3 files changed, 144 insertions, 0 deletions

diff --git a/spec/services/clusters/update_service_spec.rb b/spec/services/clusters/update_service_spec.rb
index 3ee45375dca..8c2d8c9246e 100644
--- a/spec/services/clusters/update_service_spec.rb
+++ b/spec/services/clusters/update_service_spec.rb
@@ -90,5 +90,115 @@ describe Clusters::UpdateService do
         end
       end
     end
+
+    context 'when params includes :management_project_id' do
+      context 'management_project is non-existent' do
+        let(:params) do
+          { management_project_id: 0 }
+        end
+
+        it 'does not update management_project_id' do
+          is_expected.to eq(false)
+
+          expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+
+          cluster.reload
+          expect(cluster.management_project_id).to be_nil
+        end
+      end
+
+      shared_examples 'setting a management project' do
+        context 'user is authorized to adminster manangement_project' do
+          before do
+            management_project.add_maintainer(cluster.user)
+          end
+
+          let(:params) do
+            { management_project_id: management_project.id }
+          end
+
+          it 'updates management_project_id' do
+            is_expected.to eq(true)
+
+            expect(cluster.management_project).to eq(management_project)
+          end
+        end
+
+        context 'user is not authorized to adminster manangement_project' do
+          let(:params) do
+            { management_project_id: management_project.id }
+          end
+
+          it 'does not update management_project_id' do
+            is_expected.to eq(false)
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+
+            cluster.reload
+            expect(cluster.management_project_id).to be_nil
+          end
+        end
+      end
+
+      context 'project cluster' do
+        include_examples 'setting a management project' do
+          let(:management_project) { create(:project, namespace: cluster.first_project.namespace) }
+        end
+
+        context 'manangement_project is outside of the namespace scope' do
+          before do
+            management_project.update(group: create(:group))
+          end
+
+          let(:params) do
+            { management_project_id: management_project.id }
+          end
+
+          it 'does not update management_project_id' do
+            is_expected.to eq(false)
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+
+            cluster.reload
+            expect(cluster.management_project_id).to be_nil
+          end
+        end
+      end
+
+      context 'group cluster' do
+        let(:cluster) { create(:cluster, :group) }
+
+        include_examples 'setting a management project' do
+          let(:management_project) { create(:project, group: cluster.first_group) }
+        end
+
+        context 'manangement_project is outside of the namespace scope' do
+          before do
+            management_project.update(group: create(:group))
+          end
+
+          let(:params) do
+            { management_project_id: management_project.id }
+          end
+
+          it 'does not update management_project_id' do
+            is_expected.to eq(false)
+
+            expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
+
+            cluster.reload
+            expect(cluster.management_project_id).to be_nil
+          end
+        end
+      end
+
+      context 'instance cluster' do
+        let(:cluster) { create(:cluster, :instance) }
+
+        include_examples 'setting a management project' do
+          let(:management_project) { create(:project) }
+        end
+      end
+    end
   end
 end
diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb
index 730fccc599e..a272a604184 100644
--- a/spec/services/error_tracking/list_projects_service_spec.rb
+++ b/spec/services/error_tracking/list_projects_service_spec.rb
@@ -50,6 +50,19 @@ describe ErrorTracking::ListProjectsService do
         end
       end
 
+      context 'masked param token' do
+        let(:params) { ActionController::Parameters.new(token: "*********", api_host: new_api_host) }
+
+        before do
+          expect(error_tracking_setting).to receive(:list_sentry_projects)
+            .and_return({ projects: [] })
+        end
+
+        it 'uses database token' do
+          expect { subject.execute }.not_to change { error_tracking_setting.token }
+        end
+      end
+
       context 'sentry client raises exception' do
         context 'Sentry::Client::Error' do
           before do
diff --git a/spec/services/projects/operations/update_service_spec.rb b/spec/services/projects/operations/update_service_spec.rb
index b2f9fd6df79..81d59a98b9b 100644
--- a/spec/services/projects/operations/update_service_spec.rb
+++ b/spec/services/projects/operations/update_service_spec.rb
@@ -145,6 +145,27 @@ describe Projects::Operations::UpdateService do
         end
       end
 
+      context 'with masked param token' do
+        let(:params) do
+          {
+            error_tracking_setting_attributes: {
+              enabled: false,
+              token: '*' * 8
+            }
+          }
+        end
+
+        before do
+          create(:project_error_tracking_setting, project: project, token: 'token')
+        end
+
+        it 'does not update token' do
+          expect(result[:status]).to eq(:success)
+
+          expect(project.error_tracking_setting.token).to eq('token')
+        end
+      end
+
       context 'with invalid parameters' do
         let(:params) { {} }