Fallback to admin token for project clusters only

We do not want group level clusters to fall back to what was old behaviour for project level clusters. So instead we will not return any KUBE_TOKEN if we cannot find a suitable kubernetes_namespace for the project, in the group level cluster case. Add test cases to assert above
2018-11-27 17:30:09 +13:00 · 2018-11-27 17:30:09 +13:00 · a97d876751
parent 76d4e6d6d8
commit a97d876751
4 changed files with 41 additions and 4 deletions
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@ -85,7 +85,7 @@ module Clusters

          if kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project)
            variables.concat(kubernetes_namespace.predefined_variables)
-          else
+          elsif cluster.project_type?
            # From 11.5, every Clusters::Project should have at least one
            # Clusters::KubernetesNamespace, so once migration has been completed,
            # this 'else' branch will be removed. For more information, please see
--- a/changelogs/unreleased/legacy_fallback_for_project_clusters_only.yml
+++ b/changelogs/unreleased/legacy_fallback_for_project_clusters_only.yml
@ -0,0 +1,5 @@
+---
+title: Fallback to admin KUBE_TOKEN for project clusters only
+merge_request: 23527
+author:
+type: other
--- a/spec/factories/clusters/kubernetes_namespaces.rb
+++ b/spec/factories/clusters/kubernetes_namespaces.rb
@ -5,10 +5,12 @@ FactoryBot.define do
    association :cluster, :project, :provided_by_gcp

    after(:build) do |kubernetes_namespace|
-      cluster_project = kubernetes_namespace.cluster.cluster_project
+      if kubernetes_namespace.cluster.project_type?
+        cluster_project = kubernetes_namespace.cluster.cluster_project

-      kubernetes_namespace.project = cluster_project.project
-      kubernetes_namespace.cluster_project = cluster_project
+        kubernetes_namespace.project = cluster_project.project
+        kubernetes_namespace.cluster_project = cluster_project
+      end
    end

    trait :with_token do
--- a/spec/models/clusters/platforms/kubernetes_spec.rb
+++ b/spec/models/clusters/platforms/kubernetes_spec.rb
@ -273,6 +273,36 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
        )
      end
    end
+
+    context 'group level cluster' do
+      let!(:cluster) { create(:cluster, :group, platform_kubernetes: kubernetes) }
+
+      let(:project) { create(:project, group: cluster.group) }
+
+      subject { kubernetes.predefined_variables(project: project) }
+
+      context 'no kubernetes namespace for the project' do
+        it_behaves_like 'setting variables'
+
+        it 'does not return KUBE_TOKEN' do
+          expect(subject).not_to include(
+            { key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
+          )
+        end
+      end
+
+      context 'kubernetes namespace exists for the project' do
+        let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token, cluster: cluster, project: project) }
+
+        it_behaves_like 'setting variables'
+
+        it 'sets KUBE_TOKEN' do
+          expect(subject).to include(
+            { key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false }
+          )
+        end
+      end
+    end
  end

  describe '#terminals' do