diff --git a/app/models/clusters/applications/jupyter.rb b/app/models/clusters/applications/jupyter.rb index fb74d96efe3..ec65482a846 100644 --- a/app/models/clusters/applications/jupyter.rb +++ b/app/models/clusters/applications/jupyter.rb @@ -85,7 +85,8 @@ module Clusters "clientId" => oauth_application.uid, "clientSecret" => oauth_application.secret, "callbackUrl" => callback_url, - "gitlabProjectIdWhitelist" => [project_id] + "gitlabProjectIdWhitelist" => cluster.projects.ids, + "gitlabGroupWhitelist" => cluster.groups.map(&:to_param) } }, "singleuser" => { @@ -101,10 +102,6 @@ module Clusters @crypto_key ||= SecureRandom.hex(32) end - def project_id - cluster&.project&.id - end - def gitlab_url Gitlab.config.gitlab.url end diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index 444e1a82c97..ef1af1fc8bc 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -10,15 +10,15 @@ module Clusters self.table_name = 'clusters' PROJECT_ONLY_APPLICATIONS = { - Applications::Jupyter.application_name => Applications::Jupyter, Applications::Knative.application_name => Applications::Knative }.freeze APPLICATIONS = { Applications::Helm.application_name => Applications::Helm, Applications::Ingress.application_name => Applications::Ingress, Applications::CertManager.application_name => Applications::CertManager, + Applications::Prometheus.application_name => Applications::Prometheus, Applications::Runner.application_name => Applications::Runner, - Applications::Prometheus.application_name => Applications::Prometheus + Applications::Jupyter.application_name => Applications::Jupyter }.merge(PROJECT_ONLY_APPLICATIONS).freeze DEFAULT_ENVIRONMENT = '*' KUBE_INGRESS_BASE_DOMAIN = 'KUBE_INGRESS_BASE_DOMAIN' diff --git a/changelogs/unreleased/group_level_jupyterhub.yml b/changelogs/unreleased/group_level_jupyterhub.yml new file mode 100644 index 00000000000..81fc7600e0e --- /dev/null +++ b/changelogs/unreleased/group_level_jupyterhub.yml @@ -0,0 +1,5 @@ +--- +title: Group level JupyterHub +merge_request: 32512 +author: +type: added diff --git a/spec/models/clusters/applications/jupyter_spec.rb b/spec/models/clusters/applications/jupyter_spec.rb index 1b39328752d..e1eee014567 100644 --- a/spec/models/clusters/applications/jupyter_spec.rb +++ b/spec/models/clusters/applications/jupyter_spec.rb @@ -81,27 +81,45 @@ describe Clusters::Applications::Jupyter do end describe '#files' do - let(:application) { create(:clusters_applications_jupyter) } + let(:cluster) { create(:cluster, :with_installed_helm, :provided_by_gcp, :project) } + let(:application) { create(:clusters_applications_jupyter, cluster: cluster) } let(:values) { subject[:'values.yaml'] } subject { application.files } - it 'includes valid values' do - expect(values).to include('ingress') - expect(values).to include('hub') - expect(values).to include('rbac') - expect(values).to include('proxy') - expect(values).to include('auth') - expect(values).to include('singleuser') - expect(values).to match(/clientId: '?#{application.oauth_application.uid}/) - expect(values).to match(/callbackUrl: '?#{application.callback_url}/) - expect(values).to include("gitlabProjectIdWhitelist:\n - #{application.cluster.project.id}") - expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']") - expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/) + context 'when cluster belongs to a project' do + it 'includes valid values' do + expect(values).to include('ingress') + expect(values).to include('hub') + expect(values).to include('rbac') + expect(values).to include('proxy') + expect(values).to include('auth') + expect(values).to include('singleuser') + expect(values).to match(/clientId: '?#{application.oauth_application.uid}/) + expect(values).to match(/callbackUrl: '?#{application.callback_url}/) + expect(values).to include("gitlabProjectIdWhitelist:\n - #{application.cluster.project.id}") + expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']") + expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/) + expect(values).to match(/GITLAB_CLUSTER_ID: '?#{application.cluster.id}/) + end end - context 'when cluster belongs to a project' do - it 'sets GitLab project id' do + context 'when cluster belongs to a group' do + let(:group) { create(:group) } + let(:cluster) { create(:cluster, :with_installed_helm, :provided_by_gcp, :group, groups: [group]) } + + it 'includes valid values' do + expect(values).to include('ingress') + expect(values).to include('hub') + expect(values).to include('rbac') + expect(values).to include('proxy') + expect(values).to include('auth') + expect(values).to include('singleuser') + expect(values).to match(/clientId: '?#{application.oauth_application.uid}/) + expect(values).to match(/callbackUrl: '?#{application.callback_url}/) + expect(values).to include("gitlabGroupWhitelist:\n - #{group.to_param}") + expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']") + expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/) expect(values).to match(/GITLAB_CLUSTER_ID: '?#{application.cluster.id}/) end end diff --git a/spec/services/clusters/applications/create_service_spec.rb b/spec/services/clusters/applications/create_service_spec.rb index bb86a742f0e..8dd573c3698 100644 --- a/spec/services/clusters/applications/create_service_spec.rb +++ b/spec/services/clusters/applications/create_service_spec.rb @@ -147,12 +147,12 @@ describe Clusters::Applications::CreateService do using RSpec::Parameterized::TableSyntax - where(:application, :association, :allowed, :pre_create_helm) do - 'helm' | :application_helm | true | false - 'ingress' | :application_ingress | true | true - 'runner' | :application_runner | true | true - 'prometheus' | :application_prometheus | true | true - 'jupyter' | :application_jupyter | false | true + where(:application, :association, :allowed, :pre_create_helm, :pre_create_ingress) do + 'helm' | :application_helm | true | false | false + 'ingress' | :application_ingress | true | true | false + 'runner' | :application_runner | true | true | false + 'prometheus' | :application_prometheus | true | true | false + 'jupyter' | :application_jupyter | true | true | true end with_them do @@ -160,6 +160,7 @@ describe Clusters::Applications::CreateService do klass = "Clusters::Applications::#{application.titleize}" allow_any_instance_of(klass.constantize).to receive(:make_scheduled!).and_call_original create(:clusters_applications_helm, :installed, cluster: cluster) if pre_create_helm + create(:clusters_applications_ingress, :installed, cluster: cluster, external_hostname: 'example.com') if pre_create_ingress end let(:params) { { application: application } }