2021-09-30 23:02:18 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
RSpec.describe GitlabSchema.types['CiJobTokenScopeType'] do
|
|
|
|
specify { expect(described_class.graphql_name).to eq('CiJobTokenScopeType') }
|
|
|
|
|
|
|
|
it 'has the correct fields' do
|
|
|
|
expected_fields = [:projects]
|
|
|
|
|
|
|
|
expect(described_class).to have_graphql_fields(*expected_fields)
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'query' do
|
2022-01-26 12:08:38 +05:30
|
|
|
let(:project) { create(:project, ci_job_token_scope_enabled: true).tap(&:save!) }
|
2021-09-30 23:02:18 +05:30
|
|
|
let_it_be(:current_user) { create(:user) }
|
|
|
|
|
|
|
|
let(:query) do
|
|
|
|
%(
|
|
|
|
query {
|
|
|
|
project(fullPath: "#{project.full_path}") {
|
|
|
|
ciJobTokenScope {
|
|
|
|
projects {
|
|
|
|
nodes {
|
|
|
|
path
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
subject { GitlabSchema.execute(query, context: { current_user: current_user }).as_json }
|
|
|
|
|
|
|
|
let(:projects_field) { subject.dig('data', 'project', 'ciJobTokenScope', 'projects', 'nodes') }
|
2022-08-27 11:52:29 +05:30
|
|
|
let(:returned_project_paths) { projects_field.map { |project| project['path'] } }
|
2021-09-30 23:02:18 +05:30
|
|
|
|
|
|
|
context 'with access to scope' do
|
|
|
|
before do
|
2022-08-13 15:12:31 +05:30
|
|
|
project.add_member(current_user, :maintainer)
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when multiple projects in the allow list' do
|
|
|
|
let!(:link) { create(:ci_job_token_project_scope_link, source_project: project) }
|
|
|
|
|
|
|
|
context 'when linked projects are readable' do
|
|
|
|
before do
|
2022-08-13 15:12:31 +05:30
|
|
|
link.target_project.add_member(current_user, :developer)
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns readable projects in scope' do
|
|
|
|
expect(returned_project_paths).to contain_exactly(project.path, link.target_project.path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when linked project is not readable' do
|
|
|
|
it 'returns readable projects in scope' do
|
|
|
|
expect(returned_project_paths).to contain_exactly(project.path)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when job token scope is disabled' do
|
|
|
|
before do
|
|
|
|
project.ci_cd_settings.update!(job_token_scope_enabled: false)
|
|
|
|
end
|
|
|
|
|
2022-01-26 12:08:38 +05:30
|
|
|
it 'does not return an error' do
|
|
|
|
expect(subject['errors']).to be_nil
|
|
|
|
end
|
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
it 'returns nil' do
|
2022-01-26 12:08:38 +05:30
|
|
|
expect(subject['data']['project']['ciJobTokenScope']).to be_nil
|
2021-09-30 23:02:18 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|