diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-23 00:10:32 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-23 00:10:32 +0300 |
commit | 7f0915e14044e4c82c2293b35602a4ff8ee963c2 (patch) | |
tree | 1e057ee39ced7a672c2860cc6bb194cc8a8c7a53 /app/services/clusters/agents | |
parent | 06f12476c7962ba59579b3a08d187a22325d9039 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services/clusters/agents')
-rw-r--r-- | app/services/clusters/agents/authorize_proxy_user_service.rb | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/app/services/clusters/agents/authorize_proxy_user_service.rb b/app/services/clusters/agents/authorize_proxy_user_service.rb index fbcf25153c1..abf451ed350 100644 --- a/app/services/clusters/agents/authorize_proxy_user_service.rb +++ b/app/services/clusters/agents/authorize_proxy_user_service.rb @@ -11,17 +11,14 @@ module Clusters end def execute - return forbidden unless user_access_config.present? + return forbidden('`user_access` keyword is not found in agent config file.') unless user_access_config.present? access_as = user_access_config['access_as'] - return forbidden unless access_as.present? - return forbidden if access_as.size != 1 - if payload = handle_access(access_as) - return success(payload: payload) - end + return forbidden('`access_as` is not found under the `user_access` keyword.') unless access_as.present? + return forbidden('`access_as` must exist only once under the `user_access` keyword.') if access_as.size != 1 - forbidden + handle_access(access_as) end private @@ -52,9 +49,11 @@ module Clusters end def access_as_agent - return if authorizations.empty? + if authorizations.empty? + return forbidden('You must be a member of `projects` or `groups` under the `user_access` keyword.') + end - response_base.merge(access_as: { agent: {} }) + success(payload: response_base.merge(access_as: { agent: {} })) end def user_access_config @@ -64,8 +63,8 @@ module Clusters delegate :success, to: ServiceResponse, private: true - def forbidden - ServiceResponse.error(reason: :forbidden, message: '403 Forbidden') + def forbidden(message) + ServiceResponse.error(reason: :forbidden, message: message) end end end |