3 files changed, 28 insertions, 138 deletions

diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb
index 4b82c5ceb1c..eb3fe4bc330 100644
--- a/spec/controllers/groups/clusters_controller_spec.rb
+++ b/spec/controllers/groups/clusters_controller_spec.rb
@@ -262,142 +262,6 @@ RSpec.describe Groups::ClustersController do
     end
   end
 
-  describe 'POST #create_aws' do
-    let(:params) do
-      {
-        cluster: {
-          name: 'new-cluster',
-          provider_aws_attributes: {
-            key_name: 'key',
-            role_arn: 'arn:role',
-            region: 'region',
-            vpc_id: 'vpc',
-            instance_type: 'instance type',
-            num_nodes: 3,
-            security_group_id: 'security group',
-            subnet_ids: %w(subnet1 subnet2)
-          }
-        }
-      }
-    end
-
-    def post_create_aws
-      post :create_aws, params: params.merge(group_id: group)
-    end
-
-    include_examples ':certificate_based_clusters feature flag controller responses' do
-      let(:subject) { post_create_aws }
-    end
-
-    it 'creates a new cluster' do
-      expect(ClusterProvisionWorker).to receive(:perform_async)
-      expect { post_create_aws }.to change { Clusters::Cluster.count }
-        .and change { Clusters::Providers::Aws.count }
-
-      cluster = group.clusters.first
-
-      expect(response).to have_gitlab_http_status(:created)
-      expect(response.location).to eq(group_cluster_path(group, cluster))
-      expect(cluster).to be_aws
-      expect(cluster).to be_kubernetes
-    end
-
-    context 'params are invalid' do
-      let(:params) do
-        {
-          cluster: { name: '' }
-        }
-      end
-
-      it 'does not create a cluster' do
-        expect { post_create_aws }.not_to change { Clusters::Cluster.count }
-
-        expect(response).to have_gitlab_http_status(:unprocessable_entity)
-        expect(response.media_type).to eq('application/json')
-        expect(response.body).to include('is invalid')
-      end
-    end
-
-    describe 'security' do
-      before do
-        allow(WaitForClusterCreationWorker).to receive(:perform_in)
-      end
-
-      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { post_create_aws }.to be_allowed_for(:admin) }
-      it('is denied for admin when admin mode is disabled') { expect { post_create_aws }.to be_denied_for(:admin) }
-      it { expect { post_create_aws }.to be_allowed_for(:owner).of(group) }
-      it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(group) }
-      it { expect { post_create_aws }.to be_denied_for(:developer).of(group) }
-      it { expect { post_create_aws }.to be_denied_for(:reporter).of(group) }
-      it { expect { post_create_aws }.to be_denied_for(:guest).of(group) }
-      it { expect { post_create_aws }.to be_denied_for(:user) }
-      it { expect { post_create_aws }.to be_denied_for(:external) }
-    end
-  end
-
-  describe 'POST authorize AWS role for EKS cluster' do
-    let!(:role) { create(:aws_role, user: user) }
-
-    let(:role_arn) { 'arn:new-role' }
-    let(:params) do
-      {
-        cluster: {
-          role_arn: role_arn
-        }
-      }
-    end
-
-    def go
-      post :authorize_aws_role, params: params.merge(group_id: group)
-    end
-
-    include_examples ':certificate_based_clusters feature flag controller responses' do
-      let(:subject) { go }
-    end
-
-    before do
-      allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
-        .and_return(double(execute: double))
-    end
-
-    it 'updates the associated role with the supplied ARN' do
-      go
-
-      expect(response).to have_gitlab_http_status(:ok)
-      expect(role.reload.role_arn).to eq(role_arn)
-    end
-
-    context 'supplied role is invalid' do
-      let(:role_arn) { 'invalid-role' }
-
-      it 'does not update the associated role' do
-        expect { go }.not_to change { role.role_arn }
-
-        expect(response).to have_gitlab_http_status(:unprocessable_entity)
-      end
-    end
-
-    describe 'security' do
-      before do
-        allow_next_instance_of(Clusters::Aws::AuthorizeRoleService) do |service|
-          response = double(status: :ok, body: double)
-
-          allow(service).to receive(:execute).and_return(response)
-        end
-      end
-
-      it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
-      it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
-      it { expect { go }.to be_allowed_for(:owner).of(group) }
-      it { expect { go }.to be_allowed_for(:maintainer).of(group) }
-      it { expect { go }.to be_denied_for(:developer).of(group) }
-      it { expect { go }.to be_denied_for(:reporter).of(group) }
-      it { expect { go }.to be_denied_for(:guest).of(group) }
-      it { expect { go }.to be_denied_for(:user) }
-      it { expect { go }.to be_denied_for(:external) }
-    end
-  end
-
   describe 'DELETE clear cluster cache' do
     let(:cluster) { create(:cluster, :group, groups: [group]) }
     let!(:kubernetes_namespace) do
diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb
index 25d32436d58..c6fd184ede0 100644
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@@ -305,11 +305,37 @@ RSpec.describe Groups::GroupMembersController do
           group.add_owner(user)
         end
 
-        it 'cannot removes himself from the group' do
+        it 'cannot remove user from the group' do
           delete :leave, params: { group_id: group }
 
           expect(response).to have_gitlab_http_status(:forbidden)
         end
+
+        context 'and there is a group project bot owner' do
+          before do
+            create(:group_member, :owner, source: group, user: create(:user, :project_bot))
+          end
+
+          it 'cannot remove user from the group' do
+            delete :leave, params: { group_id: group }
+
+            expect(response).to have_gitlab_http_status(:forbidden)
+          end
+        end
+
+        context 'and there is another owner' do
+          before do
+            create(:group_member, :owner, source: group)
+          end
+
+          it 'removes user from members', :aggregate_failures do
+            delete :leave, params: { group_id: group }
+
+            expect(controller).to set_flash.to "You left the \"#{group.name}\" group."
+            expect(response).to redirect_to(dashboard_groups_path)
+            expect(group.users).not_to include user
+          end
+        end
       end
 
       context 'and is a requester' do
diff --git a/spec/controllers/groups/settings/integrations_controller_spec.rb b/spec/controllers/groups/settings/integrations_controller_spec.rb
index c070094babd..377c38ce087 100644
--- a/spec/controllers/groups/settings/integrations_controller_spec.rb
+++ b/spec/controllers/groups/settings/integrations_controller_spec.rb
@@ -76,7 +76,7 @@ RSpec.describe Groups::Settings::IntegrationsController do
   end
 
   describe '#update' do
-    include JiraServiceHelper
+    include JiraIntegrationHelpers
 
     let(:integration) { create(:jira_integration, :group, group: group) }