kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/services/clusters/gcp/finalize_creation_service_spec.rb
Tiger 74702f0e0e Enable project-level JIT resource creation 
Previously this behaviour was only available to group
and instance-level clusters, as some project clusters
relied on Kubernetes credentials being passed through
to the runner instead of having their resources managed
by GitLab (which is not available when using JIT). These
clusters have been migrated to unmanaged, so resources
can be created on demand for the remaining managed clusters.
2019-06-18 12:43:52 +10:00

155 lines
4 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require 'spec_helper'
describe Clusters::Gcp::FinalizeCreationService, '#execute' do
include GoogleApi::CloudPlatformHelpers
include KubernetesHelpers
let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
let(:provider) { cluster.provider }
let(:platform) { cluster.platform }
let(:endpoint) { '111.111.111.111' }
let(:api_url) { 'https://' + endpoint }
let(:username) { 'sample-username' }
let(:password) { 'sample-password' }
let(:secret_name) { 'gitlab-token' }
let(:token) { 'sample-token' }
let(:namespace) { "#{cluster.project.path}-#{cluster.project.id}" }
subject { described_class.new.execute(provider) }
shared_examples 'success' do
it 'configures provider and kubernetes' do
subject
expect(provider).to be_created
end
it 'properly configures database models' do
subject
cluster.reload
expect(provider.endpoint).to eq(endpoint)
expect(platform.api_url).to eq(api_url)
expect(platform.ca_cert).to eq(Base64.decode64(load_sample_cert).strip)
expect(platform.username).to eq(username)
expect(platform.password).to eq(password)
expect(platform.token).to eq(token)
end
end
shared_examples 'error' do
it 'sets an error to provider object' do
subject
expect(provider.reload).to be_errored
end
end
shared_examples 'kubernetes information not successfully fetched' do
context 'when failed to fetch gke cluster info' do
before do
stub_cloud_platform_get_zone_cluster_error(provider.gcp_project_id, provider.zone, cluster.name)
end
it_behaves_like 'error'
end
context 'when token is empty' do
let(:token) { '' }
it_behaves_like 'error'
end
context 'when failed to fetch kubernetes token' do
before do
stub_kubeclient_get_secret_error(api_url, secret_name, namespace: 'default')
end
it_behaves_like 'error'
end
context 'when service account fails to create' do
before do
stub_kubeclient_create_service_account_error(api_url, namespace: 'default')
end
it_behaves_like 'error'
end
end
shared_context 'kubernetes information successfully fetched' do
before do
stub_cloud_platform_get_zone_cluster(
provider.gcp_project_id, provider.zone, cluster.name,
{
endpoint: endpoint,
username: username,
password: password
}
)
stub_kubeclient_discover(api_url)
stub_kubeclient_get_namespace(api_url)
stub_kubeclient_create_namespace(api_url)
stub_kubeclient_get_service_account_error(api_url, 'gitlab')
stub_kubeclient_create_service_account(api_url)
stub_kubeclient_create_secret(api_url)
stub_kubeclient_put_secret(api_url, 'gitlab-token')
stub_kubeclient_get_secret(
api_url,
{
metadata_name: secret_name,
token: Base64.encode64(token),
namespace: 'default'
}
)
end
end
context 'With a legacy ABAC cluster' do
before do
provider.legacy_abac = true
end
include_context 'kubernetes information successfully fetched'
it_behaves_like 'success'
it 'uses ABAC authorization type' do
subject
cluster.reload
expect(platform).to be_abac
expect(platform.authorization_type).to eq('abac')
end
it_behaves_like 'kubernetes information not successfully fetched'
end
context 'With an RBAC cluster' do
before do
provider.legacy_abac = false
stub_kubeclient_get_cluster_role_binding_error(api_url, 'gitlab-admin')
stub_kubeclient_create_cluster_role_binding(api_url)
end
include_context 'kubernetes information successfully fetched'
it_behaves_like 'success'
it 'uses RBAC authorization type' do
subject
cluster.reload
expect(platform).to be_rbac
expect(platform.authorization_type).to eq('rbac')
end
it_behaves_like 'kubernetes information not successfully fetched'
end
end
View git blame Copy permalink