Skip to content

Update Secret Push Protection Spec, capture output

Will Meek requested to merge secret_push_spec_capture_output into master

What does this MR do and why?

Update Secret Push Protection Spec, capture output

It is suspected that when ran on Staging that the output of a failed commit is dropped. This updates the run command to allow failure messages to be captured by the test

See https://gitlab.com/gitlab-org/gitlab/-/issues/469440#note_1982892516

The test can be ran and ran and ran and ran locally against Staging and it passes every time. When it runs on Staging itself, the logs capture the expected commit error, but the test does not.

This MR allows the test visibility to the commit error message.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

This test targets environments - Staging, Production and the Canaries. (see https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection/ )

From the qa directory target Staging:

bundle install
GITLAB_QA_USER_AGENT=<USER_AGENT> GITLAB_USERNAME=<USERNAME> GITLAB_QA_ACCESS_TOKEN="<ACCESS_TOKEN>" GITLAB_PASSWORD="<GITLAB_PASSWORD>" QA_DEBUG=true WEBDRIVER_HEADLESS=false bundle exec bin/qa Test::Instance::All https://staging.gitlab.com qa/specs/features/ee/browser_ui/13_secure/secret_push_protection_spec.rb

NOTE - also check the negative case:

Edit the expected result eg. ln 39 of ./qa/specs/features/ee/browser_ui/13_secure/secret_push_protection_spec.rb

PUSH BLOCKED: Secrets detected in cde changes

Check that the test fails but displays the diff eg.

       Diff:
       @@ -1,2 +1,12 @@
       -/.*(PUSH BLOCKED: Secrets detected in cde changes )[\s\S]*(Secret push protection found the following secrets in commit)[\s\S]*(GitLab Personal Access Token)[\s\S]*(To push your changes you must remove the identified secrets.)/
       +remote: GitLab:
       +remote: PUSH BLOCKED: Secrets detected in code changes
       +remote:
       +remote: Secret push protection found the following secrets in commit: 3607c5f560d4719f88a8163750973b1a382c0edc
       +remote: -- new-file:1 | GitLab Personal Access Token
       +remote:
       +remote: To push your changes you must remove the identified secrets.
       +remote: For guidance, see https://staging.gitlab.com/help/user/application_security/secret_detection/secret_push_protection/index.html#resolve-a-blocked-push

Merge request reports