From c9af170d9aeeb39dbb41a99c00402beb384da0e9 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Fri, 7 Sep 2018 15:07:47 +1200
Subject: [PATCH] Create a GKE cluster with legacy_abac disabled when the
 `:rbac_clusters` feature flag is enabled

Explicitly persist the legacy_abac value of the cluster_provider_gcp so that we can disable abac if the `:rbac_clusters` feature flag is enabled
---
 app/services/clusters/create_service.rb        |  5 +++++
 app/services/clusters/gcp/provision_service.rb |  2 +-
 ...add_legacy_abac_to_cluster_providers_gcp.rb | 17 +++++++++++++++++
 db/schema.rb                                   |  3 ++-
 spec/models/clusters/providers/gcp_spec.rb     | 18 ++++++++++++++++++
 .../services/clusters/create_service_shared.rb | 16 +++++++++++++++-
 6 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 db/migrate/20180907015926_add_legacy_abac_to_cluster_providers_gcp.rb

diff --git a/app/services/clusters/create_service.rb b/app/services/clusters/create_service.rb
index e3e0cfa462c..eb171daa694 100644
--- a/app/services/clusters/create_service.rb
+++ b/app/services/clusters/create_service.rb
@@ -25,11 +25,16 @@ module Clusters
 
       params[:provider_gcp_attributes].try do |provider|
         provider[:access_token] = access_token
+        provider[:legacy_abac] = legacy_abac_value
       end
 
       @cluster_params = params.merge(user: current_user, projects: [project])
     end
 
+    def legacy_abac_value
+      !Feature.enabled?(:rbac_clusters)
+    end
+
     def can_create_cluster?
       project.clusters.empty?
     end
diff --git a/app/services/clusters/gcp/provision_service.rb b/app/services/clusters/gcp/provision_service.rb
index 0d8b39a552b..80040511ec2 100644
--- a/app/services/clusters/gcp/provision_service.rb
+++ b/app/services/clusters/gcp/provision_service.rb
@@ -28,7 +28,7 @@ module Clusters
           provider.cluster.name,
           provider.num_nodes,
           machine_type: provider.machine_type,
-          legacy_abac: true
+          legacy_abac: provider.legacy_abac
         )
 
         unless operation.status == 'PENDING' || operation.status == 'RUNNING'
diff --git a/db/migrate/20180907015926_add_legacy_abac_to_cluster_providers_gcp.rb b/db/migrate/20180907015926_add_legacy_abac_to_cluster_providers_gcp.rb
new file mode 100644
index 00000000000..933047e32de
--- /dev/null
+++ b/db/migrate/20180907015926_add_legacy_abac_to_cluster_providers_gcp.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddLegacyAbacToClusterProvidersGcp < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default(:cluster_providers_gcp, :legacy_abac, :boolean, default: true)
+  end
+
+  def down
+    remove_column(:cluster_providers_gcp, :legacy_abac)
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index d888891c8ea..9c01d03f683 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180906101639) do
+ActiveRecord::Schema.define(version: 20180907015926) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -620,6 +620,7 @@ ActiveRecord::Schema.define(version: 20180906101639) do
     t.string "endpoint"
     t.text "encrypted_access_token"
     t.string "encrypted_access_token_iv"
+    t.boolean "legacy_abac", default: true, null: false
   end
 
   add_index "cluster_providers_gcp", ["cluster_id"], name: "index_cluster_providers_gcp_on_cluster_id", unique: true, using: :btree
diff --git a/spec/models/clusters/providers/gcp_spec.rb b/spec/models/clusters/providers/gcp_spec.rb
index b38b5e6bcad..d134608b538 100644
--- a/spec/models/clusters/providers/gcp_spec.rb
+++ b/spec/models/clusters/providers/gcp_spec.rb
@@ -74,6 +74,24 @@ describe Clusters::Providers::Gcp do
     end
   end
 
+  describe '#legacy_abac?' do
+    let(:gcp) { build(:cluster_provider_gcp) }
+
+    subject { gcp }
+
+    it 'should default to true' do
+      is_expected.to be_legacy_abac
+    end
+
+    context 'legacy_abac is set to false' do
+      let(:gcp) { build(:cluster_provider_gcp, legacy_abac: false) }
+
+      it 'is false' do
+        is_expected.not_to be_legacy_abac
+      end
+    end
+  end
+
   describe '#state_machine' do
     context 'when any => [:created]' do
       let(:gcp) { build(:cluster_provider_gcp, :creating) }
diff --git a/spec/support/services/clusters/create_service_shared.rb b/spec/support/services/clusters/create_service_shared.rb
index 43a2fd05498..b45ad3f6b8c 100644
--- a/spec/support/services/clusters/create_service_shared.rb
+++ b/spec/support/services/clusters/create_service_shared.rb
@@ -29,9 +29,12 @@ shared_context 'invalid cluster create params' do
 end
 
 shared_examples 'create cluster service success' do
-  it 'creates a cluster object and performs a worker' do
+  before do
+    stub_feature_flags(rbac_clusters: false)
     expect(ClusterProvisionWorker).to receive(:perform_async)
+  end
 
+  it 'creates a cluster object and performs a worker' do
     expect { subject }
       .to change { Clusters::Cluster.count }.by(1)
       .and change { Clusters::Providers::Gcp.count }.by(1)
@@ -44,8 +47,19 @@ shared_examples 'create cluster service success' do
     expect(subject.provider.num_nodes).to eq(1)
     expect(subject.provider.machine_type).to eq('machine_type-a')
     expect(subject.provider.access_token).to eq(access_token)
+    expect(subject.provider).to be_legacy_abac
     expect(subject.platform).to be_nil
   end
+
+  context 'rbac_clusters feature is enabled' do
+    before do
+      stub_feature_flags(rbac_clusters: true)
+    end
+
+    it 'has legacy_abac false' do
+      expect(subject.provider).not_to be_legacy_abac
+    end
+  end
 end
 
 shared_examples 'create cluster service error' do