diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 15:09:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 15:09:44 +0000 |
commit | 874ead9c3a50de4c4ca4551eaf5b7eb976d26b50 (patch) | |
tree | 637ee9f2da5e251bc08ebf3e972209d51966bf7c /spec/services/clusters | |
parent | 2e4c4055181eec9186458dd5dd3219c937032ec7 (diff) | |
download | gitlab-ce-874ead9c3a50de4c4ca4551eaf5b7eb976d26b50.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/services/clusters')
-rw-r--r-- | spec/services/clusters/create_service_spec.rb | 88 | ||||
-rw-r--r-- | spec/services/clusters/management/validate_management_project_permissions_service_spec.rb | 88 |
2 files changed, 176 insertions, 0 deletions
diff --git a/spec/services/clusters/create_service_spec.rb b/spec/services/clusters/create_service_spec.rb index ecf0a9c9dce..3dd25be2a3d 100644 --- a/spec/services/clusters/create_service_spec.rb +++ b/spec/services/clusters/create_service_spec.rb @@ -59,4 +59,92 @@ describe Clusters::CreateService do end end end + + context 'when params includes :management_project_id' do + subject(:cluster) { described_class.new(user, params).execute(access_token: access_token) } + + let(:params) do + { + name: 'test-cluster', + provider_type: :gcp, + provider_gcp_attributes: { + gcp_project_id: 'gcp-project', + zone: 'us-central1-a', + num_nodes: 1, + machine_type: 'machine_type-a', + legacy_abac: 'true' + }, + clusterable: clusterable, + management_project_id: management_project_id + } + end + + let(:clusterable) { project } + let(:management_project_id) { management_project.id } + let(:management_project_namespace) { project.namespace } + let(:management_project) { create(:project, namespace: management_project_namespace) } + + shared_examples 'invalid project or cluster permissions' do + it 'does not persist the cluster and adds errors' do + expect(cluster).not_to be_persisted + + expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action') + end + end + + shared_examples 'setting a management project' do + context 'when user is authorized to adminster manangement_project' do + before do + management_project.add_maintainer(user) + end + + it 'persists the cluster' do + expect(cluster).to be_persisted + + expect(cluster.management_project).to eq(management_project) + end + end + + context 'when user is not authorized to adminster manangement_project' do + include_examples 'invalid project or cluster permissions' + end + end + + shared_examples 'setting a management project outside of scope' do + context 'when manangement_project is outside of the namespace scope' do + let(:management_project_namespace) { create(:group) } + + it 'does not persist the cluster' do + expect(cluster).not_to be_persisted + + expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action') + end + end + end + + context 'management_project is non-existent' do + let(:management_project_id) { 0 } + + include_examples 'invalid project or cluster permissions' + end + + context 'project cluster' do + include_examples 'setting a management project' + include_examples 'setting a management project outside of scope' + end + + context 'group cluster' do + let(:management_project_namespace) { create(:group) } + let(:clusterable) { management_project_namespace } + + include_examples 'setting a management project' + include_examples 'setting a management project outside of scope' + end + + context 'instance cluster' do + let(:clusterable) { Clusters::Instance.new } + + include_examples 'setting a management project' + end + end end diff --git a/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb new file mode 100644 index 00000000000..1bcebe2e2ac --- /dev/null +++ b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb @@ -0,0 +1,88 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Clusters::Management::ValidateManagementProjectPermissionsService do + describe '#execute' do + subject { described_class.new(user).execute(cluster, management_project_id) } + + let(:cluster) { build(:cluster, :project, projects: [create(:project)]) } + let(:user) { create(:user) } + + context 'when management_project_id is nil' do + let(:management_project_id) { nil } + + it { is_expected.to be true } + end + + context 'when management_project_id is not nil' do + let(:management_project_id) { management_project.id } + let(:management_project_namespace) { create(:group) } + let(:management_project) { create(:project, namespace: management_project_namespace) } + + context 'when management_project does not exist' do + let(:management_project_id) { 0 } + + it 'adds errors to the cluster and returns false' do + is_expected.to eq false + + expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action') + end + end + + shared_examples 'management project is in scope' do + context 'when user is authorized to administer manangement_project' do + before do + management_project.add_maintainer(user) + end + + it 'adds no error and returns true' do + is_expected.to eq true + + expect(cluster.errors).to be_empty + end + end + + context 'when user is not authorized to adminster manangement_project' do + it 'adds an error and returns false' do + is_expected.to eq false + + expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action') + end + end + end + + shared_examples 'management project is out of scope' do + context 'when manangement_project is outside of the namespace scope' do + let(:management_project_namespace) { create(:group) } + + it 'adds an error and returns false' do + is_expected.to eq false + + expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action') + end + end + end + + context 'project cluster' do + let(:cluster) { build(:cluster, :project, projects: [create(:project, namespace: management_project_namespace)]) } + + include_examples 'management project is in scope' + include_examples 'management project is out of scope' + end + + context 'group cluster' do + let(:cluster) { build(:cluster, :group, groups: [management_project_namespace]) } + + include_examples 'management project is in scope' + include_examples 'management project is out of scope' + end + + context 'instance cluster' do + let(:cluster) { build(:cluster, :instance) } + + include_examples 'management project is in scope' + end + end + end +end |