Add latest changes from gitlab-org/gitlab@master

6 files changed, 201 insertions, 12 deletions

diff --git a/spec/services/application_settings/update_service_spec.rb b/spec/services/application_settings/update_service_spec.rb
index 6e1fdb7aad0..069572e4dff 100644
--- a/spec/services/application_settings/update_service_spec.rb
+++ b/spec/services/application_settings/update_service_spec.rb
@@ -334,4 +334,20 @@ describe ApplicationSettings::UpdateService do
       expect(application_settings.protected_paths).to eq(['/users/password', '/users/sign_in'])
     end
   end
+
+  context 'when issues_create_limit is passsed' do
+    let(:params) do
+      {
+        issues_create_limit: 600
+      }
+    end
+
+    it 'updates issues_create_limit value' do
+      subject.execute
+
+      application_settings.reload
+
+      expect(application_settings.issues_create_limit).to eq(600)
+    end
+  end
 end
diff --git a/spec/services/clusters/create_service_spec.rb b/spec/services/clusters/create_service_spec.rb
index ecf0a9c9dce..3dd25be2a3d 100644
--- a/spec/services/clusters/create_service_spec.rb
+++ b/spec/services/clusters/create_service_spec.rb
@@ -59,4 +59,92 @@ describe Clusters::CreateService do
       end
     end
   end
+
+  context 'when params includes :management_project_id' do
+    subject(:cluster) { described_class.new(user, params).execute(access_token: access_token) }
+
+    let(:params) do
+      {
+        name: 'test-cluster',
+        provider_type: :gcp,
+        provider_gcp_attributes: {
+          gcp_project_id: 'gcp-project',
+          zone: 'us-central1-a',
+          num_nodes: 1,
+          machine_type: 'machine_type-a',
+          legacy_abac: 'true'
+        },
+        clusterable: clusterable,
+        management_project_id: management_project_id
+      }
+    end
+
+    let(:clusterable) { project }
+    let(:management_project_id) { management_project.id }
+    let(:management_project_namespace) { project.namespace }
+    let(:management_project) { create(:project, namespace: management_project_namespace) }
+
+    shared_examples 'invalid project or cluster permissions' do
+      it 'does not persist the cluster and adds errors' do
+        expect(cluster).not_to be_persisted
+
+        expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+      end
+    end
+
+    shared_examples 'setting a management project' do
+      context 'when user is authorized to adminster manangement_project' do
+        before do
+          management_project.add_maintainer(user)
+        end
+
+        it 'persists the cluster' do
+          expect(cluster).to be_persisted
+
+          expect(cluster.management_project).to eq(management_project)
+        end
+      end
+
+      context 'when user is not authorized to adminster manangement_project' do
+        include_examples 'invalid project or cluster permissions'
+      end
+    end
+
+    shared_examples 'setting a management project outside of scope' do
+      context 'when manangement_project is outside of the namespace scope' do
+        let(:management_project_namespace) { create(:group) }
+
+        it 'does not persist the cluster' do
+          expect(cluster).not_to be_persisted
+
+          expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+        end
+      end
+    end
+
+    context 'management_project is non-existent' do
+      let(:management_project_id) { 0 }
+
+      include_examples 'invalid project or cluster permissions'
+    end
+
+    context 'project cluster' do
+      include_examples 'setting a management project'
+      include_examples 'setting a management project outside of scope'
+    end
+
+    context 'group cluster' do
+      let(:management_project_namespace) { create(:group) }
+      let(:clusterable) { management_project_namespace }
+
+      include_examples 'setting a management project'
+      include_examples 'setting a management project outside of scope'
+    end
+
+    context 'instance cluster' do
+      let(:clusterable) { Clusters::Instance.new }
+
+      include_examples 'setting a management project'
+    end
+  end
 end
diff --git a/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb
new file mode 100644
index 00000000000..1bcebe2e2ac
--- /dev/null
+++ b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb
@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Clusters::Management::ValidateManagementProjectPermissionsService do
+  describe '#execute' do
+    subject { described_class.new(user).execute(cluster, management_project_id) }
+
+    let(:cluster) { build(:cluster, :project, projects: [create(:project)]) }
+    let(:user) { create(:user) }
+
+    context 'when management_project_id is nil' do
+      let(:management_project_id) { nil }
+
+      it { is_expected.to be true }
+    end
+
+    context 'when management_project_id is not nil' do
+      let(:management_project_id) { management_project.id }
+      let(:management_project_namespace) { create(:group) }
+      let(:management_project) { create(:project, namespace: management_project_namespace) }
+
+      context 'when management_project does not exist' do
+        let(:management_project_id) { 0 }
+
+        it 'adds errors to the cluster and returns false' do
+          is_expected.to eq false
+
+          expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+        end
+      end
+
+      shared_examples 'management project is in scope' do
+        context 'when user is authorized to administer manangement_project' do
+          before do
+            management_project.add_maintainer(user)
+          end
+
+          it 'adds no error and returns true' do
+            is_expected.to eq true
+
+            expect(cluster.errors).to be_empty
+          end
+        end
+
+        context 'when user is not authorized to adminster manangement_project' do
+          it 'adds an error and returns false' do
+            is_expected.to eq false
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+          end
+        end
+      end
+
+      shared_examples 'management project is out of scope' do
+        context 'when manangement_project is outside of the namespace scope' do
+          let(:management_project_namespace) { create(:group) }
+
+          it 'adds an error and returns false' do
+            is_expected.to eq false
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+          end
+        end
+      end
+
+      context 'project cluster' do
+        let(:cluster) { build(:cluster, :project, projects: [create(:project, namespace: management_project_namespace)]) }
+
+        include_examples 'management project is in scope'
+        include_examples 'management project is out of scope'
+      end
+
+      context 'group cluster' do
+        let(:cluster) { build(:cluster, :group, groups: [management_project_namespace]) }
+
+        include_examples 'management project is in scope'
+        include_examples 'management project is out of scope'
+      end
+
+      context 'instance cluster' do
+        let(:cluster) { build(:cluster, :instance) }
+
+        include_examples 'management project is in scope'
+      end
+    end
+  end
+end
diff --git a/spec/services/environments/auto_stop_service_spec.rb b/spec/services/environments/auto_stop_service_spec.rb
index 3620bf8fe87..b34d15889d3 100644
--- a/spec/services/environments/auto_stop_service_spec.rb
+++ b/spec/services/environments/auto_stop_service_spec.rb
@@ -40,18 +40,6 @@ describe Environments::AutoStopService, :clean_gitlab_redis_shared_state do
       expect(Ci::Build.where(name: 'stop_review_app').map(&:status).uniq).to eq(['pending'])
     end
 
-    context 'when auto_stop_environments feature flag is disabled' do
-      before do
-        stub_feature_flags(auto_stop_environments: false)
-      end
-
-      it 'does not execute Ci::StopEnvironmentsService' do
-        expect(Ci::StopEnvironmentsService).not_to receive(:execute_in_batch)
-
-        subject
-      end
-    end
-
     context 'when the other sidekiq worker has already been running' do
       before do
         stub_exclusive_lease_taken(described_class::EXCLUSIVE_LOCK_KEY)
diff --git a/spec/services/notification_service_spec.rb b/spec/services/notification_service_spec.rb
index 86f37e9204c..163ca0b9bc3 100644
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
@@ -2604,6 +2604,7 @@ describe NotificationService, :mailer do
       pages_domain_disabled
       pages_domain_verification_succeeded
       pages_domain_verification_failed
+      pages_domain_auto_ssl_failed
     ].each do |sym|
       describe "##{sym}" do
         subject(:notify!) { notification.send(sym, domain) }
diff --git a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
index 163276db7e6..63fd0978c97 100644
--- a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
+++ b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
@@ -180,5 +180,13 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
 
       expect(PagesDomainAcmeOrder.find_by_id(existing_order.id)).to be_nil
     end
+
+    it 'sends notification' do
+      expect_next_instance_of(NotificationService) do |notification_service|
+        expect(notification_service).to receive(:pages_domain_auto_ssl_failed).with(pages_domain)
+      end
+
+      service.execute
+    end
   end
 end