1 files changed, 31 insertions, 0 deletions

diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index e7b548b8f3b..38c487f3c36 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -2275,6 +2275,12 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
   describe 'infrastructure feature' do
     using RSpec::Parameterized::TableSyntax
 
+    before do
+      # assuming the default setting terraform_state.enabled=true
+      # the terraform_state permissions should follow the same logic as the other features
+      stub_config(terraform_state: { enabled: true })
+    end
+
     let(:guest_permissions) { [] }
 
     let(:developer_permissions) do
@@ -2338,6 +2344,31 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do
         end
       end
     end
+
+    context 'when terraform state management is disabled' do
+      before do
+        stub_config(terraform_state: { enabled: false })
+      end
+
+      with_them do
+        let(:current_user) { user_subject(role) }
+        let(:project) { project_subject(project_visibility) }
+
+        let(:developer_permissions) do
+          [:read_terraform_state]
+        end
+
+        let(:maintainer_permissions) do
+          developer_permissions + [:admin_terraform_state]
+        end
+
+        it 'always disallows the terraform_state feature' do
+          project.project_feature.update!(infrastructure_access_level: access_level)
+
+          expect_disallowed(*permissions_abilities(role))
+        end
+      end
+    end
   end
 
   describe 'access_security_and_compliance' do