Merge branch 'pedropombeiro/355637/1-extract-service' into 'master'

Extract service to reset runner registration tokens

See merge request gitlab-org/gitlab!82721

app/controllers/admin/application_settings_controller.rb

@@ -71,7 +71,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
   end
 
   def reset_registration_token
-    @application_setting.reset_runners_registration_token!
+    ::Ci::Runners::ResetRegistrationTokenService.new(@application_setting, current_user).execute
 
     flash[:notice] = _('New runners registration token has been generated!')
     redirect_to admin_runners_path

app/controllers/groups/settings/ci_cd_controller.rb

@@ -36,7 +36,7 @@ module Groups
       end
 
       def reset_registration_token
-        @group.reset_runners_token!
+        ::Ci::Runners::ResetRegistrationTokenService.new(@group, current_user).execute
 
         flash[:notice] = _('GroupSettings|New runners registration token has been generated!')
         redirect_to group_settings_ci_cd_path

app/controllers/projects/settings/ci_cd_controller.rb

@@ -64,7 +64,7 @@ module Projects
       end
 
       def reset_registration_token
-        @project.reset_runners_token!
+        ::Ci::Runners::ResetRegistrationTokenService.new(@project, current_user).execute
 
         flash[:toast] = _("New runners registration token has been generated!")
         redirect_to namespace_project_settings_ci_cd_path

app/graphql/mutations/ci/runners_registration_token/reset.rb

@@ -45,6 +45,7 @@ module Mutations
 
         def reset_token(type:, **args)
           id = args[:id]
+          scope = nil
 
           case type
           when 'instance_type'
@@ -52,15 +53,11 @@ module Mutations
 
             scope = ApplicationSetting.current
             authorize!(scope)
-
-            scope.reset_runners_registration_token!
-            ApplicationSetting.current_without_cache.runners_registration_token
           when 'group_type', 'project_type'
             scope = authorized_find!(type: type, id: id)
-
-            scope.reset_runners_token!
-            scope.runners_token
           end
+
+          ::Ci::Runners::ResetRegistrationTokenService.new(scope, current_user).execute if scope
         end
       end
     end

app/services/ci/runners/reset_registration_token_service.rb

+# frozen_string_literal: true
+
+module Ci
+  module Runners
+    class ResetRegistrationTokenService
+      # @param [ApplicationSetting, Project, Group] scope: the scope of the reset operation
+      # @param [User] user: the user performing the operation
+      def initialize(scope, user)
+        @scope = scope
+        @user = user
+      end
+
+      def execute
+        return unless @user.present? && @user.can?(:update_runners_registration_token, scope)
+
+        case scope
+        when ::ApplicationSetting
+          scope.reset_runners_registration_token!
+          ApplicationSetting.current_without_cache.runners_registration_token
+        when ::Group, ::Project
+          scope.reset_runners_token!
+          scope.runners_token
+        end
+      end
+
+      private
+
+      attr_reader :scope, :user
+    end
+  end
+end

lib/api/ci/runners.rb

@@ -248,7 +248,7 @@ module API
         post 'reset_registration_token' do
           authorize! :update_runners_registration_token, ApplicationSetting.current
 
-          ApplicationSetting.current.reset_runners_registration_token!
+          ::Ci::Runners::ResetRegistrationTokenService.new(ApplicationSetting.current, current_user).execute
           present ApplicationSetting.current_without_cache.runners_registration_token_with_expiration, with: Entities::Ci::ResetTokenResult
         end
       end

spec/services/ci/runners/reset_registration_token_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Ci::Runners::ResetRegistrationTokenService, '#execute' do
+  subject { described_class.new(scope, current_user).execute }
+
+  let_it_be(:user) { build(:user) }
+  let_it_be(:admin_user) { create(:user, :admin) }
+
+  shared_examples 'a registration token reset operation' do
+    context 'without user' do
+      let(:current_user) { nil }
+
+      it 'does not reset registration token and returns nil' do
+        expect(scope).not_to receive(token_reset_method_name)
+
+        is_expected.to be_nil
+      end
+    end
+
+    context 'with unauthorized user' do
+      let(:current_user) { user }
+
+      it 'does not reset registration token and returns nil' do
+        expect(scope).not_to receive(token_reset_method_name)
+
+        is_expected.to be_nil
+      end
+    end
+
+    context 'with admin user', :enable_admin_mode do
+      let(:current_user) { admin_user }
+
+      it 'resets registration token and returns value unchanged' do
+        expect(scope).to receive(token_reset_method_name).once do
+          expect(scope).to receive(token_method_name).once.and_return("#{token_method_name} return value")
+        end
+
+        is_expected.to eq("#{token_method_name} return value")
+      end
+    end
+  end
+
+  context 'with instance scope' do
+    let_it_be(:scope) { create(:application_setting) }
+
+    before do
+      allow(ApplicationSetting).to receive(:current).and_return(scope)
+      allow(ApplicationSetting).to receive(:current_without_cache).and_return(scope)
+    end
+
+    it_behaves_like 'a registration token reset operation' do
+      let(:token_method_name) { :runners_registration_token }
+      let(:token_reset_method_name) { :reset_runners_registration_token! }
+    end
+  end
+
+  context 'with group scope' do
+    let_it_be(:scope) { create(:group) }
+
+    it_behaves_like 'a registration token reset operation' do
+      let(:token_method_name) { :runners_token }
+      let(:token_reset_method_name) { :reset_runners_token! }
+    end
+  end
+
+  context 'with project scope' do
+    let_it_be(:scope) { create(:project) }
+
+    it_behaves_like 'a registration token reset operation' do
+      let(:token_method_name) { :runners_token }
+      let(:token_reset_method_name) { :reset_runners_token! }
+    end
+  end
+end