Refactor AgentTokens revoke service to deduplicate agent info

b178acd1 · Timo Furrer · 0ef588cb · b178acd1 · b178acd1 · b178acd1
Verified Commit b178acd1 authored 2 years ago by Timo Furrer
--- a/app/graphql/mutations/clusters/agent_tokens/revoke.rb
+++ b/app/graphql/mutations/clusters/agent_tokens/revoke.rb
@@ -17,8 +17,7 @@ class Revoke < BaseMutation
        def resolve(id:)
          token = authorized_find!(id: id)

-          ::Clusters::AgentTokens::RevokeService.new(current_project: token.agent.project, current_user: current_user,
-                                                     token: token).execute
+          ::Clusters::AgentTokens::RevokeService.new(token: token, current_user: current_user).execute

          { errors: errors_on_object(token) }
        end

--- a/app/services/clusters/agent_tokens/revoke_service.rb
+++ b/app/services/clusters/agent_tokens/revoke_service.rb
@@ -5,14 +5,13 @@ module AgentTokens
    class RevokeService
      attr_reader :current_project, :current_user, :token

-      def initialize(current_project:, current_user:, token:)
-        @current_project = current_project
-        @current_user = current_user
+      def initialize(token:, current_user:)
        @token = token
+        @current_user = current_user
      end

      def execute
-        return error_no_permissions unless current_user.can?(:create_cluster, current_project)
+        return error_no_permissions unless current_user.can?(:create_cluster, token.agent.project)

        token.revoked!


--- a/ee/app/services/ee/clusters/agent_tokens/revoke_service.rb
+++ b/ee/app/services/ee/clusters/agent_tokens/revoke_service.rb
@@ -25,7 +25,7 @@ def send_audit_event(token, response)
          audit_context = {
            name: 'cluster_agent_token_revoked',
            author: current_user,
-            scope: current_project,
+            scope: token.agent.project,
            target: token.agent,
            message: message
          }

--- a/ee/spec/services/clusters/agent_tokens/revoke_service_audit_log_spec.rb
+++ b/ee/spec/services/clusters/agent_tokens/revoke_service_audit_log_spec.rb
@@ -27,7 +27,7 @@
            "Revoked cluster agent token '#{agent_token.name}' with id #{agent_token.id}"
          )

-          described_class.new(current_project: project, current_user: user, token: agent_token).execute
+          described_class.new(token: agent_token, current_user: user).execute
        end
      end
    end
@@ -50,17 +50,17 @@
            "User has insufficient permissions to revoke the token for this project"
          )

-          described_class.new(current_project: project, current_user: unauthorized_user, token: agent_token).execute
+          described_class.new(token: agent_token, current_user: unauthorized_user).execute
        end
      end
    end
  end

-  def expect_to_audit(current_user, current_project, target, message)
+  def expect_to_audit(current_user, scope, target, message)
    audit_context = {
      name: 'cluster_agent_token_revoked',
      author: current_user,
-      scope: current_project,
+      scope: scope,
      target: target,
      message: message
    }

--- a/lib/api/clusters/agent_tokens.rb
+++ b/lib/api/clusters/agent_tokens.rb
@@ -89,8 +89,7 @@ class AgentTokens < ::API::Base
              token = ::Clusters::AgentTokensFinder.new(agent, current_user).find(params[:token_id])

              # Skipping explicit error handling and relying on exceptions
-              ::Clusters::AgentTokens::RevokeService.new(current_project:
-                            agent.project, current_user: current_user, token: token).execute
+              ::Clusters::AgentTokens::RevokeService.new(token: token, current_user: current_user).execute

              status :no_content
            end

--- a/spec/services/clusters/agent_tokens/revoke_service_spec.rb
+++ b/spec/services/clusters/agent_tokens/revoke_service_spec.rb
@@ -20,7 +20,7 @@

      context 'when user revokes agent token' do
        it 'succeeds' do
-          described_class.new(current_project: project, current_user: user, token: agent_token).execute
+          described_class.new(token: agent_token, current_user: user).execute

          expect(agent_token.revoked?).to be true
        end
@@ -36,7 +36,7 @@

      context 'when user attempts to revoke agent token' do
        it 'fails' do
-          described_class.new(current_project: project, current_user: unauthorized_user, token: agent_token).execute
+          described_class.new(token: agent_token, current_user: unauthorized_user).execute

          expect(agent_token.revoked?).to be false
        end