Merge branch '66443-unrecoverable-configuration-loop-in-external-auth-control' into 'master'

Resolve "Unrecoverable configuration loop in external auth control"

Closes #66443

See merge request gitlab-org/gitlab-ce!32102

1 files changed, 18 insertions, 0 deletions

diff --git a/spec/services/application_settings/update_service_spec.rb b/spec/services/application_settings/update_service_spec.rb
index adb5219d691..ab06c1a1209 100644
--- a/spec/services/application_settings/update_service_spec.rb
+++ b/spec/services/application_settings/update_service_spec.rb
@@ -201,6 +201,24 @@ describe ApplicationSettings::UpdateService do
       enable_external_authorization_service_check
     end
 
+    it 'does not validate labels if external authorization gets disabled' do
+      expect_any_instance_of(described_class).not_to receive(:validate_classification_label)
+
+      described_class.new(application_settings, admin, { external_authorization_service_enabled: false }).execute
+    end
+
+    it 'does validate labels if external authorization gets enabled ' do
+      expect_any_instance_of(described_class).to receive(:validate_classification_label)
+
+      described_class.new(application_settings, admin, { external_authorization_service_enabled: true }).execute
+    end
+
+    it 'does validate labels if external authorization is left unchanged' do
+      expect_any_instance_of(described_class).to receive(:validate_classification_label)
+
+      described_class.new(application_settings, admin, { external_authorization_service_default_label: 'new-label' }).execute
+    end
+
     it 'does not save the settings with an error if the service denies access' do
       expect(::Gitlab::ExternalAuthorization)
         .to receive(:access_allowed?).with(admin, 'new-label') { false }