2019-03-30 07:23:56 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-08-29 07:56:52 +00:00
|
|
|
require 'spec_helper'
|
2017-11-07 14:10:40 +00:00
|
|
|
|
2020-06-24 18:09:03 +00:00
|
|
|
RSpec.describe Clusters::Applications::Ingress do
|
2018-03-01 23:46:02 +00:00
|
|
|
let(:ingress) { create(:clusters_applications_ingress) }
|
|
|
|
|
2018-12-04 10:24:21 +00:00
|
|
|
it_behaves_like 'having unique enum values'
|
|
|
|
|
2018-03-01 23:46:02 +00:00
|
|
|
include_examples 'cluster application core specs', :clusters_applications_ingress
|
2018-10-15 09:03:15 +00:00
|
|
|
include_examples 'cluster application status specs', :clusters_applications_ingress
|
2019-02-07 21:40:55 +00:00
|
|
|
include_examples 'cluster application version specs', :clusters_applications_ingress
|
2018-11-26 20:02:33 +00:00
|
|
|
include_examples 'cluster application helm specs', :clusters_applications_ingress
|
2019-02-06 11:05:21 +00:00
|
|
|
include_examples 'cluster application initial status specs'
|
2017-11-07 14:10:40 +00:00
|
|
|
|
2018-02-20 01:42:05 +00:00
|
|
|
before do
|
|
|
|
allow(ClusterWaitForIngressIpAddressWorker).to receive(:perform_in)
|
2018-02-22 22:08:12 +00:00
|
|
|
allow(ClusterWaitForIngressIpAddressWorker).to receive(:perform_async)
|
2018-02-20 01:42:05 +00:00
|
|
|
end
|
2018-02-12 03:22:15 +00:00
|
|
|
|
2019-04-12 05:42:48 +00:00
|
|
|
describe '#can_uninstall?' do
|
|
|
|
subject { ingress.can_uninstall? }
|
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
context 'with jupyter installed' do
|
|
|
|
before do
|
|
|
|
create(:clusters_applications_jupyter, :installed, cluster: ingress.cluster)
|
|
|
|
end
|
2019-07-02 12:59:59 +00:00
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
it 'returns false if external_ip_or_hostname? is true' do
|
|
|
|
ingress.external_ip = 'IP'
|
2019-07-02 12:59:59 +00:00
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
is_expected.to be_falsey
|
|
|
|
end
|
2019-07-02 12:59:59 +00:00
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
it 'returns false if external_ip_or_hostname? is false' do
|
|
|
|
is_expected.to be_falsey
|
|
|
|
end
|
2019-07-02 12:59:59 +00:00
|
|
|
end
|
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
context 'with jupyter installable' do
|
|
|
|
before do
|
|
|
|
create(:clusters_applications_jupyter, :installable, cluster: ingress.cluster)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns true if external_ip_or_hostname? is true' do
|
|
|
|
ingress.external_ip = 'IP'
|
2019-10-22 15:06:06 +00:00
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
is_expected.to be_truthy
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns false if external_ip_or_hostname? is false' do
|
|
|
|
is_expected.to be_falsey
|
|
|
|
end
|
2019-10-22 15:06:06 +00:00
|
|
|
end
|
|
|
|
|
2020-03-24 09:09:25 +00:00
|
|
|
context 'with jupyter nil' do
|
|
|
|
it 'returns false if external_ip_or_hostname? is false' do
|
|
|
|
is_expected.to be_falsey
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'if external_ip_or_hostname? is true' do
|
|
|
|
context 'with IP' do
|
|
|
|
before do
|
|
|
|
ingress.external_ip = 'IP'
|
|
|
|
end
|
|
|
|
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with hostname' do
|
|
|
|
before do
|
|
|
|
ingress.external_hostname = 'example.com'
|
|
|
|
end
|
|
|
|
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
end
|
|
|
|
end
|
2019-07-02 12:59:59 +00:00
|
|
|
end
|
2019-04-12 05:42:48 +00:00
|
|
|
end
|
|
|
|
|
2018-02-20 01:42:05 +00:00
|
|
|
describe '#make_installed!' do
|
2018-02-12 03:22:15 +00:00
|
|
|
before do
|
2018-02-20 01:42:05 +00:00
|
|
|
application.make_installed!
|
2018-02-12 03:22:15 +00:00
|
|
|
end
|
|
|
|
|
2018-02-20 01:42:05 +00:00
|
|
|
let(:application) { create(:clusters_applications_ingress, :installing) }
|
|
|
|
|
2018-02-12 03:22:15 +00:00
|
|
|
it 'schedules a ClusterWaitForIngressIpAddressWorker' do
|
|
|
|
expect(ClusterWaitForIngressIpAddressWorker).to have_received(:perform_in)
|
2018-02-25 01:46:16 +00:00
|
|
|
.with(Clusters::Applications::Ingress::FETCH_IP_ADDRESS_DELAY, 'ingress', application.id)
|
2018-02-12 03:22:15 +00:00
|
|
|
end
|
|
|
|
end
|
2018-02-20 02:49:35 +00:00
|
|
|
|
2018-02-22 22:08:12 +00:00
|
|
|
describe '#schedule_status_update' do
|
2018-02-20 02:49:35 +00:00
|
|
|
let(:application) { create(:clusters_applications_ingress, :installed) }
|
|
|
|
|
|
|
|
before do
|
2018-02-22 22:08:12 +00:00
|
|
|
application.schedule_status_update
|
2018-02-20 02:49:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'schedules a ClusterWaitForIngressIpAddressWorker' do
|
2018-02-22 22:08:12 +00:00
|
|
|
expect(ClusterWaitForIngressIpAddressWorker).to have_received(:perform_async)
|
2018-02-25 01:46:16 +00:00
|
|
|
.with('ingress', application.id)
|
2018-02-20 02:49:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the application is not installed' do
|
|
|
|
let(:application) { create(:clusters_applications_ingress, :installing) }
|
|
|
|
|
|
|
|
it 'does not schedule a ClusterWaitForIngressIpAddressWorker' do
|
2018-02-22 22:08:12 +00:00
|
|
|
expect(ClusterWaitForIngressIpAddressWorker).not_to have_received(:perform_async)
|
2018-02-20 02:49:35 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when there is already an external_ip' do
|
|
|
|
let(:application) { create(:clusters_applications_ingress, :installed, external_ip: '111.222.222.111') }
|
|
|
|
|
|
|
|
it 'does not schedule a ClusterWaitForIngressIpAddressWorker' do
|
|
|
|
expect(ClusterWaitForIngressIpAddressWorker).not_to have_received(:perform_in)
|
|
|
|
end
|
|
|
|
end
|
2019-03-07 21:51:43 +00:00
|
|
|
|
|
|
|
context 'when there is already an external_hostname' do
|
|
|
|
let(:application) { create(:clusters_applications_ingress, :installed, external_hostname: 'localhost.localdomain') }
|
|
|
|
|
|
|
|
it 'does not schedule a ClusterWaitForIngressIpAddressWorker' do
|
|
|
|
expect(ClusterWaitForIngressIpAddressWorker).not_to have_received(:perform_in)
|
|
|
|
end
|
|
|
|
end
|
2018-02-20 02:49:35 +00:00
|
|
|
end
|
2018-03-01 23:46:02 +00:00
|
|
|
|
|
|
|
describe '#install_command' do
|
|
|
|
subject { ingress.install_command }
|
|
|
|
|
2020-11-05 09:09:00 +00:00
|
|
|
it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::V3::InstallCommand) }
|
2018-03-01 23:46:02 +00:00
|
|
|
|
2019-04-05 08:43:27 +00:00
|
|
|
it 'is initialized with ingress arguments' do
|
2018-03-01 23:46:02 +00:00
|
|
|
expect(subject.name).to eq('ingress')
|
2020-10-16 09:09:06 +00:00
|
|
|
expect(subject.chart).to eq('ingress/nginx-ingress')
|
2020-08-04 03:09:50 +00:00
|
|
|
expect(subject.version).to eq('1.40.2')
|
2019-01-03 13:41:53 +00:00
|
|
|
expect(subject).to be_rbac
|
2018-08-07 12:39:38 +00:00
|
|
|
expect(subject.files).to eq(ingress.files)
|
2018-03-01 23:46:02 +00:00
|
|
|
end
|
2018-07-22 10:48:53 +00:00
|
|
|
|
2019-01-03 13:41:53 +00:00
|
|
|
context 'on a non rbac enabled cluster' do
|
2018-09-06 10:03:38 +00:00
|
|
|
before do
|
2019-01-03 13:41:53 +00:00
|
|
|
ingress.cluster.platform_kubernetes.abac!
|
2018-09-06 10:03:38 +00:00
|
|
|
end
|
|
|
|
|
2019-01-03 13:41:53 +00:00
|
|
|
it { is_expected.not_to be_rbac }
|
2018-09-06 10:03:38 +00:00
|
|
|
end
|
|
|
|
|
2018-07-22 10:48:53 +00:00
|
|
|
context 'application failed to install previously' do
|
|
|
|
let(:ingress) { create(:clusters_applications_ingress, :errored, version: 'nginx') }
|
|
|
|
|
2019-04-05 08:43:27 +00:00
|
|
|
it 'is initialized with the locked version' do
|
2020-08-04 03:09:50 +00:00
|
|
|
expect(subject.version).to eq('1.40.2')
|
2018-07-22 10:48:53 +00:00
|
|
|
end
|
|
|
|
end
|
2018-03-01 23:46:02 +00:00
|
|
|
end
|
|
|
|
|
2018-08-07 12:39:38 +00:00
|
|
|
describe '#files' do
|
|
|
|
let(:application) { ingress }
|
|
|
|
let(:values) { subject[:'values.yaml'] }
|
2018-03-01 23:46:02 +00:00
|
|
|
|
2018-08-07 12:39:38 +00:00
|
|
|
subject { application.files }
|
|
|
|
|
2019-04-05 08:43:27 +00:00
|
|
|
it 'includes ingress valid keys in values' do
|
2018-08-07 12:39:38 +00:00
|
|
|
expect(values).to include('image')
|
|
|
|
expect(values).to include('repository')
|
|
|
|
expect(values).to include('stats')
|
|
|
|
expect(values).to include('podAnnotations')
|
2020-03-03 09:07:54 +00:00
|
|
|
expect(values).to include('clusterIP')
|
2018-08-07 12:39:38 +00:00
|
|
|
end
|
2018-03-01 23:46:02 +00:00
|
|
|
end
|
2019-09-18 14:02:45 +00:00
|
|
|
|
|
|
|
describe '#values' do
|
2020-03-19 09:09:27 +00:00
|
|
|
subject { ingress }
|
2019-09-18 14:02:45 +00:00
|
|
|
|
2020-01-07 12:07:55 +00:00
|
|
|
context 'when modsecurity_enabled is enabled' do
|
2019-09-18 14:02:45 +00:00
|
|
|
before do
|
2020-01-07 12:07:55 +00:00
|
|
|
allow(subject).to receive(:modsecurity_enabled).and_return(true)
|
2019-09-18 14:02:45 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'includes modsecurity module enablement' do
|
|
|
|
expect(subject.values).to include("enable-modsecurity: 'true'")
|
|
|
|
end
|
|
|
|
|
2020-03-19 09:09:27 +00:00
|
|
|
it 'includes modsecurity core ruleset enablement set to false' do
|
|
|
|
expect(subject.values).to include("enable-owasp-modsecurity-crs: 'false'")
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'includes modsecurity snippet with information related to security rules' do
|
|
|
|
expect(subject.values).to include("SecRuleEngine DetectionOnly")
|
|
|
|
expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}")
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when modsecurity_mode is set to :blocking' do
|
|
|
|
before do
|
|
|
|
subject.blocking!
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'includes modsecurity snippet with information related to security rules' do
|
|
|
|
expect(subject.values).to include("SecRuleEngine On")
|
|
|
|
expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}")
|
|
|
|
end
|
2019-09-18 14:02:45 +00:00
|
|
|
end
|
2019-10-23 18:06:07 +00:00
|
|
|
|
|
|
|
it 'includes modsecurity.conf content' do
|
|
|
|
expect(subject.values).to include('modsecurity.conf')
|
|
|
|
# Includes file content from Ingress#modsecurity_config_content
|
|
|
|
expect(subject.values).to include('SecAuditLog')
|
|
|
|
|
|
|
|
expect(subject.values).to include('extraVolumes')
|
|
|
|
expect(subject.values).to include('extraVolumeMounts')
|
|
|
|
end
|
2019-11-13 15:07:29 +00:00
|
|
|
|
|
|
|
it 'includes modsecurity sidecar container' do
|
|
|
|
expect(subject.values).to include('modsecurity-log-volume')
|
|
|
|
|
|
|
|
expect(subject.values).to include('extraContainers')
|
|
|
|
end
|
2020-04-21 15:21:10 +00:00
|
|
|
|
2020-04-22 09:09:36 +00:00
|
|
|
it 'executes command to tail modsecurity logs with -F option' do
|
|
|
|
args = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'args')
|
|
|
|
|
|
|
|
expect(args).to eq(['/bin/sh', '-c', 'tail -F /var/log/modsec/audit.log'])
|
|
|
|
end
|
|
|
|
|
2020-04-21 15:21:10 +00:00
|
|
|
it 'includes livenessProbe for modsecurity sidecar container' do
|
|
|
|
probe_config = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'livenessProbe')
|
|
|
|
|
|
|
|
expect(probe_config).to eq('exec' => { 'command' => ['ls', '/var/log/modsec/audit.log'] })
|
|
|
|
end
|
2019-09-18 14:02:45 +00:00
|
|
|
end
|
|
|
|
|
2020-01-07 12:07:55 +00:00
|
|
|
context 'when modsecurity_enabled is disabled' do
|
2019-09-18 14:02:45 +00:00
|
|
|
before do
|
2020-03-13 09:09:23 +00:00
|
|
|
allow(subject).to receive(:modsecurity_enabled).and_return(false)
|
2019-09-18 14:02:45 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'excludes modsecurity module enablement' do
|
|
|
|
expect(subject.values).not_to include('enable-modsecurity')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'excludes modsecurity core ruleset enablement' do
|
|
|
|
expect(subject.values).not_to include('enable-owasp-modsecurity-crs')
|
|
|
|
end
|
2019-10-23 18:06:07 +00:00
|
|
|
|
|
|
|
it 'excludes modsecurity.conf content' do
|
|
|
|
expect(subject.values).not_to include('modsecurity.conf')
|
|
|
|
# Excludes file content from Ingress#modsecurity_config_content
|
|
|
|
expect(subject.values).not_to include('SecAuditLog')
|
|
|
|
|
|
|
|
expect(subject.values).not_to include('extraVolumes')
|
|
|
|
expect(subject.values).not_to include('extraVolumeMounts')
|
|
|
|
end
|
2019-11-13 15:07:29 +00:00
|
|
|
|
|
|
|
it 'excludes modsecurity sidecar container' do
|
|
|
|
expect(subject.values).not_to include('modsecurity-log-volume')
|
|
|
|
|
|
|
|
expect(subject.values).not_to include('extraContainers')
|
|
|
|
end
|
2019-09-18 14:02:45 +00:00
|
|
|
end
|
|
|
|
end
|
2017-11-07 14:10:40 +00:00
|
|
|
end
|