Create a GKE cluster with legacy_abac disabled when the :rbac_clusters
feature flag is enabled
Explicitly persist the legacy_abac value of the cluster_provider_gcp so that we can disable abac if the `:rbac_clusters` feature flag is enabled
This commit is contained in:
parent
2e47e1f80e
commit
c9af170d9a
6 changed files with 58 additions and 3 deletions
|
@ -25,11 +25,16 @@ module Clusters
|
|||
|
||||
params[:provider_gcp_attributes].try do |provider|
|
||||
provider[:access_token] = access_token
|
||||
provider[:legacy_abac] = legacy_abac_value
|
||||
end
|
||||
|
||||
@cluster_params = params.merge(user: current_user, projects: [project])
|
||||
end
|
||||
|
||||
def legacy_abac_value
|
||||
!Feature.enabled?(:rbac_clusters)
|
||||
end
|
||||
|
||||
def can_create_cluster?
|
||||
project.clusters.empty?
|
||||
end
|
||||
|
|
|
@ -28,7 +28,7 @@ module Clusters
|
|||
provider.cluster.name,
|
||||
provider.num_nodes,
|
||||
machine_type: provider.machine_type,
|
||||
legacy_abac: true
|
||||
legacy_abac: provider.legacy_abac
|
||||
)
|
||||
|
||||
unless operation.status == 'PENDING' || operation.status == 'RUNNING'
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddLegacyAbacToClusterProvidersGcp < ActiveRecord::Migration
|
||||
include Gitlab::Database::MigrationHelpers
|
||||
|
||||
DOWNTIME = false
|
||||
|
||||
disable_ddl_transaction!
|
||||
|
||||
def up
|
||||
add_column_with_default(:cluster_providers_gcp, :legacy_abac, :boolean, default: true)
|
||||
end
|
||||
|
||||
def down
|
||||
remove_column(:cluster_providers_gcp, :legacy_abac)
|
||||
end
|
||||
end
|
|
@ -11,7 +11,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 20180906101639) do
|
||||
ActiveRecord::Schema.define(version: 20180907015926) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
@ -620,6 +620,7 @@ ActiveRecord::Schema.define(version: 20180906101639) do
|
|||
t.string "endpoint"
|
||||
t.text "encrypted_access_token"
|
||||
t.string "encrypted_access_token_iv"
|
||||
t.boolean "legacy_abac", default: true, null: false
|
||||
end
|
||||
|
||||
add_index "cluster_providers_gcp", ["cluster_id"], name: "index_cluster_providers_gcp_on_cluster_id", unique: true, using: :btree
|
||||
|
|
|
@ -74,6 +74,24 @@ describe Clusters::Providers::Gcp do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#legacy_abac?' do
|
||||
let(:gcp) { build(:cluster_provider_gcp) }
|
||||
|
||||
subject { gcp }
|
||||
|
||||
it 'should default to true' do
|
||||
is_expected.to be_legacy_abac
|
||||
end
|
||||
|
||||
context 'legacy_abac is set to false' do
|
||||
let(:gcp) { build(:cluster_provider_gcp, legacy_abac: false) }
|
||||
|
||||
it 'is false' do
|
||||
is_expected.not_to be_legacy_abac
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#state_machine' do
|
||||
context 'when any => [:created]' do
|
||||
let(:gcp) { build(:cluster_provider_gcp, :creating) }
|
||||
|
|
|
@ -29,9 +29,12 @@ shared_context 'invalid cluster create params' do
|
|||
end
|
||||
|
||||
shared_examples 'create cluster service success' do
|
||||
it 'creates a cluster object and performs a worker' do
|
||||
before do
|
||||
stub_feature_flags(rbac_clusters: false)
|
||||
expect(ClusterProvisionWorker).to receive(:perform_async)
|
||||
end
|
||||
|
||||
it 'creates a cluster object and performs a worker' do
|
||||
expect { subject }
|
||||
.to change { Clusters::Cluster.count }.by(1)
|
||||
.and change { Clusters::Providers::Gcp.count }.by(1)
|
||||
|
@ -44,8 +47,19 @@ shared_examples 'create cluster service success' do
|
|||
expect(subject.provider.num_nodes).to eq(1)
|
||||
expect(subject.provider.machine_type).to eq('machine_type-a')
|
||||
expect(subject.provider.access_token).to eq(access_token)
|
||||
expect(subject.provider).to be_legacy_abac
|
||||
expect(subject.platform).to be_nil
|
||||
end
|
||||
|
||||
context 'rbac_clusters feature is enabled' do
|
||||
before do
|
||||
stub_feature_flags(rbac_clusters: true)
|
||||
end
|
||||
|
||||
it 'has legacy_abac false' do
|
||||
expect(subject.provider).not_to be_legacy_abac
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'create cluster service error' do
|
||||
|
|
Loading…
Reference in a new issue