diff options
Diffstat (limited to 'spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb')
-rw-r--r-- | spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb | 108 |
1 files changed, 80 insertions, 28 deletions
diff --git a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb index 99e55c44773..aa00069b241 100644 --- a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb @@ -5,6 +5,10 @@ require 'spec_helper' RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integration do include GraphqlHelpers + before do + stub_feature_flags(frozen_outbound_job_token_scopes_override: false) + end + let_it_be(:project) do create(:project, keep_latest_artifact: true, @@ -18,12 +22,11 @@ RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integr full_path: project.full_path, keep_latest_artifact: false, job_token_scope_enabled: false, - inbound_job_token_scope_enabled: false, - opt_in_jwt: true + inbound_job_token_scope_enabled: false } end - let(:mutation) { graphql_mutation(:ci_cd_settings_update, variables) } + let(:mutation) { graphql_mutation(:project_ci_cd_settings_update, variables) } context 'when unauthorized' do let(:user) { create(:user) } @@ -61,7 +64,36 @@ RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integr expect(project.keep_latest_artifact).to eq(false) end - it 'updates job_token_scope_enabled' do + describe 'ci_cd_settings_update deprecated mutation' do + let(:mutation) { graphql_mutation(:ci_cd_settings_update, variables) } + + it 'returns error' do + post_graphql_mutation(mutation, current_user: user) + + expect(graphql_errors).to( + include( + hash_including('message' => '`remove_cicd_settings_update` feature flag is enabled.') + ) + ) + end + + context 'when remove_cicd_settings_update FF is disabled' do + before do + stub_feature_flags(remove_cicd_settings_update: false) + end + + it 'updates ci cd settings' do + post_graphql_mutation(mutation, current_user: user) + + project.reload + + expect(response).to have_gitlab_http_status(:success) + expect(project.keep_latest_artifact).to eq(false) + end + end + end + + it 'allows setting job_token_scope_enabled to false' do post_graphql_mutation(mutation, current_user: user) project.reload @@ -70,6 +102,50 @@ RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integr expect(project.ci_outbound_job_token_scope_enabled).to eq(false) end + context 'when job_token_scope_enabled: true' do + let(:variables) do + { + full_path: project.full_path, + keep_latest_artifact: false, + job_token_scope_enabled: true, + inbound_job_token_scope_enabled: false + } + end + + it 'prevents the update', :aggregate_failures do + project.update!(ci_outbound_job_token_scope_enabled: false) + post_graphql_mutation(mutation, current_user: user) + + project.reload + + expect(response).to have_gitlab_http_status(:success) + expect(graphql_errors).to( + include( + hash_including( + 'message' => 'job_token_scope_enabled can only be set to false' + ) + ) + ) + expect(project.ci_outbound_job_token_scope_enabled).to eq(false) + end + end + + context 'when FF frozen_outbound_job_token_scopes is disabled' do + before do + stub_feature_flags(frozen_outbound_job_token_scopes: false) + end + + it 'allows setting job_token_scope_enabled to true' do + project.update!(ci_outbound_job_token_scope_enabled: true) + post_graphql_mutation(mutation, current_user: user) + + project.reload + + expect(response).to have_gitlab_http_status(:success) + expect(project.ci_outbound_job_token_scope_enabled).to eq(false) + end + end + it 'does not update job_token_scope_enabled if not specified' do variables.except!(:job_token_scope_enabled) @@ -101,30 +177,6 @@ RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integr expect(response).to have_gitlab_http_status(:success) expect(project.ci_inbound_job_token_scope_enabled).to eq(true) end - - context 'when ci_inbound_job_token_scope disabled' do - before do - stub_feature_flags(ci_inbound_job_token_scope: false) - end - - it 'does not update inbound_job_token_scope_enabled' do - post_graphql_mutation(mutation, current_user: user) - - project.reload - - expect(response).to have_gitlab_http_status(:success) - expect(project.ci_inbound_job_token_scope_enabled).to eq(true) - end - end - end - - it 'updates ci_opt_in_jwt' do - post_graphql_mutation(mutation, current_user: user) - - project.reload - - expect(response).to have_gitlab_http_status(:success) - expect(project.ci_opt_in_jwt).to eq(true) end context 'when bad arguments are provided' do |