Merge branch 'andysoiron/jira-connect-installed-updates' into 'master'

Handle Jira Connect installation updates See merge request gitlab-org/gitlab!83038

Merge branch 'andysoiron/jira-connect-installed-updates' into 'master'
Handle Jira Connect installation updates See merge request gitlab-org/gitlab!83038
12c575e3 · Markus Koller · e130205f · 19722d41 · 12c575e3 · 12c575e3
Commit 12c575e3 authored Mar 17, 2022 by Markus Koller
3 changed files
--- a/app/controllers/jira_connect/events_controller.rb
+++ b/app/controllers/jira_connect/events_controller.rb
@@ -7,11 +7,13 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController
  before_action :verify_asymmetric_atlassian_jwt!

  def installed
-    return head :ok if current_jira_installation
+    unless Feature.enabled?(:jira_connect_installation_update, default_enabled: :yaml)
+      return head :ok if current_jira_installation
+    end

-    installation = JiraConnectInstallation.new(event_params)
+    success = current_jira_installation ? update_installation : create_installation

-    if installation.save
+    if success
      head :ok
    else
      head :unprocessable_entity
@@ -28,8 +30,24 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController

  private

-  def event_params
-    params.permit(:clientKey, :sharedSecret, :baseUrl).transform_keys(&:underscore)
+  def create_installation
+    JiraConnectInstallation.new(create_params).save
+  end
+
+  def update_installation
+    current_jira_installation.update(update_params)
+  end
+
+  def create_params
+    transformed_params.permit(:client_key, :shared_secret, :base_url)
+  end
+
+  def update_params
+    transformed_params.permit(:shared_secret, :base_url)
+  end
+
+  def transformed_params
+    @transformed_params ||= params.transform_keys(&:underscore)
  end

  def verify_asymmetric_atlassian_jwt!
@@ -43,7 +61,7 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController
  def jwt_verification_claims
    {
      aud: jira_connect_base_url(protocol: 'https'),
-      iss: event_params[:client_key],
+      iss: transformed_params[:client_key],
      qsh: Atlassian::Jwt.create_query_string_hash(request.url, request.method, jira_connect_base_url)
    }
  end

--- a/config/feature_flags/development/jira_connect_installation_update.yml
+++ b/config/feature_flags/development/jira_connect_installation_update.yml
+---
+name: jira_connect_installation_update
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83038
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356083
+milestone: '14.9'
+type: development
+group: group::integrations
+default_enabled: false
--- a/spec/controllers/jira_connect/events_controller_spec.rb
+++ b/spec/controllers/jira_connect/events_controller_spec.rb
@@ -43,14 +43,15 @@ RSpec.describe JiraConnect::EventsController do
  end

  describe '#installed' do
-    let(:client_key) { '1234' }
-    let(:shared_secret) { 'secret' }
+    let_it_be(:client_key) { '1234' }
+    let_it_be(:shared_secret) { 'secret' }
+    let_it_be(:base_url) { 'https://test.atlassian.net' }

    let(:params) do
      {
        clientKey: client_key,
        sharedSecret: shared_secret,
-        baseUrl: 'https://test.atlassian.net'
+        baseUrl: base_url
      }
    end

@@ -77,11 +78,11 @@ RSpec.describe JiraConnect::EventsController do
      expect(installation.base_url).to eq('https://test.atlassian.net')
    end

-    context 'when it is a version update and shared_secret is not sent' do
+    context 'when the shared_secret param is missing' do
      let(:params) do
        {
          clientKey: client_key,
-          baseUrl: 'https://test.atlassian.net'
+          baseUrl: base_url
        }
      end

@@ -90,13 +91,48 @@ RSpec.describe JiraConnect::EventsController do

        expect(response).to have_gitlab_http_status(:unprocessable_entity)
      end
+    end
+
+    context 'when an installation already exists' do
+      let_it_be(:installation) { create(:jira_connect_installation, base_url: base_url, client_key: client_key, shared_secret: shared_secret) }
+
+      it 'validates the JWT token in authorization header and returns 200 without creating a new installation', :aggregate_failures do
+        expect { subject }.not_to change { JiraConnectInstallation.count }
+        expect(response).to have_gitlab_http_status(:ok)
+      end
+
+      context 'when parameters include a new shared secret and base_url' do
+        let(:shared_secret) { 'new_secret' }
+        let(:base_url) { 'https://new_test.atlassian.net' }

-      context 'and an installation exists' do
-        let!(:installation) { create(:jira_connect_installation, client_key: client_key, shared_secret: shared_secret) }
+        it 'updates the installation', :aggregate_failures do
+          subject

-        it 'validates the JWT token in authorization header and returns 200 without creating a new installation' do
-          expect { subject }.not_to change { JiraConnectInstallation.count }
          expect(response).to have_gitlab_http_status(:ok)
+          expect(installation.reload).to have_attributes(
+            shared_secret: shared_secret,
+            base_url: base_url
+          )
+        end
+
+        context 'when the `jira_connect_installation_update` feature flag is disabled' do
+          before do
+            stub_feature_flags(jira_connect_installation_update: false)
+          end
+
+          it 'does not update the installation', :aggregate_failures do
+            expect { subject }.not_to change { installation.reload.attributes }
+            expect(response).to have_gitlab_http_status(:ok)
+          end
+        end
+      end
+
+      context 'when the new base_url is invalid' do
+        let(:base_url) { 'invalid' }
+
+        it 'renders 422', :aggregate_failures do
+          expect { subject }.not_to change { installation.reload.base_url }
+          expect(response).to have_gitlab_http_status(:unprocessable_entity)
        end
      end
    end