1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Groups::Settings::AccessTokensController, feature_category: :system_access do
let_it_be(:user) { create(:user) }
let_it_be(:resource) { create(:group) }
let_it_be(:access_token_user) { create(:user, :project_bot) }
before_all do
resource.add_owner(user)
resource.add_maintainer(access_token_user)
end
before do
sign_in(user)
end
shared_examples 'feature unavailable' do
context 'user is not a owner' do
before do
resource.add_maintainer(user)
end
it { expect(subject).to have_gitlab_http_status(:not_found) }
end
end
describe 'GET /:namespace/-/settings/access_tokens' do
let(:get_access_tokens) do
get group_settings_access_tokens_path(resource)
response
end
let(:get_access_tokens_json) do
get group_settings_access_tokens_path(resource), params: { format: :json }
response
end
subject(:get_access_tokens_with_page) do
get group_settings_access_tokens_path(resource), params: { page: 1 }
response
end
it_behaves_like 'feature unavailable'
it_behaves_like 'GET resource access tokens available'
it_behaves_like 'GET access tokens are paginated and ordered'
end
describe 'POST /:namespace/-/settings/access_tokens' do
let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month } }
subject do
post group_settings_access_tokens_path(resource), params: { resource_access_token: access_token_params }
response
end
it_behaves_like 'feature unavailable'
it_behaves_like 'POST resource access tokens available'
context 'when group access token creation is disabled' do
before do
resource.namespace_settings.update_column(:resource_access_token_creation_allowed, false)
end
it { expect(subject).to have_gitlab_http_status(:not_found) }
it 'does not create the token' do
expect { subject }.not_to change { PersonalAccessToken.count }
end
it 'does not add the project bot as a member' do
expect { subject }.not_to change { Member.count }
end
it 'does not create the project bot user' do
expect { subject }.not_to change { User.count }
end
end
context 'with custom access level' do
let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month, access_level: 20 } }
subject { post group_settings_access_tokens_path(resource), params: { resource_access_token: access_token_params } }
it_behaves_like 'POST resource access tokens available'
end
end
describe 'PUT /:namespace/-/settings/access_tokens/:id', :sidekiq_inline do
let(:resource_access_token) { create(:personal_access_token, user: access_token_user) }
subject do
put revoke_group_settings_access_token_path(resource, resource_access_token)
response
end
it_behaves_like 'feature unavailable'
it_behaves_like 'PUT resource access tokens available'
end
describe '#index' do
let_it_be(:resource_access_tokens) { create_list(:personal_access_token, 3, user: access_token_user) }
before do
get group_settings_access_tokens_path(resource)
end
it 'includes details of the active group access tokens' do
active_access_tokens =
::GroupAccessTokenSerializer.new.represent(resource_access_tokens.reverse, group: resource)
expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json)
end
it 'sets available scopes' do
expect(assigns(:scopes)).to include(Gitlab::Auth::K8S_PROXY_SCOPE)
end
context 'with feature flag k8s_proxy_pat disabled' do
before do
stub_feature_flags(k8s_proxy_pat: false)
get group_settings_access_tokens_path(resource)
end
it 'includes details of the active group access tokens' do
active_access_tokens =
::GroupAccessTokenSerializer.new.represent(resource_access_tokens.reverse, group: resource)
expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json)
end
it 'sets available scopes' do
expect(assigns(:scopes)).not_to include(Gitlab::Auth::K8S_PROXY_SCOPE)
end
end
end
end
|