diff options
Diffstat (limited to 'spec/requests/api/graphql/mutations')
7 files changed, 159 insertions, 12 deletions
diff --git a/spec/requests/api/graphql/mutations/ci/ci_cd_settings_update_spec.rb b/spec/requests/api/graphql/mutations/ci/ci_cd_settings_update_spec.rb index 0dcae28ac5d..0d7571d91ca 100644 --- a/spec/requests/api/graphql/mutations/ci/ci_cd_settings_update_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/ci_cd_settings_update_spec.rb @@ -5,8 +5,16 @@ require 'spec_helper' RSpec.describe 'CiCdSettingsUpdate' do include GraphqlHelpers - let_it_be(:project) { create(:project, keep_latest_artifact: true) } - let(:variables) { { full_path: project.full_path, keep_latest_artifact: false } } + let_it_be(:project) { create(:project, keep_latest_artifact: true, ci_job_token_scope_enabled: true) } + + let(:variables) do + { + full_path: project.full_path, + keep_latest_artifact: false, + job_token_scope_enabled: false + } + end + let(:mutation) { graphql_mutation(:ci_cd_settings_update, variables) } context 'when unauthorized' do @@ -45,6 +53,26 @@ RSpec.describe 'CiCdSettingsUpdate' do expect(project.keep_latest_artifact).to eq(false) end + it 'updates job_token_scope_enabled' do + post_graphql_mutation(mutation, current_user: user) + + project.reload + + expect(response).to have_gitlab_http_status(:success) + expect(project.ci_job_token_scope_enabled).to eq(false) + end + + it 'does not update job_token_scope_enabled if not specified' do + variables.except!(:job_token_scope_enabled) + + post_graphql_mutation(mutation, current_user: user) + + project.reload + + expect(response).to have_gitlab_http_status(:success) + expect(project.ci_job_token_scope_enabled).to eq(true) + end + context 'when bad arguments are provided' do let(:variables) { { full_path: '', keep_latest_artifact: false } } diff --git a/spec/requests/api/graphql/mutations/ci/runners_registration_token/reset_spec.rb b/spec/requests/api/graphql/mutations/ci/runners_registration_token/reset_spec.rb new file mode 100644 index 00000000000..07b05ead651 --- /dev/null +++ b/spec/requests/api/graphql/mutations/ci/runners_registration_token/reset_spec.rb @@ -0,0 +1,122 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'RunnersRegistrationTokenReset' do + include GraphqlHelpers + + let(:mutation) { graphql_mutation(:runners_registration_token_reset, input) } + let(:mutation_response) { graphql_mutation_response(:runners_registration_token_reset) } + + subject { post_graphql_mutation(mutation, current_user: user) } + + shared_examples 'unauthorized' do + it 'returns an error' do + subject + + expect(graphql_errors).not_to be_empty + expect(graphql_errors).to include(a_hash_including('message' => "The resource that you are attempting to access does not exist or you don't have permission to perform this action")) + expect(mutation_response).to be_nil + end + end + + shared_context 'when unauthorized' do |scope| + context 'when unauthorized' do + let_it_be(:user) { create(:user) } + + context "when not a #{scope} member" do + it_behaves_like 'unauthorized' + end + + context "with a non-admin #{scope} member" do + before do + target.add_developer(user) + end + + it_behaves_like 'unauthorized' + end + end + end + + shared_context 'when authorized' do |scope| + it 'resets runner registration token' do + expect { subject }.to change { get_token } + expect(response).to have_gitlab_http_status(:success) + + expect(mutation_response).not_to be_nil + expect(mutation_response['errors']).to be_empty + expect(mutation_response['token']).not_to be_empty + expect(mutation_response['token']).to eq(get_token) + end + + context 'when malformed id is provided' do + let(:input) { { type: "#{scope.upcase}_TYPE", id: 'some string' } } + + it 'returns errors' do + expect { subject }.not_to change { get_token } + + expect(graphql_errors).not_to be_empty + expect(mutation_response).to be_nil + end + end + end + + context 'applied to project' do + let_it_be(:project) { create_default(:project) } + + let(:input) { { type: 'PROJECT_TYPE', id: project.to_global_id.to_s } } + + include_context 'when unauthorized', 'project' do + let(:target) { project } + end + + include_context 'when authorized', 'project' do + let_it_be(:user) { project.owner } + + def get_token + project.reload.runners_token + end + end + end + + context 'applied to group' do + let_it_be(:group) { create_default(:group) } + + let(:input) { { type: 'GROUP_TYPE', id: group.to_global_id.to_s } } + + include_context 'when unauthorized', 'group' do + let(:target) { group } + end + + include_context 'when authorized', 'group' do + let_it_be(:user) { create_default(:group_member, :maintainer, user: create(:user), group: group ).user } + + def get_token + group.reload.runners_token + end + end + end + + context 'applied to instance' do + before do + ApplicationSetting.create_from_defaults + stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') + end + + let(:input) { { type: 'INSTANCE_TYPE' } } + + context 'when unauthorized' do + let(:user) { create(:user) } + + it_behaves_like 'unauthorized' + end + + include_context 'when authorized', 'instance' do + let_it_be(:user) { create(:user, :admin) } + + def get_token + ApplicationSetting.current_without_cache.runners_registration_token + end + end + end +end diff --git a/spec/requests/api/graphql/mutations/labels/create_spec.rb b/spec/requests/api/graphql/mutations/labels/create_spec.rb index ca3ccc8e06c..28284408306 100644 --- a/spec/requests/api/graphql/mutations/labels/create_spec.rb +++ b/spec/requests/api/graphql/mutations/labels/create_spec.rb @@ -11,8 +11,7 @@ RSpec.describe Mutations::Labels::Create do { 'title' => 'foo', 'description' => 'some description', - 'color' => '#FF0000', - 'removeOnClose' => true + 'color' => '#FF0000' } end diff --git a/spec/requests/api/graphql/mutations/snippets/create_spec.rb b/spec/requests/api/graphql/mutations/snippets/create_spec.rb index d944c9e9e57..214c804c519 100644 --- a/spec/requests/api/graphql/mutations/snippets/create_spec.rb +++ b/spec/requests/api/graphql/mutations/snippets/create_spec.rb @@ -86,7 +86,7 @@ RSpec.describe 'Creating a Snippet' do it 'passes disable_spam_action_service param to service' do expect(::Snippets::CreateService) .to receive(:new) - .with(anything, anything, hash_including(disable_spam_action_service: true)) + .with(project: anything, current_user: anything, params: hash_including(disable_spam_action_service: true)) .and_call_original subject @@ -190,7 +190,7 @@ RSpec.describe 'Creating a Snippet' do it do expect(::Snippets::CreateService).to receive(:new) - .with(nil, user, hash_including(files: expected_value)) + .with(project: nil, current_user: user, params: hash_including(files: expected_value)) .and_return(double(execute: creation_response)) subject diff --git a/spec/requests/api/graphql/mutations/snippets/update_spec.rb b/spec/requests/api/graphql/mutations/snippets/update_spec.rb index 28ab593526a..77efb786dcb 100644 --- a/spec/requests/api/graphql/mutations/snippets/update_spec.rb +++ b/spec/requests/api/graphql/mutations/snippets/update_spec.rb @@ -90,7 +90,7 @@ RSpec.describe 'Updating a Snippet' do it 'passes disable_spam_action_service param to service' do expect(::Snippets::UpdateService) .to receive(:new) - .with(anything, anything, hash_including(disable_spam_action_service: true)) + .with(project: anything, current_user: anything, params: hash_including(disable_spam_action_service: true)) .and_call_original subject diff --git a/spec/requests/api/graphql/mutations/todos/mark_all_done_spec.rb b/spec/requests/api/graphql/mutations/todos/mark_all_done_spec.rb index 705ef28ffd4..8f92105dc9c 100644 --- a/spec/requests/api/graphql/mutations/todos/mark_all_done_spec.rb +++ b/spec/requests/api/graphql/mutations/todos/mark_all_done_spec.rb @@ -22,8 +22,8 @@ RSpec.describe 'Marking all todos done' do graphql_mutation(:todos_mark_all_done, input, <<-QL.strip_heredoc clientMutationId + todos { id } errors - updatedIds QL ) end @@ -40,7 +40,7 @@ RSpec.describe 'Marking all todos done' do expect(todo3.reload.state).to eq('done') expect(other_user_todo.reload.state).to eq('pending') - updated_todo_ids = mutation_response['updatedIds'] + updated_todo_ids = mutation_response['todos'].map { |todo| todo['id'] } expect(updated_todo_ids).to contain_exactly(global_id_of(todo1), global_id_of(todo3)) end @@ -52,7 +52,7 @@ RSpec.describe 'Marking all todos done' do expect(todo3.reload.state).to eq('pending') expect(other_user_todo.reload.state).to eq('pending') - updated_todo_ids = mutation_response['updatedIds'] + updated_todo_ids = mutation_response['todos'] expect(updated_todo_ids).to be_empty end diff --git a/spec/requests/api/graphql/mutations/todos/restore_many_spec.rb b/spec/requests/api/graphql/mutations/todos/restore_many_spec.rb index 3e96d5c5058..e71a232ff7c 100644 --- a/spec/requests/api/graphql/mutations/todos/restore_many_spec.rb +++ b/spec/requests/api/graphql/mutations/todos/restore_many_spec.rb @@ -22,7 +22,6 @@ RSpec.describe 'Restoring many Todos' do <<-QL.strip_heredoc clientMutationId errors - updatedIds todos { id state @@ -44,7 +43,6 @@ RSpec.describe 'Restoring many Todos' do expect(mutation_response).to include( 'errors' => be_empty, - 'updatedIds' => match_array(input_ids), 'todos' => contain_exactly( { 'id' => global_id_of(todo1), 'state' => 'pending' }, { 'id' => global_id_of(todo2), 'state' => 'pending' } |