debian-mirror-gitlab/spec/requests/api/runners_spec.rb

486 lines
15 KiB
Ruby
Raw Normal View History

2016-04-02 18:10:28 +05:30
require 'spec_helper'
describe API::Runners, api: true do
include ApiHelpers
let(:admin) { create(:user, :admin) }
let(:user) { create(:user) }
let(:user2) { create(:user) }
let(:project) { create(:project, creator_id: user.id) }
let(:project2) { create(:project, creator_id: user.id) }
let!(:shared_runner) { create(:ci_runner, :shared) }
let!(:unused_specific_runner) { create(:ci_runner) }
let!(:specific_runner) do
create(:ci_runner).tap do |runner|
create(:ci_runner_project, runner: runner, project: project)
end
end
let!(:two_projects_runner) do
create(:ci_runner).tap do |runner|
create(:ci_runner_project, runner: runner, project: project)
create(:ci_runner_project, runner: runner, project: project2)
end
end
before do
# Set project access for users
2016-06-02 11:05:42 +05:30
create(:project_member, :master, user: user, project: project)
create(:project_member, :master, user: user, project: project2)
create(:project_member, :reporter, user: user2, project: project)
2016-04-02 18:10:28 +05:30
end
describe 'GET /runners' do
context 'authorized user' do
2016-09-13 17:45:13 +05:30
it 'returns user available runners' do
2016-04-02 18:10:28 +05:30
get api('/runners', user)
shared = json_response.any?{ |r| r['is_shared'] }
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response).to be_an Array
expect(shared).to be_falsey
end
2016-09-13 17:45:13 +05:30
it 'filters runners by scope' do
2016-04-02 18:10:28 +05:30
get api('/runners?scope=active', user)
shared = json_response.any?{ |r| r['is_shared'] }
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response).to be_an Array
expect(shared).to be_falsey
end
2016-09-13 17:45:13 +05:30
it 'avoids filtering if scope is invalid' do
2016-04-02 18:10:28 +05:30
get api('/runners?scope=unknown', user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(400)
2016-04-02 18:10:28 +05:30
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it 'does not return runners' do
2016-04-02 18:10:28 +05:30
get api('/runners')
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'GET /runners/all' do
context 'authorized user' do
context 'with admin privileges' do
2016-09-13 17:45:13 +05:30
it 'returns all runners' do
2016-04-02 18:10:28 +05:30
get api('/runners/all', admin)
shared = json_response.any?{ |r| r['is_shared'] }
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response).to be_an Array
expect(shared).to be_truthy
end
end
context 'without admin privileges' do
2016-09-13 17:45:13 +05:30
it 'does not return runners list' do
2016-04-02 18:10:28 +05:30
get api('/runners/all', user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
2016-09-13 17:45:13 +05:30
it 'filters runners by scope' do
2016-04-02 18:10:28 +05:30
get api('/runners/all?scope=specific', admin)
shared = json_response.any?{ |r| r['is_shared'] }
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response).to be_an Array
expect(shared).to be_falsey
end
2016-09-13 17:45:13 +05:30
it 'avoids filtering if scope is invalid' do
2016-04-02 18:10:28 +05:30
get api('/runners?scope=unknown', admin)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(400)
2016-04-02 18:10:28 +05:30
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it 'does not return runners' do
2016-04-02 18:10:28 +05:30
get api('/runners')
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'GET /runners/:id' do
context 'admin user' do
context 'when runner is shared' do
2016-09-13 17:45:13 +05:30
it "returns runner's details" do
2016-04-02 18:10:28 +05:30
get api("/runners/#{shared_runner.id}", admin)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response['description']).to eq(shared_runner.description)
end
end
context 'when runner is not shared' do
2016-09-13 17:45:13 +05:30
it "returns runner's details" do
2016-04-02 18:10:28 +05:30
get api("/runners/#{specific_runner.id}", admin)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response['description']).to eq(specific_runner.description)
end
end
2016-09-13 17:45:13 +05:30
it 'returns 404 if runner does not exists' do
2016-04-02 18:10:28 +05:30
get api('/runners/9999', admin)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(404)
2016-04-02 18:10:28 +05:30
end
end
context "runner project's administrative user" do
context 'when runner is not shared' do
2016-09-13 17:45:13 +05:30
it "returns runner's details" do
2016-04-02 18:10:28 +05:30
get api("/runners/#{specific_runner.id}", user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response['description']).to eq(specific_runner.description)
end
end
context 'when runner is shared' do
2016-09-13 17:45:13 +05:30
it "returns runner's details" do
2016-04-02 18:10:28 +05:30
get api("/runners/#{shared_runner.id}", user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response['description']).to eq(shared_runner.description)
end
end
end
context 'other authorized user' do
2016-09-13 17:45:13 +05:30
it "does not return runner's details" do
2016-04-02 18:10:28 +05:30
get api("/runners/#{specific_runner.id}", user2)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it "does not return runner's details" do
2016-04-02 18:10:28 +05:30
get api("/runners/#{specific_runner.id}")
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'PUT /runners/:id' do
context 'admin user' do
context 'when runner is shared' do
2016-09-13 17:45:13 +05:30
it 'updates runner' do
2016-04-02 18:10:28 +05:30
description = shared_runner.description
active = shared_runner.active
2016-06-02 11:05:42 +05:30
update_runner(shared_runner.id, admin, description: "#{description}_updated",
active: !active,
tag_list: ['ruby2.1', 'pgsql', 'mysql'],
2016-06-22 15:30:34 +05:30
run_untagged: 'false',
locked: 'true')
2016-04-02 18:10:28 +05:30
shared_runner.reload
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(shared_runner.description).to eq("#{description}_updated")
expect(shared_runner.active).to eq(!active)
expect(shared_runner.tag_list).to include('ruby2.1', 'pgsql', 'mysql')
2016-06-22 15:30:34 +05:30
expect(shared_runner.run_untagged?).to be(false)
expect(shared_runner.locked?).to be(true)
2016-04-02 18:10:28 +05:30
end
end
context 'when runner is not shared' do
2016-09-13 17:45:13 +05:30
it 'updates runner' do
2016-04-02 18:10:28 +05:30
description = specific_runner.description
2016-06-02 11:05:42 +05:30
update_runner(specific_runner.id, admin, description: 'test')
2016-04-02 18:10:28 +05:30
specific_runner.reload
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(specific_runner.description).to eq('test')
expect(specific_runner.description).not_to eq(description)
end
end
2016-09-13 17:45:13 +05:30
it 'returns 404 if runner does not exists' do
2016-06-02 11:05:42 +05:30
update_runner(9999, admin, description: 'test')
2016-04-02 18:10:28 +05:30
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(404)
2016-04-02 18:10:28 +05:30
end
2016-06-02 11:05:42 +05:30
def update_runner(id, user, args)
put api("/runners/#{id}", user), args
end
2016-04-02 18:10:28 +05:30
end
context 'authorized user' do
context 'when runner is shared' do
2016-09-13 17:45:13 +05:30
it 'does not update runner' do
2016-04-02 18:10:28 +05:30
put api("/runners/#{shared_runner.id}", user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
context 'when runner is not shared' do
2016-09-13 17:45:13 +05:30
it 'does not update runner without access to it' do
2016-04-02 18:10:28 +05:30
put api("/runners/#{specific_runner.id}", user2)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
2016-09-13 17:45:13 +05:30
it 'updates runner with access to it' do
2016-04-02 18:10:28 +05:30
description = specific_runner.description
put api("/runners/#{specific_runner.id}", admin), description: 'test'
specific_runner.reload
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(specific_runner.description).to eq('test')
expect(specific_runner.description).not_to eq(description)
end
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it 'does not delete runner' do
2016-04-02 18:10:28 +05:30
put api("/runners/#{specific_runner.id}")
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'DELETE /runners/:id' do
context 'admin user' do
context 'when runner is shared' do
2016-09-13 17:45:13 +05:30
it 'deletes runner' do
2016-04-02 18:10:28 +05:30
expect do
delete api("/runners/#{shared_runner.id}", admin)
end.to change{ Ci::Runner.shared.count }.by(-1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
end
end
context 'when runner is not shared' do
2016-09-13 17:45:13 +05:30
it 'deletes unused runner' do
2016-04-02 18:10:28 +05:30
expect do
delete api("/runners/#{unused_specific_runner.id}", admin)
end.to change{ Ci::Runner.specific.count }.by(-1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
end
2016-09-13 17:45:13 +05:30
it 'deletes used runner' do
2016-04-02 18:10:28 +05:30
expect do
delete api("/runners/#{specific_runner.id}", admin)
end.to change{ Ci::Runner.specific.count }.by(-1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
end
end
2016-09-13 17:45:13 +05:30
it 'returns 404 if runner does not exists' do
2016-04-02 18:10:28 +05:30
delete api('/runners/9999', admin)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(404)
2016-04-02 18:10:28 +05:30
end
end
context 'authorized user' do
context 'when runner is shared' do
2016-09-13 17:45:13 +05:30
it 'does not delete runner' do
2016-04-02 18:10:28 +05:30
delete api("/runners/#{shared_runner.id}", user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
context 'when runner is not shared' do
2016-09-13 17:45:13 +05:30
it 'does not delete runner without access to it' do
2016-04-02 18:10:28 +05:30
delete api("/runners/#{specific_runner.id}", user2)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not delete runner with more than one associated project' do
2016-04-02 18:10:28 +05:30
delete api("/runners/#{two_projects_runner.id}", user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
2016-09-13 17:45:13 +05:30
it 'deletes runner for one owned project' do
2016-04-02 18:10:28 +05:30
expect do
delete api("/runners/#{specific_runner.id}", user)
end.to change{ Ci::Runner.specific.count }.by(-1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
end
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it 'does not delete runner' do
2016-04-02 18:10:28 +05:30
delete api("/runners/#{specific_runner.id}")
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'GET /projects/:id/runners' do
context 'authorized user with master privileges' do
2016-09-13 17:45:13 +05:30
it "returns project's runners" do
2016-04-02 18:10:28 +05:30
get api("/projects/#{project.id}/runners", user)
shared = json_response.any?{ |r| r['is_shared'] }
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
expect(json_response).to be_an Array
expect(shared).to be_truthy
end
end
context 'authorized user without master privileges' do
2016-09-13 17:45:13 +05:30
it "does not return project's runners" do
2016-04-02 18:10:28 +05:30
get api("/projects/#{project.id}/runners", user2)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it "does not return project's runners" do
2016-04-02 18:10:28 +05:30
get api("/projects/#{project.id}/runners")
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'POST /projects/:id/runners' do
context 'authorized user' do
2016-06-22 15:30:34 +05:30
let(:specific_runner2) do
create(:ci_runner).tap do |runner|
2016-04-02 18:10:28 +05:30
create(:ci_runner_project, runner: runner, project: project2)
end
2016-06-22 15:30:34 +05:30
end
2016-04-02 18:10:28 +05:30
2016-09-13 17:45:13 +05:30
it 'enables specific runner' do
2016-04-02 18:10:28 +05:30
expect do
post api("/projects/#{project.id}/runners", user), runner_id: specific_runner2.id
end.to change{ project.runners.count }.by(+1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(201)
2016-04-02 18:10:28 +05:30
end
2016-09-13 17:45:13 +05:30
it 'avoids changes when enabling already enabled runner' do
2016-04-02 18:10:28 +05:30
expect do
post api("/projects/#{project.id}/runners", user), runner_id: specific_runner.id
end.to change{ project.runners.count }.by(0)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(409)
2016-06-22 15:30:34 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not enable locked runner' do
2016-06-22 15:30:34 +05:30
specific_runner2.update(locked: true)
expect do
post api("/projects/#{project.id}/runners", user), runner_id: specific_runner2.id
end.to change{ project.runners.count }.by(0)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not enable shared runner' do
2016-04-02 18:10:28 +05:30
post api("/projects/#{project.id}/runners", user), runner_id: shared_runner.id
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
context 'user is admin' do
2016-09-13 17:45:13 +05:30
it 'enables any specific runner' do
2016-04-02 18:10:28 +05:30
expect do
post api("/projects/#{project.id}/runners", admin), runner_id: unused_specific_runner.id
end.to change{ project.runners.count }.by(+1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(201)
2016-04-02 18:10:28 +05:30
end
end
context 'user is not admin' do
2016-09-13 17:45:13 +05:30
it 'does not enable runner without access to' do
2016-04-02 18:10:28 +05:30
post api("/projects/#{project.id}/runners", user), runner_id: unused_specific_runner.id
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
2016-09-13 17:45:13 +05:30
it 'raises an error when no runner_id param is provided' do
2016-04-02 18:10:28 +05:30
post api("/projects/#{project.id}/runners", admin)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(400)
2016-04-02 18:10:28 +05:30
end
end
context 'authorized user without permissions' do
2016-09-13 17:45:13 +05:30
it 'does not enable runner' do
2016-04-02 18:10:28 +05:30
post api("/projects/#{project.id}/runners", user2)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it 'does not enable runner' do
2016-04-02 18:10:28 +05:30
post api("/projects/#{project.id}/runners")
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
describe 'DELETE /projects/:id/runners/:runner_id' do
context 'authorized user' do
context 'when runner have more than one associated projects' do
2016-09-13 17:45:13 +05:30
it "disables project's runner" do
2016-04-02 18:10:28 +05:30
expect do
delete api("/projects/#{project.id}/runners/#{two_projects_runner.id}", user)
end.to change{ project.runners.count }.by(-1)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(200)
2016-04-02 18:10:28 +05:30
end
end
context 'when runner have one associated projects' do
2016-09-13 17:45:13 +05:30
it "does not disable project's runner" do
2016-04-02 18:10:28 +05:30
expect do
delete api("/projects/#{project.id}/runners/#{specific_runner.id}", user)
end.to change{ project.runners.count }.by(0)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
2016-09-13 17:45:13 +05:30
it 'returns 404 is runner is not found' do
2016-04-02 18:10:28 +05:30
delete api("/projects/#{project.id}/runners/9999", user)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(404)
2016-04-02 18:10:28 +05:30
end
end
context 'authorized user without permissions' do
2016-09-13 17:45:13 +05:30
it "does not disable project's runner" do
2016-04-02 18:10:28 +05:30
delete api("/projects/#{project.id}/runners/#{specific_runner.id}", user2)
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(403)
2016-04-02 18:10:28 +05:30
end
end
context 'unauthorized user' do
2016-09-13 17:45:13 +05:30
it "does not disable project's runner" do
2016-04-02 18:10:28 +05:30
delete api("/projects/#{project.id}/runners/#{specific_runner.id}")
2016-08-24 12:49:21 +05:30
expect(response).to have_http_status(401)
2016-04-02 18:10:28 +05:30
end
end
end
end