Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

2 files changed, 33 insertions, 29 deletions

diff --git a/spec/services/ci/pipeline_trigger_service_spec.rb b/spec/services/ci/pipeline_trigger_service_spec.rb
index 18fab9623ec..ac077e3c30e 100644
--- a/spec/services/ci/pipeline_trigger_service_spec.rb
+++ b/spec/services/ci/pipeline_trigger_service_spec.rb
@@ -106,9 +106,23 @@ RSpec.describe Ci::PipelineTriggerService do
         let(:params) { { token: job.token, ref: 'master', variables: nil } }
         let(:job) { create(:ci_build, :success, pipeline: pipeline, user: user) }
 
-        it 'does nothing' do
+        it 'does nothing', :aggregate_failures do
+          expect { result }.not_to change { Ci::Pipeline.count }
+          expect(result[:message]).to eq('Job is not running')
+          expect(result[:http_status]).to eq(401)
+        end
+      end
+
+      context 'when job does not have a project' do
+        let(:params) { { token: job.token, ref: 'master', variables: nil } }
+        let(:job) { create(:ci_build, status: :running, pipeline: pipeline, user: user) }
+
+        it 'does nothing', :aggregate_failures do
+          job.update!(project: nil)
+
           expect { result }.not_to change { Ci::Pipeline.count }
-          expect(result[:message]).to eq('400 Job has to be running')
+          expect(result[:message]).to eq('Project has been deleted!')
+          expect(result[:http_status]).to eq(401)
         end
       end
 
diff --git a/spec/services/clusters/aws/authorize_role_service_spec.rb b/spec/services/clusters/aws/authorize_role_service_spec.rb
index 3d12400a47b..5b47cf0ecde 100644
--- a/spec/services/clusters/aws/authorize_role_service_spec.rb
+++ b/spec/services/clusters/aws/authorize_role_service_spec.rb
@@ -3,47 +3,34 @@
 require 'spec_helper'
 
 RSpec.describe Clusters::Aws::AuthorizeRoleService do
-  let(:user) { create(:user) }
+  subject { described_class.new(user, params: params).execute }
+
+  let(:role) { create(:aws_role) }
+  let(:user) { role.user }
   let(:credentials) { instance_double(Aws::Credentials) }
   let(:credentials_service) { instance_double(Clusters::Aws::FetchCredentialsService, execute: credentials) }
 
+  let(:role_arn) { 'arn:my-role' }
   let(:params) do
     params = ActionController::Parameters.new({
       cluster: {
-        role_arn: 'arn:my-role',
-        role_external_id: 'external-id'
+        role_arn: role_arn
       }
     })
 
-    params.require(:cluster).permit(:role_arn, :role_external_id)
+    params.require(:cluster).permit(:role_arn)
   end
 
-  subject { described_class.new(user, params: params).execute }
-
   before do
     allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
       .with(instance_of(Aws::Role)).and_return(credentials_service)
   end
 
-  context 'role does not exist' do
-    it 'creates an Aws::Role record and returns a set of credentials' do
-      expect(user).to receive(:create_aws_role!)
-        .with(params).and_call_original
-
-      expect(subject.status).to eq(:ok)
-      expect(subject.body).to eq(credentials)
-    end
-  end
-
-  context 'role already exists' do
-    let(:role) { create(:aws_role, user: user) }
-
+  context 'role exists' do
     it 'updates the existing Aws::Role record and returns a set of credentials' do
-      expect(role).to receive(:update!)
-        .with(params).and_call_original
-
       expect(subject.status).to eq(:ok)
       expect(subject.body).to eq(credentials)
+      expect(role.reload.role_arn).to eq(role_arn)
     end
   end
 
@@ -61,11 +48,14 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do
       end
     end
 
-    context 'cannot create role' do
-      before do
-        allow(user).to receive(:create_aws_role!)
-          .and_raise(ActiveRecord::RecordInvalid.new(user))
-      end
+    context 'role does not exist' do
+      let(:user) { create(:user) }
+
+      include_examples 'bad request'
+    end
+
+    context 'supplied ARN is invalid' do
+      let(:role_arn) { 'invalid' }
 
       include_examples 'bad request'
     end