Skip to content
Snippets Groups Projects
Verified Commit b178acd1 authored by Timo Furrer's avatar Timo Furrer :juggling:
Browse files

Refactor AgentTokens revoke service to deduplicate agent info

parent 0ef588cb
No related branches found
No related tags found
1 merge request!112036Resolve "Revoked/Created agent access tokens should fire audit events"
This commit is part of merge request !112036. Comments created here will be created in the context of that merge request.
...@@ -17,8 +17,7 @@ class Revoke < BaseMutation ...@@ -17,8 +17,7 @@ class Revoke < BaseMutation
def resolve(id:) def resolve(id:)
token = authorized_find!(id: id) token = authorized_find!(id: id)
::Clusters::AgentTokens::RevokeService.new(current_project: token.agent.project, current_user: current_user, ::Clusters::AgentTokens::RevokeService.new(token: token, current_user: current_user).execute
token: token).execute
{ errors: errors_on_object(token) } { errors: errors_on_object(token) }
end end
......
...@@ -5,14 +5,13 @@ module AgentTokens ...@@ -5,14 +5,13 @@ module AgentTokens
class RevokeService class RevokeService
attr_reader :current_project, :current_user, :token attr_reader :current_project, :current_user, :token
def initialize(current_project:, current_user:, token:) def initialize(token:, current_user:)
@current_project = current_project
@current_user = current_user
@token = token @token = token
@current_user = current_user
end end
def execute def execute
return error_no_permissions unless current_user.can?(:create_cluster, current_project) return error_no_permissions unless current_user.can?(:create_cluster, token.agent.project)
token.revoked! token.revoked!
......
...@@ -25,7 +25,7 @@ def send_audit_event(token, response) ...@@ -25,7 +25,7 @@ def send_audit_event(token, response)
audit_context = { audit_context = {
name: 'cluster_agent_token_revoked', name: 'cluster_agent_token_revoked',
author: current_user, author: current_user,
scope: current_project, scope: token.agent.project,
target: token.agent, target: token.agent,
message: message message: message
} }
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
"Revoked cluster agent token '#{agent_token.name}' with id #{agent_token.id}" "Revoked cluster agent token '#{agent_token.name}' with id #{agent_token.id}"
) )
described_class.new(current_project: project, current_user: user, token: agent_token).execute described_class.new(token: agent_token, current_user: user).execute
end end
end end
end end
...@@ -50,17 +50,17 @@ ...@@ -50,17 +50,17 @@
"User has insufficient permissions to revoke the token for this project" "User has insufficient permissions to revoke the token for this project"
) )
described_class.new(current_project: project, current_user: unauthorized_user, token: agent_token).execute described_class.new(token: agent_token, current_user: unauthorized_user).execute
end end
end end
end end
end end
def expect_to_audit(current_user, current_project, target, message) def expect_to_audit(current_user, scope, target, message)
audit_context = { audit_context = {
name: 'cluster_agent_token_revoked', name: 'cluster_agent_token_revoked',
author: current_user, author: current_user,
scope: current_project, scope: scope,
target: target, target: target,
message: message message: message
} }
......
...@@ -89,8 +89,7 @@ class AgentTokens < ::API::Base ...@@ -89,8 +89,7 @@ class AgentTokens < ::API::Base
token = ::Clusters::AgentTokensFinder.new(agent, current_user).find(params[:token_id]) token = ::Clusters::AgentTokensFinder.new(agent, current_user).find(params[:token_id])
# Skipping explicit error handling and relying on exceptions # Skipping explicit error handling and relying on exceptions
::Clusters::AgentTokens::RevokeService.new(current_project: ::Clusters::AgentTokens::RevokeService.new(token: token, current_user: current_user).execute
agent.project, current_user: current_user, token: token).execute
status :no_content status :no_content
end end
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
context 'when user revokes agent token' do context 'when user revokes agent token' do
it 'succeeds' do it 'succeeds' do
described_class.new(current_project: project, current_user: user, token: agent_token).execute described_class.new(token: agent_token, current_user: user).execute
expect(agent_token.revoked?).to be true expect(agent_token.revoked?).to be true
end end
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
context 'when user attempts to revoke agent token' do context 'when user attempts to revoke agent token' do
it 'fails' do it 'fails' do
described_class.new(current_project: project, current_user: unauthorized_user, token: agent_token).execute described_class.new(token: agent_token, current_user: unauthorized_user).execute
expect(agent_token.revoked?).to be false expect(agent_token.revoked?).to be false
end end
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment