# frozen_string_literal: true require 'spec_helper' RSpec.describe Projects::GoogleCloud::DeploymentsController, feature_category: :deployment_management do let_it_be(:project) { create(:project, :public, :repository) } let_it_be(:repository) { project.repository } let_it_be(:user_guest) { create(:user) } let_it_be(:user_developer) { create(:user) } let_it_be(:user_maintainer) { create(:user) } let_it_be(:unauthorized_members) { [user_guest, user_developer] } let_it_be(:authorized_members) { [user_maintainer] } let_it_be(:urls_list) { %W[#{project_google_cloud_deployments_cloud_run_path(project)} #{project_google_cloud_deployments_cloud_storage_path(project)}] } before do project.add_guest(user_guest) project.add_developer(user_developer) project.add_maintainer(user_maintainer) end describe "Routes must be restricted behind Google OAuth2", :snowplow do context 'when a public request is made' do it 'returns not found on GET request' do urls_list.each do |url| get url expect(response).to have_gitlab_http_status(:not_found) expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'error_invalid_user', label: nil, project: project, user: nil ) end end end context 'when unauthorized members make requests' do it 'returns not found on GET request' do urls_list.each do |url| unauthorized_members.each do |unauthorized_member| get url expect(response).to have_gitlab_http_status(:not_found) expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'error_invalid_user', label: nil, project: project, user: nil ) end end end end context 'when authorized members make requests' do it 'redirects on GET request' do urls_list.each do |url| authorized_members.each do |authorized_member| sign_in(authorized_member) get url expect(response).to redirect_to(assigns(:authorize_url)) end end end end end describe 'Authorized GET project/-/google_cloud/deployments', :snowplow do before do sign_in(user_maintainer) allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |client| allow(client).to receive(:validate_token).and_return(true) end end it 'renders template' do get project_google_cloud_deployments_path(project).to_s expect(response).to render_template(:index) expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'render_page', label: nil, project: project, user: user_maintainer ) end end describe 'Authorized GET project/-/google_cloud/deployments/cloud_run', :snowplow do let_it_be(:url) { project_google_cloud_deployments_cloud_run_path(project).to_s } before do sign_in(user_maintainer) allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |client| allow(client).to receive(:validate_token).and_return(true) end end context 'when enable service fails' do before do allow_next_instance_of(GoogleCloud::EnableCloudRunService) do |service| allow(service) .to receive(:execute) .and_return( status: :error, message: 'No GCP projects found. Configure a service account or GCP_PROJECT_ID ci variable' ) end end it 'redirects to google cloud deployments and tracks event on enable service error' do get url expect(response).to redirect_to(project_google_cloud_deployments_path(project)) # since GPC_PROJECT_ID is not set, enable cloud run service should return an error expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'error_enable_services', label: nil, project: project, user: user_maintainer ) end it 'shows a flash alert' do get url expect(flash[:alert]) .to eq('No GCP projects found. Configure a service account or GCP_PROJECT_ID ci variable') end end context 'when enable service raises an error' do before do mock_gcp_error = Google::Apis::ClientError.new('some_error') allow_next_instance_of(GoogleCloud::EnableCloudRunService) do |service| allow(service).to receive(:execute).and_raise(mock_gcp_error) end end it 'redirects to google cloud deployments with error' do get url expect(response).to redirect_to(project_google_cloud_deployments_path(project)) expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'error_google_api', label: nil, project: project, user: user_maintainer ) end it 'shows a flash warning' do get url expect(flash[:warning]).to eq(format(_('Google Cloud Error - %{error}'), error: 'some_error')) end end context 'GCP_PROJECT_IDs are defined' do before do allow_next_instance_of(GoogleCloud::EnableCloudRunService) do |enable_cloud_run_service| allow(enable_cloud_run_service).to receive(:execute).and_return({ status: :success }) end end context 'when generate pipeline service fails' do before do allow_next_instance_of(GoogleCloud::GeneratePipelineService) do |generate_pipeline_service| allow(generate_pipeline_service).to receive(:execute).and_return({ status: :error }) end end it 'redirects to google_cloud deployments and tracks event on generate pipeline error' do get url expect(response).to redirect_to(project_google_cloud_deployments_path(project)) expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'error_generate_cloudrun_pipeline', label: nil, project: project, user: user_maintainer ) end it 'shows a flash alert' do get url expect(flash[:alert]).to eq('Failed to generate pipeline') end end it 'redirects to create merge request form' do allow_next_instance_of(GoogleCloud::GeneratePipelineService) do |service| allow(service).to receive(:execute).and_return({ status: :success }) end get url expect(response).to have_gitlab_http_status(:found) expect(response.location).to include(project_new_merge_request_path(project)) expect_snowplow_event( category: 'Projects::GoogleCloud::DeploymentsController', action: 'generate_cloudrun_pipeline', label: nil, project: project, user: user_maintainer ) end end end describe 'Authorized GET project/-/google_cloud/deployments/cloud_storage', :snowplow do let_it_be(:url) { project_google_cloud_deployments_cloud_storage_path(project).to_s } before do allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |client| allow(client).to receive(:validate_token).and_return(true) end end it 'renders placeholder' do authorized_members.each do |authorized_member| sign_in(authorized_member) get url expect(response).to have_gitlab_http_status(:ok) end end end end