project.id}/push_rule", user)
-        expect(response.status).to eq(200)
+        expect(response).to have_http_status(200)
        expect(json_response).to be_an Hash
        expect(json_response['project_id']).to eq(project.id)
      end
@@ -29,7 +29,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "unauthorized user" do
      it "does not have access to project push rule" do
        get api("/projects/#{project.id}/push_rule", user3)
-        expect(response.status).to eq(403)
+        expect(response).to have_http_status(403)
      end
    end
  end
@@ -38,20 +39,35 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "authorized user" do
      it "adds push rule to project" do
        post api("/projects/#{project.id}/push_rule", user),
-          deny_delete_tag: true
+          deny_delete_tag: true,  member_check: true, prevent_secrets: true,
-        expect(response.status).to eq(201)
+          commit_message_regex: 'JIRA\-\d+',
+          author_email_regex: '[a-zA-Z0-9]+@gitlab.com',
+          file_name_regex: '[a-zA-Z0-9]+.key',
+          max_file_size: 5
-        expect(json_response).to be_an Hash
+        expect(response).to have_http_status(201)
        expect(json_response['project_id']).to eq(project.id)
        expect(json_response['deny_delete_tag']).to eq(true)
+        expect(json_response['member_check']).to eq(true)
+        expect(json_response['prevent_secrets']).to eq(true)
+        expect(json_response['commit_message_regex']).to eq('JIRA\-\d+')
+        expect(json_response['author_email_regex']).to eq('[a-zA-Z0-9]+@gitlab.com')
+        expect(json_response['file_name_regex']).to eq('[a-zA-Z0-9]+.key')
+        expect(json_response['max_file_size']).to eq(5)
      end
    end
+    it 'returns 400 if no parameter is given' do
+      post api("/projects/#{project.id}/push_rule", user)
+      expect(response).to have_http_status(400)
+    end
    context "unauthorized user" do
      it "does not add push rule to project" do
-        post api("/projects/#{project.id}/push_rule", user3),
+        post api("/projects/#{project.id}/push_rule", user3), deny_delete_tag: true
-          deny_delete_tag: true
-        expect(response.status).to eq(403)
+        expect(response).to have_http_status(403)
      end
    end
  end
@@ -63,9 +79,9 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "with existing push rule" do
      it "does not add push rule to project" do
-        post api("/projects/#{project.id}/push_rule", user),
+        post api("/projects/#{project.id}/push_rule", user), deny_delete_tag: true
-          deny_delete_tag: true
-        expect(response.status).to eq(422)
+        expect(response).to have_http_status(422)
      end
    end
  end
@@ -78,24 +94,31 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    it "updates an existing project push rule" do
      put api("/projects/#{project.id}/push_rule", user),
        deny_delete_tag: false, commit_message_regex: 'Fixes \d+\..*'
-      expect(response.status).to eq(200)
+      expect(response).to have_http_status(200)
      expect(json_response['deny_delete_tag']).to eq(false)
      expect(json_response['commit_message_regex']).to eq('Fixes \d+\..*')
    end
+    it 'returns 400 if no parameter is given' do
+      put api("/projects/#{project.id}/push_rule", user)
+      expect(response).to have_http_status(400)
+    end
  end
  describe "PUT /projects/:id/push_rule" do
    it "gets error on non existing project push rule" do
      put api("/projects/#{project.id}/push_rule", user),
        deny_delete_tag: false, commit_message_regex: 'Fixes \d+\..*'
-      expect(response.status).to eq(404)
+      expect(response).to have_http_status(404)
    end
    it "does not update push rule for unauthorized user" do
-      post api("/projects/#{project.id}/push_rule", user3),
+      post api("/projects/#{project.id}/push_rule", user3), deny_delete_tag: true
-        deny_delete_tag: true
-      expect(response.status).to eq(403)
+      expect(response).to have_http_status(403)
    end
  end
@@ -107,8 +130,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "authorized user" do
      it "deletes push rule from project" do
        delete api("/projects/#{project.id}/push_rule", user)
-        expect(response.status).to eq(200)
+        expect(response).to have_http_status(200)
        expect(json_response).to be_an Hash
      end
    end
@@ -116,7 +139,8 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "unauthorized user" do
      it "returns a 403 error" do
        delete api("/projects/#{project.id}/push_rule", user3)
-        expect(response.status).to eq(403)
+        expect(response).to have_http_status(403)
      end
    end
  end
@@ -125,15 +149,16 @@ describe API::ProjectPushRule, 'ProjectPushRule', api: true  do
    context "for non existing push rule" do
      it "deletes push rule from project" do
        delete api("/projects/#{project.id}/push_rule", user)
-        expect(response.status).to eq(404)
+        expect(response).to have_http_status(404)
        expect(json_response).to be_an Hash
        expect(json_response['message']).to eq('404 Push Rule Not Found')
      end
      it "returns a 403 error if not authorized" do
        delete api("/projects/#{project.id}/push_rule", user3)
-        expect(response.status).to eq(403)
+        expect(response).to have_http_status(403)
      end
    end
  end