Commit c9626f9c authored by Sanad Liaquat's avatar Sanad Liaquat

Add e2e specs for ip restricted access via API and SSH

parent a62203ed
...@@ -9,8 +9,11 @@ module QA ...@@ -9,8 +9,11 @@ module QA
attr_accessor :project_name attr_accessor :project_name
attr_writer :wait_for_push attr_writer :wait_for_push
attribute :group
attribute :project do attribute :project do
Project.fabricate! do |resource| Project.fabricate! do |resource|
resource.group = group if @group
resource.name = project_name resource.name = project_name
resource.description = 'Project with repository' resource.description = 'Project with repository'
end end
...@@ -24,6 +27,7 @@ module QA ...@@ -24,6 +27,7 @@ module QA
@new_branch = true @new_branch = true
@project_name = 'project-with-code' @project_name = 'project-with-code'
@wait_for_push = true @wait_for_push = true
@group = nil
end end
def repository_http_uri def repository_http_uri
......
...@@ -32,14 +32,15 @@ module QA ...@@ -32,14 +32,15 @@ module QA
page.visit Runtime::Scenario.gitlab_address page.visit Runtime::Scenario.gitlab_address
set_ip_address_restriction_to(ip_address) set_ip_address_restriction_to(ip_address)
Flow::Login.sign_in(as: @user)
end end
context 'when restricted by another ip address' do context 'when restricted by another ip address' do
let(:ip_address) { get_next_ip_address(fetch_current_ip_address) } let(:ip_address) { get_next_ip_address(fetch_current_ip_address) }
context 'via the UI' do
it 'denies access' do it 'denies access' do
Flow::Login.sign_in(as: @user)
@group.sandbox.visit! @group.sandbox.visit!
expect(page).to have_text('Page Not Found') expect(page).to have_text('Page Not Found')
page.go_back page.go_back
...@@ -50,10 +51,42 @@ module QA ...@@ -50,10 +51,42 @@ module QA
end end
end end
context 'via the API' do
before do
@api_client ||= Runtime::API::Client.new(:gitlab, user: @user)
end
it 'denies access' do
request = create_request("/groups/#{@sandbox_group.id}")
response = get request.url
expect(response.code).to eq(404)
request = create_request("/groups/#{@group.id}")
response = get request.url
expect(response.code).to eq(404)
end
end
# Note: If you run this test against GDK make sure you've enabled sshd
# See: https://gitlab.com/gitlab-org/gitlab-qa/blob/master/docs/run_qa_against_gdk.md
context 'via the SSH' do
let(:key) { Resource::SSHKey.fabricate_via_api! }
it 'denies access' do
Flow::Login.sign_in
expect { push_a_project_with_ssh_key(key) }.to raise_error(QA::Git::Repository::RepositoryCommandError, /fatal: Could not read from remote repository/)
end
end
end
context 'when restricted by user\'s ip address' do context 'when restricted by user\'s ip address' do
let(:ip_address) { fetch_current_ip_address } let(:ip_address) { fetch_current_ip_address }
context 'via the UI' do
it 'allows access' do it 'allows access' do
Flow::Login.sign_in(as: @user)
@group.sandbox.visit! @group.sandbox.visit!
expect(page).to have_text(@group.sandbox.path) expect(page).to have_text(@group.sandbox.path)
...@@ -62,8 +95,47 @@ module QA ...@@ -62,8 +95,47 @@ module QA
end end
end end
context 'via the API' do
before do
@api_client ||= Runtime::API::Client.new(:gitlab, user: @user)
end
it 'allows access' do
request = create_request("/groups/#{@sandbox_group.id}")
response = get request.url
expect(response.code).to eq(200)
request = create_request("/groups/#{@group.id}")
response = get request.url
expect(response.code).to eq(200)
end
end
# Note: If you run this test against GDK make sure you've enabled sshd
# See: https://gitlab.com/gitlab-org/gitlab-qa/blob/master/docs/run_qa_against_gdk.md
context 'via the SSH' do
let(:key) { Resource::SSHKey.fabricate_via_api! }
it 'allows access' do
Flow::Login.sign_in
expect { push_a_project_with_ssh_key(key) }.not_to raise_error
end
end
end
private private
def push_a_project_with_ssh_key(key)
Resource::Repository::ProjectPush.fabricate! do |push|
push.group = @sandbox_group
push.ssh_key = key
push.file_name = 'README.md'
push.file_content = '# Test Use SSH Key'
push.commit_message = 'Add README.md'
end
end
def set_ip_address_restriction_to(ip_address) def set_ip_address_restriction_to(ip_address)
Flow::Login.while_signed_in_as_admin do Flow::Login.while_signed_in_as_admin do
@group.sandbox.visit! @group.sandbox.visit!
...@@ -102,6 +174,10 @@ module QA ...@@ -102,6 +174,10 @@ module QA
end end
end end
end end
def create_request(api_endpoint)
Runtime::API::Request.new(@api_client, api_endpoint)
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment