Merge branch 'revoke-agent-token-mutation' into 'master'

Add GraphQL mutation to revoke an agent token See merge request gitlab-org/gitlab!77635

Merge branch 'revoke-agent-token-mutation' into 'master'
Add GraphQL mutation to revoke an agent token See merge request gitlab-org/gitlab!77635
538543c5 · Sean McGivern · a749adf4 · 43d8a69c · 538543c5 · 538543c5
Commit 538543c5 authored Jan 07, 2022 by Sean McGivern
4 changed files
--- a/app/graphql/mutations/clusters/agent_tokens/revoke.rb
+++ b/app/graphql/mutations/clusters/agent_tokens/revoke.rb
+# frozen_string_literal: true
+
+module Mutations
+  module Clusters
+    module AgentTokens
+      class Revoke < BaseMutation
+        graphql_name 'ClusterAgentTokenRevoke'
+
+        authorize :admin_cluster
+
+        TokenID = ::Types::GlobalIDType[::Clusters::AgentToken]
+
+        argument :id, TokenID,
+                 required: true,
+                 description: 'Global ID of the agent token that will be revoked.'
+
+        def resolve(id:)
+          token = authorized_find!(id: id)
+          token.update(status: token.class.statuses[:revoked])
+
+          { errors: errors_on_object(token) }
+        end
+
+        private
+
+        def find_object(id:)
+          # TODO: remove this line when the compatibility layer is removed
+          # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
+          id = TokenID.coerce_isolated_input(id)
+          GitlabSchema.find_by_gid(id)
+        end
+      end
+    end
+  end
+end
--- a/app/graphql/types/mutation_type.rb
+++ b/app/graphql/types/mutation_type.rb
@@ -36,6 +36,7 @@ module Types
    mount_mutation Mutations::Clusters::Agents::Delete
    mount_mutation Mutations::Clusters::AgentTokens::Create
    mount_mutation Mutations::Clusters::AgentTokens::Delete
+    mount_mutation Mutations::Clusters::AgentTokens::Revoke
    mount_mutation Mutations::Commits::Create, calls_gitaly: true
    mount_mutation Mutations::CustomEmoji::Create, feature_flag: :custom_emoji
    mount_mutation Mutations::CustomEmoji::Destroy, feature_flag: :custom_emoji

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -970,6 +970,24 @@ Input type: `ClusterAgentTokenDeleteInput`
 | <a id="mutationclusteragenttokendeleteclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
 | <a id="mutationclusteragenttokendeleteerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |

+### `Mutation.clusterAgentTokenRevoke`
+
+Input type: `ClusterAgentTokenRevokeInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationclusteragenttokenrevokeclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationclusteragenttokenrevokeid"></a>`id` | [`ClustersAgentTokenID!`](#clustersagenttokenid) | Global ID of the agent token that will be revoked. |
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="mutationclusteragenttokenrevokeclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationclusteragenttokenrevokeerrors"></a>`errors` | [`[String!]!`](#string) | Errors encountered during execution of the mutation. |
+
 ### `Mutation.commitCreate`

 Input type: `CommitCreateInput`
--- a/spec/graphql/mutations/clusters/agent_tokens/revoke_spec.rb
+++ b/spec/graphql/mutations/clusters/agent_tokens/revoke_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Mutations::Clusters::AgentTokens::Revoke do
+  let_it_be(:token) { create(:cluster_agent_token) }
+  let_it_be(:user) { create(:user) }
+
+  let(:mutation) do
+    described_class.new(
+      object: double,
+      context: { current_user: user },
+      field: double
+    )
+  end
+
+  it { expect(described_class.graphql_name).to eq('ClusterAgentTokenRevoke') }
+  it { expect(described_class).to require_graphql_authorizations(:admin_cluster) }
+
+  describe '#resolve' do
+    let(:global_id) { token.to_global_id }
+
+    subject { mutation.resolve(id: global_id) }
+
+    context 'user does not have permission' do
+      it 'does not revoke the token' do
+        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+
+        expect(token.reload).not_to be_revoked
+      end
+    end
+
+    context 'user has permission' do
+      before do
+        token.agent.project.add_maintainer(user)
+      end
+
+      it 'revokes the token' do
+        subject
+
+        expect(token.reload).to be_revoked
+      end
+
+      context 'supplied ID is invalid' do
+        let(:global_id) { token.id }
+
+        it 'raises a coercion error' do
+          expect { subject }.to raise_error(::GraphQL::CoercionError)
+
+          expect(token.reload).not_to be_revoked
+        end
+      end
+    end
+  end
+end