Merge branch '55447-validate-k8s-ca-cert' into 'master'
Validate k8s CA certificate at cluster creation See merge request gitlab-org/gitlab-ce!24990
This commit is contained in:
commit
15af0a4508
|
@ -43,6 +43,7 @@ module Clusters
|
|||
# We expect to be `active?` only when enabled and cluster is created (the api_url is assigned)
|
||||
validates :api_url, url: true, presence: true
|
||||
validates :token, presence: true
|
||||
validates :ca_cert, certificate: true, allow_blank: true, if: :ca_cert_changed?
|
||||
|
||||
validate :prevent_modification, on: :update
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Validate kubernetes cluster CA certificate
|
||||
merge_request: 24990
|
||||
author:
|
||||
type: changed
|
|
@ -30,4 +30,4 @@ TkIdFE47ZisEDhIdF6wC1izEMLeMEsPAO7/Y6MY4nRxsinSe95lRaw+yQpzx+mvJ
|
|||
Q7n1kiHI9Pd5M3+CiQda0d/GO1o5ORJnUGJRvr9HKuNmE7Lif0As/N0AlywjzE7A
|
||||
6Z8AEiWyRV1ffshu1k2UKmzvZuZeGGKRtrIjbJIRAtpRVtVZZGzhq5/sojCLoJ+u
|
||||
texqFBUo/4mFRZa4pDItUdyOlDy2/LO/ag==
|
||||
-----END CERTIFICATE-----
|
||||
-----END CERTIFICATE-----
|
|
@ -97,7 +97,7 @@ RSpec.describe Clusters::KubernetesNamespace, type: :model do
|
|||
let(:platform) { create(:cluster_platform_kubernetes, api_url: api_url, ca_cert: ca_pem, token: token) }
|
||||
|
||||
let(:api_url) { 'https://kube.domain.com' }
|
||||
let(:ca_pem) { 'CA PEM DATA' }
|
||||
let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) }
|
||||
let(:token) { 'token' }
|
||||
|
||||
let(:kubeconfig) do
|
||||
|
|
|
@ -114,6 +114,36 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
|
|||
end
|
||||
end
|
||||
|
||||
context 'ca_cert' do
|
||||
let(:kubernetes) { build(:cluster_platform_kubernetes, ca_pem: ca_pem) }
|
||||
|
||||
context 'with a valid certificate' do
|
||||
let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) }
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
|
||||
context 'with an invalid certificate' do
|
||||
let(:ca_pem) { "invalid" }
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
|
||||
context 'but the certificate is not being updated' do
|
||||
before do
|
||||
allow(kubernetes).to receive(:ca_cert_changed?).and_return(false)
|
||||
end
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
end
|
||||
|
||||
context 'with no certificate' do
|
||||
let(:ca_pem) { "" }
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
end
|
||||
|
||||
describe 'when using reserved namespaces' do
|
||||
subject { build(:cluster_platform_kubernetes, namespace: namespace) }
|
||||
|
||||
|
@ -202,7 +232,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
|
|||
let!(:cluster) { create(:cluster, :project, platform_kubernetes: kubernetes) }
|
||||
let(:kubernetes) { create(:cluster_platform_kubernetes, api_url: api_url, ca_cert: ca_pem) }
|
||||
let(:api_url) { 'https://kube.domain.com' }
|
||||
let(:ca_pem) { 'CA PEM DATA' }
|
||||
let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) }
|
||||
|
||||
subject { kubernetes.predefined_variables(project: cluster.project) }
|
||||
|
||||
|
|
Loading…
Reference in New Issue