root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-12-29 18:09:53 +00:00
parent dbdfb3e36d
commit 2dcdb22ddf
27 changed files with 175 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/application_controller.rb
View File

@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base
include ::Gitlab::EndpointAttributes
include FlocOptOut
include CheckRateLimit
extend ContentSecurityPolicyPatch
before_action :limit_session_time, if: -> { !current_user }
before_action :authenticate_user!, except: [:route_not_found]

10
app/controllers/concerns/observability/content_security_policy.rb
View File

@ -5,8 +5,14 @@ module Observability
extend ActiveSupport::Concern
included do
content_security_policy do |p|
next if p.directives.blank? || Gitlab::Observability.observability_url.blank?
content_security_policy_with_context do |p|
current_group = if defined?(group)
group
else
defined?(project) ? project&.group : nil
end
next if p.directives.blank? || !Gitlab::Observability.observability_enabled?(current_user, current_group)
default_frame_src = p.directives['frame-src'] || p.directives['default-src']

4
app/controllers/groups/observability_controller.rb
View File

@ -26,9 +26,7 @@ module Groups
end
def check_observability_allowed
return render_404 unless Gitlab::Observability.observability_url.present?
render_404 unless can?(current_user, :read_observability, @group)
render_404 unless Gitlab::Observability.observability_enabled?(current_user, group)
end
end
end

16
app/controllers/projects/merge_requests/diffs_controller.rb
View File

@ -46,8 +46,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
commit: commit,
diff_view: diff_view,
merge_ref_head_diff: render_merge_ref_head_diff?,
pagination_data: diffs.pagination_data,
merge_conflicts_in_diff: display_merge_conflicts_in_diff?
pagination_data: diffs.pagination_data
}
# NOTE: Any variables that would affect the resulting json needs to be added to the cache_context to avoid stale cache issues.
@ -59,8 +58,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
params[:expanded],
params[:page],
params[:per_page],
options[:merge_ref_head_diff],
options[:merge_conflicts_in_diff]
options[:merge_ref_head_diff]
]
return unless stale?(etag: [cache_context + diff_options_hash.fetch(:paths, []), diffs])
@ -84,8 +82,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
options = additional_attributes.merge(
only_context_commits: show_only_context_commits?,
merge_ref_head_diff: render_merge_ref_head_diff?,
merge_conflicts_in_diff: display_merge_conflicts_in_diff?
merge_ref_head_diff: render_merge_ref_head_diff?
)
render json: DiffsMetadataSerializer.new(project: @merge_request.project, current_user: current_user)
@ -113,8 +110,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
options = additional_attributes.merge(
diff_view: "inline",
merge_ref_head_diff: render_merge_ref_head_diff?,
merge_conflicts_in_diff: display_merge_conflicts_in_diff?
merge_ref_head_diff: render_merge_ref_head_diff?
)
options[:context_commits] = @merge_request.recent_context_commits
@ -242,8 +238,4 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter
.track_mr_diffs_single_file_action(merge_request: @merge_request, user: current_user)
end
def display_merge_conflicts_in_diff?
Feature.enabled?(:display_merge_conflicts_in_diff, @merge_request.project)
end
end

2
app/serializers/diffs_entity.rb
View File

@ -74,7 +74,7 @@ class DiffsEntity < Grape::Entity
options.merge(
submodule_links: submodule_links,
code_navigation_path: code_navigation_path(diffs),
conflicts: (conflicts(allow_tree_conflicts: true) if options[:merge_conflicts_in_diff])
conflicts: conflicts(allow_tree_conflicts: true)
)
)
end

2
app/serializers/diffs_metadata_entity.rb
View File

@ -6,7 +6,7 @@ class DiffsMetadataEntity < DiffsEntity
DiffFileMetadataEntity.represent(
diffs.raw_diff_files(sorted: true),
options.merge(
conflicts: (conflicts(allow_tree_conflicts: true) if options[:merge_conflicts_in_diff])
conflicts: conflicts(allow_tree_conflicts: true)
)
)
end

2
app/serializers/paginated_diff_entity.rb
View File

@ -17,7 +17,7 @@ class PaginatedDiffEntity < Grape::Entity
options.merge(
submodule_links: submodule_links,
code_navigation_path: code_navigation_path(diffs),
conflicts: (conflicts(allow_tree_conflicts: true) if options[:merge_conflicts_in_diff])
conflicts: conflicts(allow_tree_conflicts: true)
)
)
end

8
config/feature_flags/development/display_merge_conflicts_in_diff.yml
View File

@ -1,8 +0,0 @@
---
name: display_merge_conflicts_in_diff
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45008
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/276918
milestone: '13.5'
type: development
group: group::code review
default_enabled: true

18
db/post_migrate/20221228210616_add_index_on_ci_runners_on_runner_type_and_id.rb Normal file
View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class AddIndexOnCiRunnersOnRunnerTypeAndId < Gitlab::Database::Migration[2.1]
disable_ddl_transaction!
OLD_INDEX_NAME = 'index_ci_runners_on_runner_type'
NEW_INDEX_NAME = 'index_ci_runners_on_runner_type_and_id'
def up
add_concurrent_index :ci_runners, [:runner_type, :id], name: NEW_INDEX_NAME
remove_concurrent_index_by_name :ci_runners, OLD_INDEX_NAME
end
def down
add_concurrent_index :ci_runners, :runner_type, name: OLD_INDEX_NAME
remove_concurrent_index_by_name :ci_runners, NEW_INDEX_NAME
end
end

1
db/schema_migrations/20221228210616 Normal file
View File

@ -0,0 +1 @@
a248f26495d2fab454538f8dd1c43e73ef4078f1822a900fce97b8c7f6df74c6

2
db/structure.sql
View File

@ -28999,7 +28999,7 @@ CREATE INDEX index_ci_runners_on_description_trigram ON ci_runners USING gin (de
CREATE INDEX index_ci_runners_on_locked ON ci_runners USING btree (locked);
CREATE INDEX index_ci_runners_on_runner_type ON ci_runners USING btree (runner_type);
CREATE INDEX index_ci_runners_on_runner_type_and_id ON ci_runners USING btree (runner_type, id);
CREATE INDEX index_ci_runners_on_token_expires_at_and_id_desc ON ci_runners USING btree (token_expires_at, id DESC);

1
doc/user/project/merge_requests/changes.md
View File

@ -140,6 +140,7 @@ Files marked as viewed are not shown to you again unless either:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/232484) in GitLab 13.5 [with a flag](../../../administration/feature_flags.md) named `display_merge_conflicts_in_diff`. Disabled by default.
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/276918) in GitLab 15.7.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/276918) in GitLab 15.8. Feature flag `display_merge_conflicts_in_diff` removed.
To avoid displaying the changes that are already on target branch in the diff,
we compare the merge request's source branch with HEAD of the target branch.

4
lib/gitlab/observability.rb
View File

@ -11,5 +11,9 @@ module Gitlab
'https://observe.gitlab.com'
end
def observability_enabled?(user, group)
Gitlab::Observability.observability_url.present? && Ability.allowed?(user, :read_observability, group)
end
end
end

2
lib/sidebars/groups/menus/observability_menu.rb
View File

@ -23,7 +23,7 @@ module Sidebars
override :render?
def render?
can?(context.current_user, :read_observability, context.group)
Gitlab::Observability.observability_enabled?(context.current_user, context.group)
end
private

45
spec/controllers/projects/merge_requests/diffs_controller_spec.rb
View File

@ -213,7 +213,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do
commit: nil,
latest_diff: true,
only_context_commits: false,
merge_conflicts_in_diff: true,
merge_ref_head_diff: false
}
end
@ -281,7 +280,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do
commit: nil,
latest_diff: true,
only_context_commits: false,
merge_conflicts_in_diff: true,
merge_ref_head_diff: nil
}
end
@ -303,33 +301,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do
commit: merge_request.diff_head_commit,
latest_diff: nil,
only_context_commits: false,
merge_conflicts_in_diff: true,
merge_ref_head_diff: nil
}
end
end
end
context 'when display_merge_conflicts_in_diff is disabled' do
subject { go }
before do
stub_feature_flags(display_merge_conflicts_in_diff: false)
end
it_behaves_like 'serializes diffs metadata with expected arguments' do
let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiff }
let(:expected_options) do
{
merge_request: merge_request,
merge_request_diff: merge_request.merge_request_diff,
merge_request_diffs: merge_request.merge_request_diffs,
start_version: nil,
start_sha: nil,
commit: nil,
latest_diff: true,
only_context_commits: false,
merge_conflicts_in_diff: false,
merge_ref_head_diff: nil
}
end
@ -498,7 +469,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do
commit: nil,
diff_view: :inline,
merge_ref_head_diff: nil,
merge_conflicts_in_diff: true,
pagination_data: {
total_pages: nil
}.merge(pagination_data)
@ -617,21 +587,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do
it_behaves_like 'successful request'
end
context 'when display_merge_conflicts_in_diff is disabled' do
before do
stub_feature_flags(display_merge_conflicts_in_diff: false)
end
subject { go }
it_behaves_like 'serializes diffs with expected arguments' do
let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiffBatch }
let(:expected_options) { collection_arguments(total_pages: 20).merge(merge_conflicts_in_diff: false) }
end
it_behaves_like 'successful request'
end
it_behaves_like 'forked project with submodules'
it_behaves_like 'cached diff collection'

2
spec/finders/ci/runners_finder_spec.rb
View File

@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe Ci::RunnersFinder do
RSpec.describe Ci::RunnersFinder, feature_category: :runner_fleet do
context 'admin' do
let_it_be(:admin) { create(:user, :admin) }

37
spec/lib/gitlab/observability_spec.rb
View File

@ -1,6 +1,6 @@
# frozen_string_literal: true
require 'fast_spec_helper'
require 'spec_helper'
RSpec.describe Gitlab::Observability do
describe '.observability_url' do
@ -30,4 +30,39 @@ RSpec.describe Gitlab::Observability do
it { is_expected.to eq(observe_url) }
end
end
describe '.observability_enabled?' do
let_it_be(:group) { build(:user) }
let_it_be(:user) { build(:group) }
subject do
described_class.observability_enabled?(user, group)
end
it 'checks if read_observability ability is allowed for the given user and group' do
allow(Ability).to receive(:allowed?).and_return(true)
subject
expect(Ability).to have_received(:allowed?).with(user, :read_observability, group)
end
it 'returns true if the read_observability ability is allowed' do
allow(Ability).to receive(:allowed?).and_return(true)
expect(subject).to eq(true)
end
it 'returns false if the read_observability ability is not allowed' do
allow(Ability).to receive(:allowed?).and_return(false)
expect(subject).to eq(false)
end
it 'returns false if observability url is missing' do
allow(described_class).to receive(:observability_url).and_return("")
expect(subject).to eq(false)
end
end
end

10
spec/lib/sidebars/groups/menus/observability_menu_spec.rb
View File

@ -20,23 +20,25 @@ RSpec.describe Sidebars::Groups::Menus::ObservabilityMenu do
allow(menu).to receive(:can?).and_call_original
end
context 'when user can :read_observability' do
context 'when observability is enabled' do
before do
allow(menu).to receive(:can?).with(user, :read_observability, group).and_return(true)
allow(Gitlab::Observability).to receive(:observability_enabled?).and_return(true)
end
it 'returns true' do
expect(menu.render?).to eq true
expect(Gitlab::Observability).to have_received(:observability_enabled?).with(user, group)
end
end
context 'when user cannot :read_observability' do
context 'when observability is disabled' do
before do
allow(menu).to receive(:can?).with(user, :read_observability, group).and_return(false)
allow(Gitlab::Observability).to receive(:observability_enabled?).and_return(false)
end
it 'returns false' do
expect(menu.render?).to eq false
expect(Gitlab::Observability).to have_received(:observability_enabled?).with(user, group)
end
end
end

25
spec/requests/projects/issues_controller_spec.rb
View File

@ -8,10 +8,14 @@ RSpec.describe Projects::IssuesController, feature_category: :team_planning do
let_it_be(:project) { issue.project }
let_it_be(:user) { issue.author }
shared_context 'group project issue' do
let_it_be(:project) { create :project, group: group }
let_it_be(:issue) { create :issue, project: project }
let_it_be(:user) { create(:user) }
end
describe 'GET #new' do
before do
login_as(user)
end
include_context 'group project issue'
it_behaves_like "observability csp policy", described_class do
let(:tested_path) do
@ -21,9 +25,7 @@ RSpec.describe Projects::IssuesController, feature_category: :team_planning do
end
describe 'GET #show' do
before do
login_as(user)
end
include_context 'group project issue'
it_behaves_like "observability csp policy", described_class do
let(:tested_path) do
@ -60,7 +62,10 @@ RSpec.describe Projects::IssuesController, feature_category: :team_planning do
end
let_it_be(:discussion) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
let_it_be(:discussion_reply) { create(:discussion_note_on_issue, noteable: issue, project: issue.project, in_reply_to: discussion) }
let_it_be(:discussion_reply) do
create(:discussion_note_on_issue, noteable: issue, project: issue.project, in_reply_to: discussion)
end
let_it_be(:state_event) { create(:resource_state_event, issue: issue) }
let_it_be(:discussion_2) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
let_it_be(:discussion_3) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
@ -114,7 +119,8 @@ RSpec.describe Projects::IssuesController, feature_category: :team_planning do
context 'when private project' do
let_it_be(:private_project) { create(:project, :private) }
it_behaves_like 'authenticates sessionless user for the request spec', 'index atom', public_resource: false, ignore_metrics: true do
it_behaves_like 'authenticates sessionless user for the request spec', 'index atom', public_resource: false,
ignore_metrics: true do
let(:url) { project_issues_url(private_project, format: :atom) }
before do
@ -122,7 +128,8 @@ RSpec.describe Projects::IssuesController, feature_category: :team_planning do
end
end
it_behaves_like 'authenticates sessionless user for the request spec', 'calendar ics', public_resource: false, ignore_metrics: true do
it_behaves_like 'authenticates sessionless user for the request spec', 'calendar ics', public_resource: false,
ignore_metrics: true do
let(:url) { project_issues_url(private_project, format: :ics) }
before do

1
spec/requests/projects/merge_requests/context_commit_diffs_spec.rb
View File

@ -35,7 +35,6 @@ RSpec.describe 'Merge Requests Context Commit Diffs', feature_category: :code_re
commit: nil,
diff_view: :inline,
merge_ref_head_diff: nil,
merge_conflicts_in_diff: true,
pagination_data: {
total_pages: nil
}.merge(pagination_data)

15
spec/requests/projects/merge_requests/creations_spec.rb
View File

@ -26,14 +26,17 @@ RSpec.describe 'merge requests creations', feature_category: :code_review do
end
it_behaves_like "observability csp policy", Projects::MergeRequests::CreationsController do
let_it_be(:group) { create(:group) }
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, group: group) }
let(:tested_path) do
project_new_merge_request_path(project, merge_request: {
title: 'Some feature',
source_branch: 'fix',
target_branch: 'feature',
target_project: project,
source_project: project
})
title: 'Some feature',
source_branch: 'fix',
target_branch: 'feature',
target_project: project,
source_project: project
})
end
end
end

12
spec/requests/projects/merge_requests/diffs_spec.rb
View File

@ -33,7 +33,6 @@ RSpec.describe 'Merge Requests Diffs', feature_category: :code_review do
commit: nil,
diff_view: :inline,
merge_ref_head_diff: nil,
merge_conflicts_in_diff: true,
pagination_data: {
total_pages: nil
}.merge(pagination_data)
@ -112,17 +111,6 @@ RSpec.describe 'Merge Requests Diffs', feature_category: :code_review do
it_behaves_like 'serializes diffs with expected arguments'
end
context 'with disabled display_merge_conflicts_in_diff feature' do
let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiffBatch }
let(:expected_options) { collection_arguments(total_pages: 20).merge(merge_conflicts_in_diff: false) }
before do
stub_feature_flags(display_merge_conflicts_in_diff: false)
end
it_behaves_like 'serializes diffs with expected arguments'
end
context 'with diff_head option' do
subject { go(page: 0, per_page: 5, diff_head: true) }

14
spec/requests/projects/merge_requests_controller_spec.rb
View File

@ -8,6 +8,12 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :source_code
let_it_be(:user) { merge_request.author }
describe 'GET #show' do
let_it_be(:group) { create(:group) }
let_it_be(:user) { create(:user) }
let_it_be(:project) { create :project, group: group }
let_it_be(:merge_request) { create :merge_request, source_project: project, author: user }
before do
login_as(user)
end
@ -43,7 +49,10 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :source_code
describe 'GET #discussions' do
let_it_be(:discussion) { create(:discussion_note_on_merge_request, noteable: merge_request, project: project) }
let_it_be(:discussion_reply) { create(:discussion_note_on_merge_request, noteable: merge_request, project: project, in_reply_to: discussion) }
let_it_be(:discussion_reply) do
create(:discussion_note_on_merge_request, noteable: merge_request, project: project, in_reply_to: discussion)
end
let_it_be(:state_event) { create(:resource_state_event, merge_request: merge_request) }
let_it_be(:discussion_2) { create(:discussion_note_on_merge_request, noteable: merge_request, project: project) }
let_it_be(:discussion_3) { create(:diff_note_on_merge_request, noteable: merge_request, project: project) }
@ -113,7 +122,8 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :source_code
context 'when private project' do
let_it_be(:private_project) { create(:project, :private) }
it_behaves_like 'authenticates sessionless user for the request spec', 'index atom', public_resource: false, ignore_metrics: true do
it_behaves_like 'authenticates sessionless user for the request spec', 'index atom', public_resource: false,
ignore_metrics: true do
let(:url) { project_merge_requests_url(private_project, format: :atom) }
before do

7
spec/serializers/diffs_entity_spec.rb
View File

@ -9,13 +9,11 @@ RSpec.describe DiffsEntity do
let(:request) { EntityRequest.new(project: project, current_user: user) }
let(:merge_request_diffs) { merge_request.merge_request_diffs }
let(:merge_conflicts_in_diff) { false }
let(:options) do
{
request: request,
merge_request: merge_request,
merge_request_diffs: merge_request_diffs,
merge_conflicts_in_diff: merge_conflicts_in_diff
merge_request_diffs: merge_request_diffs
}
end
@ -101,10 +99,9 @@ RSpec.describe DiffsEntity do
subject[:diff_files]
end
context 'when merge_conflicts_in_diff is true' do
context 'when there are conflicts' do
let(:conflict_file) { double(path: diff_files.first.new_path, conflict_type: :both_modified) }
let(:conflicts) { double(conflicts: double(files: [conflict_file]), can_be_resolved_in_ui?: false) }
let(:merge_conflicts_in_diff) { true }
before do
allow(merge_request).to receive(:cannot_be_merged?).and_return(true)

7
spec/serializers/diffs_metadata_entity_spec.rb
View File

@ -9,7 +9,6 @@ RSpec.describe DiffsMetadataEntity do
let(:merge_request) { create(:merge_request_with_diffs, target_project: project, source_project: project) }
let(:merge_request_diffs) { merge_request.merge_request_diffs }
let(:merge_request_diff) { merge_request_diffs.last }
let(:merge_conflicts_in_diff) { false }
let(:options) { {} }
let(:entity) do
@ -18,8 +17,7 @@ RSpec.describe DiffsMetadataEntity do
options.merge(
request: request,
merge_request: merge_request,
merge_request_diffs: merge_request_diffs,
merge_conflicts_in_diff: merge_conflicts_in_diff
merge_request_diffs: merge_request_diffs
)
)
end
@ -67,10 +65,9 @@ RSpec.describe DiffsMetadataEntity do
subject[:diff_files]
end
context 'when merge_conflicts_in_diff is true' do
context 'when there are conflicts' do
let(:conflict_file) { double(path: raw_diff_files.first.new_path, conflict_type: :both_modified) }
let(:conflicts) { double(conflicts: double(files: [conflict_file]), can_be_resolved_in_ui?: false) }
let(:merge_conflicts_in_diff) { true }
before do
allow(merge_request).to receive(:cannot_be_merged?).and_return(true)

7
spec/serializers/paginated_diff_entity_spec.rb
View File

@ -7,13 +7,11 @@ RSpec.describe PaginatedDiffEntity do
let(:request) { double('request', current_user: user) }
let(:merge_request) { create(:merge_request) }
let(:diff_batch) { merge_request.merge_request_diff.diffs_in_batch(2, 3, diff_options: nil) }
let(:merge_conflicts_in_diff) { false }
let(:options) do
{
request: request,
merge_request: merge_request,
pagination_data: diff_batch.pagination_data,
merge_conflicts_in_diff: merge_conflicts_in_diff
pagination_data: diff_batch.pagination_data
}
end
@ -43,10 +41,9 @@ RSpec.describe PaginatedDiffEntity do
subject[:diff_files]
end
context 'when merge_conflicts_in_diff is true' do
context 'when there are conflicts' do
let(:conflict_file) { double(path: diff_files.first.new_path, conflict_type: :both_modified) }
let(:conflicts) { double(conflicts: double(files: [conflict_file]), can_be_resolved_in_ui?: false) }
let(:merge_conflicts_in_diff) { true }
before do
allow(merge_request).to receive(:cannot_be_merged?).and_return(true)

47
spec/support/shared_examples/observability/csp_shared_examples.rb
View File

@ -2,9 +2,17 @@
# Verifies that the proper CSP rules for Observabilty UI are applied to a given controller/path
#
# The path under test needs to be declared with `let(:tested_path) { .. }` in the context including this example
# It requires the following variables declared in the context including this example:
#
# - `tested_path`: the path under test
# - `user`: the test user
# - `group`: the test group
#
# e.g.
#
# ```
# let_it_be(:group) { create(:group) }
# let_it_be(:user) { create(:user) }
# it_behaves_like "observability csp policy" do
# let(:tested_path) { ....the path under test }
# end
@ -33,6 +41,9 @@ RSpec.shared_examples 'observability csp policy' do |controller_class = describe
before do
setup_csp_for_controller(controller_class, csp, any_time: true)
group.add_developer(user)
login_as(user)
allow(Gitlab::Observability).to receive(:observability_enabled?).and_return(true)
end
subject do
@ -48,6 +59,40 @@ RSpec.shared_examples 'observability csp policy' do |controller_class = describe
end
end
context 'when observability is disabled' do
let(:csp) do
ActionDispatch::ContentSecurityPolicy.new do |p|
p.frame_src 'https://something.test'
end
end
before do
allow(Gitlab::Observability).to receive(:observability_enabled?).and_return(false)
end
it 'does not add observability urls to the csp header' do
expect(subject).to include("frame-src https://something.test")
expect(subject).not_to include("#{observability_url} #{signin_url} #{oauth_url}")
end
end
context 'when checking if observability is enabled' do
let(:csp) do
ActionDispatch::ContentSecurityPolicy.new do |p|
p.frame_src 'https://something.test'
end
end
it 'check access for a given user and group' do
allow(Gitlab::Observability).to receive(:observability_enabled?)
get tested_path
expect(Gitlab::Observability).to have_received(:observability_enabled?)
.with(user, group).at_least(:once)
end
end
context 'when frame-src exists in the CSP config' do
let(:csp) do
ActionDispatch::ContentSecurityPolicy.new do |p|