10 files changed, 95 insertions, 67 deletions

diff --git a/spec/controllers/profiles/preferences_controller_spec.rb b/spec/controllers/profiles/preferences_controller_spec.rb
index b4ffe0bc844..aaf169cd42b 100644
--- a/spec/controllers/profiles/preferences_controller_spec.rb
+++ b/spec/controllers/profiles/preferences_controller_spec.rb
@@ -54,6 +54,7 @@ RSpec.describe Profiles::PreferencesController do
           preferred_language: 'jp',
           tab_width: '5',
           project_shortcut_buttons: 'true',
+          keyboard_shortcuts_enabled: 'true',
           render_whitespace_in_code: 'true'
         }.with_indifferent_access
 
diff --git a/spec/features/projects/user_uses_shortcuts_spec.rb b/spec/features/projects/user_uses_shortcuts_spec.rb
index 7b0ae6d8c32..b7b2093d78a 100644
--- a/spec/features/projects/user_uses_shortcuts_spec.rb
+++ b/spec/features/projects/user_uses_shortcuts_spec.rb
@@ -14,58 +14,6 @@ RSpec.describe 'User uses shortcuts', :js, feature_category: :groups_and_project
     wait_for_requests
   end
 
-  context 'disabling shortcuts' do
-    before do
-      page.evaluate_script("localStorage.removeItem('shortcutsDisabled')")
-    end
-
-    it 'can disable shortcuts from help menu' do
-      open_modal_shortcut_keys
-      click_toggle_button
-      close_modal
-
-      open_modal_shortcut_keys
-
-      expect(page).not_to have_selector('[data-testid="modal-shortcuts"]')
-
-      page.refresh
-      open_modal_shortcut_keys
-
-      # after reload, shortcuts modal doesn't exist at all until we add it
-      expect(page).not_to have_selector('[data-testid="modal-shortcuts"]')
-    end
-
-    it 're-enables shortcuts' do
-      open_modal_shortcut_keys
-      click_toggle_button
-      close_modal
-
-      open_modal_from_help_menu
-      click_toggle_button
-      close_modal
-
-      open_modal_shortcut_keys
-      expect(find('[data-testid="modal-shortcuts"]')).to be_visible
-    end
-
-    def open_modal_shortcut_keys
-      find('body').native.send_key('?')
-    end
-
-    def open_modal_from_help_menu
-      find('.header-help-dropdown-toggle').click
-      find('button', text: 'Keyboard shortcuts').click
-    end
-
-    def click_toggle_button
-      find('.js-toggle-shortcuts .gl-toggle').click
-    end
-
-    def close_modal
-      find('.modal button[aria-label="Close"]').click
-    end
-  end
-
   context 'when navigating to the Project pages' do
     it 'redirects to the project overview page' do
       visit project_issues_path(project)
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 2b3a2e573e0..8da617175ca 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -40,29 +40,29 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching, feature_cate
     end
 
     it 'contains all non-default scopes' do
-      expect(subject.all_available_scopes).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode read_observability write_observability create_runner k8s_proxy]
+      expect(subject.all_available_scopes).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode read_observability write_observability create_runner k8s_proxy ai_features]
     end
 
     it 'contains for non-admin user all non-default scopes without ADMIN access and without observability scopes' do
       user = build_stubbed(:user, admin: false)
 
-      expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy]
+      expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy ai_features]
     end
 
     it 'contains for admin user all non-default scopes with ADMIN access and without observability scopes' do
       user = build_stubbed(:user, admin: true)
 
-      expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode create_runner k8s_proxy]
+      expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode create_runner k8s_proxy ai_features]
     end
 
     it 'contains for project all resource bot scopes without observability scopes' do
-      expect(subject.available_scopes_for(project)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy]
+      expect(subject.available_scopes_for(project)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy ai_features]
     end
 
     it 'contains for group all resource bot scopes' do
       group = build_stubbed(:group)
 
-      expect(subject.available_scopes_for(group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry read_observability write_observability create_runner k8s_proxy]
+      expect(subject.available_scopes_for(group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry read_observability write_observability create_runner k8s_proxy ai_features]
     end
 
     it 'contains for unsupported type no scopes' do
@@ -70,7 +70,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching, feature_cate
     end
 
     it 'optional_scopes contains all non-default scopes' do
-      expect(subject.optional_scopes).to match_array %i[read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode openid profile email read_observability write_observability create_runner k8s_proxy]
+      expect(subject.optional_scopes).to match_array %i[read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode openid profile email read_observability write_observability create_runner k8s_proxy ai_features]
     end
 
     context 'with observability_group_tab feature flag' do
@@ -82,7 +82,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching, feature_cate
         it 'contains for group all resource bot scopes without observability scopes' do
           group = build_stubbed(:group)
 
-          expect(subject.available_scopes_for(group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy]
+          expect(subject.available_scopes_for(group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy ai_features]
         end
       end
 
@@ -94,23 +94,23 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching, feature_cate
         end
 
         it 'contains for other group all resource bot scopes including observability scopes' do
-          expect(subject.available_scopes_for(group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry read_observability write_observability create_runner k8s_proxy]
+          expect(subject.available_scopes_for(group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry read_observability write_observability create_runner k8s_proxy ai_features]
         end
 
         it 'contains for admin user all non-default scopes with ADMIN access and without observability scopes' do
           user = build_stubbed(:user, admin: true)
 
-          expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode create_runner k8s_proxy]
+          expect(subject.available_scopes_for(user)).to match_array %i[api read_user read_api read_repository write_repository read_registry write_registry sudo admin_mode create_runner k8s_proxy ai_features]
         end
 
         it 'contains for project all resource bot scopes without observability scopes' do
-          expect(subject.available_scopes_for(project)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy]
+          expect(subject.available_scopes_for(project)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy ai_features]
         end
 
         it 'contains for other group all resource bot scopes without observability scopes' do
           other_group = build_stubbed(:group)
 
-          expect(subject.available_scopes_for(other_group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy]
+          expect(subject.available_scopes_for(other_group)).to match_array %i[api read_api read_repository write_repository read_registry write_registry create_runner k8s_proxy ai_features]
         end
       end
     end
diff --git a/spec/lib/gitlab/ci/config/entry/bridge_spec.rb b/spec/lib/gitlab/ci/config/entry/bridge_spec.rb
index 736c184a289..567ffa68836 100644
--- a/spec/lib/gitlab/ci/config/entry/bridge_spec.rb
+++ b/spec/lib/gitlab/ci/config/entry/bridge_spec.rb
@@ -14,7 +14,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Bridge do
     # as they do not have sense in context of Bridge
     let(:ignored_inheritable_columns) do
       %i[before_script after_script hooks image services cache interruptible timeout
-         retry tags artifacts]
+         retry tags artifacts id_tokens]
     end
   end
 
diff --git a/spec/lib/gitlab/ci/config/entry/default_spec.rb b/spec/lib/gitlab/ci/config/entry/default_spec.rb
index 46e96843ee3..17e716629cd 100644
--- a/spec/lib/gitlab/ci/config/entry/default_spec.rb
+++ b/spec/lib/gitlab/ci/config/entry/default_spec.rb
@@ -27,7 +27,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Default do
       it 'contains the expected node names' do
         expect(described_class.nodes.keys)
           .to match_array(%i[before_script after_script hooks cache image services
-                             interruptible timeout retry tags artifacts])
+                             interruptible timeout retry tags artifacts id_tokens])
       end
     end
   end
diff --git a/spec/lib/gitlab/ci/yaml_processor_spec.rb b/spec/lib/gitlab/ci/yaml_processor_spec.rb
index 48c82343087..c09c0b31e97 100644
--- a/spec/lib/gitlab/ci/yaml_processor_spec.rb
+++ b/spec/lib/gitlab/ci/yaml_processor_spec.rb
@@ -2042,6 +2042,52 @@ module Gitlab
         end
       end
 
+      describe 'id_tokens' do
+        subject(:execute) { described_class.new(config).execute }
+
+        let(:build) { execute.builds.first }
+        let(:id_tokens_vars) { { ID_TOKEN_1: { aud: 'http://gcp.com' } } }
+        let(:job_id_tokens_vars) { { ID_TOKEN_2: { aud: 'http://job.com' } } }
+
+        context 'when defined on job level' do
+          let(:config) do
+            YAML.dump({
+              rspec: { script: 'rspec', id_tokens: id_tokens_vars }
+            })
+          end
+
+          it 'returns defined id_tokens' do
+            expect(build[:id_tokens]).to eq(id_tokens_vars)
+          end
+        end
+
+        context 'when defined as default' do
+          let(:config) do
+            YAML.dump({
+              default: { id_tokens: id_tokens_vars },
+              rspec: { script: 'rspec' }
+            })
+          end
+
+          it 'returns inherited by default id_tokens' do
+            expect(build[:id_tokens]).to eq(id_tokens_vars)
+          end
+        end
+
+        context 'when defined as default and on job level' do
+          let(:config) do
+            YAML.dump({
+              default: { id_tokens: id_tokens_vars },
+              rspec: { script: 'rspec', id_tokens: job_id_tokens_vars }
+            })
+          end
+
+          it 'overrides default and returns defined on job level' do
+            expect(build[:id_tokens]).to eq(job_id_tokens_vars)
+          end
+        end
+      end
+
       describe "Artifacts" do
         it "returns artifacts when defined" do
           config = YAML.dump(
diff --git a/spec/models/user_preference_spec.rb b/spec/models/user_preference_spec.rb
index 729635b5a27..401a85e2f82 100644
--- a/spec/models/user_preference_spec.rb
+++ b/spec/models/user_preference_spec.rb
@@ -238,6 +238,20 @@ RSpec.describe UserPreference, feature_category: :user_profile do
     end
   end
 
+  describe '#keyboard_shortcuts_enabled' do
+    it 'is set to true by default' do
+      pref = described_class.new
+
+      expect(pref.keyboard_shortcuts_enabled).to eq(true)
+    end
+
+    it 'returns assigned value' do
+      pref = described_class.new(keyboard_shortcuts_enabled: false)
+
+      expect(pref.keyboard_shortcuts_enabled).to eq(false)
+    end
+  end
+
   describe '#render_whitespace_in_code' do
     it 'is set to false by default' do
       pref = described_class.new
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index f286d678360..37263144261 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -65,6 +65,9 @@ RSpec.describe User, feature_category: :user_profile do
     it { is_expected.to delegate_method(:project_shortcut_buttons).to(:user_preference) }
     it { is_expected.to delegate_method(:project_shortcut_buttons=).to(:user_preference).with_arguments(:args) }
 
+    it { is_expected.to delegate_method(:keyboard_shortcuts_enabled).to(:user_preference) }
+    it { is_expected.to delegate_method(:keyboard_shortcuts_enabled=).to(:user_preference).with_arguments(:args) }
+
     it { is_expected.to delegate_method(:render_whitespace_in_code).to(:user_preference) }
     it { is_expected.to delegate_method(:render_whitespace_in_code=).to(:user_preference).with_arguments(:args) }
 
diff --git a/spec/requests/api/metadata_spec.rb b/spec/requests/api/metadata_spec.rb
index e15186c48a5..b81fe3f51b5 100644
--- a/spec/requests/api/metadata_spec.rb
+++ b/spec/requests/api/metadata_spec.rb
@@ -41,6 +41,22 @@ RSpec.describe API::Metadata, feature_category: :shared do
         end
       end
 
+      context 'with ai_features scope' do
+        let(:scopes) { %i(ai_features) }
+
+        it 'returns the metadata information' do
+          get api(endpoint, personal_access_token: personal_access_token)
+
+          expect_metadata
+        end
+
+        it 'returns "200" response on head requests' do
+          head api(endpoint, personal_access_token: personal_access_token)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
       context 'with read_user scope' do
         let(:scopes) { %i(read_user) }
 
@@ -57,7 +73,7 @@ RSpec.describe API::Metadata, feature_category: :shared do
         end
       end
 
-      context 'with neither api nor read_user scope' do
+      context 'with neither api, ai_features nor read_user scope' do
         let(:scopes) { %i(read_repository) }
 
         it 'returns authorization error' do
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index 389ae93c986..6573fe570db 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -273,7 +273,7 @@ RSpec.describe 'OpenID Connect requests', feature_category: :system_access do
     let(:expected_scopes) do
       %w[
         admin_mode api read_user read_api read_repository write_repository sudo openid profile email
-        read_observability write_observability create_runner k8s_proxy
+        read_observability write_observability create_runner k8s_proxy ai_features
       ]
     end