diff options
Diffstat (limited to 'spec/finders/clusters/agent_authorizations_finder_spec.rb')
-rw-r--r-- | spec/finders/clusters/agent_authorizations_finder_spec.rb | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/spec/finders/clusters/agent_authorizations_finder_spec.rb b/spec/finders/clusters/agent_authorizations_finder_spec.rb index 687906db0d7..2d90f32adc5 100644 --- a/spec/finders/clusters/agent_authorizations_finder_spec.rb +++ b/spec/finders/clusters/agent_authorizations_finder_spec.rb @@ -9,6 +9,10 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do let_it_be(:subgroup2) { create(:group, parent: subgroup1) } let_it_be(:bottom_level_group) { create(:group, parent: subgroup2) } + let_it_be(:non_ancestor_group) { create(:group, parent: top_level_group) } + let_it_be(:non_ancestor_project) { create(:project, namespace: non_ancestor_group) } + let_it_be(:non_ancestor_agent) { create(:cluster_agent, project: non_ancestor_project) } + let_it_be(:agent_configuration_project) { create(:project, namespace: subgroup1) } let_it_be(:requesting_project, reload: true) { create(:project, namespace: bottom_level_group) } @@ -56,6 +60,20 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do it { is_expected.to be_empty } end + context 'agent configuration project shares a root namespace, but does not belong to an ancestor of the given project' do + let!(:project_authorization) { create(:agent_project_authorization, agent: non_ancestor_agent, project: requesting_project) } + + it { is_expected.to match_array([project_authorization]) } + + context 'agent_authorization_include_descendants feature flag is disabled' do + before do + stub_feature_flags(agent_authorization_include_descendants: false) + end + + it { is_expected.to be_empty } + end + end + context 'with project authorizations present' do let!(:authorization) { create(:agent_project_authorization, agent: production_agent, project: requesting_project) } @@ -116,6 +134,20 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do end end + context 'agent configuration project does not belong to an ancestor of the authorized group' do + let!(:group_authorization) { create(:agent_group_authorization, agent: non_ancestor_agent, group: bottom_level_group) } + + it { is_expected.to match_array([group_authorization]) } + + context 'agent_authorization_include_descendants feature flag is disabled' do + before do + stub_feature_flags(agent_authorization_include_descendants: false) + end + + it { is_expected.to be_empty } + end + end + it_behaves_like 'access_as' do let!(:authorization) { create(:agent_group_authorization, agent: production_agent, group: top_level_group, config: config) } end |