Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/policies/ci/runner_policy_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/policies/ci/runner_policy_spec.rb')
-rw-r--r--spec/policies/ci/runner_policy_spec.rb147
1 files changed, 80 insertions, 67 deletions
diff --git a/spec/policies/ci/runner_policy_spec.rb b/spec/policies/ci/runner_policy_spec.rb
index 880ff0722fa..773d3d9a01d 100644
--- a/spec/policies/ci/runner_policy_spec.rb
+++ b/spec/policies/ci/runner_policy_spec.rb
@@ -6,42 +6,64 @@ RSpec.describe Ci::RunnerPolicy do
describe 'ability :read_runner' do
let_it_be(:guest) { create(:user) }
let_it_be(:developer) { create(:user) }
+ let_it_be(:maintainer) { create(:user) }
let_it_be(:owner) { create(:user) }
- let_it_be(:group1) { create(:group, name: 'top-level', path: 'top-level') }
- let_it_be(:subgroup1) { create(:group, name: 'subgroup1', path: 'subgroup1', parent: group1) }
- let_it_be(:project1) { create(:project, group: subgroup1) }
+ let_it_be_with_reload(:group) { create(:group, name: 'top-level', path: 'top-level') }
+ let_it_be_with_reload(:subgroup) { create(:group, name: 'subgroup', path: 'subgroup', parent: group) }
+ let_it_be_with_reload(:project) { create(:project, group: subgroup) }
+
let_it_be(:instance_runner) { create(:ci_runner, :instance) }
- let_it_be(:group1_runner) { create(:ci_runner, :group, groups: [group1]) }
- let_it_be(:project1_runner) { create(:ci_runner, :project, projects: [project1]) }
+ let_it_be(:group_runner) { create(:ci_runner, :group, groups: [group]) }
+ let_it_be(:project_runner) { create(:ci_runner, :project, projects: [project]) }
subject(:policy) { described_class.new(user, runner) }
- before do
- group1.add_guest(guest)
- group1.add_developer(developer)
- group1.add_owner(owner)
+ before_all do
+ group.add_guest(guest)
+ group.add_developer(developer)
+ group.add_maintainer(maintainer)
+ group.add_owner(owner)
end
- shared_context 'on hierarchy with shared runners disabled' do
- around do |example|
- group1.update!(shared_runners_enabled: false)
- project1.update!(shared_runners_enabled: false)
+ shared_examples 'a policy allowing reading instance runner depending on runner sharing' do
+ context 'with instance runner' do
+ let(:runner) { instance_runner }
+
+ it { expect_allowed :read_runner }
+
+ context 'with shared runners disabled on projects' do
+ before do
+ project.update!(shared_runners_enabled: false)
+ end
+
+ it { expect_allowed :read_runner }
+ end
- example.run
- ensure
- project1.update!(shared_runners_enabled: true)
- group1.update!(shared_runners_enabled: true)
+ context 'with shared runners disabled for groups and projects' do
+ before do
+ group.update!(shared_runners_enabled: false)
+ project.update!(shared_runners_enabled: false)
+ end
+
+ it { expect_disallowed :read_runner }
+ end
end
end
- shared_context 'on hierarchy with group runners disabled' do
- around do |example|
- project1.update!(group_runners_enabled: false)
+ shared_examples 'a policy allowing reading group runner depending on runner sharing' do
+ context 'with group runner' do
+ let(:runner) { group_runner }
+
+ it { expect_allowed :read_runner }
- example.run
- ensure
- project1.update!(group_runners_enabled: true)
+ context 'with sharing of group runners disabled' do
+ before do
+ project.update!(group_runners_enabled: false)
+ end
+
+ it { expect_disallowed :read_runner }
+ end
end
end
@@ -51,27 +73,32 @@ RSpec.describe Ci::RunnerPolicy do
it { expect_disallowed :read_runner }
- context 'with shared runners disabled' do
- include_context 'on hierarchy with shared runners disabled' do
- it { expect_disallowed :read_runner }
+ context 'with shared runners disabled for groups and projects' do
+ before do
+ group.update!(shared_runners_enabled: false)
+ project.update!(shared_runners_enabled: false)
end
+
+ it { expect_disallowed :read_runner }
end
end
context 'with group runner' do
- let(:runner) { group1_runner }
+ let(:runner) { group_runner }
it { expect_disallowed :read_runner }
- context 'with group runner disabled' do
- include_context 'on hierarchy with group runners disabled' do
- it { expect_disallowed :read_runner }
+ context 'with sharing of group runners disabled' do
+ before do
+ project.update!(group_runners_enabled: false)
end
+
+ it { expect_disallowed :read_runner }
end
end
context 'with project runner' do
- let(:runner) { project1_runner }
+ let(:runner) { project_runner }
it { expect_disallowed :read_runner }
end
@@ -92,66 +119,52 @@ RSpec.describe Ci::RunnerPolicy do
context 'with developer access' do
let(:user) { developer }
- context 'with instance runner' do
- let(:runner) { instance_runner }
+ it_behaves_like 'a policy allowing reading instance runner depending on runner sharing'
- it { expect_allowed :read_runner }
+ it_behaves_like 'a policy allowing reading group runner depending on runner sharing'
- context 'with shared runners disabled' do
- include_context 'on hierarchy with shared runners disabled' do
- it { expect_disallowed :read_runner }
- end
- end
+ context 'with project runner' do
+ let(:runner) { project_runner }
+
+ it { expect_disallowed :read_runner }
end
+ end
- context 'with group runner' do
- let(:runner) { group1_runner }
+ context 'with maintainer access' do
+ let(:user) { maintainer }
- it { expect_allowed :read_runner }
+ it_behaves_like 'a policy allowing reading instance runner depending on runner sharing'
- context 'with group runner disabled' do
- include_context 'on hierarchy with group runners disabled' do
- it { expect_disallowed :read_runner }
- end
- end
- end
+ it_behaves_like 'a policy allowing reading group runner depending on runner sharing'
context 'with project runner' do
- let(:runner) { project1_runner }
+ let(:runner) { project_runner }
- it { expect_disallowed :read_runner }
+ it { expect_allowed :read_runner }
end
end
context 'with owner access' do
let(:user) { owner }
- context 'with instance runner' do
- let(:runner) { instance_runner }
+ it_behaves_like 'a policy allowing reading instance runner depending on runner sharing'
- context 'with shared runners disabled' do
- include_context 'on hierarchy with shared runners disabled' do
- it { expect_disallowed :read_runner }
- end
- end
+ context 'with group runner' do
+ let(:runner) { group_runner }
it { expect_allowed :read_runner }
- end
- context 'with group runner' do
- let(:runner) { group1_runner }
-
- context 'with group runners disabled' do
- include_context 'on hierarchy with group runners disabled' do
- it { expect_allowed :read_runner }
+ context 'with sharing of group runners disabled' do
+ before do
+ project.update!(group_runners_enabled: false)
end
- end
- it { expect_allowed :read_runner }
+ it { expect_allowed :read_runner }
+ end
end
context 'with project runner' do
- let(:runner) { project1_runner }
+ let(:runner) { project_runner }
it { expect_allowed :read_runner }
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 11:51:54 +0300