Create a GKE cluster with legacy_abac disabled when the :rbac_clusters
feature flag is enabled
Explicitly persist the legacy_abac value of the cluster_provider_gcp so that we can disable abac if the `:rbac_clusters` feature flag is enabled
This commit is contained in:
parent
2e47e1f80e
commit
c9af170d9a
6 changed files with 58 additions and 3 deletions
|
@ -25,11 +25,16 @@ module Clusters
|
||||||
|
|
||||||
params[:provider_gcp_attributes].try do |provider|
|
params[:provider_gcp_attributes].try do |provider|
|
||||||
provider[:access_token] = access_token
|
provider[:access_token] = access_token
|
||||||
|
provider[:legacy_abac] = legacy_abac_value
|
||||||
end
|
end
|
||||||
|
|
||||||
@cluster_params = params.merge(user: current_user, projects: [project])
|
@cluster_params = params.merge(user: current_user, projects: [project])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def legacy_abac_value
|
||||||
|
!Feature.enabled?(:rbac_clusters)
|
||||||
|
end
|
||||||
|
|
||||||
def can_create_cluster?
|
def can_create_cluster?
|
||||||
project.clusters.empty?
|
project.clusters.empty?
|
||||||
end
|
end
|
||||||
|
|
|
@ -28,7 +28,7 @@ module Clusters
|
||||||
provider.cluster.name,
|
provider.cluster.name,
|
||||||
provider.num_nodes,
|
provider.num_nodes,
|
||||||
machine_type: provider.machine_type,
|
machine_type: provider.machine_type,
|
||||||
legacy_abac: true
|
legacy_abac: provider.legacy_abac
|
||||||
)
|
)
|
||||||
|
|
||||||
unless operation.status == 'PENDING' || operation.status == 'RUNNING'
|
unless operation.status == 'PENDING' || operation.status == 'RUNNING'
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
class AddLegacyAbacToClusterProvidersGcp < ActiveRecord::Migration
|
||||||
|
include Gitlab::Database::MigrationHelpers
|
||||||
|
|
||||||
|
DOWNTIME = false
|
||||||
|
|
||||||
|
disable_ddl_transaction!
|
||||||
|
|
||||||
|
def up
|
||||||
|
add_column_with_default(:cluster_providers_gcp, :legacy_abac, :boolean, default: true)
|
||||||
|
end
|
||||||
|
|
||||||
|
def down
|
||||||
|
remove_column(:cluster_providers_gcp, :legacy_abac)
|
||||||
|
end
|
||||||
|
end
|
|
@ -11,7 +11,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(version: 20180906101639) do
|
ActiveRecord::Schema.define(version: 20180907015926) do
|
||||||
|
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "plpgsql"
|
enable_extension "plpgsql"
|
||||||
|
@ -620,6 +620,7 @@ ActiveRecord::Schema.define(version: 20180906101639) do
|
||||||
t.string "endpoint"
|
t.string "endpoint"
|
||||||
t.text "encrypted_access_token"
|
t.text "encrypted_access_token"
|
||||||
t.string "encrypted_access_token_iv"
|
t.string "encrypted_access_token_iv"
|
||||||
|
t.boolean "legacy_abac", default: true, null: false
|
||||||
end
|
end
|
||||||
|
|
||||||
add_index "cluster_providers_gcp", ["cluster_id"], name: "index_cluster_providers_gcp_on_cluster_id", unique: true, using: :btree
|
add_index "cluster_providers_gcp", ["cluster_id"], name: "index_cluster_providers_gcp_on_cluster_id", unique: true, using: :btree
|
||||||
|
|
|
@ -74,6 +74,24 @@ describe Clusters::Providers::Gcp do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#legacy_abac?' do
|
||||||
|
let(:gcp) { build(:cluster_provider_gcp) }
|
||||||
|
|
||||||
|
subject { gcp }
|
||||||
|
|
||||||
|
it 'should default to true' do
|
||||||
|
is_expected.to be_legacy_abac
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'legacy_abac is set to false' do
|
||||||
|
let(:gcp) { build(:cluster_provider_gcp, legacy_abac: false) }
|
||||||
|
|
||||||
|
it 'is false' do
|
||||||
|
is_expected.not_to be_legacy_abac
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe '#state_machine' do
|
describe '#state_machine' do
|
||||||
context 'when any => [:created]' do
|
context 'when any => [:created]' do
|
||||||
let(:gcp) { build(:cluster_provider_gcp, :creating) }
|
let(:gcp) { build(:cluster_provider_gcp, :creating) }
|
||||||
|
|
|
@ -29,9 +29,12 @@ shared_context 'invalid cluster create params' do
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples 'create cluster service success' do
|
shared_examples 'create cluster service success' do
|
||||||
it 'creates a cluster object and performs a worker' do
|
before do
|
||||||
|
stub_feature_flags(rbac_clusters: false)
|
||||||
expect(ClusterProvisionWorker).to receive(:perform_async)
|
expect(ClusterProvisionWorker).to receive(:perform_async)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'creates a cluster object and performs a worker' do
|
||||||
expect { subject }
|
expect { subject }
|
||||||
.to change { Clusters::Cluster.count }.by(1)
|
.to change { Clusters::Cluster.count }.by(1)
|
||||||
.and change { Clusters::Providers::Gcp.count }.by(1)
|
.and change { Clusters::Providers::Gcp.count }.by(1)
|
||||||
|
@ -44,8 +47,19 @@ shared_examples 'create cluster service success' do
|
||||||
expect(subject.provider.num_nodes).to eq(1)
|
expect(subject.provider.num_nodes).to eq(1)
|
||||||
expect(subject.provider.machine_type).to eq('machine_type-a')
|
expect(subject.provider.machine_type).to eq('machine_type-a')
|
||||||
expect(subject.provider.access_token).to eq(access_token)
|
expect(subject.provider.access_token).to eq(access_token)
|
||||||
|
expect(subject.provider).to be_legacy_abac
|
||||||
expect(subject.platform).to be_nil
|
expect(subject.platform).to be_nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'rbac_clusters feature is enabled' do
|
||||||
|
before do
|
||||||
|
stub_feature_flags(rbac_clusters: true)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'has legacy_abac false' do
|
||||||
|
expect(subject.provider).not_to be_legacy_abac
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples 'create cluster service error' do
|
shared_examples 'create cluster service error' do
|
||||||
|
|
Loading…
Reference in a new issue