2019-12-12 00:07:43 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-24 06:09:01 +00:00
|
|
|
RSpec.describe Clusters::Aws::AuthorizeRoleService do
|
2020-09-02 15:10:54 +00:00
|
|
|
subject { described_class.new(user, params: params).execute }
|
|
|
|
|
|
|
|
let(:role) { create(:aws_role) }
|
|
|
|
let(:user) { role.user }
|
2019-12-12 00:07:43 +00:00
|
|
|
let(:credentials) { instance_double(Aws::Credentials) }
|
|
|
|
let(:credentials_service) { instance_double(Clusters::Aws::FetchCredentialsService, execute: credentials) }
|
|
|
|
|
2020-09-02 15:10:54 +00:00
|
|
|
let(:role_arn) { 'arn:my-role' }
|
2019-12-12 00:07:43 +00:00
|
|
|
let(:params) do
|
|
|
|
params = ActionController::Parameters.new({
|
|
|
|
cluster: {
|
2020-09-02 15:10:54 +00:00
|
|
|
role_arn: role_arn
|
2019-12-12 00:07:43 +00:00
|
|
|
}
|
|
|
|
})
|
|
|
|
|
2020-09-02 15:10:54 +00:00
|
|
|
params.require(:cluster).permit(:role_arn)
|
2019-12-12 00:07:43 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
|
|
|
|
.with(instance_of(Aws::Role)).and_return(credentials_service)
|
|
|
|
end
|
|
|
|
|
2020-09-02 15:10:54 +00:00
|
|
|
context 'role exists' do
|
2019-12-12 00:07:43 +00:00
|
|
|
it 'updates the existing Aws::Role record and returns a set of credentials' do
|
|
|
|
expect(subject.status).to eq(:ok)
|
|
|
|
expect(subject.body).to eq(credentials)
|
2020-09-02 15:10:54 +00:00
|
|
|
expect(role.reload.role_arn).to eq(role_arn)
|
2019-12-12 00:07:43 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'errors' do
|
|
|
|
shared_examples 'bad request' do
|
|
|
|
it 'returns an empty hash' do
|
|
|
|
expect(subject.status).to eq(:unprocessable_entity)
|
|
|
|
expect(subject.body).to eq({})
|
|
|
|
end
|
2020-08-18 06:10:30 +00:00
|
|
|
|
|
|
|
it 'logs the error' do
|
|
|
|
expect(::Gitlab::ErrorTracking).to receive(:track_exception)
|
|
|
|
|
|
|
|
subject
|
|
|
|
end
|
2019-12-12 00:07:43 +00:00
|
|
|
end
|
|
|
|
|
2020-09-02 15:10:54 +00:00
|
|
|
context 'role does not exist' do
|
|
|
|
let(:user) { create(:user) }
|
|
|
|
|
|
|
|
include_examples 'bad request'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'supplied ARN is invalid' do
|
|
|
|
let(:role_arn) { 'invalid' }
|
2019-12-12 00:07:43 +00:00
|
|
|
|
|
|
|
include_examples 'bad request'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'client errors' do
|
|
|
|
before do
|
|
|
|
allow(credentials_service).to receive(:execute).and_raise(error)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'error fetching credentials' do
|
|
|
|
let(:error) { Aws::STS::Errors::ServiceError.new(nil, 'error message') }
|
|
|
|
|
|
|
|
include_examples 'bad request'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'credentials not configured' do
|
|
|
|
let(:error) { Aws::Errors::MissingCredentialsError.new('error message') }
|
|
|
|
|
|
|
|
include_examples 'bad request'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'role not configured' do
|
|
|
|
let(:error) { Clusters::Aws::FetchCredentialsService::MissingRoleError.new('error message') }
|
|
|
|
|
|
|
|
include_examples 'bad request'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|