Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42

4 files changed, 84 insertions, 1 deletions

diff --git a/app/services/clusters/agent_tokens/create_service.rb b/app/services/clusters/agent_tokens/create_service.rb
new file mode 100644
index 00000000000..ae2617f510b
--- /dev/null
+++ b/app/services/clusters/agent_tokens/create_service.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Clusters
+  module AgentTokens
+    class CreateService < ::BaseContainerService
+      ALLOWED_PARAMS = %i[agent_id description name].freeze
+
+      def execute
+        return error_no_permissions unless current_user.can?(:create_cluster, container)
+
+        token = ::Clusters::AgentToken.new(filtered_params.merge(created_by_user: current_user))
+
+        if token.save
+          ServiceResponse.success(payload: { secret: token.token, token: token })
+        else
+          ServiceResponse.error(message: token.errors.full_messages)
+        end
+      end
+
+      private
+
+      def error_no_permissions
+        ServiceResponse.error(message: s_('ClusterAgent|User has insufficient permissions to create a token for this project'))
+      end
+
+      def filtered_params
+        params.slice(*ALLOWED_PARAMS)
+      end
+    end
+  end
+end
diff --git a/app/services/clusters/agents/create_service.rb b/app/services/clusters/agents/create_service.rb
new file mode 100644
index 00000000000..568f168d63b
--- /dev/null
+++ b/app/services/clusters/agents/create_service.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Agents
+    class CreateService < BaseService
+      def execute(name:)
+        return error_no_permissions unless cluster_agent_permissions?
+
+        agent = ::Clusters::Agent.new(name: name, project: project, created_by_user: current_user)
+
+        if agent.save
+          success.merge(cluster_agent: agent)
+        else
+          error(agent.errors.full_messages)
+        end
+      end
+
+      private
+
+      def cluster_agent_permissions?
+        current_user.can?(:admin_pipeline, project) && current_user.can?(:create_cluster, project)
+      end
+
+      def error_no_permissions
+        error(s_('ClusterAgent|You have insufficient permissions to create a cluster agent for this project'))
+      end
+    end
+  end
+end
diff --git a/app/services/clusters/agents/delete_service.rb b/app/services/clusters/agents/delete_service.rb
new file mode 100644
index 00000000000..2132dffa606
--- /dev/null
+++ b/app/services/clusters/agents/delete_service.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Agents
+    class DeleteService < ::BaseContainerService
+      def execute(cluster_agent)
+        return error_no_permissions unless current_user.can?(:admin_cluster, cluster_agent)
+
+        if cluster_agent.destroy
+          ServiceResponse.success
+        else
+          ServiceResponse.error(message: cluster_agent.errors.full_messages)
+        end
+      end
+
+      private
+
+      def error_no_permissions
+        ServiceResponse.error(message: s_('ClusterAgent|You have insufficient permissions to delete this cluster agent'))
+      end
+    end
+  end
+end
diff --git a/app/services/clusters/agents/refresh_authorization_service.rb b/app/services/clusters/agents/refresh_authorization_service.rb
index a9e3340dbf5..7f401eef720 100644
--- a/app/services/clusters/agents/refresh_authorization_service.rb
+++ b/app/services/clusters/agents/refresh_authorization_service.rb
@@ -99,7 +99,7 @@ module Clusters
       end
 
       def group_root_ancestor?
-        root_ancestor.group?
+        root_ancestor.group_namespace?
       end
     end
   end