Add container registry with multiple auth tokens test

809fb115 · Sofia Vistas · Sanad Liaquat · 87358de5 · 809fb115 · 809fb115
Commit 809fb115 authored Nov 15, 2021 by Sofia Vistas Committed by Sanad Liaquat Nov 15, 2021
8 changed files
--- a/app/views/shared/deploy_tokens/_form.html.haml
+++ b/app/views/shared/deploy_tokens/_form.html.haml
@@ -36,7 +36,7 @@
        .text-secondary= s_('DeployTokens|Allows read-only access to registry images.')

      %fieldset.form-group.form-check
-        = f.check_box :write_registry, class: 'form-check-input'
+        = f.check_box :write_registry, class: 'form-check-input', data: { qa_selector: 'deploy_token_write_registry_checkbox' }
        = f.label :write_registry, 'write_registry', class: 'label-bold form-check-label'
        .text-secondary= s_('DeployTokens|Allows read and write access to registry images.')


--- a/qa/qa/page/project/settings/deploy_tokens.rb
+++ b/qa/qa/page/project/settings/deploy_tokens.rb
@@ -12,6 +12,7 @@ module QA
            element :deploy_token_read_package_registry_checkbox
            element :deploy_token_write_package_registry_checkbox
            element :deploy_token_read_registry_checkbox
+            element :deploy_token_write_registry_checkbox
            element :create_deploy_token_button
          end

@@ -29,11 +30,12 @@ module QA
            fill_element(:deploy_token_expires_at_field, expires_at.to_s + "\n")
          end

-          def fill_scopes(read_repository: false, read_registry: false, read_package_registry: false, write_package_registry: false)
-            check_element(:deploy_token_read_repository_checkbox) if read_repository
-            check_element(:deploy_token_read_package_registry_checkbox) if read_package_registry
-            check_element(:deploy_token_write_package_registry_checkbox) if write_package_registry
-            check_element(:deploy_token_read_registry_checkbox) if read_registry
+          def fill_scopes(scopes)
+            check_element(:deploy_token_read_repository_checkbox) if scopes.include? :read_repository
+            check_element(:deploy_token_read_package_registry_checkbox) if scopes.include? :read_package_registry
+            check_element(:deploy_token_write_package_registry_checkbox) if scopes.include? :write_package_registry
+            check_element(:deploy_token_read_registry_checkbox) if scopes.include? :read_registry
+            check_element(:deploy_token_write_registry_checkbox) if scopes.include? :write_registry
          end

          def add_token

--- a/qa/qa/resource/deploy_token.rb
+++ b/qa/qa/resource/deploy_token.rb
@@ -4,6 +4,7 @@ module QA
  module Resource
    class DeployToken < Base
      attr_accessor :name, :expires_at
+      attr_writer :scopes

      attribute :username do
        Page::Project::Settings::Repository.perform do |repository_page|
@@ -37,7 +38,7 @@ module QA
          setting.expand_deploy_tokens do |page|
            page.fill_token_name(name)
            page.fill_token_expires_at(expires_at)
-            page.fill_scopes(read_repository: true, read_package_registry: true, write_package_registry: true)
+            page.fill_scopes(@scopes)

            page.add_token
          end

--- a/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb
@@ -3,10 +3,27 @@
 module QA
  RSpec.describe 'Package', :orchestrated, only: { pipeline: :main } do
    describe 'Self-managed Container Registry' do
+      using RSpec::Parameterized::TableSyntax
+
      let(:project) do
        Resource::Project.fabricate_via_api! do |project|
          project.name = 'project-with-registry'
          project.template_name = 'express'
+          project.visibility = :private
+        end
+      end
+
+      let(:project_deploy_token) do
+        Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
+          deploy_token.name = 'registry-deploy-token'
+          deploy_token.project = project
+          deploy_token.scopes = [
+            :read_repository,
+            :read_package_registry,
+            :write_package_registry,
+            :read_registry,
+            :write_registry
+          ]
        end
      end

@@ -19,6 +36,8 @@ module QA
        end
      end

+      let(:personal_access_token) { Runtime::Env.personal_access_token }
+
      before do
        Flow::Login.sign_in
        project.visit!
@@ -26,68 +45,92 @@ module QA

      after do
        runner.remove_via_api!
+        project.remove_via_api!
      end

-      context 'when tls is enabled' do
-        it "pushes image and deletes tag", :registry_tls, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1911' do
-          Resource::Repository::Commit.fabricate_via_api! do |commit|
-            commit.project = project
-            commit.commit_message = 'Add .gitlab-ci.yml'
-            commit.add_files([{
-                                file_path: '.gitlab-ci.yml',
-                                content:
-                                <<~YAML
-                                  build:
-                                    image: docker:19.03.12
-                                    stage: build
-                                    services:
-                                    - name: docker:19.03.12-dind
-                                      command:
-                                      - /bin/sh
-                                      - -c
-                                      - |
-                                        apk add --no-cache openssl
-                                        true | openssl s_client -showcerts -connect gitlab.test:5050 > /usr/local/share/ca-certificates/gitlab.test.crt
-                                        update-ca-certificates
-                                        dockerd-entrypoint.sh || exit                                
-                                    variables:
-                                      IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
-                                    script:
-                                      - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD gitlab.test:5050
-                                      - docker build -t $IMAGE_TAG .
-                                      - docker push $IMAGE_TAG
-                                    tags:
-                                      - "runner-for-#{project.name}"
-                                YAML
-                            }])
-          end
-
-          Flow::Pipeline.visit_latest_pipeline
+      where(:authentication_token_type, :token_name) do
+        :personal_access_token | 'Personal Access Token'
+        :project_deploy_token  | 'Deploy Token'
+        :ci_job_token          | 'Job Token'
+      end

-          Page::Project::Pipeline::Show.perform do |pipeline|
-            pipeline.click_job('build')
+      with_them do
+        let(:auth_token) do
+          case authentication_token_type
+          when :personal_access_token
+            "\"#{personal_access_token}\""
+          when :project_deploy_token
+            "\"#{project_deploy_token.password}\""
+          when :ci_job_token
+            '$CI_JOB_TOKEN'
          end
+        end

-          Page::Project::Job::Show.perform do |job|
-            expect(job).to be_successful(timeout: 800)
+        let(:auth_user) do
+          case authentication_token_type
+          when :personal_access_token
+            "$CI_REGISTRY_USER"
+          when :project_deploy_token
+            "\"#{project_deploy_token.username}\""
+          when :ci_job_token
+            'gitlab-ci-token'
          end
+        end

-          Page::Project::Menu.perform(&:go_to_container_registry)
-
-          Page::Project::Registry::Show.perform do |registry|
-            expect(registry).to have_registry_repository(project.path_with_namespace)
-
-            registry.click_on_image(project.path_with_namespace)
-            expect(registry).to have_tag('master')
-
-            registry.click_delete
-            expect(registry).not_to have_tag('master')
+        context "when tls is disabled" do
+          it "using a #{params[:token_name]}, pushes image and deletes tag", :registry do
+            Resource::Repository::Commit.fabricate_via_api! do |commit|
+              commit.project = project
+              commit.commit_message = 'Add .gitlab-ci.yml'
+              commit.add_files([{
+                                  file_path: '.gitlab-ci.yml',
+                                  content:
+                                      <<~YAML
+                                        build:
+                                          image: docker:19.03.12
+                                          stage: build
+                                          services:
+                                          - name: docker:19.03.12-dind
+                                            command: ["--insecure-registry=gitlab.test:5050"]                                
+                                          variables:
+                                            IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+                                          script:
+                                            - docker login -u #{auth_user} -p #{auth_token} gitlab.test:5050
+                                            - docker build -t $IMAGE_TAG .
+                                            - docker push $IMAGE_TAG
+                                          tags:
+                                            - "runner-for-#{project.name}"
+                                      YAML
+                              }])
+            end
+
+            Flow::Pipeline.visit_latest_pipeline
+
+            Page::Project::Pipeline::Show.perform do |pipeline|
+              pipeline.click_job('build')
+            end
+
+            Page::Project::Job::Show.perform do |job|
+              expect(job).to be_successful(timeout: 800)
+            end
+
+            Page::Project::Menu.perform(&:go_to_container_registry)
+
+            Page::Project::Registry::Show.perform do |registry|
+              expect(registry).to have_registry_repository(project.path_with_namespace)
+
+              registry.click_on_image(project.path_with_namespace)
+              expect(registry).to have_tag('master')
+
+              registry.click_delete
+              expect(registry).not_to have_tag('master')
+            end
          end
        end
      end

-      context "when tls is disabled" do
-        it "pushes image and deletes tag", :registry, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2378' do
+      context "when tls is enabled" do
+        it "pushes image and deletes tag", :registry_tls, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2378' do
          Resource::Repository::Commit.fabricate_via_api! do |commit|
            commit.project = project
            commit.commit_message = 'Add .gitlab-ci.yml'
@@ -100,7 +143,14 @@ module QA
                                        stage: build
                                        services:
                                        - name: docker:19.03.12-dind
-                                          command: ["--insecure-registry=gitlab.test:5050"]                                
+                                          command:
+                                          - /bin/sh
+                                          - -c
+                                          - |
+                                            apk add --no-cache openssl
+                                            true | openssl s_client -showcerts -connect gitlab.test:5050 > /usr/local/share/ca-certificates/gitlab.test.crt
+                                            update-ca-certificates
+                                            dockerd-entrypoint.sh || exit                                
                                        variables:
                                          IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
                                        script:
@@ -119,8 +169,8 @@ module QA
            pipeline.click_job('build')
          end

-          Page::Project::Job::Show.perform do |job|
-            expect(job).to be_successful(timeout: 800)
+          Support::Retrier.retry_until(max_duration: 800, sleep_interval: 10) do
+            project.pipelines.last[:status] == 'success'
          end

          Page::Project::Menu.perform(&:go_to_container_registry)

--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_instance_level_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_instance_level_spec.rb
@@ -19,6 +19,11 @@ module QA
        Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
          deploy_token.name = 'npm-deploy-token'
          deploy_token.project = project
+          deploy_token.scopes = [
+            :read_repository,
+            :read_package_registry,
+            :write_package_registry
+          ]
        end
      end


--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_project_level_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_project_level_spec.rb
@@ -19,6 +19,11 @@ module QA
        Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
          deploy_token.name = 'npm-deploy-token'
          deploy_token.project = project
+          deploy_token.scopes = [
+            :read_repository,
+            :read_package_registry,
+            :write_package_registry
+          ]
        end
      end


--- a/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
+++ b/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
@@ -12,6 +12,7 @@ module QA
        deploy_token = Resource::DeployToken.fabricate_via_browser_ui! do |resource|
          resource.name = deploy_token_name
          resource.expires_at = one_week_from_now
+          resource.scopes = [:read_repository]
        end

        expect(deploy_token.username.length).to be > 0

--- a/qa/spec/support/shared_contexts/packages_registry_shared_context.rb
+++ b/qa/spec/support/shared_contexts/packages_registry_shared_context.rb
@@ -45,6 +45,11 @@ module QA
      Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
        deploy_token.name = 'package-deploy-token'
        deploy_token.project = package_project
+        deploy_token.scopes = [
+          :read_repository,
+          :read_package_registry,
+          :write_package_registry
+        ]
      end
    end