1 files changed, 28 insertions, 8 deletions

diff --git a/spec/lib/gitlab/ci/jwt_v2_spec.rb b/spec/lib/gitlab/ci/jwt_v2_spec.rb
index d45d8cacb88..c2ced10620b 100644
--- a/spec/lib/gitlab/ci/jwt_v2_spec.rb
+++ b/spec/lib/gitlab/ci/jwt_v2_spec.rb
@@ -33,14 +33,6 @@ RSpec.describe Gitlab::Ci::JwtV2, feature_category: :continuous_integration do
   describe '#payload' do
     subject(:payload) { ci_job_jwt_v2.payload }
 
-    it 'has correct values for the standard JWT attributes' do
-      aggregate_failures do
-        expect(payload[:iss]).to eq(Settings.gitlab.base_url)
-        expect(payload[:aud]).to eq(Settings.gitlab.base_url)
-        expect(payload[:sub]).to eq("project_path:#{project.full_path}:ref_type:branch:ref:#{pipeline.source_ref}")
-      end
-    end
-
     it 'includes user identities when enabled' do
       expect(user).to receive(:pass_user_identities_to_ci_jwt).and_return(true)
       identities = payload[:user_identities].map { |identity| identity.slice(:extern_uid, :provider) }
@@ -53,6 +45,34 @@ RSpec.describe Gitlab::Ci::JwtV2, feature_category: :continuous_integration do
       expect(payload).not_to include(:user_identities)
     end
 
+    context 'when oidc_issuer_url is disabled' do
+      before do
+        stub_feature_flags(oidc_issuer_url: false)
+      end
+
+      it 'has correct values for the standard JWT attributes' do
+        aggregate_failures do
+          expect(payload[:iss]).to eq(Settings.gitlab.base_url)
+          expect(payload[:aud]).to eq(Settings.gitlab.base_url)
+          expect(payload[:sub]).to eq("project_path:#{project.full_path}:ref_type:branch:ref:#{pipeline.source_ref}")
+        end
+      end
+    end
+
+    context 'when oidc_issuer_url is enabled' do
+      before do
+        stub_feature_flags(oidc_issuer_url: true)
+      end
+
+      it 'has correct values for the standard JWT attributes' do
+        aggregate_failures do
+          expect(payload[:iss]).to eq(Gitlab.config.gitlab.url)
+          expect(payload[:aud]).to eq(Settings.gitlab.base_url)
+          expect(payload[:sub]).to eq("project_path:#{project.full_path}:ref_type:branch:ref:#{pipeline.source_ref}")
+        end
+      end
+    end
+
     context 'when given an aud' do
       let(:aud) { 'AWS' }