2 files changed, 48 insertions, 16 deletions
diff --git a/spec/finders/clusters/agent_authorizations_finder_spec.rb b/spec/finders/clusters/agent_authorizations_finder_spec.rb
index 2d90f32adc5..f680792d6c4 100644
--- a/spec/finders/clusters/agent_authorizations_finder_spec.rb
+++ b/spec/finders/clusters/agent_authorizations_finder_spec.rb
@@ -64,14 +64,6 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do
         let!(:project_authorization) { create(:agent_project_authorization, agent: non_ancestor_agent, project: requesting_project) }
 
         it { is_expected.to match_array([project_authorization]) }
-
-        context 'agent_authorization_include_descendants feature flag is disabled' do
-          before do
-            stub_feature_flags(agent_authorization_include_descendants: false)
-          end
-
-          it { is_expected.to be_empty }
-        end
       end
 
       context 'with project authorizations present' do
@@ -138,14 +130,6 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do
         let!(:group_authorization) { create(:agent_group_authorization, agent: non_ancestor_agent, group: bottom_level_group) }
 
         it { is_expected.to match_array([group_authorization]) }
-
-        context 'agent_authorization_include_descendants feature flag is disabled' do
-          before do
-            stub_feature_flags(agent_authorization_include_descendants: false)
-          end
-
-          it { is_expected.to be_empty }
-        end
       end
 
       it_behaves_like 'access_as' do
diff --git a/spec/finders/clusters/agent_tokens_finder_spec.rb b/spec/finders/clusters/agent_tokens_finder_spec.rb
new file mode 100644
index 00000000000..619aca891c1
--- /dev/null
+++ b/spec/finders/clusters/agent_tokens_finder_spec.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Clusters::AgentTokensFinder do
+  describe '#execute' do
+    let_it_be(:project) { create(:project) }
+    let(:user) { create(:user, maintainer_projects: [project]) }
+    let(:agent) { create(:cluster_agent, project: project) }
+    let(:agent_id) { agent.id }
+
+    let!(:matching_agent_tokens) do
+      [
+        create(:cluster_agent_token, agent: agent),
+        create(:cluster_agent_token, :revoked, agent: agent)
+      ]
+    end
+
+    subject(:execute) { described_class.new(project, user, agent_id).execute }
+
+    it 'returns the tokens of the specified agent' do
+      # creating a token in a different agent to make sure it will not be included in the result
+      create(:cluster_agent_token, agent: create(:cluster_agent))
+
+      expect(execute).to match_array(matching_agent_tokens)
+    end
+
+    context 'when user does not have permission' do
+      let(:user) { create(:user) }
+
+      before do
+        project.add_reporter(user)
+      end
+
+      it 'raises an error' do
+        expect { execute }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+    context 'when agent does not exist' do
+      let(:agent_id) { non_existing_record_id }
+
+      it 'raises an error' do
+        expect { execute }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end