Add latest changes from gitlab-org/gitlab@master

2 files changed, 59 insertions, 0 deletions

diff --git a/spec/policies/clusters/agent_policy_spec.rb b/spec/policies/clusters/agent_policy_spec.rb
new file mode 100644
index 00000000000..307d751b78b
--- /dev/null
+++ b/spec/policies/clusters/agent_policy_spec.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Clusters::AgentPolicy do
+  let(:cluster_agent) { create(:cluster_agent, name: 'agent' )}
+  let(:user) { create(:admin) }
+  let(:policy) { described_class.new(user, cluster_agent) }
+  let(:project) { cluster_agent.project }
+
+  describe 'rules' do
+    context 'when developer' do
+      before do
+        project.add_developer(user)
+      end
+
+      it { expect(policy).to be_disallowed :admin_cluster }
+    end
+
+    context 'when maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it { expect(policy).to be_allowed :admin_cluster }
+    end
+  end
+end
diff --git a/spec/policies/clusters/agent_token_policy_spec.rb b/spec/policies/clusters/agent_token_policy_spec.rb
new file mode 100644
index 00000000000..9ae99e66f59
--- /dev/null
+++ b/spec/policies/clusters/agent_token_policy_spec.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Clusters::AgentTokenPolicy do
+  let_it_be(:token) { create(:cluster_agent_token) }
+
+  let(:user) { create(:user) }
+  let(:policy) { described_class.new(user, token) }
+  let(:project) { token.agent.project }
+
+  describe 'rules' do
+    context 'when developer' do
+      before do
+        project.add_developer(user)
+      end
+
+      it { expect(policy).to be_disallowed :admin_cluster }
+      it { expect(policy).to be_disallowed :read_cluster }
+    end
+
+    context 'when maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it { expect(policy).to be_allowed :admin_cluster }
+      it { expect(policy).to be_allowed :read_cluster }
+    end
+  end
+end