Allow group install of JupyterHub

Removes limitations on cluster types that can install JupyterHub
This commit is contained in:
James Fargher 2019-09-02 13:42:36 +12:00
parent 632b4075aa
commit bc04a1dcf4
5 changed files with 49 additions and 28 deletions

View file

@ -85,7 +85,8 @@ module Clusters
"clientId" => oauth_application.uid,
"clientSecret" => oauth_application.secret,
"callbackUrl" => callback_url,
"gitlabProjectIdWhitelist" => [project_id]
"gitlabProjectIdWhitelist" => cluster.projects.ids,
"gitlabGroupWhitelist" => cluster.groups.map(&:to_param)
}
},
"singleuser" => {
@ -101,10 +102,6 @@ module Clusters
@crypto_key ||= SecureRandom.hex(32)
end
def project_id
cluster&.project&.id
end
def gitlab_url
Gitlab.config.gitlab.url
end

View file

@ -10,15 +10,15 @@ module Clusters
self.table_name = 'clusters'
PROJECT_ONLY_APPLICATIONS = {
Applications::Jupyter.application_name => Applications::Jupyter,
Applications::Knative.application_name => Applications::Knative
}.freeze
APPLICATIONS = {
Applications::Helm.application_name => Applications::Helm,
Applications::Ingress.application_name => Applications::Ingress,
Applications::CertManager.application_name => Applications::CertManager,
Applications::Prometheus.application_name => Applications::Prometheus,
Applications::Runner.application_name => Applications::Runner,
Applications::Prometheus.application_name => Applications::Prometheus
Applications::Jupyter.application_name => Applications::Jupyter
}.merge(PROJECT_ONLY_APPLICATIONS).freeze
DEFAULT_ENVIRONMENT = '*'
KUBE_INGRESS_BASE_DOMAIN = 'KUBE_INGRESS_BASE_DOMAIN'

View file

@ -0,0 +1,5 @@
---
title: Group level JupyterHub
merge_request: 32512
author:
type: added

View file

@ -81,27 +81,45 @@ describe Clusters::Applications::Jupyter do
end
describe '#files' do
let(:application) { create(:clusters_applications_jupyter) }
let(:cluster) { create(:cluster, :with_installed_helm, :provided_by_gcp, :project) }
let(:application) { create(:clusters_applications_jupyter, cluster: cluster) }
let(:values) { subject[:'values.yaml'] }
subject { application.files }
it 'includes valid values' do
expect(values).to include('ingress')
expect(values).to include('hub')
expect(values).to include('rbac')
expect(values).to include('proxy')
expect(values).to include('auth')
expect(values).to include('singleuser')
expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
expect(values).to include("gitlabProjectIdWhitelist:\n - #{application.cluster.project.id}")
expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
context 'when cluster belongs to a project' do
it 'includes valid values' do
expect(values).to include('ingress')
expect(values).to include('hub')
expect(values).to include('rbac')
expect(values).to include('proxy')
expect(values).to include('auth')
expect(values).to include('singleuser')
expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
expect(values).to include("gitlabProjectIdWhitelist:\n - #{application.cluster.project.id}")
expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
expect(values).to match(/GITLAB_CLUSTER_ID: '?#{application.cluster.id}/)
end
end
context 'when cluster belongs to a project' do
it 'sets GitLab project id' do
context 'when cluster belongs to a group' do
let(:group) { create(:group) }
let(:cluster) { create(:cluster, :with_installed_helm, :provided_by_gcp, :group, groups: [group]) }
it 'includes valid values' do
expect(values).to include('ingress')
expect(values).to include('hub')
expect(values).to include('rbac')
expect(values).to include('proxy')
expect(values).to include('auth')
expect(values).to include('singleuser')
expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
expect(values).to include("gitlabGroupWhitelist:\n - #{group.to_param}")
expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
expect(values).to match(/GITLAB_CLUSTER_ID: '?#{application.cluster.id}/)
end
end

View file

@ -147,12 +147,12 @@ describe Clusters::Applications::CreateService do
using RSpec::Parameterized::TableSyntax
where(:application, :association, :allowed, :pre_create_helm) do
'helm' | :application_helm | true | false
'ingress' | :application_ingress | true | true
'runner' | :application_runner | true | true
'prometheus' | :application_prometheus | true | true
'jupyter' | :application_jupyter | false | true
where(:application, :association, :allowed, :pre_create_helm, :pre_create_ingress) do
'helm' | :application_helm | true | false | false
'ingress' | :application_ingress | true | true | false
'runner' | :application_runner | true | true | false
'prometheus' | :application_prometheus | true | true | false
'jupyter' | :application_jupyter | true | true | true
end
with_them do
@ -160,6 +160,7 @@ describe Clusters::Applications::CreateService do
klass = "Clusters::Applications::#{application.titleize}"
allow_any_instance_of(klass.constantize).to receive(:make_scheduled!).and_call_original
create(:clusters_applications_helm, :installed, cluster: cluster) if pre_create_helm
create(:clusters_applications_ingress, :installed, cluster: cluster, external_hostname: 'example.com') if pre_create_ingress
end
let(:params) { { application: application } }