From 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 20 Sep 2021 13:18:24 +0000
Subject: Add latest changes from gitlab-org/gitlab@14-3-stable-ee

---
 spec/requests/api/ci/pipelines_spec.rb             |  81 ++---------
 .../ci/runners_reset_registration_token_spec.rb    | 149 +++++++++++++++++++++
 2 files changed, 162 insertions(+), 68 deletions(-)
 create mode 100644 spec/requests/api/ci/runners_reset_registration_token_spec.rb

(limited to 'spec/requests/api/ci')

diff --git a/spec/requests/api/ci/pipelines_spec.rb b/spec/requests/api/ci/pipelines_spec.rb
index 640e1ee6422..7ae350885f4 100644
--- a/spec/requests/api/ci/pipelines_spec.rb
+++ b/spec/requests/api/ci/pipelines_spec.rb
@@ -37,24 +37,10 @@ RSpec.describe API::Ci::Pipelines do
       end
 
       describe 'keys in the response' do
-        context 'when `pipeline_source_filter` feature flag is disabled' do
-          before do
-            stub_feature_flags(pipeline_source_filter: false)
-          end
+        it 'includes pipeline source' do
+          get api("/projects/#{project.id}/pipelines", user)
 
-          it 'does not includes pipeline source' do
-            get api("/projects/#{project.id}/pipelines", user)
-
-            expect(json_response.first.keys).to contain_exactly(*%w[id project_id sha ref status web_url created_at updated_at])
-          end
-        end
-
-        context 'when `pipeline_source_filter` feature flag is disabled' do
-          it 'includes pipeline source' do
-            get api("/projects/#{project.id}/pipelines", user)
-
-            expect(json_response.first.keys).to contain_exactly(*%w[id project_id sha ref status web_url created_at updated_at source])
-          end
+          expect(json_response.first.keys).to contain_exactly(*%w[id project_id sha ref status web_url created_at updated_at source])
         end
       end
 
@@ -182,30 +168,6 @@ RSpec.describe API::Ci::Pipelines do
           end
         end
 
-        context 'when name is specified' do
-          let_it_be(:pipeline) { create(:ci_pipeline, project: project, user: user) }
-
-          context 'when name exists' do
-            it 'returns matched pipelines' do
-              get api("/projects/#{project.id}/pipelines", user), params: { name: user.name }
-
-              expect(response).to have_gitlab_http_status(:ok)
-              expect(response).to include_pagination_headers
-              expect(json_response.first['id']).to eq(pipeline.id)
-            end
-          end
-
-          context 'when name does not exist' do
-            it 'returns empty' do
-              get api("/projects/#{project.id}/pipelines", user), params: { name: 'invalid-name' }
-
-              expect(response).to have_gitlab_http_status(:ok)
-              expect(response).to include_pagination_headers
-              expect(json_response).to be_empty
-            end
-          end
-        end
-
         context 'when username is specified' do
           let_it_be(:pipeline) { create(:ci_pipeline, project: project, user: user) }
 
@@ -323,37 +285,20 @@ RSpec.describe API::Ci::Pipelines do
             create(:ci_pipeline, project: project, source: :api)
           end
 
-          context 'when `pipeline_source_filter` feature flag is disabled' do
-            before do
-              stub_feature_flags(pipeline_source_filter: false)
-            end
-
-            it 'returns all pipelines' do
-              get api("/projects/#{project.id}/pipelines", user), params: { source: 'web' }
+          it 'returns matched pipelines' do
+            get api("/projects/#{project.id}/pipelines", user), params: { source: 'web' }
 
-              expect(response).to have_gitlab_http_status(:ok)
-              expect(response).to include_pagination_headers
-              expect(json_response).not_to be_empty
-              expect(json_response.length).to be >= 3
-            end
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(response).to include_pagination_headers
+            expect(json_response).not_to be_empty
+            json_response.each { |r| expect(r['source']).to eq('web') }
           end
 
-          context 'when `pipeline_source_filter` feature flag is enabled' do
-            it 'returns matched pipelines' do
-              get api("/projects/#{project.id}/pipelines", user), params: { source: 'web' }
-
-              expect(response).to have_gitlab_http_status(:ok)
-              expect(response).to include_pagination_headers
-              expect(json_response).not_to be_empty
-              json_response.each { |r| expect(r['source']).to eq('web') }
-            end
-
-            context 'when source is invalid' do
-              it 'returns bad_request' do
-                get api("/projects/#{project.id}/pipelines", user), params: { source: 'invalid-source' }
+          context 'when source is invalid' do
+            it 'returns bad_request' do
+              get api("/projects/#{project.id}/pipelines", user), params: { source: 'invalid-source' }
 
-                expect(response).to have_gitlab_http_status(:bad_request)
-              end
+              expect(response).to have_gitlab_http_status(:bad_request)
             end
           end
         end
diff --git a/spec/requests/api/ci/runners_reset_registration_token_spec.rb b/spec/requests/api/ci/runners_reset_registration_token_spec.rb
new file mode 100644
index 00000000000..7623d3f1b17
--- /dev/null
+++ b/spec/requests/api/ci/runners_reset_registration_token_spec.rb
@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::Ci::Runners do
+  subject { post api("#{prefix}/runners/reset_registration_token", user) }
+
+  shared_examples 'bad request' do |result|
+    it 'returns 400 error' do
+      expect { subject }.not_to change { get_token }
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response).to eq(result)
+    end
+  end
+
+  shared_examples 'unauthenticated' do
+    it 'returns 401 error' do
+      expect { subject }.not_to change { get_token }
+
+      expect(response).to have_gitlab_http_status(:unauthorized)
+    end
+  end
+
+  shared_examples 'unauthorized' do
+    it 'returns 403 error' do
+      expect { subject }.not_to change { get_token }
+
+      expect(response).to have_gitlab_http_status(:forbidden)
+    end
+  end
+
+  shared_examples 'not found' do |scope|
+    it 'returns 404 error' do
+      expect { subject }.not_to change { get_token }
+
+      expect(response).to have_gitlab_http_status(:not_found)
+      expect(json_response).to eq({ 'message' => "404 #{scope.capitalize} Not Found" })
+    end
+  end
+
+  shared_context 'when unauthorized' do |scope|
+    context 'when unauthorized' do
+      let_it_be(:user) { create(:user) }
+
+      context "when not a #{scope} member" do
+        it_behaves_like 'not found', scope
+      end
+
+      context "with a non-admin #{scope} member" do
+        before do
+          target.add_developer(user)
+        end
+
+        it_behaves_like 'unauthorized'
+      end
+    end
+  end
+
+  shared_context 'when authorized' do |scope|
+    it 'resets runner registration token' do
+      expect { subject }.to change { get_token }
+
+      expect(response).to have_gitlab_http_status(:success)
+      expect(json_response).to eq({ 'token' => get_token })
+    end
+
+    if scope != 'instance'
+      context 'when malformed id is provided' do
+        let(:prefix) { "/#{scope.pluralize}/some%20string" }
+
+        it_behaves_like 'not found', scope
+      end
+    end
+  end
+
+  describe '/api/v4/runners/reset_registration_token' do
+    describe 'POST /api/v4/runners/reset_registration_token' do
+      before do
+        ApplicationSetting.create_from_defaults
+        stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
+      end
+
+      let(:prefix) { '' }
+
+      context 'when unauthenticated' do
+        let(:user) { nil }
+
+        it_behaves_like 'unauthenticated'
+      end
+
+      context 'when unauthorized' do
+        let(:user) { create(:user) }
+
+        context "with a non-admin instance member" do
+          it_behaves_like 'unauthorized'
+        end
+      end
+
+      include_context 'when authorized', 'instance' do
+        let_it_be(:user) { create(:user, :admin) }
+
+        def get_token
+          ApplicationSetting.current_without_cache.runners_registration_token
+        end
+      end
+    end
+  end
+
+  describe '/api/v4/groups/:id/runners/reset_registration_token' do
+    describe 'POST /api/v4/groups/:id/runners/reset_registration_token' do
+      let_it_be(:group) { create_default(:group, :private) }
+
+      let(:prefix) { "/groups/#{group.id}" }
+
+      include_context 'when unauthorized', 'group' do
+        let(:target) { group }
+      end
+
+      include_context 'when authorized', 'group' do
+        let_it_be(:user) { create_default(:group_member, :maintainer, user: create(:user), group: group ).user }
+
+        def get_token
+          group.reload.runners_token
+        end
+      end
+    end
+  end
+
+  describe '/api/v4/projects/:id/runners/reset_registration_token' do
+    describe 'POST /api/v4/projects/:id/runners/reset_registration_token' do
+      let_it_be(:project) { create_default(:project) }
+
+      let(:prefix) { "/projects/#{project.id}" }
+
+      include_context 'when unauthorized', 'project' do
+        let(:target) { project }
+      end
+
+      include_context 'when authorized', 'project' do
+        let_it_be(:user) { project.owner }
+
+        def get_token
+          project.reload.runners_token
+        end
+      end
+    end
+  end
+end
-- 
cgit v1.2.3