1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Settings::AccessTokensController, feature_category: :system_access do
let_it_be(:user) { create(:user) }
let_it_be(:group) { create(:group) }
let_it_be(:resource) { create(:project, group: group) }
let_it_be(:access_token_user) { create(:user, :project_bot) }
before_all do
resource.add_maintainer(user)
resource.add_maintainer(access_token_user)
end
before do
sign_in(user)
end
shared_examples 'feature unavailable' do
context 'user is not a maintainer' do
before do
resource.add_developer(user)
end
it { expect(subject).to have_gitlab_http_status(:not_found) }
end
end
describe 'GET /:namespace/:project/-/settings/access_tokens' do
let(:get_access_tokens) do
get project_settings_access_tokens_path(resource)
response
end
let(:get_access_tokens_json) do
get project_settings_access_tokens_path(resource), params: { format: :json }
response
end
subject(:get_access_tokens_with_page) do
get project_settings_access_tokens_path(resource), params: { page: 1 }
response
end
it_behaves_like 'feature unavailable'
it_behaves_like 'GET resource access tokens available'
it_behaves_like 'GET access tokens are paginated and ordered'
end
describe 'POST /:namespace/:project/-/settings/access_tokens' do
let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month } }
subject do
post project_settings_access_tokens_path(resource), params: { resource_access_token: access_token_params }
response
end
it_behaves_like 'feature unavailable'
it_behaves_like 'POST resource access tokens available'
context 'when project access token creation is disabled' do
before do
group.namespace_settings.update_column(:resource_access_token_creation_allowed, false)
end
it { expect(subject).to have_gitlab_http_status(:not_found) }
it 'does not create the token' do
expect { subject }.not_to change { PersonalAccessToken.count }
end
it 'does not add the project bot as a member' do
expect { subject }.not_to change { Member.count }
end
it 'does not create the project bot user' do
expect { subject }.not_to change { User.count }
end
end
context 'with custom access level' do
let(:access_token_params) { { name: 'Nerd bot', scopes: ["api"], expires_at: Date.today + 1.month, access_level: 20 } }
subject { post project_settings_access_tokens_path(resource), params: { resource_access_token: access_token_params } }
it_behaves_like 'POST resource access tokens available'
end
end
describe 'PUT /:namespace/:project/-/settings/access_tokens/:id', :sidekiq_inline do
let(:resource_access_token) { create(:personal_access_token, user: access_token_user) }
subject do
put revoke_project_settings_access_token_path(resource, resource_access_token)
response
end
it_behaves_like 'feature unavailable'
it_behaves_like 'PUT resource access tokens available'
end
describe '#index' do
let_it_be(:resource_access_tokens) { create_list(:personal_access_token, 3, user: access_token_user) }
before do
get project_settings_access_tokens_path(resource)
end
it 'includes details of the active project access tokens' do
active_access_tokens =
::ProjectAccessTokenSerializer.new.represent(resource_access_tokens.reverse, project: resource)
expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json)
end
it 'sets available scopes' do
expect(assigns(:scopes)).to include(Gitlab::Auth::K8S_PROXY_SCOPE)
end
context 'with feature flag k8s_proxy_pat disabled' do
before do
stub_feature_flags(k8s_proxy_pat: false)
get project_settings_access_tokens_path(resource)
end
it 'includes details of the active project access tokens' do
active_access_tokens =
::ProjectAccessTokenSerializer.new.represent(resource_access_tokens.reverse, project: resource)
expect(assigns(:active_access_tokens).to_json).to eq(active_access_tokens.to_json)
end
it 'sets available scopes' do
expect(assigns(:scopes)).not_to include(Gitlab::Auth::K8S_PROXY_SCOPE)
end
end
end
end
|