diff options
Diffstat (limited to 'spec/requests/projects/google_cloud/service_accounts_controller_spec.rb')
-rw-r--r-- | spec/requests/projects/google_cloud/service_accounts_controller_spec.rb | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/spec/requests/projects/google_cloud/service_accounts_controller_spec.rb b/spec/requests/projects/google_cloud/service_accounts_controller_spec.rb new file mode 100644 index 00000000000..6b4d1c490e2 --- /dev/null +++ b/spec/requests/projects/google_cloud/service_accounts_controller_spec.rb @@ -0,0 +1,184 @@ +# frozen_string_literal: true + +require 'spec_helper' + +# Mock Types +MockGoogleOAuth2Credentials = Struct.new(:app_id, :app_secret) +MockServiceAccount = Struct.new(:project_id, :unique_id) + +RSpec.describe Projects::GoogleCloud::ServiceAccountsController do + let_it_be(:project) { create(:project, :public) } + + describe 'GET index' do + let_it_be(:url) { "#{project_google_cloud_service_accounts_path(project)}" } + + let(:user_guest) { create(:user) } + let(:user_developer) { create(:user) } + let(:user_maintainer) { create(:user) } + let(:user_creator) { project.creator } + + let(:unauthorized_members) { [user_guest, user_developer] } + let(:authorized_members) { [user_maintainer, user_creator] } + + before do + project.add_guest(user_guest) + project.add_developer(user_developer) + project.add_maintainer(user_maintainer) + end + + context 'when a public request is made' do + it 'returns not found on GET request' do + get url + + expect(response).to have_gitlab_http_status(:not_found) + end + + it 'returns not found on POST request' do + post url + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when unauthorized members make requests' do + it 'returns not found on GET request' do + unauthorized_members.each do |unauthorized_member| + sign_in(unauthorized_member) + + get url + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + it 'returns not found on POST request' do + unauthorized_members.each do |unauthorized_member| + sign_in(unauthorized_member) + + post url + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + context 'when authorized members make requests' do + it 'redirects on GET request' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + get url + + expect(response).to redirect_to(assigns(:authorize_url)) + end + end + + it 'redirects on POST request' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + post url + + expect(response).to redirect_to(assigns(:authorize_url)) + end + end + + context 'and user has successfully completed the google oauth2 flow' do + before do + allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |client| + allow(client).to receive(:validate_token).and_return(true) + allow(client).to receive(:list_projects).and_return([{}, {}, {}]) + allow(client).to receive(:create_service_account).and_return(MockServiceAccount.new(123, 456)) + allow(client).to receive(:create_service_account_key).and_return({}) + end + end + + it 'returns success on GET' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + get url + + expect(response).to have_gitlab_http_status(:ok) + end + end + + it 'returns success on POST' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + post url, params: { gcp_project: 'prj1', environment: 'env1' } + + expect(response).to redirect_to(project_google_cloud_index_path(project)) + end + end + end + + context 'but google returns client error' do + before do + allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |client| + allow(client).to receive(:validate_token).and_return(true) + allow(client).to receive(:list_projects).and_raise(Google::Apis::ClientError.new('')) + allow(client).to receive(:create_service_account).and_raise(Google::Apis::ClientError.new('')) + allow(client).to receive(:create_service_account_key).and_raise(Google::Apis::ClientError.new('')) + end + end + + it 'renders gcp_error template on GET' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + get url + + expect(response).to render_template(:gcp_error) + end + end + + it 'renders gcp_error template on POST' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + post url, params: { gcp_project: 'prj1', environment: 'env1' } + + expect(response).to render_template(:gcp_error) + end + end + end + + context 'but gitlab instance is not configured for google oauth2' do + before do + unconfigured_google_oauth2 = MockGoogleOAuth2Credentials.new('', '') + allow(Gitlab::Auth::OAuth::Provider).to receive(:config_for) + .with('google_oauth2') + .and_return(unconfigured_google_oauth2) + end + + it 'returns forbidden' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + get url + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + + context 'but feature flag is disabled' do + before do + stub_feature_flags(incubation_5mp_google_cloud: false) + end + + it 'returns not found' do + authorized_members.each do |authorized_member| + sign_in(authorized_member) + + get url + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + end + end +end |