Welcome to mirror list, hosted at ThFree Co, Russian Federation.

refresh_authorization_service_spec.rb « agents « clusters « services « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/services/clusters/agents/refresh_authorization_service_spec.rb
blob: 8a887b347bba570dc8c8dc7d4391c5d0fac0827e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Clusters::Agents::RefreshAuthorizationService do
  describe '#execute' do
    let_it_be(:root_ancestor) { create(:group) }
    let_it_be(:removed_group) { create(:group, parent: root_ancestor) }
    let_it_be(:modified_group) { create(:group, parent: root_ancestor) }
    let_it_be(:added_group) { create(:group, parent: root_ancestor) }

    let(:project) { create(:project, namespace: root_ancestor) }
    let(:agent) { create(:cluster_agent, project: project) }

    let(:config) do
      {
        ci_access: {
          groups: [
            { id: added_group.full_path, default_namespace: 'default' },
            { id: modified_group.full_path, default_namespace: 'new-namespace' }
          ]
        }
      }.deep_stringify_keys
    end

    subject { described_class.new(agent, config: config).execute }

    before do
      default_config = { default_namespace: 'default' }

      agent.group_authorizations.create!(group: removed_group, config: default_config)
      agent.group_authorizations.create!(group: modified_group, config: default_config)
    end

    it 'refreshes authorizations for the agent' do
      expect(subject).to be_truthy
      expect(agent.authorized_groups).to contain_exactly(added_group, modified_group)

      added_authorization = agent.group_authorizations.find_by(group: added_group)
      expect(added_authorization.config).to eq({ 'default_namespace' => 'default' })

      modified_authorization = agent.group_authorizations.find_by(group: modified_group)
      expect(modified_authorization.config).to eq({ 'default_namespace' => 'new-namespace' })
    end

    context 'config contains no groups' do
      let(:config) { {} }

      it 'removes all authorizations' do
        expect(subject).to be_truthy
        expect(agent.authorized_groups).to be_empty
      end
    end

    context 'config contains groups outside of the configuration project hierarchy' do
      let(:project) { create(:project, namespace: create(:group)) }

      it 'removes all authorizations' do
        expect(subject).to be_truthy
        expect(agent.authorized_groups).to be_empty
      end
    end

    context 'configuration project does not belong to a group' do
      let(:project) { create(:project) }

      it 'removes all authorizations' do
        expect(subject).to be_truthy
        expect(agent.authorized_groups).to be_empty
      end
    end

    context 'config contains too many groups' do
      before do
        stub_const("#{described_class}::AUTHORIZED_GROUP_LIMIT", 1)
      end

      it 'authorizes groups up to the limit' do
        expect(subject).to be_truthy
        expect(agent.authorized_groups).to contain_exactly(added_group)
      end
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-28 11:03:16 +0300