1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::Ml::MlflowArtifacts::Artifacts, feature_category: :mlops do
let_it_be(:project) { create(:project) }
let_it_be(:developer) { create(:user, developer_of: project) }
let_it_be(:another_project) { build(:project).tap { |p| p.add_developer(developer) } }
let_it_be(:name) { 'a-model-name' }
let_it_be(:version) { '0.0.1' }
let_it_be(:model) { create(:ml_models, project: project, name: name) }
let_it_be(:model_version) { create(:ml_model_versions, :with_package, model: model, version: version) }
let_it_be(:package_file) { create(:package_file, :ml_model, package: model_version.package) }
let_it_be(:model_version_no_package) { create(:ml_model_versions, model: model, version: '0.0.2') }
let_it_be(:tokens) do
{
write: create(:personal_access_token, scopes: %w[read_api api], user: developer),
read: create(:personal_access_token, scopes: %w[read_api], user: developer),
no_access: create(:personal_access_token, scopes: %w[read_user], user: developer),
different_user: create(:personal_access_token, scopes: %w[read_api api], user: build(:user))
}
end
let(:current_user) { developer }
let(:access_token) { tokens[:write] }
let(:headers) { { 'Authorization' => "Bearer #{access_token.token}" } }
let(:project_id) { project.id }
let(:default_params) { {} }
let(:params) { default_params }
let(:request) { get api(route), params: params, headers: headers }
let(:json_response) { Gitlab::Json.parse(api_response.body) }
subject(:api_response) do
request
response
end
describe 'GET /projects/:id/ml/mlflow/api/2.0/mlflow/artifacts' do
let(:route) { "/projects/#{project_id}/ml/mlflow/api/2.0/mlflow-artifacts/artifacts?path=#{model_version.id}" }
context 'when the user has access' do
it 'returns a list of artifacts', :aggregate_failures do
is_expected.to have_gitlab_http_status(:ok)
expect(json_response).to have_key('files')
expect(json_response['files']).to be_an_instance_of(Array)
expect(json_response['files']).to have_attributes(size: 1)
expect(json_response['files'].first).to include('path', 'is_dir', 'file_size')
expect(json_response['files'].first['path']).to eq(package_file.file_name)
expect(json_response['files'].first['is_dir']).to eq(false)
expect(json_response['files'].first['file_size']).to eq(package_file.size)
end
end
context 'when the user has access and checks for an directory' do
let(:route) do
"/projects/#{project_id}/ml/mlflow/api/2.0/mlflow-artifacts/artifacts?path=#{model_version.id}/MlModel"
end
it 'returns an empty list of artifacts', :aggregate_failures do
is_expected.to have_gitlab_http_status(:ok)
expect(json_response).to have_key('files')
expect(json_response['files']).to be_an_instance_of(Array)
expect(json_response['files']).to be_empty
end
end
context 'when the user lacks read_model_registry rights' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(current_user, :read_model_registry, project)
.and_return(false)
end
it 'returns not found' do
is_expected.to have_gitlab_http_status(:not_found)
end
end
context 'when the model version has no package' do
let(:route) do
"/projects/#{project_id}/ml/mlflow/api/2.0/mlflow-artifacts/artifacts?path=#{model_version_no_package.id}"
end
it 'returns not found' do
is_expected.to have_gitlab_http_status(:not_found)
end
end
it_behaves_like 'MLflow|an authenticated resource'
it_behaves_like 'MLflow|a read-only model registry resource'
end
describe 'GET /projects/:id/ml/mlflow/api/2.0/mlflow-artifacts/artifacts/:model_version/*file_path' do
let(:file_path) { package_file.file_name }
let(:route) do
"/projects/#{project_id}/ml/mlflow/api/2.0/mlflow-artifacts/artifacts/#{model_version.id}/#{file_path}"
end
context 'when the user has access' do
it 'returns the artifact file', :aggregate_failures do
is_expected.to have_gitlab_http_status(:ok)
expect(response.headers['Content-Disposition']).to match("attachment; filename=\"#{package_file.file_name}\"")
expect(response.body)
.to eq(package_file.file.read)
expect(response.headers['Content-Length']).to eq(package_file.size.to_s)
end
end
context 'when the file does not exist' do
let(:file_path) { 'non_existent_file.txt' }
it 'returns not found' do
is_expected.to have_gitlab_http_status(:not_found)
end
end
context 'when the user lacks read_model_registry rights' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(current_user, :read_model_registry, project)
.and_return(false)
end
it 'returns not found' do
is_expected.to have_gitlab_http_status(:not_found)
end
end
it_behaves_like 'MLflow|an authenticated resource'
it_behaves_like 'MLflow|a read-only model registry resource'
end
end
|
