spec/requests/api/ci/runner/runners_reset_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
  include StubGitlabCalls
  include RedisHelpers
  include WorkhorseHelpers

  before do
    stub_feature_flags(ci_enable_live_trace: true)
    stub_feature_flags(runner_registration_control: false)
    stub_gitlab_calls
    stub_application_setting(valid_runner_registrars: ApplicationSetting::VALID_RUNNER_REGISTRAR_TYPES)
  end

  let_it_be(:group_settings) { create(:namespace_settings, runner_token_expiration_interval: 5.days.to_i) }
  let_it_be(:group) { create(:group, namespace_settings: group_settings) }
  let_it_be(:instance_runner, reload: true) { create(:ci_runner, :instance) }
  let_it_be(:group_runner) { create(:ci_runner, :group, groups: [group], token_expires_at: 1.day.from_now) }

  describe 'POST /runners/reset_authentication_token', :freeze_time do
    context 'current token provided' do
      it "resets authentication token when token doesn't have an expiration" do
        expect do
          post api("/runners/reset_authentication_token"), params: { token: instance_runner.reload.token }

          expect(response).to have_gitlab_http_status(:success)
          expect(json_response).to eq({ 'token' => instance_runner.reload.token, 'token_expires_at' => nil })
          expect(instance_runner.reload.token_expires_at).to be_nil
        end.to change { instance_runner.reload.token }
      end

      it 'resets authentication token when token is not expired' do
        expect do
          post api("/runners/reset_authentication_token"), params: { token: group_runner.reload.token }

          expect(response).to have_gitlab_http_status(:success)
          expect(json_response).to eq({ 'token' => group_runner.reload.token, 'token_expires_at' => group_runner.reload.token_expires_at.iso8601(3) })
          expect(group_runner.reload.token_expires_at).to eq(5.days.from_now)
        end.to change { group_runner.reload.token }
      end

      it 'does not reset authentication token when token is expired' do
        expect do
          instance_runner.update!(token_expires_at: 1.day.ago)
          post api("/runners/reset_authentication_token"), params: { token: instance_runner.reload.token }

          expect(response).to have_gitlab_http_status(:forbidden)
          instance_runner.update!(token_expires_at: nil)
        end.not_to change { instance_runner.reload.token }
      end
    end

    context 'wrong current token provided' do
      it 'does not reset authentication token' do
        expect do
          post api("/runners/reset_authentication_token"), params: { token: 'garbage' }

          expect(response).to have_gitlab_http_status(:forbidden)
        end.not_to change { instance_runner.reload.token }
      end
    end
  end
end