Merge branch 'api_admin_mode_test_12' into 'master'

Adjust tests to api admin mode (12) See merge request !115040 Merged-by: Andreas Deicha <andreas.deicha@noser.com> Approved-by: Terri Chu <tchu@gitlab.com> Reviewed-by: Brian Williams <bwilliams@gitlab.com> Reviewed-by: Andreas Deicha <andreas.deicha@noser.com>

Merge branch 'api_admin_mode_test_12' into 'master'
f3654e3c · Andreas Deicha · 5384bcc7 · 7b90062b · f3654e3c · f3654e3c
Commit f3654e3c authored 1 year ago by Andreas Deicha
--- a/ee/spec/requests/api/vulnerabilities_spec.rb
+++ b/ee/spec/requests/api/vulnerabilities_spec.rb
@@ -24,7 +24,7 @@
        project.add_developer(user)
      end

-      it 'returns all vulnerabilities of a project' do
+      it 'returns all vulnerabilities of a project', :aggregate_failures do
        get_vulnerabilities

        expect(response).to have_gitlab_http_status(:ok)
@@ -36,7 +36,7 @@
      context 'with pagination' do
        let(:project_vulnerabilities_path) { "#{super()}?page=3&per_page=1" }

-        it 'paginates the vulnerabilities according to the pagination params' do
+        it 'paginates the vulnerabilities according to the pagination params', :aggregate_failures do
          low_severity_vulnerability = create(:vulnerability, :with_finding, project: project, severity: :low)

          get_vulnerabilities
@@ -49,7 +49,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { get_vulnerabilities }.to be_allowed_for(:admin) }
      it { expect { get_vulnerabilities }.to be_allowed_for(:owner).of(project) }
      it { expect { get_vulnerabilities }.to be_allowed_for(:maintainer).of(project) }
@@ -75,7 +75,7 @@
        project.add_developer(user)
      end

-      it 'returns the desired vulnerability' do
+      it 'returns the desired vulnerability', :aggregate_failures do
        get_vulnerability

        expect(response).to have_gitlab_http_status(:ok)
@@ -83,7 +83,7 @@
        expect(json_response['id']).to eq vulnerability_id
      end

-      it 'returns the desired findings' do
+      it 'returns the desired findings', :aggregate_failures do
        get_vulnerability

        expect(response).to have_gitlab_http_status(:ok)
@@ -95,7 +95,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { get_vulnerability }.to be_allowed_for(:admin) }
      it { expect { get_vulnerability }.to be_allowed_for(:owner).of(project) }
      it { expect { get_vulnerability }.to be_allowed_for(:maintainer).of(project) }
@@ -122,7 +122,7 @@
        project.add_developer(user)
      end

-      it 'creates a vulnerability from finding and attaches it to the vulnerability' do
+      it 'creates a vulnerability from finding and attaches it to the vulnerability', :aggregate_failures do
        expect { subject }.to change { project.vulnerabilities.count }.by(1)
        expect(project.vulnerabilities.last).to(
          have_attributes(
@@ -143,7 +143,7 @@
      context 'when finding id is unknown' do
        let(:finding_id) { 0 }

-        it 'responds with expected error' do
+        it 'responds with expected error', :aggregate_failures do
          subject

          expect(response).to have_gitlab_http_status(:bad_request)
@@ -156,7 +156,7 @@
          create(:vulnerability, findings: [finding], project: finding.project)
        end

-        it 'rejects creation of a new vulnerability from this finding' do
+        it 'rejects creation of a new vulnerability from this finding', :aggregate_failures do
          subject

          expect(response).to have_gitlab_http_status(:bad_request)
@@ -167,7 +167,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { create_vulnerability }.to be_allowed_for(:admin) }
      it { expect { create_vulnerability }.to be_allowed_for(:owner).of(project) }
      it { expect { create_vulnerability }.to be_allowed_for(:maintainer).of(project) }
@@ -202,7 +202,7 @@
          stub_feature_flags(deprecate_vulnerabilities_feedback: false)
        end

-        it 'dismisses a vulnerability and its associated findings' do
+        it 'dismisses a vulnerability and its associated findings', :aggregate_failures do
          freeze_time do
            dismiss_vulnerability

@@ -240,7 +240,7 @@
          Grape::Endpoint.before_each nil
        end

-        it 'responds with error' do
+        it 'responds with error', :aggregate_failures do
          dismiss_vulnerability

          expect(response).to have_gitlab_http_status(:bad_request)
@@ -261,7 +261,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { dismiss_vulnerability }.to be_allowed_for(:admin) }
      it { expect { dismiss_vulnerability }.to be_allowed_for(:owner).of(project) }
      it { expect { dismiss_vulnerability }.to be_allowed_for(:maintainer).of(project) }
@@ -291,7 +291,7 @@
        project.add_developer(user)
      end

-      it 'resolves a vulnerability and its associated findings' do
+      it 'resolves a vulnerability and its associated findings', :aggregate_failures do
        freeze_time do
          resolve_vulnerability

@@ -311,7 +311,7 @@
          post api("/vulnerabilities/#{vulnerability_id}/resolve", user), params: { comment: comment }
        end

-        it 'adds the comment to the vulnerability state transition' do
+        it 'adds the comment to the vulnerability state transition', :aggregate_failures do
          resolve_vulnerability

          expect(response).to have_gitlab_http_status(:created)
@@ -336,7 +336,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { resolve_vulnerability }.to be_allowed_for(:admin) }
      it { expect { resolve_vulnerability }.to be_allowed_for(:owner).of(project) }
      it { expect { resolve_vulnerability }.to be_allowed_for(:maintainer).of(project) }
@@ -371,7 +371,7 @@
        project.add_developer(user)
      end

-      it 'confirms a vulnerability and its associated findings' do
+      it 'confirms a vulnerability and its associated findings', :aggregate_failures do
        freeze_time do
          confirm_vulnerability

@@ -400,7 +400,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { confirm_vulnerability }.to be_allowed_for(:admin) }
      it { expect { confirm_vulnerability }.to be_allowed_for(:owner).of(project) }
      it { expect { confirm_vulnerability }.to be_allowed_for(:maintainer).of(project) }
@@ -473,7 +473,7 @@
          Grape::Endpoint.before_each nil
        end

-        it 'responds with error' do
+        it 'responds with error', :aggregate_failures do
          revert_vulnerability_to_detected

          expect(response).to have_gitlab_http_status(:bad_request)
@@ -494,7 +494,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { revert_vulnerability_to_detected }.to be_allowed_for(:admin) }
      it { expect { revert_vulnerability_to_detected }.to be_allowed_for(:owner).of(project) }
      it { expect { revert_vulnerability_to_detected }.to be_allowed_for(:maintainer).of(project) }

--- a/ee/spec/requests/api/vulnerability_exports_spec.rb
+++ b/ee/spec/requests/api/vulnerability_exports_spec.rb
@@ -22,7 +22,7 @@
    context 'when the request does not fulfill the requirements' do
      let(:format) { 'exif' }

-      it 'responds with bad_request' do
+      it 'responds with bad_request', :aggregate_failures do
        create_vulnerability_export

        expect(response).to have_gitlab_http_status(:bad_request)
@@ -54,7 +54,7 @@
        context 'when the export creation succeeds' do
          let(:vulnerability_export) { create(:vulnerability_export) }

-          it 'returns information about new vulnerability export' do
+          it 'returns information about new vulnerability export', :aggregate_failures do
            create_vulnerability_export

            expect(response).to have_gitlab_http_status(:created)
@@ -66,7 +66,7 @@
          let(:errors) { instance_double(ActiveModel::Errors, any?: true, messages: ['foo']) }
          let(:vulnerability_export) { instance_double(Vulnerabilities::Export, persisted?: false, errors: errors) }

-          it 'returns the error message' do
+          it 'returns the error message', :aggregate_failures do
            create_vulnerability_export

            expect(response).to have_gitlab_http_status(:bad_request)
@@ -89,7 +89,7 @@
      let(:deny_setup) { project.add_guest(user) }
      let(:permission_setup) { project.add_developer(user) }

-      describe 'permissions' do
+      describe 'permissions', :enable_admin_mode do
        it { expect { create_vulnerability_export }.to be_allowed_for(:admin) }
        it { expect { create_vulnerability_export }.to be_allowed_for(:owner).of(project) }
        it { expect { create_vulnerability_export }.to be_allowed_for(:maintainer).of(project) }
@@ -132,7 +132,7 @@
      end

      context 'when export is finished' do
-        it 'returns information about vulnerability export' do
+        it 'returns information about vulnerability export', :aggregate_failures do
          get_vulnerability_export

          expect(response).to have_gitlab_http_status(:ok)
@@ -150,7 +150,7 @@
      context 'when export is running' do
        let_it_be(:vulnerability_export) { create(:vulnerability_export, :running, :csv, project: project, author: user) }

-        it 'returns information about vulnerability export' do
+        it 'returns information about vulnerability export', :aggregate_failures do
          get_vulnerability_export

          expect(response).to have_gitlab_http_status(:accepted)
@@ -166,7 +166,7 @@
      end
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      context 'for export author' do
        before do
          project.add_developer(user)
@@ -200,7 +200,7 @@
      context 'when export is running' do
        let!(:vulnerability_export) { create(:vulnerability_export, :running, :csv, project: project, author: user) }

-        it 'renders 404' do
+        it 'renders 404', :aggregate_failures do
          download_vulnerability_export

          expect(response).to have_gitlab_http_status(:not_found)
@@ -220,7 +220,7 @@
      end

      context 'when export is finished' do
-        it 'renders 200 with CSV file' do
+        it 'renders 200 with CSV file', :aggregate_failures do
          download_vulnerability_export

          expect(response).to have_gitlab_http_status(:ok)
@@ -231,7 +231,7 @@
    end

    describe 'permissions' do
-      context 'for export author' do
+      context 'for export author', :enable_admin_mode do
        before do
          project.add_developer(user)
        end

--- a/ee/spec/requests/api/vulnerability_findings_spec.rb
+++ b/ee/spec/requests/api/vulnerability_findings_spec.rb
@@ -58,7 +58,7 @@
      # That's why the page size is 40.
      let(:pagination) { { per_page: 40 } }

-      it 'returns all non-dismissed vulnerabilities' do
+      it 'returns all non-dismissed vulnerabilities', :aggregate_failures do
        # all findings except one that was dismissed
        finding_count = (sast_report.findings.count + ds_report.findings.count - 1).to_s

@@ -77,7 +77,7 @@
          stub_feature_flags(deprecate_vulnerabilities_feedback: false)
        end

-        it 'returns all non-dismissed vulnerabilities' do
+        it 'returns all non-dismissed vulnerabilities', :aggregate_failures do
          # all findings except one that was dismissed
          finding_count = (sast_report.findings.count + ds_report.findings.count - 1).to_s

@@ -119,7 +119,7 @@
        context 'when the `Security::PureFindingsFinder` is not available' do
          let(:pure_finder_available?) { false }

-          it 'uses the `Security::FindingsFinder`' do
+          it 'uses the `Security::FindingsFinder`', :aggregate_failures do
            expect(mock_pure_findings_finder).not_to have_received(:execute)
            expect(mock_findings_finder).to have_received(:execute)
          end
@@ -128,7 +128,7 @@
        context 'when the `Security::PureFindingsFinder` is available' do
          let(:pure_finder_available?) { true }

-          it 'uses the `Security::FindingsFinder`' do
+          it 'uses the `Security::FindingsFinder`', :aggregate_failures do
            expect(mock_pure_findings_finder).to have_received(:execute)
            expect(mock_findings_finder).not_to have_received(:execute)
          end
@@ -136,7 +136,7 @@
      end

      describe 'filtering' do
-        it 'returns vulnerabilities with sast report_type' do
+        it 'returns vulnerabilities with sast report_type', :aggregate_failures do
          finding_count = (sast_report.findings.count - 1).to_s # all SAST findings except one that was dismissed

          get api(project_vulnerability_findings_path, user), params: { report_type: 'sast' }
@@ -152,7 +152,7 @@
          expect(json_response.first['name']).to eq 'ECB mode is insecure'
        end

-        it 'returns vulnerabilities with dependency_scanning report_type' do
+        it 'returns vulnerabilities with dependency_scanning report_type', :aggregate_failures do
          finding_count = ds_report.findings.count.to_s

          get api(project_vulnerability_findings_path, user), params: { report_type: 'dependency_scanning' }
@@ -174,7 +174,7 @@
          expect(response).to have_gitlab_http_status(:bad_request)
        end

-        it 'returns dismissed vulnerabilities with `all` scope' do
+        it 'returns dismissed vulnerabilities with `all` scope', :aggregate_failures do
          finding_count = (sast_report.findings.count + ds_report.findings.count).to_s

          get api(project_vulnerability_findings_path, user), params: { scope: 'all' }.merge(pagination)
@@ -184,7 +184,7 @@
          expect(response.headers['X-Total']).to eq finding_count
        end

-        it 'returns vulnerabilities with low severity' do
+        it 'returns vulnerabilities with low severity', :aggregate_failures do
          get api(project_vulnerability_findings_path, user), params: { severity: 'low' }.merge(pagination)

          expect(response).to have_gitlab_http_status(:ok)
@@ -198,7 +198,7 @@
          expect(response).to have_gitlab_http_status(:bad_request)
        end

-        it 'returns vulnerabilities with high confidence' do
+        it 'returns vulnerabilities with high confidence', :aggregate_failures do
          get api(project_vulnerability_findings_path, user), params: { confidence: 'high' }.merge(pagination)

          expect(response).to have_gitlab_http_status(:ok)
@@ -213,7 +213,7 @@
        end

        context 'when pipeline_id is supplied' do
-          it 'returns vulnerabilities from supplied pipeline' do
+          it 'returns vulnerabilities from supplied pipeline', :aggregate_failures do
            finding_count = (sast_report.findings.count + ds_report.findings.count - 1).to_s

            get api(project_vulnerability_findings_path, user), params: { pipeline_id: pipeline.id }.merge(pagination)
@@ -254,7 +254,7 @@
      end
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      subject(:get_vulnerability_findings) { get api(project_vulnerability_findings_path, user) }

      it { expect { get_vulnerability_findings }.to be_allowed_for(:admin) }

--- a/ee/spec/requests/api/vulnerability_issue_links_spec.rb
+++ b/ee/spec/requests/api/vulnerability_issue_links_spec.rb
@@ -49,7 +49,7 @@

        include_examples 'responds with list of only visible issue links'

-        it 'does not return confidential issue in the response' do
+        it 'does not return confidential issue in the response', :aggregate_failures do
          get_issue_links

          expect(json_response.map { |link| link['id'] }).not_to include(confidential_issue.id)
@@ -64,7 +64,7 @@

        include_examples 'responds with list of only visible issue links'

-        it 'does not return issue from inaccessible project' do
+        it 'does not return issue from inaccessible project', :aggregate_failures do
          get_issue_links

          expect(json_response.map { |link| link['id'] }).not_to include(private_issue.id)
@@ -77,7 +77,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { get_issue_links }.to be_allowed_for(:admin) }
      it { expect { get_issue_links }.to be_allowed_for(:owner).of(project) }
      it { expect { get_issue_links }.to be_allowed_for(:maintainer).of(project) }
@@ -108,7 +108,7 @@
      end

      context 'with valid params' do
-        it 'creates a new vulnerability-issue link' do
+        it 'creates a new vulnerability-issue link', :aggregate_failures do
          create_issue_link

          expect(response).to have_gitlab_http_status(:created)
@@ -149,7 +149,7 @@
            other_issue.project.add_developer(user)
          end

-          it 'creates a new vulnerability-issue link' do
+          it 'creates a new vulnerability-issue link', :aggregate_failures do
            create_issue_link

            expect(response).to have_gitlab_http_status(:created)
@@ -176,7 +176,7 @@
          create(:vulnerabilities_issue_link, vulnerability: vulnerability, issue: issue)
        end

-        it 'responds with "conflict" status code and specific error message' do
+        it 'responds with "conflict" status code and specific error message', :aggregate_failures do
          create_issue_link

          expect(response).to have_gitlab_http_status(:unprocessable_entity)
@@ -191,7 +191,7 @@

        let(:params) { super().merge(link_type: 'created') }

-        it 'responds with "conflict" status code and specific error message' do
+        it 'responds with "conflict" status code and specific error message', :aggregate_failures do
          create_issue_link

          expect(response).to have_gitlab_http_status(:unprocessable_entity)
@@ -214,7 +214,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { create_issue_link }.to be_allowed_for(:admin) }
      it { expect { create_issue_link }.to be_allowed_for(:owner).of(project) }
      it { expect { create_issue_link }.to be_allowed_for(:maintainer).of(project) }
@@ -243,7 +243,7 @@
      end

      context 'with valid params' do
-        it 'deletes the specified vulnerability-issue link' do
+        it 'deletes the specified vulnerability-issue link', :aggregate_failures do
          delete_issue_link

          expect(response).to have_gitlab_http_status(:ok)
@@ -259,7 +259,7 @@
          let_it_be(:issue) { create(:issue, project: private_project) }
          let_it_be(:vulnerability_issue_link) { create(:vulnerabilities_issue_link, vulnerability: vulnerability, issue: issue) }

-          it 'deletes the link without disclosing the linked issue' do
+          it 'deletes the link without disclosing the linked issue', :aggregate_failures do
            delete_issue_link

            expect(response).to have_gitlab_http_status(:ok)
@@ -285,7 +285,7 @@
      it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
    end

-    describe 'permissions' do
+    describe 'permissions', :enable_admin_mode do
      it { expect { delete_issue_link }.to be_allowed_for(:admin) }
      it { expect { delete_issue_link }.to be_allowed_for(:owner).of(project) }
      it { expect { delete_issue_link }.to be_allowed_for(:maintainer).of(project) }

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -415,10 +415,6 @@
      ./ee/spec/requests/api/projects_spec.rb
      ./ee/spec/requests/api/settings_spec.rb
      ./ee/spec/requests/api/users_spec.rb
-      ./ee/spec/requests/api/vulnerabilities_spec.rb
-      ./ee/spec/requests/api/vulnerability_exports_spec.rb
-      ./ee/spec/requests/api/vulnerability_findings_spec.rb
-      ./ee/spec/requests/api/vulnerability_issue_links_spec.rb
      ./ee/spec/support/shared_examples/requests/api/project_approval_rules_api_shared_examples.rb
    ]