Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/api/user_runners_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/user_runners_spec.rb')
-rw-r--r--spec/requests/api/user_runners_spec.rb243
1 files changed, 243 insertions, 0 deletions
diff --git a/spec/requests/api/user_runners_spec.rb b/spec/requests/api/user_runners_spec.rb
new file mode 100644
index 00000000000..0e40dcade19
--- /dev/null
+++ b/spec/requests/api/user_runners_spec.rb
@@ -0,0 +1,243 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::UserRunners, :aggregate_failures, feature_category: :runner_fleet do
+ let_it_be(:admin) { create(:admin) }
+ let_it_be(:user, reload: true) { create(:user, username: 'user.withdot') }
+
+ describe 'POST /user/runners' do
+ subject(:request) { post api(path, current_user, **post_args), params: runner_attrs }
+
+ let_it_be(:group) { create(:group) }
+ let_it_be(:project) { create(:project, namespace: group) }
+ let_it_be(:group_owner) { create(:user).tap { |user| group.add_owner(user) } }
+ let_it_be(:group_maintainer) { create(:user).tap { |user| group.add_maintainer(user) } }
+ let_it_be(:project_developer) { create(:user).tap { |user| project.add_developer(user) } }
+
+ let(:post_args) { { admin_mode: true } }
+ let(:runner_attrs) { { runner_type: 'instance_type' } }
+ let(:path) { '/user/runners' }
+
+ shared_examples 'when runner creation fails due to authorization' do
+ it 'does not create a runner' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end.not_to change { Ci::Runner.count }
+ end
+ end
+
+ shared_context 'when user does not have sufficient permissions returns forbidden' do
+ context 'when user is admin and admin mode is disabled' do
+ let(:current_user) { admin }
+ let(:post_args) { { admin_mode: false } }
+
+ it_behaves_like 'when runner creation fails due to authorization'
+ end
+
+ context 'when user is not an admin or a member of the namespace' do
+ let(:current_user) { user }
+
+ it_behaves_like 'when runner creation fails due to authorization'
+ end
+ end
+
+ shared_examples 'creates a runner' do
+ it 'creates a runner' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(:created)
+ end.to change { Ci::Runner.count }.by(1)
+ end
+ end
+
+ shared_examples 'fails to create runner with expected_status_code' do
+ let(:expected_message) { nil }
+ let(:expected_error) { nil }
+
+ it 'does not create runner' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(expected_status_code)
+ expect(json_response['message']).to include(expected_message) if expected_message
+ expect(json_response['error']).to include(expected_error) if expected_error
+ end.not_to change { Ci::Runner.count }
+ end
+ end
+
+ shared_context 'with request authorized with access token' do
+ let(:current_user) { nil }
+ let(:pat) { create(:personal_access_token, user: token_user, scopes: [scope]) }
+ let(:path) { "/user/runners?private_token=#{pat.token}" }
+
+ %i[create_runner api].each do |scope|
+ context "with #{scope} scope" do
+ let(:scope) { scope }
+
+ it_behaves_like 'creates a runner'
+ end
+ end
+
+ context 'with read_api scope' do
+ let(:scope) { :read_api }
+
+ it_behaves_like 'fails to create runner with expected_status_code' do
+ let(:expected_status_code) { :forbidden }
+ let(:expected_error) { 'insufficient_scope' }
+ end
+ end
+ end
+
+ context 'when runner_type is :instance_type' do
+ let(:runner_attrs) { { runner_type: 'instance_type' } }
+
+ context 'when user has sufficient permissions' do
+ let(:current_user) { admin }
+
+ it_behaves_like 'creates a runner'
+ end
+
+ context 'with admin mode enabled', :enable_admin_mode do
+ let(:token_user) { admin }
+
+ it_behaves_like 'with request authorized with access token'
+ end
+
+ it_behaves_like 'when user does not have sufficient permissions returns forbidden'
+
+ context 'when user is not an admin' do
+ let(:current_user) { user }
+
+ it_behaves_like 'when runner creation fails due to authorization'
+ end
+
+ context 'when model validation fails' do
+ let(:runner_attrs) { { runner_type: 'instance_type', run_untagged: false, tag_list: [] } }
+ let(:current_user) { admin }
+
+ it_behaves_like 'fails to create runner with expected_status_code' do
+ let(:expected_status_code) { :bad_request }
+ let(:expected_message) { 'Tags list can not be empty' }
+ end
+ end
+ end
+
+ context 'when runner_type is :group_type' do
+ let(:post_args) { {} }
+
+ context 'when group_id is specified' do
+ let(:runner_attrs) { { runner_type: 'group_type', group_id: group.id } }
+
+ context 'when user has sufficient permissions' do
+ let(:current_user) { group_owner }
+
+ it_behaves_like 'creates a runner'
+ end
+
+ it_behaves_like 'with request authorized with access token' do
+ let(:token_user) { group_owner }
+ end
+
+ it_behaves_like 'when user does not have sufficient permissions returns forbidden'
+
+ context 'when user is a maintainer' do
+ let(:current_user) { group_maintainer }
+
+ it_behaves_like 'when runner creation fails due to authorization'
+ end
+ end
+
+ context 'when group_id is not specified' do
+ let(:runner_attrs) { { runner_type: 'group_type' } }
+ let(:current_user) { group_owner }
+
+ it 'fails to create runner with :bad_request' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(:bad_request)
+ expect(json_response['error']).to include('group_id is missing')
+ end.not_to change { Ci::Runner.count }
+ end
+ end
+ end
+
+ context 'when runner_type is :project_type' do
+ let(:post_args) { {} }
+
+ context 'when project_id is specified' do
+ let(:runner_attrs) { { runner_type: 'project_type', project_id: project.id } }
+
+ context 'when user has sufficient permissions' do
+ let(:current_user) { group_owner }
+
+ it_behaves_like 'creates a runner'
+ end
+
+ it_behaves_like 'with request authorized with access token' do
+ let(:token_user) { group_owner }
+ end
+
+ it_behaves_like 'when user does not have sufficient permissions returns forbidden'
+
+ context 'when user is a developer' do
+ let(:current_user) { project_developer }
+
+ it_behaves_like 'when runner creation fails due to authorization'
+ end
+ end
+
+ context 'when project_id is not specified' do
+ let(:runner_attrs) { { runner_type: 'project_type' } }
+ let(:current_user) { group_owner }
+
+ it 'fails to create runner with :bad_request' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(:bad_request)
+ expect(json_response['error']).to include('project_id is missing')
+ end.not_to change { Ci::Runner.count }
+ end
+ end
+ end
+
+ context 'with missing runner_type' do
+ let(:runner_attrs) { {} }
+ let(:current_user) { admin }
+
+ it 'fails to create runner with :bad_request' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(:bad_request)
+ expect(json_response['error']).to eq('runner_type is missing, runner_type does not have a valid value')
+ end.not_to change { Ci::Runner.count }
+ end
+ end
+
+ context 'with unknown runner_type' do
+ let(:runner_attrs) { { runner_type: 'unknown' } }
+ let(:current_user) { admin }
+
+ it 'fails to create runner with :bad_request' do
+ expect do
+ request
+
+ expect(response).to have_gitlab_http_status(:bad_request)
+ expect(json_response['error']).to eq('runner_type does not have a valid value')
+ end.not_to change { Ci::Runner.count }
+ end
+ end
+
+ it 'returns a 401 error if unauthorized' do
+ post api(path), params: runner_attrs
+
+ expect(response).to have_gitlab_http_status(:unauthorized)
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 21:01:56 +0300