Verify no audit event is logged when not licensed

If logging related features are not enabled, no audit event is
logged. The change in the shared_examples also extends this test for
other clients of `AuditEventService` in additions to Users services.

ee/spec/services/ee/users/block_service_spec.rb

@@ -13,31 +13,47 @@ describe Users::BlockService do
     subject(:operation) { service.execute(user) }
 
     describe 'audit events' do
-      before do
-        stub_licensed_features(admin_audit_log: true)
-      end
+      context 'when licensed' do
+        before do
+          stub_licensed_features(admin_audit_log: true)
+        end
+
+        context 'when user block operation succeeds' do
+          it 'logs an audit event' do
+            expect { operation }.to change { AuditEvent.count }.by(1)
+          end
 
-      context 'when user block operation succeeds' do
-        it 'logs an audit event' do
-          expect { operation }.to change { AuditEvent.count }.by(1)
+          it 'logs the audit event info' do
+            operation
+
+            expect(AuditEvent.last).to have_attributes(
+              details: hash_including(custom_message: 'Blocked user')
+            )
+          end
         end
 
-        it 'logs the audit event info' do
-          operation
+        context 'when user block operation fails' do
+          before do
+            allow(user).to receive(:block).and_return(false)
+          end
 
-          expect(AuditEvent.last).to have_attributes(
-            details: hash_including(custom_message: 'Blocked user')
-          )
+          it 'does not log any audit event' do
+            expect { operation }.not_to change { AuditEvent.count }
+          end
         end
       end
 
-      context 'when user block operation fails' do
+      context 'when not licensed' do
         before do
-          allow(user).to receive(:block).and_return(false)
+          stub_licensed_features(
+            admin_audit_log: false,
+            audit_events: false,
+            extended_audit_events: false
+          )
         end
 
         it 'does not log any audit event' do
-          expect { operation }.not_to change { AuditEvent.count }
+          expect { operation }.not_to change(AuditEvent, :count)
         end
       end
     end

ee/spec/services/ee/users/create_service_spec.rb

@@ -15,36 +15,38 @@ describe Users::CreateService do
 
   subject(:service) { described_class.new(current_user, params) }
 
-  context 'audit events' do
+  describe '#execute' do
     let(:operation) { service.execute }
 
-    include_examples 'audit event logging' do
-      let(:fail_condition!) do
-        expect_any_instance_of(User)
-          .to receive(:save).and_return(false)
+    context 'audit events' do
+      include_examples 'audit event logging' do
+        let(:fail_condition!) do
+          expect_any_instance_of(User)
+            .to receive(:save).and_return(false)
+        end
+
+        let(:attributes) do
+          {
+            author_id: current_user.id,
+            entity_id: @resource.id,
+            entity_type: 'User',
+            details: {
+              add: 'user',
+              author_name: current_user.name,
+              target_id: @resource.full_path,
+              target_type: 'User',
+              target_details: @resource.full_path
+            }
+          }
+        end
       end
 
-      let(:attributes) do
-        {
-           author_id: current_user.id,
-           entity_id: @resource.id,
-           entity_type: 'User',
-           details: {
-             add: 'user',
-             author_name: current_user.name,
-             target_id: @resource.full_path,
-             target_type: 'User',
-             target_details: @resource.full_path
-           }
-         }
-      end
-    end
-
-    context 'when audit is not required' do
-      let(:current_user) { nil }
+      context 'when audit is not required' do
+        let(:current_user) { nil }
 
-      it 'does not log audit event' do
-        expect { operation }.not_to change(AuditEvent, :count)
+        it 'does not log any audit event' do
+          expect { operation }.not_to change(AuditEvent, :count)
+        end
       end
     end
   end

ee/spec/services/ee/users/destroy_service_spec.rb

@@ -4,85 +4,108 @@ require 'spec_helper'
 
 describe Users::DestroyService do
   let(:current_user) { create(:admin) }
-  let(:user) { create(:user) }
 
   subject(:service) { described_class.new(current_user) }
 
-  it 'returns result' do
-    allow(user).to receive(:destroy).and_return(user)
+  describe '#execute' do
+    let(:user) { create(:user) }
 
-    expect(service.execute(user)).to eq(user)
-  end
-
-  context 'when project is a mirror' do
-    it 'assigns mirror_user to a project owner' do
-      mirror_user = create(:user)
-      project = create(:project, :mirror, mirror_user_id: mirror_user.id)
-      new_mirror_user = project.team.owners.first
+    subject(:operation) { service.execute(user) }
 
-      expect_any_instance_of(EE::NotificationService).to receive(:project_mirror_user_changed).with(new_mirror_user, mirror_user.name, project)
+    it 'returns result' do
+      allow(user).to receive(:destroy).and_return(user)
 
-      expect do
-        described_class.new(mirror_user).execute(mirror_user)
-      end.to change { project.reload.mirror_user }.from(mirror_user).to(new_mirror_user)
+      expect(operation).to eq(user)
     end
-  end
 
-  describe 'audit events' do
-    before do
-      stub_licensed_features(admin_audit_log: true)
-    end
+    context 'when project is a mirror' do
+      let(:project) { create(:project, :mirror, mirror_user_id: user.id) }
 
-    context 'soft delete' do
-      let(:hard_delete) { false }
+      it 'assigns mirror_user to a project owner' do
+        new_mirror_user = project.team.owners.first
 
-      context 'when user destroy operation succeeds' do
-        it 'logs audit events for ghost user migration and destroy operation' do
-          service.execute(user, hard_delete: hard_delete)
+        expect_any_instance_of(EE::NotificationService)
+          .to receive(:project_mirror_user_changed)
+          .with(new_mirror_user, user.name, project)
 
-          expect(AuditEvent.last(3)).to contain_exactly(
-            have_attributes(details: hash_including(change: 'email address')),
-            have_attributes(details: hash_including(change: 'username')),
-            have_attributes(details: hash_including(remove: 'user'))
-          )
-        end
+        expect { operation }.to change { project.reload.mirror_user }
+          .from(user).to(new_mirror_user)
       end
+    end
 
-      context 'when user destroy operation fails' do
+    describe 'audit events' do
+      context 'when licensed' do
         before do
-          allow(user).to receive(:destroy).and_return(false)
+          stub_licensed_features(admin_audit_log: true)
         end
 
-        it 'logs audit events for ghost user migration operation' do
-          service.execute(user, hard_delete: hard_delete)
-
-          expect(AuditEvent.last(2)).to contain_exactly(
-            have_attributes(details: hash_including(change: 'email address')),
-            have_attributes(details: hash_including(change: 'username'))
-          )
+        context 'soft delete' do
+          let(:hard_delete) { false }
+
+          context 'when user destroy operation succeeds' do
+            it 'logs audit events for ghost user migration and destroy operation' do
+              service.execute(user, hard_delete: hard_delete)
+
+              expect(AuditEvent.last(3)).to contain_exactly(
+                have_attributes(details: hash_including(change: 'email address')),
+                have_attributes(details: hash_including(change: 'username')),
+                have_attributes(details: hash_including(remove: 'user'))
+              )
+            end
+          end
+
+          context 'when user destroy operation fails' do
+            before do
+              allow(user).to receive(:destroy).and_return(false)
+            end
+
+            it 'logs audit events for ghost user migration operation' do
+              service.execute(user, hard_delete: hard_delete)
+
+              expect(AuditEvent.last(2)).to contain_exactly(
+                have_attributes(details: hash_including(change: 'email address')),
+                have_attributes(details: hash_including(change: 'username'))
+              )
+            end
+          end
         end
-      end
-    end
 
-    context 'hard delete' do
-      let(:hard_delete) { true }
+        context 'hard delete' do
+          let(:hard_delete) { true }
 
-      context 'when user destroy operation succeeds' do
-        it 'logs audit events for destroy operation' do
-          service.execute(user, hard_delete: hard_delete)
+          context 'when user destroy operation succeeds' do
+            it 'logs audit events for destroy operation' do
+              service.execute(user, hard_delete: hard_delete)
 
-          expect(AuditEvent.last)
-            .to have_attributes(details: hash_including(remove: 'user'))
+              expect(AuditEvent.last)
+                .to have_attributes(details: hash_including(remove: 'user'))
+            end
+          end
+
+          context 'when user destroy operation fails' do
+            before do
+              allow(user).to receive(:destroy).and_return(false)
+            end
+
+            it 'does not log any audit event' do
+              expect { service.execute(user, hard_delete: hard_delete) }
+                .not_to change { AuditEvent.count }
+            end
+          end
         end
       end
 
-      context 'when user destroy operation fails' do
+      context 'when not licensed' do
         before do
-          allow(user).to receive(:destroy).and_return(false)
+          stub_licensed_features(
+            admin_audit_log: false,
+            audit_events: false,
+            extended_audit_events: false
+          )
         end
 
         it 'does not log any audit event' do
-          expect { service.execute(user, hard_delete: hard_delete) }
+          expect { service.execute(user) }
             .not_to change { AuditEvent.count }
         end
       end

ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb

 # frozen_string_literal: true
 
 RSpec.shared_examples 'audit event logging' do
-  before do
-    stub_licensed_features(extended_audit_events: true)
-  end
+  context 'when licensed' do
+    before do
+      stub_licensed_features(extended_audit_events: true)
+    end
+
+    context 'when operation succeeds' do
+      it 'logs an audit event' do
+        expect { operation }.to change(AuditEvent, :count).by(1)
+      end
 
-  context 'when operation succeeds' do
-    it 'logs an audit event' do
-      expect { operation }.to change(AuditEvent, :count).by(1)
+      it 'logs the audit event info' do
+        @resource = operation
+
+        expect(AuditEvent.last).to have_attributes(attributes)
+      end
     end
 
-    it 'logs the audit event info' do
-      @resource = operation
+    it 'does not log audit event if operation fails' do
+      fail_condition!
 
-      expect(AuditEvent.last).to have_attributes(attributes)
+      expect { operation }.not_to change(AuditEvent, :count)
     end
   end
 
-  it 'does not log audit event if operation fails' do
-    fail_condition!
+  context 'when not licensed' do
+    before do
+      stub_licensed_features(
+        admin_audit_log: false,
+        audit_events: false,
+        extended_audit_events: false
+      )
+    end
 
-    expect { operation }.not_to change(AuditEvent, :count)
+    it 'does not log audit event' do
+      expect { operation }.not_to change(AuditEvent, :count)
+    end
   end
 end