Merge branch '11417-reset-feature-flags-client-token' into 'master'

Add endpoint to regenerate feature flags client token See merge request gitlab-org/gitlab-ee!13450

Merge branch '11417-reset-feature-flags-client-token' into 'master'
Add endpoint to regenerate feature flags client token See merge request gitlab-org/gitlab-ee!13450
f4b0df8d · Kamil Trzciński · e2be028a · 2ad08edc · f4b0df8d · f4b0df8d
Commit f4b0df8d authored Jun 04, 2019 by Kamil Trzciński
9 changed files
--- a/ee/app/controllers/projects/feature_flags_clients_controller.rb
+++ b/ee/app/controllers/projects/feature_flags_clients_controller.rb
+# frozen_string_literal: true
+
+class Projects::FeatureFlagsClientsController < Projects::ApplicationController
+  before_action :authorize_admin_feature_flags_client!
+  before_action :feature_flags_client
+
+  def reset_token
+    feature_flags_client.reset_token!
+
+    respond_to do |format|
+      format.json do
+        render json: feature_flags_client_token_json, status: :ok
+      end
+    end
+  end
+
+  private
+
+  def feature_flags_client
+    project.operations_feature_flags_client || not_found
+  end
+
+  def feature_flags_client_token_json
+    FeatureFlagsClientSerializer.new
+      .represent_token(feature_flags_client)
+  end
+end
--- a/ee/app/policies/ee/project_policy.rb
+++ b/ee/app/policies/ee/project_policy.rb
@@ -12,6 +12,7 @@ module EE
      vulnerability_feedback
      license_management
      feature_flag
+      feature_flags_client
      design
    ].freeze

@@ -153,6 +154,7 @@ module EE
        enable :admin_path_locks
        enable :update_approvers
        enable :destroy_package
+        enable :admin_feature_flags_client
      end

      rule { license_management_enabled & can?(:maintainer_access) }.enable :admin_software_license_policy

--- a/ee/app/serializers/feature_flags_client_entity.rb
+++ b/ee/app/serializers/feature_flags_client_entity.rb
+# frozen_string_literal: true
+
+class FeatureFlagsClientEntity < Grape::Entity
+  include RequestAwareEntity
+
+  expose :token
+end
--- a/ee/app/serializers/feature_flags_client_serializer.rb
+++ b/ee/app/serializers/feature_flags_client_serializer.rb
+# frozen_string_literal: true
+
+class FeatureFlagsClientSerializer < BaseSerializer
+  entity FeatureFlagsClientEntity
+
+  def represent_token(resource, opts = {})
+    represent(resource, only: [:token])
+  end
+end
--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -60,6 +60,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
            get :proxy
          end
        end
+
+        resource :feature_flags_client, only: [] do
+          post :reset_token
+        end
      end

      resources :dependencies, only: [:index]

--- a/ee/spec/controllers/projects/feature_flags_clients_controller_spec.rb
+++ b/ee/spec/controllers/projects/feature_flags_clients_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Projects::FeatureFlagsClientsController do
+  include Gitlab::Routing
+
+  set(:project) { create(:project) }
+  set(:user) { create(:user) }
+
+  describe 'POST reset_token.json' do
+    subject(:reset_token) do
+      post :reset_token,
+        params: { namespace_id: project.namespace, project_id: project },
+        format: :json
+    end
+
+    before do
+      stub_licensed_features(feature_flags: true)
+      sign_in(user)
+    end
+
+    context 'when user is a project maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      context 'and feature flags client exist' do
+        it 'regenerates feature flags client token' do
+          project.create_operations_feature_flags_client!
+          expect { reset_token }.to change { project.reload.feature_flags_client_token }
+
+          expect(json_response['token']).to eq(project.feature_flags_client_token)
+        end
+      end
+
+      context 'but feature flags client does not exist' do
+        it 'returns 404' do
+          reset_token
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+    end
+
+    context 'when user is not a project maintainer' do
+      before do
+        project.add_developer(user)
+      end
+
+      it 'returns 404' do
+        reset_token
+
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+  end
+end
--- a/ee/spec/fixtures/api/schemas/feature_flags_client_token.json
+++ b/ee/spec/fixtures/api/schemas/feature_flags_client_token.json
+{
+  "type": "object",
+  "required" : [
+    "token"
+  ],
+  "properties" : {
+    "token": { "type": ["string"] }
+  },
+  "additionalProperties": false
+}
--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -29,7 +29,7 @@ describe ProjectPolicy do
    end
    let(:additional_reporter_permissions) { [:admin_issue_link] }
    let(:additional_developer_permissions) { %i[admin_vulnerability_feedback read_project_security_dashboard read_feature_flag] }
-    let(:additional_maintainer_permissions) { %i[push_code_to_protected_branches] }
+    let(:additional_maintainer_permissions) { %i[push_code_to_protected_branches admin_feature_flags_client] }
    let(:auditor_permissions) do
      %i[
        download_code download_wiki_code read_project read_board read_list

--- a/ee/spec/serializers/feature_flags_client_serializer_spec.rb
+++ b/ee/spec/serializers/feature_flags_client_serializer_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe FeatureFlagsClientSerializer do
+  let(:project) { create(:project) }
+  let(:feature_flags_client) { project.create_operations_feature_flags_client! }
+  let(:serializer) { described_class.new }
+
+  before do
+    stub_licensed_features(feature_flags: true)
+  end
+
+  describe '#represent_token' do
+    subject { serializer.represent_token(feature_flags_client).to_json }
+
+    it 'includes feature flags client token' do
+      expect(subject).to match_schema('feature_flags_client_token', dir: 'ee')
+    end
+  end
+end