Create barebones for Deploytoken

Includes:
- Model, factories, create service and controller actions
- As usual, includes specs for everything
- Builds UI (copy from PAT)
- Add revoke action

Closes #31591

7 files changed, 233 insertions, 0 deletions

diff --git a/spec/controllers/projects/deploy_tokens_controller_spec.rb b/spec/controllers/projects/deploy_tokens_controller_spec.rb
new file mode 100644
index 00000000000..0ade61f4380
--- /dev/null
+++ b/spec/controllers/projects/deploy_tokens_controller_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe Projects::DeployTokensController do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let!(:member) { project.add_master(user) }
+
+  before do
+    sign_in(user)
+  end
+
+  describe 'POST #create' do
+    let(:deploy_token_params) { attributes_for(:deploy_token) }
+    subject do
+      post :create,
+        namespace_id: project.namespace,
+        project_id: project,
+        deploy_token: deploy_token_params
+    end
+
+    context 'with valid params' do
+      it 'should create a new DeployToken' do
+        expect { subject }.to change(DeployToken, :count).by(1)
+      end
+
+      it 'should include a flash notice' do
+        subject
+        expect(flash[:notice]).to eq('Your new project deploy token has been created.')
+      end
+    end
+
+    context 'with invalid params' do
+      let(:deploy_token_params) { attributes_for(:deploy_token, scopes: []) }
+
+      it 'should not create a new DeployToken' do
+        expect { subject }.not_to change(DeployToken, :count)
+      end
+
+      it 'should include a flash alert with the error message' do
+        subject
+        expect(flash[:alert]).to eq("Scopes can't be blank")
+      end
+    end
+
+    context 'when user does not have enough permissions' do
+      let!(:member) { project.add_developer(user) }
+
+      it 'responds with status 404' do
+        subject
+
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/projects/settings/repository_controller_spec.rb b/spec/controllers/projects/settings/repository_controller_spec.rb
index 3a4014b7768..03867661483 100644
--- a/spec/controllers/projects/settings/repository_controller_spec.rb
+++ b/spec/controllers/projects/settings/repository_controller_spec.rb
@@ -16,5 +16,31 @@ describe Projects::Settings::RepositoryController do
       expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template(:show)
     end
+
+    context 'with no deploy token params' do
+      it 'should build an empty instance of DeployToken' do
+        get :show, namespace_id: project.namespace, project_id: project
+
+        deploy_token = assigns(:deploy_token)
+        expect(deploy_token).to be_an_instance_of(DeployToken)
+        expect(deploy_token.name).to be_nil
+        expect(deploy_token.expires_at).to be_nil
+        expect(deploy_token.scopes).to eq([])
+      end
+    end
+
+    context 'when rendering an invalid deploy token' do
+      let(:deploy_token_attributes) { attributes_for(:deploy_token, project_id: project.id) }
+
+      it 'should build an instance of DeployToken' do
+        get :show, namespace_id: project.namespace, project_id: project, deploy_token: deploy_token_attributes
+
+        deploy_token = assigns(:deploy_token)
+        expect(deploy_token).to be_an_instance_of(DeployToken)
+        expect(deploy_token.name).to eq(deploy_token_attributes[:name])
+        expect(deploy_token.expires_at.to_date).to eq(deploy_token_attributes[:expires_at].to_date)
+        expect(deploy_token.scopes).to match_array(deploy_token_attributes[:scopes])
+      end
+    end
   end
 end
diff --git a/spec/factories/deploy_tokens.rb b/spec/factories/deploy_tokens.rb
new file mode 100644
index 00000000000..fa349e10ddc
--- /dev/null
+++ b/spec/factories/deploy_tokens.rb
@@ -0,0 +1,22 @@
+FactoryBot.define do
+  factory :deploy_token do
+    project
+    token { SecureRandom.hex(50) }
+    sequence(:name) { |n| "PDT #{n}" }
+    revoked false
+    expires_at { 5.days.from_now }
+    scopes %w(read_repo read_registry)
+
+    trait :revoked do
+      revoked true
+    end
+
+    trait :read_repo do
+      scopes ['read_repo']
+    end
+
+    trait :read_registry do
+      scopes ['read_registry']
+    end
+  end
+end
diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml
index b675d5dc031..d38e665436f 100644
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -281,6 +281,7 @@ project:
 - project_badges
 - source_of_merge_requests
 - internal_ids
+- deploy_tokens
 award_emoji:
 - awardable
 - user
diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb
new file mode 100644
index 00000000000..bd27da63dfe
--- /dev/null
+++ b/spec/models/deploy_token_spec.rb
@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe DeployToken do
+  it { is_expected.to belong_to :project }
+
+  describe 'validations' do
+    let(:project_deploy_token) { build(:deploy_token) }
+
+    context 'with no scopes defined' do
+      it 'should not be valid' do
+        project_deploy_token.scopes = []
+
+        expect(project_deploy_token).not_to be_valid
+        expect(project_deploy_token.errors[:scopes].first).to eq("can't be blank")
+      end
+    end
+  end
+
+  describe '#ensure_token' do
+    let(:project_deploy_token) { build(:deploy_token) }
+
+    it 'should ensure a token' do
+      project_deploy_token.token = nil
+      project_deploy_token.save
+
+      expect(project_deploy_token.token).not_to be_empty
+    end
+  end
+
+  describe '#revoke!' do
+    subject { create(:deploy_token) }
+
+    it 'should update revoke attribute' do
+      subject.revoke!
+      expect(subject.revoked?).to be_truthy
+    end
+  end
+end
diff --git a/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb b/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb
new file mode 100644
index 00000000000..d3210439b05
--- /dev/null
+++ b/spec/presenters/projects/settings/deploy_tokens_presenter_spec.rb
@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe Projects::Settings::DeployTokensPresenter do
+  let(:user) { create(:user) }
+  let(:project) { create(:project) }
+  let(:deploy_tokens) { create_list(:deploy_token, 3, project: project) }
+
+  subject(:presenter) { described_class.new(deploy_tokens, current_user: user, project: project) }
+
+  describe '#available_scopes' do
+    it 'returns the all the deploy token scopes' do
+      expect(presenter.available_scopes).to match_array(%w(read_repo read_registry))
+    end
+  end
+
+  describe '#scope_description' do
+    let(:deploy_token) { create(:deploy_token, project: project, scopes: [:read_registry]) }
+
+    it 'returns the description for a given scope' do
+      description = 'Allows read-only access to the registry images'
+      expect(presenter.scope_description('read_registry')).to eq(description)
+    end
+  end
+
+  describe '#length' do
+    it 'returns the size of deploy tokens presented' do
+      expect(presenter.length).to eq(3)
+    end
+  end
+
+  describe '#new_deploy_token' do
+    context 'when a deploy token has been created recently' do
+      it 'returns the token of the deploy' do
+        deploy_token = ::DeployTokens::CreateService.new(project, user, attributes_for(:deploy_token)).execute
+
+        expect(presenter.new_deploy_token).to eq(deploy_token.token)
+      end
+    end
+
+    context 'when a deploy token has not been created recently' do
+      it 'does returns nil' do
+        expect(presenter.new_deploy_token).to be_nil
+      end
+    end
+  end
+end
diff --git a/spec/services/deploy_tokens/create_service_spec.rb b/spec/services/deploy_tokens/create_service_spec.rb
new file mode 100644
index 00000000000..84aa17971d6
--- /dev/null
+++ b/spec/services/deploy_tokens/create_service_spec.rb
@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe DeployTokens::CreateService, :clean_gitlab_redis_shared_state do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let(:deploy_token_params) { attributes_for(:deploy_token) }
+
+  describe '#execute' do
+    subject { described_class.new(project, user, deploy_token_params) }
+
+    context 'when the deploy token is valid' do
+      it 'should create a new DeployToken' do
+        expect { subject.execute }.to change { DeployToken.count }.by(1)
+      end
+
+      it 'should assign the DeployToken to the project' do
+        subject.execute
+
+        expect(subject.project).to eq(project)
+      end
+
+      it 'should store the token on redis' do
+        subject.execute
+        redis_key = DeployToken.redis_shared_state_key(user.id)
+
+        expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).not_to be_nil
+      end
+    end
+
+    context 'when the deploy token is invalid' do
+      let(:deploy_token_params) { attributes_for(:deploy_token, scopes: []) }
+
+      it 'it should not create a new DeployToken' do
+        expect { subject.execute }.not_to change { DeployToken.count }
+      end
+
+      it 'should not store the token on redis' do
+        subject.execute
+        redis_key = DeployToken.redis_shared_state_key(user.id)
+
+        expect(Gitlab::Redis::SharedState.with { |redis| redis.get(redis_key) }).to be_nil
+      end
+    end
+  end
+end