BigW Consortium Gitlab

runners_spec.rb 4.64 KB
Newer Older
Robert Schilling committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
require 'spec_helper'

describe API::V3::Runners, api: true  do
  include ApiHelpers

  let(:admin) { create(:user, :admin) }
  let(:user) { create(:user) }
  let(:user2) { create(:user) }

  let(:project) { create(:empty_project, creator_id: user.id) }
  let(:project2) { create(:empty_project, creator_id: user.id) }

  let!(:shared_runner) { create(:ci_runner, :shared) }
  let!(:unused_specific_runner) { create(:ci_runner) }

  let!(:specific_runner) do
    create(:ci_runner).tap do |runner|
      create(:ci_runner_project, runner: runner, project: project)
    end
  end

  let!(:two_projects_runner) do
    create(:ci_runner).tap do |runner|
      create(:ci_runner_project, runner: runner, project: project)
      create(:ci_runner_project, runner: runner, project: project2)
    end
  end

  before do
    # Set project access for users
    create(:project_member, :master, user: user, project: project)
    create(:project_member, :reporter, user: user2, project: project)
  end

  describe 'DELETE /runners/:id' do
    context 'admin user' do
      context 'when runner is shared' do
        it 'deletes runner' do
          expect do
            delete v3_api("/runners/#{shared_runner.id}", admin)

            expect(response).to have_http_status(200)
          end.to change{ Ci::Runner.shared.count }.by(-1)
        end
      end

      context 'when runner is not shared' do
        it 'deletes unused runner' do
          expect do
            delete v3_api("/runners/#{unused_specific_runner.id}", admin)

            expect(response).to have_http_status(200)
          end.to change{ Ci::Runner.specific.count }.by(-1)
        end

        it 'deletes used runner' do
          expect do
            delete v3_api("/runners/#{specific_runner.id}", admin)

            expect(response).to have_http_status(200)
          end.to change{ Ci::Runner.specific.count }.by(-1)
        end
      end

      it 'returns 404 if runner does not exists' do
        delete v3_api('/runners/9999', admin)

        expect(response).to have_http_status(404)
      end
    end

    context 'authorized user' do
      context 'when runner is shared' do
        it 'does not delete runner' do
          delete v3_api("/runners/#{shared_runner.id}", user)
          expect(response).to have_http_status(403)
        end
      end

      context 'when runner is not shared' do
        it 'does not delete runner without access to it' do
          delete v3_api("/runners/#{specific_runner.id}", user2)
          expect(response).to have_http_status(403)
        end

        it 'does not delete runner with more than one associated project' do
          delete v3_api("/runners/#{two_projects_runner.id}", user)
          expect(response).to have_http_status(403)
        end

        it 'deletes runner for one owned project' do
          expect do
            delete v3_api("/runners/#{specific_runner.id}", user)

            expect(response).to have_http_status(200)
          end.to change{ Ci::Runner.specific.count }.by(-1)
        end
      end
    end

    context 'unauthorized user' do
      it 'does not delete runner' do
        delete v3_api("/runners/#{specific_runner.id}")

        expect(response).to have_http_status(401)
      end
    end
  end

  describe 'DELETE /projects/:id/runners/:runner_id' do
    context 'authorized user' do
      context 'when runner have more than one associated projects' do
        it "disables project's runner" do
          expect do
            delete v3_api("/projects/#{project.id}/runners/#{two_projects_runner.id}", user)

            expect(response).to have_http_status(200)
          end.to change{ project.runners.count }.by(-1)
        end
      end

      context 'when runner have one associated projects' do
        it "does not disable project's runner" do
          expect do
            delete v3_api("/projects/#{project.id}/runners/#{specific_runner.id}", user)
          end.to change{ project.runners.count }.by(0)
          expect(response).to have_http_status(403)
        end
      end

      it 'returns 404 is runner is not found' do
        delete v3_api("/projects/#{project.id}/runners/9999", user)

        expect(response).to have_http_status(404)
      end
    end

    context 'authorized user without permissions' do
      it "does not disable project's runner" do
        delete v3_api("/projects/#{project.id}/runners/#{specific_runner.id}", user2)

        expect(response).to have_http_status(403)
      end
    end

    context 'unauthorized user' do
      it "does not disable project's runner" do
        delete v3_api("/projects/#{project.id}/runners/#{specific_runner.id}")

        expect(response).to have_http_status(401)
      end
    end
  end
end