2018-03-01 18:46:02 -05:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Gitlab::Kubernetes::Helm::InitCommand do
|
|
|
|
let(:application) { create(:clusters_applications_helm) }
|
2018-09-06 06:03:38 -04:00
|
|
|
let(:rbac) { false }
|
|
|
|
let(:files) { {} }
|
|
|
|
let(:init_command) { described_class.new(name: application.name, files: files, rbac: rbac) }
|
2018-03-01 18:46:02 -05:00
|
|
|
|
2018-09-06 06:03:38 -04:00
|
|
|
let(:commands) do
|
|
|
|
<<~EOS
|
2018-11-09 10:03:24 -05:00
|
|
|
helm init --tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem
|
2018-09-06 06:03:38 -04:00
|
|
|
EOS
|
|
|
|
end
|
|
|
|
|
|
|
|
subject { init_command }
|
2018-03-01 18:46:02 -05:00
|
|
|
|
2018-04-30 05:18:14 -04:00
|
|
|
it_behaves_like 'helm commands'
|
2018-09-06 06:03:38 -04:00
|
|
|
|
|
|
|
context 'on a rbac-enabled cluster' do
|
|
|
|
let(:rbac) { true }
|
|
|
|
|
|
|
|
it_behaves_like 'helm commands' do
|
|
|
|
let(:commands) do
|
|
|
|
<<~EOS
|
2018-11-09 10:03:24 -05:00
|
|
|
helm init --tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem --service-account tiller
|
2018-09-06 06:03:38 -04:00
|
|
|
EOS
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#rbac?' do
|
|
|
|
subject { init_command.rbac? }
|
|
|
|
|
|
|
|
context 'rbac is enabled' do
|
|
|
|
let(:rbac) { true }
|
|
|
|
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'rbac is not enabled' do
|
|
|
|
let(:rbac) { false }
|
|
|
|
|
|
|
|
it { is_expected.to be_falsey }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#config_map_resource' do
|
|
|
|
let(:metadata) do
|
|
|
|
{
|
|
|
|
name: 'values-content-configuration-helm',
|
|
|
|
namespace: 'gitlab-managed-apps',
|
|
|
|
labels: { name: 'values-content-configuration-helm' }
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: files) }
|
|
|
|
|
|
|
|
subject { init_command.config_map_resource }
|
|
|
|
|
|
|
|
it 'returns a KubeClient resource with config map content for the application' do
|
|
|
|
is_expected.to eq(resource)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#pod_resource' do
|
|
|
|
subject { init_command.pod_resource }
|
|
|
|
|
|
|
|
context 'rbac is enabled' do
|
|
|
|
let(:rbac) { true }
|
|
|
|
|
|
|
|
it 'generates a pod that uses the tiller serviceAccountName' do
|
|
|
|
expect(subject.spec.serviceAccountName).to eq('tiller')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'rbac is not enabled' do
|
|
|
|
let(:rbac) { false }
|
|
|
|
|
|
|
|
it 'generates a pod that uses the default serviceAccountName' do
|
|
|
|
expect(subject.spec.serviceAcccountName).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#service_account_resource' do
|
|
|
|
let(:resource) do
|
|
|
|
Kubeclient::Resource.new(metadata: { name: 'tiller', namespace: 'gitlab-managed-apps' })
|
|
|
|
end
|
|
|
|
|
|
|
|
subject { init_command.service_account_resource }
|
|
|
|
|
|
|
|
context 'rbac is enabled' do
|
|
|
|
let(:rbac) { true }
|
|
|
|
|
|
|
|
it 'generates a Kubeclient resource for the tiller ServiceAccount' do
|
|
|
|
is_expected.to eq(resource)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'rbac is not enabled' do
|
|
|
|
let(:rbac) { false }
|
|
|
|
|
|
|
|
it 'generates nothing' do
|
|
|
|
is_expected.to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#cluster_role_binding_resource' do
|
|
|
|
let(:resource) do
|
|
|
|
Kubeclient::Resource.new(
|
|
|
|
metadata: { name: 'tiller-admin' },
|
|
|
|
roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', name: 'cluster-admin' },
|
|
|
|
subjects: [{ kind: 'ServiceAccount', name: 'tiller', namespace: 'gitlab-managed-apps' }]
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
subject { init_command.cluster_role_binding_resource }
|
|
|
|
|
|
|
|
context 'rbac is enabled' do
|
|
|
|
let(:rbac) { true }
|
|
|
|
|
|
|
|
it 'generates a Kubeclient resource for the ClusterRoleBinding for tiller' do
|
|
|
|
is_expected.to eq(resource)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'rbac is not enabled' do
|
|
|
|
let(:rbac) { false }
|
|
|
|
|
|
|
|
it 'generates nothing' do
|
|
|
|
is_expected.to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-03-01 18:46:02 -05:00
|
|
|
end
|