diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-03 16:58:52 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-03 16:58:52 +0000 |
commit | 3f5be151dd378f461ff047864925deaf1a403218 (patch) | |
tree | d4fdfb12654fc349bda2adad453e01b97171009e /spec/services/ci/runners/set_runner_associated_projects_service_spec.rb | |
parent | 3db14bcbaf08ac4c2f2cebf341bbce0ab29d6c20 (diff) | |
download | gitlab-ce-3f5be151dd378f461ff047864925deaf1a403218.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-10-stable-ee
Diffstat (limited to 'spec/services/ci/runners/set_runner_associated_projects_service_spec.rb')
-rw-r--r-- | spec/services/ci/runners/set_runner_associated_projects_service_spec.rb | 77 |
1 files changed, 51 insertions, 26 deletions
diff --git a/spec/services/ci/runners/set_runner_associated_projects_service_spec.rb b/spec/services/ci/runners/set_runner_associated_projects_service_spec.rb index 9921f9322bd..d952fca25a5 100644 --- a/spec/services/ci/runners/set_runner_associated_projects_service_spec.rb +++ b/spec/services/ci/runners/set_runner_associated_projects_service_spec.rb @@ -3,17 +3,19 @@ require 'spec_helper' RSpec.describe ::Ci::Runners::SetRunnerAssociatedProjectsService, '#execute', feature_category: :runner_fleet do - subject(:execute) { described_class.new(runner: runner, current_user: user, project_ids: project_ids).execute } + subject(:execute) do + described_class.new(runner: runner, current_user: user, project_ids: new_projects.map(&:id)).execute + end let_it_be(:owner_project) { create(:project) } let_it_be(:project2) { create(:project) } - let_it_be(:original_projects) { [owner_project, project2] } + let(:original_projects) { [owner_project, project2] } let(:runner) { create(:ci_runner, :project, projects: original_projects) } context 'without user' do let(:user) { nil } - let(:project_ids) { [project2.id] } + let(:new_projects) { [project2] } it 'does not call assign_to on runner and returns error response', :aggregate_failures do expect(runner).not_to receive(:assign_to) @@ -24,8 +26,8 @@ RSpec.describe ::Ci::Runners::SetRunnerAssociatedProjectsService, '#execute', fe end context 'with unauthorized user' do - let(:user) { build(:user) } - let(:project_ids) { [project2.id] } + let(:user) { create(:user) } + let(:new_projects) { [project2] } it 'does not call assign_to on runner and returns error message' do expect(runner).not_to receive(:assign_to) @@ -35,15 +37,19 @@ RSpec.describe ::Ci::Runners::SetRunnerAssociatedProjectsService, '#execute', fe end end - context 'with admin user', :enable_admin_mode do - let_it_be(:user) { create(:user, :admin) } + context 'with authorized user' do + let_it_be(:project3) { create(:project) } + let_it_be(:project4) { create(:project) } + + let(:projects_with_maintainer_access) { original_projects } - let(:project3) { create(:project) } - let(:project4) { create(:project) } + before do + projects_with_maintainer_access.each { |project| project.add_maintainer(user) } + end - context 'with successful requests' do + shared_context 'with successful requests' do context 'when disassociating a project' do - let(:project_ids) { [project3.id, project4.id] } + let(:new_projects) { [project3, project4] } it 'reassigns associated projects and returns success response' do expect(execute).to be_success @@ -51,12 +57,12 @@ RSpec.describe ::Ci::Runners::SetRunnerAssociatedProjectsService, '#execute', fe runner.reload expect(runner.owner_project).to eq(owner_project) - expect(runner.projects.ids).to match_array([owner_project.id] + project_ids) + expect(runner.projects.ids).to match_array([owner_project.id] + new_projects.map(&:id)) end end context 'when disassociating no projects' do - let(:project_ids) { [project2.id, project3.id] } + let(:new_projects) { [project2, project3] } it 'reassigns associated projects and returns success response' do expect(execute).to be_success @@ -64,12 +70,12 @@ RSpec.describe ::Ci::Runners::SetRunnerAssociatedProjectsService, '#execute', fe runner.reload expect(runner.owner_project).to eq(owner_project) - expect(runner.projects.ids).to match_array([owner_project.id] + project_ids) + expect(runner.projects.ids).to match_array([owner_project.id] + new_projects.map(&:id)) end end context 'when disassociating all projects' do - let(:project_ids) { [] } + let(:new_projects) { [] } it 'reassigns associated projects and returns success response' do expect(execute).to be_success @@ -82,28 +88,47 @@ RSpec.describe ::Ci::Runners::SetRunnerAssociatedProjectsService, '#execute', fe end end - context 'with failing assign_to requests' do - let(:project_ids) { [project3.id, project4.id] } + shared_context 'with failing destroy calls' do + let(:new_projects) { [project3, project4] } it 'returns error response and rolls back transaction' do - expect(runner).to receive(:assign_to).with(project4, user).once.and_return(false) + allow_next_found_instance_of(Ci::RunnerProject) do |runner_project| + allow(runner_project).to receive(:destroy).and_return(false) + end expect(execute).to be_error expect(runner.reload.projects).to eq(original_projects) end end - context 'with failing destroy calls' do - let(:project_ids) { [project3.id, project4.id] } + context 'with maintainer user' do + let(:user) { create(:user) } + let(:projects_with_maintainer_access) { original_projects + new_projects } - it 'returns error response and rolls back transaction' do - allow_next_found_instance_of(Ci::RunnerProject) do |runner_project| - allow(runner_project).to receive(:destroy).and_return(false) - end + it_behaves_like 'with successful requests' + it_behaves_like 'with failing destroy calls' - expect(execute).to be_error - expect(runner.reload.projects).to eq(original_projects) + context 'when associating new projects' do + let(:new_projects) { [project3, project4] } + + context 'with missing permissions on one of the new projects' do + let(:projects_with_maintainer_access) { original_projects + [project3] } + + it 'returns error response and rolls back transaction' do + expect(execute).to be_error + expect(execute.errors).to contain_exactly('user is not authorized to add runners to project') + expect(runner.reload.projects).to eq(original_projects) + end + end end end + + context 'with admin user', :enable_admin_mode do + let(:user) { create(:user, :admin) } + let(:projects_with_maintainer_access) { original_projects + new_projects } + + it_behaves_like 'with successful requests' + it_behaves_like 'with failing destroy calls' + end end end |