Automatic merge of gitlab-org/gitlab master

app/services/resource_access_tokens/create_service.rb

@@ -48,7 +48,7 @@ module ResourceAccessTokens
       # since someone like a project maintainer does not inherently have the ability
       # to create a new user in the system.
 
-      Users::CreateService.new(current_user, default_user_params).execute(skip_authorization: true)
+      ::Users::AuthorizedCreateService.new(current_user, default_user_params).execute
     end
 
     def delete_failed_user(user)

app/services/users/authorized_build_service.rb

+# frozen_string_literal: true
+
+module Users
+  class AuthorizedBuildService < BuildService
+    extend ::Gitlab::Utils::Override
+
+    private
+
+    override :validate_access!
+    def validate_access!
+      # no-op
+    end
+
+    def signup_params
+      super + [:skip_confirmation]
+    end
+  end
+end

app/services/users/authorized_create_service.rb

+# frozen_string_literal: true
+
+module Users
+  class AuthorizedCreateService < CreateService
+    extend ::Gitlab::Utils::Override
+
+    private
+
+    override :build_class
+    def build_class
+      Users::AuthorizedBuildService
+    end
+  end
+end

app/services/users/build_service.rb

@@ -12,9 +12,7 @@ module Users
       @identity_params = params.slice(*identity_attributes)
     end
 
-    def execute(skip_authorization: false)
-      @skip_authorization = skip_authorization
-
+    def execute
       build_user
       build_identity
       update_canonical_email
@@ -24,7 +22,7 @@ module Users
 
     private
 
-    attr_reader :skip_authorization, :identity_params, :user_params, :user
+    attr_reader :identity_params, :user_params, :user
 
     def identity_attributes
       [:extern_uid, :provider]
@@ -97,7 +95,6 @@ module Users
     end
 
     def validate_access!
-      return if skip_authorization
       return if can_create_user?
 
       raise Gitlab::Access::AccessDeniedError
@@ -108,18 +105,11 @@ module Users
     end
 
     def build_user_params_for_non_admin
-      allowed_signup_params = signup_params
-      allowed_signup_params << :skip_confirmation if allow_caller_to_request_skip_confirmation?
-
-      @user_params = params.slice(*allowed_signup_params)
+      @user_params = params.slice(*signup_params)
       @user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting if assign_skip_confirmation_from_settings?
       @user_params[:name] = fallback_name if use_fallback_name?
     end
 
-    def allow_caller_to_request_skip_confirmation?
-      skip_authorization
-    end
-
     def assign_skip_confirmation_from_settings?
       user_params[:skip_confirmation].nil?
     end

app/services/users/create_service.rb

@@ -9,8 +9,8 @@ module Users
       @params = params.dup
     end
 
-    def execute(skip_authorization: false)
-      user = Users::BuildService.new(current_user, params).execute(skip_authorization: skip_authorization)
+    def execute
+      user = build_class.new(current_user, params).execute
       reset_token = user.generate_reset_token if user.recently_sent_password_reset?
 
       after_create_hook(user, reset_token) if user.save
@@ -23,6 +23,11 @@ module Users
     def after_create_hook(user, reset_token)
       notify_new_user(user, reset_token)
     end
+
+    def build_class
+      # overridden by inheriting classes
+      Users::BuildService
+    end
   end
 end
 

app/services/users/registrations_build_service.rb

@@ -6,9 +6,8 @@ module Users
 
     private
 
-    override :allow_caller_to_request_skip_confirmation?
-    def allow_caller_to_request_skip_confirmation?
-      true
+    def signup_params
+      super + [:skip_confirmation]
     end
 
     override :assign_skip_confirmation_from_settings?

ee/app/controllers/trial_registrations_controller.rb

@@ -35,6 +35,6 @@ class TrialRegistrationsController < RegistrationsController
   end
 
   def resource
-    @resource ||= Users::BuildService.new(current_user, sign_up_params).execute(skip_authorization: true)
+    @resource ||= Users::AuthorizedBuildService.new(current_user, sign_up_params).execute
   end
 end

ee/app/services/ee/users/build_service.rb

@@ -18,7 +18,7 @@ module EE
       end
 
       override :execute
-      def execute(skip_authorization: false)
+      def execute
         super
 
         build_smartcard_identity if ::Gitlab::Auth::Smartcard.enabled?

ee/lib/ee/gitlab/scim/provisioning_service.rb

@@ -69,7 +69,7 @@ module EE
         end
 
         def build_user
-          ::Users::BuildService.new(nil, user_params).execute(skip_authorization: true)
+          ::Users::AuthorizedBuildService.new(nil, user_params).execute
         end
 
         def build_scim_identity

ee/lib/gitlab/auth/smartcard/certificate.rb

@@ -35,7 +35,7 @@ module Gitlab
             skip_confirmation:          true
           }
 
-          Users::CreateService.new(nil, user_params).execute(skip_authorization: true)
+          Users::AuthorizedCreateService.new(nil, user_params).execute
         end
 
         def create_smartcard_identity_for(user)

ee/lib/gitlab/auth/smartcard/ldap_certificate.rb

@@ -43,7 +43,7 @@ module Gitlab
             skip_confirmation:          true
           }
 
-          Users::CreateService.new(nil, user_params).execute(skip_authorization: true)
+          Users::AuthorizedCreateService.new(nil, user_params).execute
         end
 
         def create_ldap_certificate_identity_for(user)

ee/spec/lib/gitlab/auth/smartcard/certificate_spec.rb

@@ -119,12 +119,12 @@ RSpec.describe Gitlab::Auth::Smartcard::Certificate do
                         certificate_subject:  subject_dn,
                         certificate_issuer: issuer_dn,
                         skip_confirmation: true }
-        expect(Users::BuildService).to(
+        expect(Users::AuthorizedBuildService).to(
           receive(:new)
             .with(nil, hash_including(user_params))
             .and_return(user_build_service))
         expect(user_build_service).to(
-          receive(:execute).with(skip_authorization: true).and_return(user))
+          receive(:execute).and_return(user))
 
         subject
       end

ee/spec/lib/gitlab/auth/smartcard/ldap_certificate_spec.rb

@@ -138,12 +138,12 @@ RSpec.describe Gitlab::Auth::Smartcard::LdapCertificate do
                         password_automatically_set: true,
                         skip_confirmation: true }
 
-        expect(Users::BuildService).to(
+        expect(Users::AuthorizedBuildService).to(
           receive(:new)
             .with(nil, hash_including(user_params))
             .and_return(user_build_service))
         expect(user_build_service).to(
-          receive(:execute).with(skip_authorization: true).and_return(user))
+          receive(:execute).and_return(user))
 
         subject
       end

ee/spec/services/ee/users/authorized_build_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Users::AuthorizedBuildService do
+  describe '#execute' do
+    context 'with non admin user' do
+      let(:non_admin) { create(:user) }
+
+      context 'when user signup cap is set' do
+        before do
+          allow(Gitlab::CurrentSettings).to receive(:new_user_signups_cap).and_return(10)
+        end
+
+        it 'does not set the user state to blocked_pending_approval for non human users' do
+          params = {
+            name: 'Project Bot',
+            email: 'project_bot@example.com',
+            username: 'project_bot',
+            user_type: 'project_bot'
+          }
+
+          service = described_class.new(non_admin, params)
+          user = service.execute
+
+          expect(user).to be_active
+        end
+      end
+    end
+  end
+end

ee/spec/services/ee/users/build_service_spec.rb

@@ -8,31 +8,6 @@ RSpec.describe Users::BuildService do
       { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass' }
     end
 
-    context 'with non admin user' do
-      let(:non_admin) { create(:user) }
-
-      context 'when user signup cap is set' do
-        before do
-          allow(Gitlab::CurrentSettings).to receive(:new_user_signups_cap).and_return(10)
-        end
-
-        it 'does not set the user state to blocked_pending_approval for non human users' do
-          params = {
-            name: 'Project Bot',
-            email: 'project_bot@example.com',
-            username: 'project_bot',
-            user_type: 'project_bot',
-            skip_confirmation: true
-          }
-
-          service = described_class.new(non_admin, params)
-          user = service.execute(skip_authorization: true)
-
-          expect(user).to be_active
-        end
-      end
-    end
-
     context 'with an admin user' do
       let_it_be(:admin_user) { create(:admin) }
 

lib/api/users.rb

@@ -241,7 +241,7 @@ module API
         authenticated_as_admin!
 
         params = declared_params(include_missing: false)
-        user = ::Users::CreateService.new(current_user, params).execute(skip_authorization: true)
+        user = ::Users::AuthorizedCreateService.new(current_user, params).execute
 
         if user.persisted?
           present user, with: Entities::UserWithAdmin, current_user: current_user

lib/gitlab/auth/o_auth/user.rb

@@ -208,7 +208,7 @@ module Gitlab
 
         def build_new_user(skip_confirmation: true)
           user_params = user_attributes.merge(skip_confirmation: skip_confirmation)
-          Users::BuildService.new(nil, user_params).execute(skip_authorization: true)
+          Users::AuthorizedBuildService.new(nil, user_params).execute
         end
 
         def user_attributes

lib/gitlab/setup_helper.rb

@@ -153,8 +153,14 @@ module Gitlab
           second_storage_nodes = [{ storage: 'test_second_storage', address: "unix:#{gitaly_dir}/gitaly2.socket", primary: true, token: 'secret' }]
 
           storages = [{ name: 'default', node: nodes }, { name: 'test_second_storage', node: second_storage_nodes }]
-          failover = { enabled: false }
-          config = { socket_path: "#{gitaly_dir}/praefect.socket", memory_queue_enabled: true, virtual_storage: storages, failover: failover }
+          failover = { enabled: false, election_strategy: 'local' }
+          config = {
+            i_understand_my_election_strategy_is_unsupported_and_will_be_removed_without_warning: true,
+            socket_path: "#{gitaly_dir}/praefect.socket",
+            memory_queue_enabled: true,
+            virtual_storage: storages,
+            failover: failover
+          }
           config[:token] = 'secret' if Rails.env.test?
 
           TomlRB.dump(config)

lib/gitlab/usage/metrics/instrumentations/database_metric.rb

@@ -43,12 +43,16 @@ module Gitlab
                     finish: self.class.metric_finish&.call)
           end
 
-          def relation
-            self.class.metric_relation.call.where(time_constraints)
+          def to_sql
+            Gitlab::Usage::Metrics::Query.for(self.class.metric_operation, relation, self.class.column)
           end
 
           private
 
+          def relation
+            self.class.metric_relation.call.where(time_constraints)
+          end
+
           def time_constraints
             case time_frame
             when '28d'

lib/gitlab/usage/metrics/query.rb

+# frozen_string_literal: true
+
+module Gitlab
+  module Usage
+    module Metrics
+      class Query
+        class << self
+          def for(operation, relation, column = nil, **extra)
+            case operation
+            when :count
+              count(relation, column)
+            when :distinct_count
+              distinct_count(relation, column)
+            when :sum
+              sum(relation, column)
+            when :estimate_batch_distinct_count
+              estimate_batch_distinct_count(relation, column)
+            when :histogram
+              histogram(relation, column, **extra)
+            else
+              raise ArgumentError, "#{operation} operation not supported"
+            end
+          end
+
+          private
+
+          def count(relation, column = nil)
+            raw_sql(relation, column)
+          end
+
+          def distinct_count(relation, column = nil)
+            raw_sql(relation, column, true)
+          end
+
+          def sum(relation, column)
+            relation.select(relation.all.table[column].sum).to_sql
+          end
+
+          def estimate_batch_distinct_count(relation, column = nil)
+            raw_sql(relation, column, true)
+          end
+
+          # rubocop: disable CodeReuse/ActiveRecord
+          def histogram(relation, column, buckets:, bucket_size: buckets.size)
+            count_grouped = relation.group(column).select(Arel.star.count.as('count_grouped'))
+            cte = Gitlab::SQL::CTE.new(:count_cte, count_grouped)
+
+            bucket_segments = bucket_size - 1
+            width_bucket = Arel::Nodes::NamedFunction
+              .new('WIDTH_BUCKET', [cte.table[:count_grouped], buckets.first, buckets.last, bucket_segments])
+              .as('buckets')
+
+            query = cte
+              .table
+              .project(width_bucket, cte.table[:count])
+              .group('buckets')
+              .order('buckets')
+              .with(cte.to_arel)
+
+            query.to_sql
+          end
+          # rubocop: enable CodeReuse/ActiveRecord
+
+          def raw_sql(relation, column, distinct = false)
+            column ||= relation.primary_key
+            relation.select(relation.all.table[column].count(distinct)).to_sql
+          end
+        end
+      end
+    end
+  end
+end

lib/gitlab/usage_data_queries.rb

@@ -6,43 +6,20 @@ module Gitlab
   class UsageDataQueries < UsageData
     class << self
       def count(relation, column = nil, *args, **kwargs)
-        raw_sql(relation, column)
+        Gitlab::Usage::Metrics::Query.for(:count, relation, column)
       end
 
       def distinct_count(relation, column = nil, *args, **kwargs)
-        raw_sql(relation, column, :distinct)
-      end
-
-      def redis_usage_data(counter = nil, &block)
-        if block_given?
-          { redis_usage_data_block: block.to_s }
-        elsif counter.present?
-          { redis_usage_data_counter: counter }
-        end
+        Gitlab::Usage::Metrics::Query.for(:distinct_count, relation, column)
       end
 
       def sum(relation, column, *args, **kwargs)
-        relation.select(relation.all.table[column].sum).to_sql
+        Gitlab::Usage::Metrics::Query.for(:sum, relation, column)
       end
 
       # rubocop: disable CodeReuse/ActiveRecord
       def histogram(relation, column, buckets:, bucket_size: buckets.size)
-        count_grouped = relation.group(column).select(Arel.star.count.as('count_grouped'))
-        cte = Gitlab::SQL::CTE.new(:count_cte, count_grouped)
-
-        bucket_segments = bucket_size - 1
-        width_bucket = Arel::Nodes::NamedFunction
-          .new('WIDTH_BUCKET', [cte.table[:count_grouped], buckets.first, buckets.last, bucket_segments])
-          .as('buckets')
-
-        query = cte
-          .table
-          .project(width_bucket, cte.table[:count])
-          .group('buckets')
-          .order('buckets')
-          .with(cte.to_arel)
-
-        query.to_sql
+        Gitlab::Usage::Metrics::Query.for(:histogram, relation, column, buckets: buckets, bucket_size: bucket_size)
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
@@ -50,11 +27,11 @@ module Gitlab
       # buckets query, because it can't be used to obtain estimations without
       # supplementary ruby code present in Gitlab::Database::PostgresHll::BatchDistinctCounter
       def estimate_batch_distinct_count(relation, column = nil, *args, **kwargs)
-        raw_sql(relation, column, :distinct)
+        Gitlab::Usage::Metrics::Query.for(:estimate_batch_distinct_count, relation, column)
       end
 
       def add(*args)
-        'SELECT ' + args.map {|arg| "(#{arg})" }.join(' + ')
+        'SELECT ' + args.map { |arg| "(#{arg})" }.join(' + ')
       end
 
       def maximum_id(model, column = nil)
@@ -63,6 +40,14 @@ module Gitlab
       def minimum_id(model, column = nil)
       end
 
+      def redis_usage_data(counter = nil, &block)
+        if block_given?
+          { redis_usage_data_block: block.to_s }
+        elsif counter.present?
+          { redis_usage_data_counter: counter }
+        end
+      end
+
       def jira_service_data
         {
           projects_jira_server_active: 0,
@@ -73,13 +58,6 @@ module Gitlab
       def epics_deepest_relationship_level
         { epics_deepest_relationship_level: 0 }
       end
-
-      private
-
-      def raw_sql(relation, column, distinct = nil)
-        column ||= relation.primary_key
-        relation.select(relation.all.table[column].count(distinct)).to_sql
-      end
     end
   end
 end

spec/lib/gitlab/usage/metrics/instrumentations/count_boards_metric_spec.rb

@@ -5,5 +5,8 @@ require 'spec_helper'
 RSpec.describe Gitlab::Usage::Metrics::Instrumentations::CountBoardsMetric do
   let_it_be(:board) { create(:board) }
 
-  it_behaves_like 'a correct instrumented metric value', { time_frame: 'all', data_source: 'database' }, 1
+  let(:expected_value) { 1 }
+  let(:expected_query) { 'SELECT COUNT("boards"."id") FROM "boards"' }
+
+  it_behaves_like 'a correct instrumented metric value and query', { time_frame: 'all' }
 end

spec/lib/gitlab/usage/metrics/instrumentations/count_issues_metric_spec.rb

@@ -5,5 +5,8 @@ require 'spec_helper'
 RSpec.describe Gitlab::Usage::Metrics::Instrumentations::CountIssuesMetric do
   let_it_be(:issue) { create(:issue) }
 
-  it_behaves_like 'a correct instrumented metric value', { time_frame: 'all', data_source: 'database' }, 1
+  let(:expected_value) { 1 }
+  let(:expected_query) { 'SELECT COUNT("issues"."id") FROM "issues"' }
+
+  it_behaves_like 'a correct instrumented metric value and query', { time_frame: 'all' }
 end

spec/lib/gitlab/usage/metrics/instrumentations/count_users_creating_issues_metric_spec.rb

@@ -8,10 +8,18 @@ RSpec.describe Gitlab::Usage::Metrics::Instrumentations::CountUsersCreatingIssue
   let_it_be(:old_issue) { create(:issue, author: author, created_at: 2.months.ago) }
 
   context 'with all time frame' do
-    it_behaves_like 'a correct instrumented metric value', { time_frame: 'all', data_source: 'database' }, 1
+    let(:expected_value) { 1 }
+    let(:expected_query) { 'SELECT COUNT(DISTINCT "issues"."author_id") FROM "issues"' }
+
+    it_behaves_like 'a correct instrumented metric value and query', { time_frame: 'all' }
   end
 
   context 'for 28d time frame' do
-    it_behaves_like 'a correct instrumented metric value', { time_frame: '28d', data_source: 'database' }, 1
+    let(:expected_value) { 1 }
+    let(:start) { 30.days.ago.to_s(:db) }
+    let(:finish) { 2.days.ago.to_s(:db) }
+    let(:expected_query) { "SELECT COUNT(DISTINCT \"issues\".\"author_id\") FROM \"issues\" WHERE \"issues\".\"created_at\" BETWEEN '#{start}' AND '#{finish}'" }
+
+    it_behaves_like 'a correct instrumented metric value and query', { time_frame: '28d' }
   end
 end

spec/lib/gitlab/usage/metrics/instrumentations/hostname_metric_spec.rb

@@ -3,5 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Usage::Metrics::Instrumentations::HostnameMetric do
-  it_behaves_like 'a correct instrumented metric value', { time_frame: 'none', data_source: 'ruby' }, Gitlab.config.gitlab.host
+  let(:expected_value) { Gitlab.config.gitlab.host }
+
+  it_behaves_like 'a correct instrumented metric value', { time_frame: 'none' }
 end

spec/lib/gitlab/usage/metrics/instrumentations/redis_hll_metric_spec.rb

@@ -10,10 +10,19 @@ RSpec.describe Gitlab::Usage::Metrics::Instrumentations::RedisHLLMetric, :clean_
     Gitlab::UsageDataCounters::HLLRedisCounter.track_event(:i_quickactions_approve, values: 2, time: 2.months.ago)
   end
 
-  it_behaves_like 'a correct instrumented metric value', { time_frame: '28d', options: { events: ['i_quickactions_approve'] } }, 2
-  it_behaves_like 'a correct instrumented metric value', { time_frame: '7d', options: { events: ['i_quickactions_approve'] } }, 1
+  context 'for 28d' do
+    let(:expected_value) { 2 }
 
-  it 'raise exception if vents options is not present' do
+    it_behaves_like 'a correct instrumented metric value', { time_frame: '28d', options: { events: ['i_quickactions_approve'] } }
+  end
+
+  context 'for 7d' do
+    let(:expected_value) { 1 }
+
+    it_behaves_like 'a correct instrumented metric value', { time_frame: '7d', options: { events: ['i_quickactions_approve'] } }
+  end
+
+  it 'raise exception if events options is not present' do
     expect { described_class.new(time_frame: '28d') }.to raise_error(ArgumentError)
   end
 end

spec/lib/gitlab/usage/metrics/instrumentations/uuid_metric_spec.rb

@@ -3,5 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Usage::Metrics::Instrumentations::UuidMetric do
-  it_behaves_like 'a correct instrumented metric value', { time_frame: 'none' }, Gitlab::CurrentSettings.uuid
+  let(:expected_value) { Gitlab::CurrentSettings.uuid }
+
+  it_behaves_like 'a correct instrumented metric value', { time_frame: 'none' }
 end

spec/lib/gitlab/usage/metrics/query_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Usage::Metrics::Query do
+  describe '.count' do
+    it 'returns the raw SQL' do
+      expect(described_class.for(:count, User)).to eq('SELECT COUNT("users"."id") FROM "users"')
+    end
+
+    it 'does not mix a nil column with keyword arguments' do
+      expect(described_class.for(:count, User, nil)).to eq('SELECT COUNT("users"."id") FROM "users"')
+    end
+  end
+
+  describe '.distinct_count' do
+    it 'returns the raw SQL' do
+      expect(described_class.for(:distinct_count, Issue, :author_id)).to eq('SELECT COUNT(DISTINCT "issues"."author_id") FROM "issues"')
+    end
+
+    it 'does not mix a nil column with keyword arguments' do
+      expect(described_class.for(:distinct_count, Issue, nil)).to eq('SELECT COUNT(DISTINCT "issues"."id") FROM "issues"')
+    end
+  end
+
+  describe '.sum' do
+    it 'returns the raw SQL' do
+      expect(described_class.for(:sum, Issue, :weight)).to eq('SELECT SUM("issues"."weight") FROM "issues"')
+    end
+  end
+
+  describe 'estimate_batch_distinct_count' do
+    it 'returns the raw SQL' do
+      expect(described_class.for(:estimate_batch_distinct_count, Issue, :author_id)).to eq('SELECT COUNT(DISTINCT "issues"."author_id") FROM "issues"')
+    end
+  end
+
+  describe '.histogram' do
+    it 'returns the histogram sql' do
+      expect(described_class.for(:histogram, AlertManagement::HttpIntegration.active,
+            :project_id, buckets: 1..2, bucket_size: 101))
+        .to match(/^WITH "count_cte" AS #{Gitlab::Database::AsWithMaterialized.materialized_if_supported}/)
+    end
+  end
+
+  describe 'other' do
+    it 'raise ArgumentError error' do
+      expect { described_class.for(:other, nil) }.to raise_error(ArgumentError, 'other operation not supported')
+    end
+  end
+end

spec/lib/gitlab/usage_data_queries_spec.rb

@@ -13,9 +13,7 @@ RSpec.describe Gitlab::UsageDataQueries do
     end
 
     it 'does not mix a nil column with keyword arguments' do
-      expect(described_class).to receive(:raw_sql).with(User, nil)
-
-      described_class.count(User, start: 1, finish: 2)
+      expect(described_class.count(User, nil)).to eq('SELECT COUNT("users"."id") FROM "users"')
     end
   end
 
@@ -25,9 +23,7 @@ RSpec.describe Gitlab::UsageDataQueries do
     end
 
     it 'does not mix a nil column with keyword arguments' do
-      expect(described_class).to receive(:raw_sql).with(Issue, nil, :distinct)
-
-      described_class.distinct_count(Issue, nil, start: 1, finish: 2)
+      expect(described_class.distinct_count(Issue, nil, start: 1, finish: 2)).to eq('SELECT COUNT(DISTINCT "issues"."id") FROM "issues"')
     end
   end
 

spec/services/users/authorized_build_service_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Users::AuthorizedBuildService do
+  describe '#execute' do
+    let_it_be(:current_user) { create(:user) }
+
+    let(:params) { build_stubbed(:user).slice(:first_name, :last_name, :username, :email, :password) }
+
+    subject(:user) { described_class.new(current_user, params).execute }
+
+    it_behaves_like 'common user build items'
+    it_behaves_like 'current user not admin build items'
+  end
+end

spec/services/users/build_service_spec.rb

@@ -11,148 +11,19 @@ RSpec.describe Users::BuildService do
     let(:params) { build_stubbed(:user).slice(:first_name, :last_name, :username, :email, :password) }
     let(:service) { described_class.new(current_user, params) }
 
-    shared_examples_for 'common build items' do
-      it { is_expected.to be_valid }
-
-      it 'sets the created_by_id' do
-        expect(user.created_by_id).to eq(current_user&.id)
-      end
-
-      it 'calls UpdateCanonicalEmailService' do
-        expect(Users::UpdateCanonicalEmailService).to receive(:new).and_call_original
-
-        user
-      end
-
-      context 'when user_type is provided' do
-        context 'when project_bot' do
-          before do
-            params.merge!({ user_type: :project_bot })
-          end
-
-          it { expect(user.project_bot?).to be true }
-        end
-
-        context 'when not a project_bot' do
-          before do
-            params.merge!({ user_type: :alert_bot })
-          end
-
-          it { expect(user).to be_human }
-        end
-      end
-    end
-
-    shared_examples_for 'current user not admin' do
-      context 'with "user_default_external" application setting' do
-        where(:user_default_external, :external, :email, :user_default_internal_regex, :result) do
-          true  | nil   | 'fl@example.com'        | nil                     | true
-          true  | true  | 'fl@example.com'        | nil                     | true
-          true  | false | 'fl@example.com'        | nil                     | true # admin difference
-
-          true  | nil   | 'fl@example.com'        | ''                      | true
-          true  | true  | 'fl@example.com'        | ''                      | true
-          true  | false | 'fl@example.com'        | ''                      | true # admin difference
-
-          true  | nil   | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
-          true  | true  | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false # admin difference
-          true  | false | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
-
-          true  | nil   | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | true
-          true  | true  | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | true
-          true  | false | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | true # admin difference
-
-          false | nil   | 'fl@example.com'        | nil                     | false
-          false | true  | 'fl@example.com'        | nil                     | false # admin difference
-          false | false | 'fl@example.com'        | nil                     | false
-
-          false | nil   | 'fl@example.com'        | ''                      | false
-          false | true  | 'fl@example.com'        | ''                      | false # admin difference
-          false | false | 'fl@example.com'        | ''                      | false
-
-          false | nil   | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
-          false | true  | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false # admin difference
-          false | false | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
-
-          false | nil   | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | false
-          false | true  | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | false # admin difference
-          false | false | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | false
-        end
-
-        with_them do
-          before do
-            stub_application_setting(user_default_external: user_default_external)
-            stub_application_setting(user_default_internal_regex: user_default_internal_regex)
-
-            params.merge!({ external: external, email: email }.compact)
-          end
-
-          it 'sets the value of Gitlab::CurrentSettings.user_default_external' do
-            expect(user.external).to eq(result)
-          end
-        end
-      end
-
-      context 'when "send_user_confirmation_email" application setting is true' do
-        before do
-          stub_application_setting(send_user_confirmation_email: true, signup_enabled?: true)
-        end
-
-        it 'does not confirm the user' do
-          expect(user).not_to be_confirmed
-        end
-      end
-
-      context 'when "send_user_confirmation_email" application setting is false' do
-        before do
-          stub_application_setting(send_user_confirmation_email: false, signup_enabled?: true)
-        end
-
-        it 'confirms the user' do
-          expect(user).to be_confirmed
-        end
-      end
-
-      context 'with allowed params' do
-        let(:params) do
-          {
-            email: 1,
-            name: 1,
-            password: 1,
-            password_automatically_set: 1,
-            username: 1,
-            user_type: 'project_bot'
-          }
-        end
-
-        it 'sets all allowed attributes' do
-          expect(User).to receive(:new).with(hash_including(params)).and_call_original
-
-          user
-        end
-      end
-    end
-
     context 'with nil current_user' do
       subject(:user) { service.execute }
 
-      it_behaves_like 'common build items'
-      it_behaves_like 'current user not admin'
+      it_behaves_like 'common user build items'
+      it_behaves_like 'current user not admin build items'
     end
 
     context 'with non admin current_user' do
       let_it_be(:current_user) { create(:user) }
 
-      let(:service) { described_class.new(current_user, params) }
-
-      subject(:user) { service.execute(skip_authorization: true) }
-
-      it 'raises AccessDeniedError exception when authorization is not skipped' do
-        expect { service.execute }.to raise_error Gitlab::Access::AccessDeniedError
+      it 'raises AccessDeniedError exception' do
+        expect { described_class.new(current_user, params).execute }.to raise_error Gitlab::Access::AccessDeniedError
       end
-
-      it_behaves_like 'common build items'
-      it_behaves_like 'current user not admin'
     end
 
     context 'with an admin current_user' do
@@ -163,7 +34,7 @@ RSpec.describe Users::BuildService do
 
       subject(:user) { service.execute }
 
-      it_behaves_like 'common build items'
+      it_behaves_like 'common user build items'
 
       context 'with allowed params' do
         let(:params) do

spec/support/gitlab/usage/metrics_instrumentation_shared_examples.rb

 # frozen_string_literal: true
 
-RSpec.shared_examples 'a correct instrumented metric value' do |params, expected_value|
+RSpec.shared_examples 'a correct instrumented metric value' do |params|
   let(:time_frame) { params[:time_frame] }
   let(:options) { params[:options] }
+  let(:metric) { described_class.new(time_frame: time_frame, options: options) }
 
   before do
     allow(ActiveRecord::Base.connection).to receive(:transaction_open?).and_return(false)
   end
 
   it 'has correct value' do
-    expect(described_class.new(time_frame: time_frame, options: options).value).to eq(expected_value)
+    expect(metric.value).to eq(expected_value)
   end
 end
+
+RSpec.shared_examples 'a correct instrumented metric query' do |params|
+  let(:time_frame) { params[:time_frame] }
+  let(:options) { params[:options] }
+  let(:metric) { described_class.new(time_frame: time_frame, options: options) }
+
+  around do |example|
+    freeze_time { example.run }
+  end
+
+  before do
+    allow(ActiveRecord::Base.connection).to receive(:transaction_open?).and_return(false)
+  end
+
+  it 'has correct generate query' do
+    expect(metric.to_sql).to eq(expected_query)
+  end
+end
+
+RSpec.shared_examples 'a correct instrumented metric value and query' do |params|
+  it_behaves_like 'a correct instrumented metric value', params
+  it_behaves_like 'a correct instrumented metric query', params
+end

spec/support/shared_examples/services/users/build_service_shared_examples.rb

+# frozen_string_literal: true
+
+RSpec.shared_examples 'common user build items' do
+  it { is_expected.to be_valid }
+
+  it 'sets the created_by_id' do
+    expect(user.created_by_id).to eq(current_user&.id)
+  end
+
+  it 'calls UpdateCanonicalEmailService' do
+    expect(Users::UpdateCanonicalEmailService).to receive(:new).and_call_original
+
+    user
+  end
+
+  context 'when user_type is provided' do
+    context 'when project_bot' do
+      before do
+        params.merge!({ user_type: :project_bot })
+      end
+
+      it { expect(user.project_bot?).to be true }
+    end
+
+    context 'when not a project_bot' do
+      before do
+        params.merge!({ user_type: :alert_bot })
+      end
+
+      it { expect(user).to be_human }
+    end
+  end
+end
+
+RSpec.shared_examples_for 'current user not admin build items' do
+  using RSpec::Parameterized::TableSyntax
+
+  context 'with "user_default_external" application setting' do
+    where(:user_default_external, :external, :email, :user_default_internal_regex, :result) do
+      true  | nil   | 'fl@example.com'        | nil                     | true
+      true  | true  | 'fl@example.com'        | nil                     | true
+      true  | false | 'fl@example.com'        | nil                     | true # admin difference
+
+      true  | nil   | 'fl@example.com'        | ''                      | true
+      true  | true  | 'fl@example.com'        | ''                      | true
+      true  | false | 'fl@example.com'        | ''                      | true # admin difference
+
+      true  | nil   | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
+      true  | true  | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false # admin difference
+      true  | false | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
+
+      true  | nil   | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | true
+      true  | true  | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | true
+      true  | false | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | true # admin difference
+
+      false | nil   | 'fl@example.com'        | nil                     | false
+      false | true  | 'fl@example.com'        | nil                     | false # admin difference
+      false | false | 'fl@example.com'        | nil                     | false
+
+      false | nil   | 'fl@example.com'        | ''                      | false
+      false | true  | 'fl@example.com'        | ''                      | false # admin difference
+      false | false | 'fl@example.com'        | ''                      | false
+
+      false | nil   | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
+      false | true  | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false # admin difference
+      false | false | 'fl@example.com'        | '^(?:(?!\.ext@).)*$\r?' | false
+
+      false | nil   | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | false
+      false | true  | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | false # admin difference
+      false | false | 'tester.ext@domain.com' | '^(?:(?!\.ext@).)*$\r?' | false
+    end
+
+    with_them do
+      before do
+        stub_application_setting(user_default_external: user_default_external)
+        stub_application_setting(user_default_internal_regex: user_default_internal_regex)
+
+        params.merge!({ external: external, email: email }.compact)
+      end
+
+      it 'sets the value of Gitlab::CurrentSettings.user_default_external' do
+        expect(user.external).to eq(result)
+      end
+    end
+  end
+
+  context 'when "send_user_confirmation_email" application setting is true' do
+    before do
+      stub_application_setting(send_user_confirmation_email: true, signup_enabled?: true)
+    end
+
+    it 'does not confirm the user' do
+      expect(user).not_to be_confirmed
+    end
+  end
+
+  context 'when "send_user_confirmation_email" application setting is false' do
+    before do
+      stub_application_setting(send_user_confirmation_email: false, signup_enabled?: true)
+    end
+
+    it 'confirms the user' do
+      expect(user).to be_confirmed
+    end
+  end
+
+  context 'with allowed params' do
+    let(:params) do
+      {
+        email: 1,
+        name: 1,
+        password: 1,
+        password_automatically_set: 1,
+        username: 1,
+        user_type: 'project_bot'
+      }
+    end
+
+    it 'sets all allowed attributes' do
+      expect(User).to receive(:new).with(hash_including(params)).and_call_original
+
+      user
+    end
+  end
+end