diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-19 17:16:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-19 17:16:28 +0300 |
commit | e4384360a16dd9a19d4d2d25d0ef1f2b862ed2a6 (patch) | |
tree | 2fcdfa7dcdb9db8f5208b2562f4b4e803d671243 /spec/requests/api/user_runners_spec.rb | |
parent | ffda4e7bcac36987f936b4ba515995a6698698f0 (diff) |
Add latest changes from gitlab-org/gitlab@16-2-stable-eev16.2.0-rc42
Diffstat (limited to 'spec/requests/api/user_runners_spec.rb')
-rw-r--r-- | spec/requests/api/user_runners_spec.rb | 243 |
1 files changed, 243 insertions, 0 deletions
diff --git a/spec/requests/api/user_runners_spec.rb b/spec/requests/api/user_runners_spec.rb new file mode 100644 index 00000000000..0e40dcade19 --- /dev/null +++ b/spec/requests/api/user_runners_spec.rb @@ -0,0 +1,243 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe API::UserRunners, :aggregate_failures, feature_category: :runner_fleet do + let_it_be(:admin) { create(:admin) } + let_it_be(:user, reload: true) { create(:user, username: 'user.withdot') } + + describe 'POST /user/runners' do + subject(:request) { post api(path, current_user, **post_args), params: runner_attrs } + + let_it_be(:group) { create(:group) } + let_it_be(:project) { create(:project, namespace: group) } + let_it_be(:group_owner) { create(:user).tap { |user| group.add_owner(user) } } + let_it_be(:group_maintainer) { create(:user).tap { |user| group.add_maintainer(user) } } + let_it_be(:project_developer) { create(:user).tap { |user| project.add_developer(user) } } + + let(:post_args) { { admin_mode: true } } + let(:runner_attrs) { { runner_type: 'instance_type' } } + let(:path) { '/user/runners' } + + shared_examples 'when runner creation fails due to authorization' do + it 'does not create a runner' do + expect do + request + + expect(response).to have_gitlab_http_status(:forbidden) + end.not_to change { Ci::Runner.count } + end + end + + shared_context 'when user does not have sufficient permissions returns forbidden' do + context 'when user is admin and admin mode is disabled' do + let(:current_user) { admin } + let(:post_args) { { admin_mode: false } } + + it_behaves_like 'when runner creation fails due to authorization' + end + + context 'when user is not an admin or a member of the namespace' do + let(:current_user) { user } + + it_behaves_like 'when runner creation fails due to authorization' + end + end + + shared_examples 'creates a runner' do + it 'creates a runner' do + expect do + request + + expect(response).to have_gitlab_http_status(:created) + end.to change { Ci::Runner.count }.by(1) + end + end + + shared_examples 'fails to create runner with expected_status_code' do + let(:expected_message) { nil } + let(:expected_error) { nil } + + it 'does not create runner' do + expect do + request + + expect(response).to have_gitlab_http_status(expected_status_code) + expect(json_response['message']).to include(expected_message) if expected_message + expect(json_response['error']).to include(expected_error) if expected_error + end.not_to change { Ci::Runner.count } + end + end + + shared_context 'with request authorized with access token' do + let(:current_user) { nil } + let(:pat) { create(:personal_access_token, user: token_user, scopes: [scope]) } + let(:path) { "/user/runners?private_token=#{pat.token}" } + + %i[create_runner api].each do |scope| + context "with #{scope} scope" do + let(:scope) { scope } + + it_behaves_like 'creates a runner' + end + end + + context 'with read_api scope' do + let(:scope) { :read_api } + + it_behaves_like 'fails to create runner with expected_status_code' do + let(:expected_status_code) { :forbidden } + let(:expected_error) { 'insufficient_scope' } + end + end + end + + context 'when runner_type is :instance_type' do + let(:runner_attrs) { { runner_type: 'instance_type' } } + + context 'when user has sufficient permissions' do + let(:current_user) { admin } + + it_behaves_like 'creates a runner' + end + + context 'with admin mode enabled', :enable_admin_mode do + let(:token_user) { admin } + + it_behaves_like 'with request authorized with access token' + end + + it_behaves_like 'when user does not have sufficient permissions returns forbidden' + + context 'when user is not an admin' do + let(:current_user) { user } + + it_behaves_like 'when runner creation fails due to authorization' + end + + context 'when model validation fails' do + let(:runner_attrs) { { runner_type: 'instance_type', run_untagged: false, tag_list: [] } } + let(:current_user) { admin } + + it_behaves_like 'fails to create runner with expected_status_code' do + let(:expected_status_code) { :bad_request } + let(:expected_message) { 'Tags list can not be empty' } + end + end + end + + context 'when runner_type is :group_type' do + let(:post_args) { {} } + + context 'when group_id is specified' do + let(:runner_attrs) { { runner_type: 'group_type', group_id: group.id } } + + context 'when user has sufficient permissions' do + let(:current_user) { group_owner } + + it_behaves_like 'creates a runner' + end + + it_behaves_like 'with request authorized with access token' do + let(:token_user) { group_owner } + end + + it_behaves_like 'when user does not have sufficient permissions returns forbidden' + + context 'when user is a maintainer' do + let(:current_user) { group_maintainer } + + it_behaves_like 'when runner creation fails due to authorization' + end + end + + context 'when group_id is not specified' do + let(:runner_attrs) { { runner_type: 'group_type' } } + let(:current_user) { group_owner } + + it 'fails to create runner with :bad_request' do + expect do + request + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to include('group_id is missing') + end.not_to change { Ci::Runner.count } + end + end + end + + context 'when runner_type is :project_type' do + let(:post_args) { {} } + + context 'when project_id is specified' do + let(:runner_attrs) { { runner_type: 'project_type', project_id: project.id } } + + context 'when user has sufficient permissions' do + let(:current_user) { group_owner } + + it_behaves_like 'creates a runner' + end + + it_behaves_like 'with request authorized with access token' do + let(:token_user) { group_owner } + end + + it_behaves_like 'when user does not have sufficient permissions returns forbidden' + + context 'when user is a developer' do + let(:current_user) { project_developer } + + it_behaves_like 'when runner creation fails due to authorization' + end + end + + context 'when project_id is not specified' do + let(:runner_attrs) { { runner_type: 'project_type' } } + let(:current_user) { group_owner } + + it 'fails to create runner with :bad_request' do + expect do + request + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to include('project_id is missing') + end.not_to change { Ci::Runner.count } + end + end + end + + context 'with missing runner_type' do + let(:runner_attrs) { {} } + let(:current_user) { admin } + + it 'fails to create runner with :bad_request' do + expect do + request + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to eq('runner_type is missing, runner_type does not have a valid value') + end.not_to change { Ci::Runner.count } + end + end + + context 'with unknown runner_type' do + let(:runner_attrs) { { runner_type: 'unknown' } } + let(:current_user) { admin } + + it 'fails to create runner with :bad_request' do + expect do + request + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to eq('runner_type does not have a valid value') + end.not_to change { Ci::Runner.count } + end + end + + it 'returns a 401 error if unauthorized' do + post api(path), params: runner_attrs + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end +end |