Extract service to reset runner registration tokens

3cc8ae45 · Pedro Pombeiro · 20e73b5d · 3cc8ae45 · 3cc8ae45 · 3cc8ae45
Commit 3cc8ae45 authored Mar 11, 2022 by Pedro Pombeiro
7 changed files
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -71,7 +71,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
  end

  def reset_registration_token
-    @application_setting.reset_runners_registration_token!
+    ::Ci::Runners::ResetRegistrationTokenService.new(@application_setting, current_user).execute

    flash[:notice] = _('New runners registration token has been generated!')
    redirect_to admin_runners_path

--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -36,7 +36,7 @@ module Groups
      end

      def reset_registration_token
-        @group.reset_runners_token!
+        ::Ci::Runners::ResetRegistrationTokenService.new(@group, current_user).execute

        flash[:notice] = _('GroupSettings|New runners registration token has been generated!')
        redirect_to group_settings_ci_cd_path

--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -64,7 +64,7 @@ module Projects
      end

      def reset_registration_token
-        @project.reset_runners_token!
+        ::Ci::Runners::ResetRegistrationTokenService.new(@project, current_user).execute

        flash[:toast] = _("New runners registration token has been generated!")
        redirect_to namespace_project_settings_ci_cd_path

--- a/app/graphql/mutations/ci/runners_registration_token/reset.rb
+++ b/app/graphql/mutations/ci/runners_registration_token/reset.rb
@@ -45,6 +45,7 @@ module Mutations

        def reset_token(type:, **args)
          id = args[:id]
+          scope = nil

          case type
          when 'instance_type'
@@ -52,15 +53,11 @@ module Mutations

            scope = ApplicationSetting.current
            authorize!(scope)
-
-            scope.reset_runners_registration_token!
-            ApplicationSetting.current_without_cache.runners_registration_token
          when 'group_type', 'project_type'
            scope = authorized_find!(type: type, id: id)
-
-            scope.reset_runners_token!
-            scope.runners_token
          end
+
+          ::Ci::Runners::ResetRegistrationTokenService.new(scope, current_user).execute if scope
        end
      end
    end

--- a/app/services/ci/runners/reset_registration_token_service.rb
+++ b/app/services/ci/runners/reset_registration_token_service.rb
+# frozen_string_literal: true
+
+module Ci
+  module Runners
+    class ResetRegistrationTokenService
+      # @param [ApplicationSetting, Project, Group] scope: the scope of the reset operation
+      # @param [User] user: the user performing the operation
+      def initialize(scope, user)
+        @scope = scope
+        @user = user
+      end
+
+      def execute
+        return false unless @user.present? && @user.can?(:update_runners_registration_token, scope)
+
+        case scope
+        when ::ApplicationSetting
+          scope.reset_runners_registration_token!
+          ApplicationSetting.current_without_cache.runners_registration_token
+        when ::Group, ::Project
+          scope.reset_runners_token!
+          scope.runners_token
+        end
+      end
+
+      private
+
+      attr_reader :scope, :user
+    end
+  end
+end
+
+Ci::Runners::AssignRunnerService.prepend_mod
--- a/lib/api/ci/runners.rb
+++ b/lib/api/ci/runners.rb
@@ -248,7 +248,7 @@ module API
        post 'reset_registration_token' do
          authorize! :update_runners_registration_token, ApplicationSetting.current

-          ApplicationSetting.current.reset_runners_registration_token!
+          ::Ci::Runners::ResetRegistrationTokenService.new(ApplicationSetting.current, current_user).execute
          present ApplicationSetting.current_without_cache.runners_registration_token_with_expiration, with: Entities::Ci::ResetTokenResult
        end
      end

--- a/spec/services/ci/runners/reset_registration_token_service_spec.rb
+++ b/spec/services/ci/runners/reset_registration_token_service_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::ResetRegistrationTokenService, '#execute' do
+  subject { described_class.new(scope, current_user).execute }
+
+  let_it_be(:user) { build(:user) }
+  let_it_be(:admin_user) { create_default(:user, :admin) }
+
+  shared_examples 'a registration token reset operation' do
+    context 'without user' do
+      let(:current_user) { nil }
+
+      it 'does not reset registration token and returns false' do
+        expect(scope).not_to receive(:reset_runners_token!)
+
+        is_expected.to eq(false)
+      end
+    end
+
+    context 'with unauthorized user' do
+      let(:current_user) { user }
+
+      it 'does not reset registration token and returns false' do
+        expect(scope).not_to receive(:reset_runners_token!)
+
+        is_expected.to eq(false)
+      end
+    end
+
+    context 'with admin user', :enable_admin_mode do
+      let(:current_user) { admin_user }
+
+      it 'resets registration token and returns value unchanged' do
+        expect(scope).to receive(:reset_runners_token!).once do
+          expect(scope).to receive(:runners_token).once.and_return('runners_token return value')
+        end
+
+        is_expected.to eq('runners_token return value')
+      end
+    end
+  end
+
+  context 'with instance scope' do
+    let_it_be(:scope) { create(:application_setting) }
+
+    before do
+      allow(ApplicationSetting).to receive(:current).and_return(scope)
+      allow(ApplicationSetting).to receive(:current_without_cache).and_return(scope)
+    end
+
+    context 'without user' do
+      let(:current_user) { nil }
+
+      it 'does not reset registration token and returns false' do
+        expect(scope).not_to receive(:reset_runners_registration_token!)
+
+        is_expected.to eq(false)
+      end
+    end
+
+    context 'with unauthorized user' do
+      let(:current_user) { user }
+
+      it 'calls assign_to on runner and returns value unchanged' do
+        expect(scope).not_to receive(:reset_runners_registration_token!)
+
+        is_expected.to eq(false)
+      end
+    end
+
+    context 'with admin user', :enable_admin_mode do
+      let(:current_user) { admin_user }
+
+      it 'resets registration token and returns value unchanged' do
+        expect(scope).to receive(:reset_runners_registration_token!).once do
+          expect(scope).to receive(:runners_registration_token).once.and_return('runners_registration_token return value')
+        end
+
+        is_expected.to eq('runners_registration_token return value')
+      end
+    end
+  end
+
+  context 'with group scope' do
+    let_it_be(:scope) { create(:group) }
+
+    it_behaves_like 'a registration token reset operation'
+  end
+
+  context 'with project scope' do
+    let_it_be(:scope) { create(:project) }
+
+    it_behaves_like 'a registration token reset operation'
+  end
+end