Commit befbd1f4 authored by James Fargher's avatar James Fargher

Merge branch '205302-update-model-and-finder-tests' into 'master'

Support 'license_scanning' in model tests

See merge request gitlab-org/gitlab!27828
parents c036703a eaa6119c
......@@ -96,13 +96,13 @@ FactoryBot.define do
end
end
trait :license_management_feature_branch do
trait :license_scanning_feature_branch do
after(:build) do |build|
build.job_artifacts << create(:ee_ci_job_artifact, :license_management_feature_branch, job: build)
build.job_artifacts << create(:ee_ci_job_artifact, :license_scanning_feature_branch, job: build)
end
end
trait :corrupted_license_management_report do
trait :corrupted_license_scanning_report do
after(:build) do |build|
build.job_artifacts << create(:ee_ci_job_artifact, :license_scan, :with_corrupted_data, job: build)
end
......
......@@ -159,13 +159,13 @@ FactoryBot.define do
end
end
trait :license_management_feature_branch do
file_type { :license_management }
trait :license_scanning_feature_branch do
file_type { :license_scanning }
file_format { :raw }
after(:build) do |artifact, _|
artifact.file = fixture_file_upload(
Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-license-management-report.json'), 'application/json')
Rails.root.join('ee/spec/fixtures/security_reports/feature-branch/gl-license-scanning-report.json'), 'application/json')
end
end
......@@ -300,7 +300,7 @@ FactoryBot.define do
end
trait :license_scan do
file_type { :license_management }
file_type { :license_scanning }
file_format { :raw }
end
......
......@@ -69,7 +69,7 @@ FactoryBot.define do
status { :success }
after(:build) do |pipeline, evaluator|
pipeline.builds << build(:ee_ci_build, :license_management_feature_branch, pipeline: pipeline, project: pipeline.project)
pipeline.builds << build(:ee_ci_build, :license_scanning_feature_branch, pipeline: pipeline, project: pipeline.project)
end
end
......@@ -77,7 +77,7 @@ FactoryBot.define do
status { :success }
after(:build) do |pipeline, evaluator|
pipeline.builds << build(:ee_ci_build, :corrupted_license_management_report, pipeline: pipeline, project: pipeline.project)
pipeline.builds << build(:ee_ci_build, :corrupted_license_scanning_report, pipeline: pipeline, project: pipeline.project)
end
end
......
......@@ -29,7 +29,7 @@ describe 'EE > Projects > Licenses > Maintainer views policies', :js do
let_it_be(:mit) { create(:software_license, :mit) }
let_it_be(:mit_policy) { create(:software_license_policy, :denied, software_license: mit, project: project) }
let_it_be(:pipeline) { create(:ee_ci_pipeline, project: project, builds: [create(:ee_ci_build, :license_scan_v2, :success)]) }
let(:report) { JSON.parse(fixture_file('security_reports/gl-license-management-report-v2.json', dir: 'ee')) }
let(:report) { JSON.parse(fixture_file('security_reports/gl-license-scanning-report-v2.json', dir: 'ee')) }
let(:known_licenses) { report['licenses'].find_all { |license| license['url'].present? } }
it 'displays licenses detected in the most recent scan report' do
......
......@@ -6,25 +6,19 @@ describe Security::LicenseManagementJobsFinder do
it_behaves_like ::Security::JobsFinder, described_class.allowed_job_types
describe "#execute" do
subject { finder.execute }
let(:pipeline) { create(:ci_pipeline) }
let(:finder) { described_class.new(pipeline: pipeline) }
subject { finder.execute }
context 'with multiple secure builds' do
let!(:sast_build) { create(:ci_build, :sast, pipeline: pipeline) }
let!(:container_scanning_build) { create(:ci_build, :container_scanning, pipeline: pipeline) }
let!(:dast_build) { create(:ci_build, :dast, pipeline: pipeline) }
let!(:license_scanning_build) { create(:ci_build, :license_scanning, pipeline: pipeline) }
let!(:license_management_build) { create(:ci_build, :license_management, pipeline: pipeline) }
it 'returns only the license_management jobs' do
is_expected.to include(license_management_build)
is_expected.not_to include(container_scanning_build)
is_expected.not_to include(dast_build)
is_expected.not_to include(sast_build)
end
it 'returns only the license_scanning jobs' do
is_expected.to contain_exactly(license_scanning_build, license_management_build)
end
end
end
......@@ -42,7 +42,7 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
end
context 'when parsing a valid v1.1 report' do
let(:v1_1_data) { fixture_file('security_reports/gl-license-management-report-v1.1.json', dir: 'ee') }
let(:v1_1_data) { fixture_file('security_reports/gl-license-scanning-report-v1.1.json', dir: 'ee') }
before do
subject.parse!(v1_1_data, report)
......@@ -74,7 +74,7 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
end
context 'when parsing a valid v2 report' do
let(:v2_data) { fixture_file('security_reports/gl-license-management-report-v2.json', dir: 'ee') }
let(:v2_data) { fixture_file('security_reports/gl-license-scanning-report-v2.json', dir: 'ee') }
before do
subject.parse!(v2_data, report)
......
......@@ -279,7 +279,7 @@ describe Gitlab::Ci::Reports::LicenseScanning::Report do
context 'when parsing a v2 report' do
subject { described_class.parse_from(v2_json) }
let(:v2_json) { fixture_file('security_reports/gl-license-management-report-v2.json', dir: 'ee') }
let(:v2_json) { fixture_file('security_reports/gl-license-scanning-report-v2.json', dir: 'ee') }
it { expect(subject.version).to eql('2.0') }
it { expect(subject.licenses.count).to eq(3) }
......
......@@ -203,8 +203,22 @@ describe Ci::Build do
it { expect(license_scanning_report.licenses.count).to eq(0) }
context 'when build has a license management report' do
context 'when there is a license scanning report' do
context 'when build has a license scanning report' do
context 'when there is a new type report' do
before do
create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
end
it 'parses blobs and add the results to the report' do
expect { subject }.not_to raise_error
expect(license_scanning_report.licenses.count).to eq(4)
expect(license_scanning_report.licenses.map(&:name)).to contain_exactly("Apache 2.0", "MIT", "New BSD", "unknown")
expect(license_scanning_report.licenses.find { |x| x.name == 'MIT' }.dependencies.count).to eq(52)
end
end
context 'when there is an old type report' do
before do
create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
end
......@@ -218,7 +232,7 @@ describe Ci::Build do
end
end
context 'when there is a corrupted license management report' do
context 'when there is a corrupted report' do
before do
create(:ee_ci_job_artifact, :license_scan, :with_corrupted_data, job: job, project: job.project)
end
......@@ -231,7 +245,7 @@ describe Ci::Build do
context 'when Feature flag is disabled for License Scanning reports parsing' do
before do
stub_feature_flags(parse_license_management_reports: false)
create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
end
it 'does NOT parse license scanning report' do
......@@ -241,10 +255,10 @@ describe Ci::Build do
end
end
context 'when the license management feature is disabled' do
context 'when the license scanning feature is disabled' do
before do
stub_licensed_features(license_scanning: false)
create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
end
it 'does NOT parse license scanning report' do
......@@ -289,7 +303,7 @@ describe Ci::Build do
end
describe '#collect_licenses_for_dependency_list!' do
let!(:lm_artifact) { create(:ee_ci_job_artifact, :license_management, job: job, project: job.project) }
let!(:license_scan_artifact) { create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project) }
let(:dependency_list_report) { Gitlab::Ci::Reports::DependencyList::Report.new }
let(:dependency) { build(:dependency, :nokogiri) }
......@@ -378,7 +392,7 @@ describe Ci::Build do
describe ".license_scan" do
it 'returns only license artifacts' do
create(:ci_build, job_artifacts: [create(:ci_job_artifact, :zip)])
build_with_license_scan = create(:ci_build, job_artifacts: [create(:ci_job_artifact, file_type: :license_management, file_format: :raw)])
build_with_license_scan = create(:ci_build, job_artifacts: [create(:ci_job_artifact, file_type: :license_scanning, file_format: :raw)])
expect(described_class.license_scan).to contain_exactly(build_with_license_scan)
end
......
......@@ -250,14 +250,9 @@ describe Ci::Pipeline do
stub_licensed_features(license_scanning: true)
end
context 'when pipeline has multiple builds with license management reports' do
let!(:build_1) { create(:ci_build, :success, name: 'license_management', pipeline: pipeline, project: project) }
let!(:build_2) { create(:ci_build, :success, name: 'license_management2', pipeline: pipeline, project: project) }
before do
create(:ee_ci_job_artifact, :license_management, job: build_1, project: project)
create(:ee_ci_job_artifact, :license_management_feature_branch, job: build_2, project: project)
end
context 'when pipeline has multiple builds with license scanning reports' do
let!(:build_1) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }
let!(:build_2) { create(:ee_ci_build, :success, :license_scanning_feature_branch, pipeline: pipeline, project: project) }
it 'returns a license scanning report with collected data' do
expect(subject.licenses.count).to eq(5)
......@@ -265,8 +260,10 @@ describe Ci::Pipeline do
end
context 'when builds are retried' do
let!(:build_1) { create(:ci_build, :retried, :success, name: 'license_management', pipeline: pipeline, project: project) }
let!(:build_2) { create(:ci_build, :retried, :success, name: 'license_management2', pipeline: pipeline, project: project) }
before do
build_1.update(retried: true)
build_2.update(retried: true)
end
it 'does not take retried builds into account' do
expect(subject.licenses).to be_empty
......@@ -274,7 +271,7 @@ describe Ci::Pipeline do
end
end
context 'when pipeline does not have any builds with license management reports' do
context 'when pipeline does not have any builds with license scanning reports' do
it 'returns an empty license scanning report' do
expect(subject.licenses).to be_empty
end
......@@ -289,10 +286,8 @@ describe Ci::Pipeline do
end
context 'when pipeline has a build with dependency list reports' do
let!(:build) { create(:ci_build, :success, name: 'dependency_list', pipeline: pipeline, project: project) }
let!(:artifact) { create(:ee_ci_job_artifact, :dependency_list, job: build, project: project) }
let!(:build2) { create(:ci_build, :success, name: 'license_management', pipeline: pipeline, project: project) }
let!(:artifact2) { create(:ee_ci_job_artifact, :license_management, job: build, project: project) }
let!(:build) { create(:ee_ci_build, :success, :dependency_list, pipeline: pipeline, project: project) }
let!(:build2) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }
it 'returns a dependency list report with collected data' do
expect(subject.dependencies.count).to eq(21)
......@@ -301,8 +296,9 @@ describe Ci::Pipeline do
end
context 'when builds are retried' do
let!(:build) { create(:ci_build, :retried, :success, name: 'dependency_list', pipeline: pipeline, project: project) }
let!(:artifact) { create(:ee_ci_job_artifact, :dependency_list, job: build, project: project) }
before do
build.update(retried: true)
end
it 'does not take retried builds into account' do
expect(subject.dependencies).to be_empty
......
......@@ -43,13 +43,13 @@ RSpec.describe SCA::LicenseCompliance do
context "when the license scan job has not finished" do
let(:builds) { [create(:ci_build, :running, job_artifacts: [artifact])] }
let(:artifact) { create(:ci_job_artifact, file_type: :license_management, file_format: :raw) }
let(:artifact) { create(:ci_job_artifact, file_type: :license_scanning, file_format: :raw) }
it { expect(subject.policies).to be_empty }
end
context "when the license scan produces a poorly formatted report" do
let(:builds) { [create(:ee_ci_build, :running, :corrupted_license_management_report)] }
let(:builds) { [create(:ee_ci_build, :running, :corrupted_license_scanning_report)] }
it { expect(subject.policies).to be_empty }
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment