Add latest changes from gitlab-org/gitlab@14-9-stable-eev14.9.0-rc42

6 files changed, 478 insertions, 0 deletions

diff --git a/spec/services/ci/runners/assign_runner_service_spec.rb b/spec/services/ci/runners/assign_runner_service_spec.rb
new file mode 100644
index 00000000000..00b176bb759
--- /dev/null
+++ b/spec/services/ci/runners/assign_runner_service_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::AssignRunnerService, '#execute' do
+  subject { described_class.new(runner, project, user).execute }
+
+  let_it_be(:runner) { create(:ci_runner, :project, projects: [project]) }
+  let_it_be(:project) { create(:project) }
+
+  context 'without user' do
+    let(:user) { nil }
+
+    it 'does not call assign_to on runner and returns false' do
+      expect(runner).not_to receive(:assign_to)
+
+      is_expected.to eq(false)
+    end
+  end
+
+  context 'with unauthorized user' do
+    let(:user) { build(:user) }
+
+    it 'does not call assign_to on runner and returns false' do
+      expect(runner).not_to receive(:assign_to)
+
+      is_expected.to eq(false)
+    end
+  end
+
+  context 'with admin user', :enable_admin_mode do
+    let(:user) { create_default(:user, :admin) }
+
+    it 'calls assign_to on runner and returns value unchanged' do
+      expect(runner).to receive(:assign_to).with(project, user).once.and_return('assign_to return value')
+
+      is_expected.to eq('assign_to return value')
+    end
+  end
+end
diff --git a/spec/services/ci/runners/register_runner_service_spec.rb b/spec/services/ci/runners/register_runner_service_spec.rb
new file mode 100644
index 00000000000..f43fd823078
--- /dev/null
+++ b/spec/services/ci/runners/register_runner_service_spec.rb
@@ -0,0 +1,234 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::RegisterRunnerService, '#execute' do
+  let(:registration_token) { 'abcdefg123456' }
+  let(:token) { }
+  let(:args) { {} }
+
+  before do
+    stub_feature_flags(runner_registration_control: false)
+    stub_application_setting(runners_registration_token: registration_token)
+    stub_application_setting(valid_runner_registrars: ApplicationSetting::VALID_RUNNER_REGISTRAR_TYPES)
+  end
+
+  subject { described_class.new.execute(token, args) }
+
+  context 'when no token is provided' do
+    let(:token) { '' }
+
+    it 'returns nil' do
+      is_expected.to be_nil
+    end
+  end
+
+  context 'when invalid token is provided' do
+    let(:token) { 'invalid' }
+
+    it 'returns nil' do
+      is_expected.to be_nil
+    end
+  end
+
+  context 'when valid token is provided' do
+    context 'with a registration token' do
+      let(:token) { registration_token }
+
+      it 'creates runner with default values' do
+        is_expected.to be_an_instance_of(::Ci::Runner)
+        expect(subject.persisted?).to be_truthy
+        expect(subject.run_untagged).to be true
+        expect(subject.active).to be true
+        expect(subject.token).not_to eq(registration_token)
+        expect(subject).to be_instance_type
+      end
+
+      context 'with non-default arguments' do
+        let(:args) do
+          {
+            description: 'some description',
+            active: false,
+            locked: true,
+            run_untagged: false,
+            tag_list: %w(tag1 tag2),
+            access_level: 'ref_protected',
+            maximum_timeout: 600,
+            name: 'some name',
+            version: 'some version',
+            revision: 'some revision',
+            platform: 'some platform',
+            architecture: 'some architecture',
+            ip_address: '10.0.0.1',
+            config: {
+              gpus: 'some gpu config'
+            }
+          }
+        end
+
+        it 'creates runner with specified values', :aggregate_failures do
+          is_expected.to be_an_instance_of(::Ci::Runner)
+          expect(subject.active).to eq args[:active]
+          expect(subject.locked).to eq args[:locked]
+          expect(subject.run_untagged).to eq args[:run_untagged]
+          expect(subject.tags).to contain_exactly(
+            an_object_having_attributes(name: 'tag1'),
+            an_object_having_attributes(name: 'tag2')
+          )
+          expect(subject.access_level).to eq args[:access_level]
+          expect(subject.maximum_timeout).to eq args[:maximum_timeout]
+          expect(subject.name).to eq args[:name]
+          expect(subject.version).to eq args[:version]
+          expect(subject.revision).to eq args[:revision]
+          expect(subject.platform).to eq args[:platform]
+          expect(subject.architecture).to eq args[:architecture]
+          expect(subject.ip_address).to eq args[:ip_address]
+        end
+      end
+
+      context 'with runner token expiration interval', :freeze_time do
+        before do
+          stub_application_setting(runner_token_expiration_interval: 5.days)
+        end
+
+        it 'creates runner with token expiration' do
+          is_expected.to be_an_instance_of(::Ci::Runner)
+          expect(subject.token_expires_at).to eq(5.days.from_now)
+        end
+      end
+    end
+
+    context 'when project token is used' do
+      let(:project) { create(:project) }
+      let(:token) { project.runners_token }
+
+      it 'creates project runner' do
+        is_expected.to be_an_instance_of(::Ci::Runner)
+        expect(project.runners.size).to eq(1)
+        is_expected.to eq(project.runners.first)
+        expect(subject.token).not_to eq(registration_token)
+        expect(subject.token).not_to eq(project.runners_token)
+        expect(subject).to be_project_type
+      end
+
+      context 'when it exceeds the application limits' do
+        before do
+          create(:ci_runner, runner_type: :project_type, projects: [project], contacted_at: 1.second.ago)
+          create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
+        end
+
+        it 'does not create runner' do
+          is_expected.to be_an_instance_of(::Ci::Runner)
+          expect(subject.persisted?).to be_falsey
+          expect(subject.errors.messages).to eq('runner_projects.base': ['Maximum number of ci registered project runners (1) exceeded'])
+          expect(project.runners.reload.size).to eq(1)
+        end
+      end
+
+      context 'when abandoned runners cause application limits to not be exceeded' do
+        before do
+          create(:ci_runner, runner_type: :project_type, projects: [project], created_at: 14.months.ago, contacted_at: 13.months.ago)
+          create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
+        end
+
+        it 'creates runner' do
+          is_expected.to be_an_instance_of(::Ci::Runner)
+          expect(subject.errors).to be_empty
+          expect(project.runners.reload.size).to eq(2)
+          expect(project.runners.recent.size).to eq(1)
+        end
+      end
+
+      context 'when valid runner registrars do not include project' do
+        before do
+          stub_application_setting(valid_runner_registrars: ['group'])
+        end
+
+        context 'when feature flag is enabled' do
+          before do
+            stub_feature_flags(runner_registration_control: true)
+          end
+
+          it 'returns 403 error' do
+            is_expected.to be_nil
+          end
+        end
+
+        context 'when feature flag is disabled' do
+          it 'registers the runner' do
+            is_expected.to be_an_instance_of(::Ci::Runner)
+            expect(subject.errors).to be_empty
+            expect(subject.active).to be true
+          end
+        end
+      end
+    end
+
+    context 'when group token is used' do
+      let(:group) { create(:group) }
+      let(:token) { group.runners_token }
+
+      it 'creates a group runner' do
+        is_expected.to be_an_instance_of(::Ci::Runner)
+        expect(subject.errors).to be_empty
+        expect(group.runners.reload.size).to eq(1)
+        expect(subject.token).not_to eq(registration_token)
+        expect(subject.token).not_to eq(group.runners_token)
+        expect(subject).to be_group_type
+      end
+
+      context 'when it exceeds the application limits' do
+        before do
+          create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 1.month.ago)
+          create(:plan_limits, :default_plan, ci_registered_group_runners: 1)
+        end
+
+        it 'does not create runner' do
+          is_expected.to be_an_instance_of(::Ci::Runner)
+          expect(subject.persisted?).to be_falsey
+          expect(subject.errors.messages).to eq('runner_namespaces.base': ['Maximum number of ci registered group runners (1) exceeded'])
+          expect(group.runners.reload.size).to eq(1)
+        end
+      end
+
+      context 'when abandoned runners cause application limits to not be exceeded' do
+        before do
+          create(:ci_runner, runner_type: :group_type, groups: [group], created_at: 4.months.ago, contacted_at: 3.months.ago)
+          create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 4.months.ago)
+          create(:plan_limits, :default_plan, ci_registered_group_runners: 1)
+        end
+
+        it 'creates runner' do
+          is_expected.to be_an_instance_of(::Ci::Runner)
+          expect(subject.errors).to be_empty
+          expect(group.runners.reload.size).to eq(3)
+          expect(group.runners.recent.size).to eq(1)
+        end
+      end
+
+      context 'when valid runner registrars do not include group' do
+        before do
+          stub_application_setting(valid_runner_registrars: ['project'])
+        end
+
+        context 'when feature flag is enabled' do
+          before do
+            stub_feature_flags(runner_registration_control: true)
+          end
+
+          it 'returns nil' do
+            is_expected.to be_nil
+          end
+        end
+
+        context 'when feature flag is disabled' do
+          it 'registers the runner' do
+            is_expected.to be_an_instance_of(::Ci::Runner)
+            expect(subject.errors).to be_empty
+            expect(subject.active).to be true
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/services/ci/runners/reset_registration_token_service_spec.rb b/spec/services/ci/runners/reset_registration_token_service_spec.rb
new file mode 100644
index 00000000000..c4bfff51cc8
--- /dev/null
+++ b/spec/services/ci/runners/reset_registration_token_service_spec.rb
@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::ResetRegistrationTokenService, '#execute' do
+  subject { described_class.new(scope, current_user).execute }
+
+  let_it_be(:user) { build(:user) }
+  let_it_be(:admin_user) { create(:user, :admin) }
+
+  shared_examples 'a registration token reset operation' do
+    context 'without user' do
+      let(:current_user) { nil }
+
+      it 'does not reset registration token and returns nil' do
+        expect(scope).not_to receive(token_reset_method_name)
+
+        is_expected.to be_nil
+      end
+    end
+
+    context 'with unauthorized user' do
+      let(:current_user) { user }
+
+      it 'does not reset registration token and returns nil' do
+        expect(scope).not_to receive(token_reset_method_name)
+
+        is_expected.to be_nil
+      end
+    end
+
+    context 'with admin user', :enable_admin_mode do
+      let(:current_user) { admin_user }
+
+      it 'resets registration token and returns value unchanged' do
+        expect(scope).to receive(token_reset_method_name).once do
+          expect(scope).to receive(token_method_name).once.and_return("#{token_method_name} return value")
+        end
+
+        is_expected.to eq("#{token_method_name} return value")
+      end
+    end
+  end
+
+  context 'with instance scope' do
+    let_it_be(:scope) { create(:application_setting) }
+
+    before do
+      allow(ApplicationSetting).to receive(:current).and_return(scope)
+      allow(ApplicationSetting).to receive(:current_without_cache).and_return(scope)
+    end
+
+    it_behaves_like 'a registration token reset operation' do
+      let(:token_method_name) { :runners_registration_token }
+      let(:token_reset_method_name) { :reset_runners_registration_token! }
+    end
+  end
+
+  context 'with group scope' do
+    let_it_be(:scope) { create(:group) }
+
+    it_behaves_like 'a registration token reset operation' do
+      let(:token_method_name) { :runners_token }
+      let(:token_reset_method_name) { :reset_runners_token! }
+    end
+  end
+
+  context 'with project scope' do
+    let_it_be(:scope) { create(:project) }
+
+    it_behaves_like 'a registration token reset operation' do
+      let(:token_method_name) { :runners_token }
+      let(:token_reset_method_name) { :reset_runners_token! }
+    end
+  end
+end
diff --git a/spec/services/ci/runners/unassign_runner_service_spec.rb b/spec/services/ci/runners/unassign_runner_service_spec.rb
new file mode 100644
index 00000000000..3fb6925f4bd
--- /dev/null
+++ b/spec/services/ci/runners/unassign_runner_service_spec.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::UnassignRunnerService, '#execute' do
+  subject(:service) { described_class.new(runner_project, user).execute }
+
+  let_it_be(:runner) { create(:ci_runner, :project, projects: [project]) }
+  let_it_be(:project) { create(:project) }
+
+  let(:runner_project) { runner.runner_projects.last }
+
+  context 'without user' do
+    let(:user) { nil }
+
+    it 'does not destroy runner_project', :aggregate_failures do
+      expect(runner_project).not_to receive(:destroy)
+      expect { service }.not_to change { runner.runner_projects.count }.from(1)
+
+      is_expected.to eq(false)
+    end
+  end
+
+  context 'with unauthorized user' do
+    let(:user) { build(:user) }
+
+    it 'does not call destroy on runner_project' do
+      expect(runner).not_to receive(:destroy)
+
+      service
+    end
+  end
+
+  context 'with admin user', :enable_admin_mode do
+    let(:user) { create_default(:user, :admin) }
+
+    it 'destroys runner_project' do
+      expect(runner_project).to receive(:destroy).once
+
+      service
+    end
+  end
+end
diff --git a/spec/services/ci/runners/unregister_runner_service_spec.rb b/spec/services/ci/runners/unregister_runner_service_spec.rb
new file mode 100644
index 00000000000..df1a0a90067
--- /dev/null
+++ b/spec/services/ci/runners/unregister_runner_service_spec.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::UnregisterRunnerService, '#execute' do
+  subject { described_class.new(runner, 'some_token').execute }
+
+  let(:runner) { create(:ci_runner) }
+
+  it 'destroys runner' do
+    expect(runner).to receive(:destroy).once.and_call_original
+    expect { subject }.to change { Ci::Runner.count }.by(-1)
+    expect(runner[:errors]).to be_nil
+  end
+end
diff --git a/spec/services/ci/runners/update_runner_service_spec.rb b/spec/services/ci/runners/update_runner_service_spec.rb
new file mode 100644
index 00000000000..b02ea8f58b0
--- /dev/null
+++ b/spec/services/ci/runners/update_runner_service_spec.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Ci::Runners::UpdateRunnerService do
+  let(:runner) { create(:ci_runner) }
+
+  describe '#update' do
+    before do
+      allow(runner).to receive(:tick_runner_queue)
+    end
+
+    context 'with description params' do
+      let(:params) { { description: 'new runner' } }
+
+      it 'updates the runner and ticking the queue' do
+        expect(update).to be_truthy
+
+        runner.reload
+
+        expect(runner).to have_received(:tick_runner_queue)
+        expect(runner.description).to eq('new runner')
+      end
+    end
+
+    context 'with paused param' do
+      let(:params) { { paused: true } }
+
+      it 'updates the runner and ticking the queue' do
+        expect(runner.active).to be_truthy
+        expect(update).to be_truthy
+
+        runner.reload
+
+        expect(runner).to have_received(:tick_runner_queue)
+        expect(runner.active).to be_falsey
+      end
+    end
+
+    context 'with cost factor params' do
+      let(:params) { { public_projects_minutes_cost_factor: 1.1, private_projects_minutes_cost_factor: 2.2 }}
+
+      it 'updates the runner cost factors' do
+        expect(update).to be_truthy
+
+        runner.reload
+
+        expect(runner.public_projects_minutes_cost_factor).to eq(1.1)
+        expect(runner.private_projects_minutes_cost_factor).to eq(2.2)
+      end
+    end
+
+    context 'when params are not valid' do
+      let(:params) { { run_untagged: false } }
+
+      it 'does not update and give false because it is not valid' do
+        expect(update).to be_falsey
+
+        runner.reload
+
+        expect(runner).not_to have_received(:tick_runner_queue)
+        expect(runner.run_untagged).to be_truthy
+      end
+    end
+
+    def update
+      described_class.new(runner).update(params) # rubocop: disable Rails/SaveBang
+    end
+  end
+end