2019-12-26 22:10:19 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
RSpec.describe Clusters::Aws::FinalizeCreationService do
|
2019-12-26 22:10:19 +05:30
|
|
|
describe '#execute' do
|
|
|
|
let(:provider) { create(:cluster_provider_aws, :creating) }
|
|
|
|
let(:platform) { provider.cluster.platform_kubernetes }
|
|
|
|
|
|
|
|
let(:create_service_account_service) { double(execute: true) }
|
|
|
|
let(:fetch_token_service) { double(execute: gitlab_token) }
|
|
|
|
let(:kube_client) { double(create_config_map: true) }
|
|
|
|
let(:cluster_stack) { double(outputs: [endpoint_output, cert_output, node_role_output]) }
|
|
|
|
let(:node_auth_config_map) { double }
|
|
|
|
|
|
|
|
let(:endpoint_output) { double(output_key: 'ClusterEndpoint', output_value: api_url) }
|
|
|
|
let(:cert_output) { double(output_key: 'ClusterCertificate', output_value: Base64.encode64(ca_pem)) }
|
|
|
|
let(:node_role_output) { double(output_key: 'NodeInstanceRole', output_value: node_role) }
|
|
|
|
|
|
|
|
let(:api_url) { 'https://kubernetes.example.com' }
|
|
|
|
let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) }
|
|
|
|
let(:gitlab_token) { 'gitlab-token' }
|
|
|
|
let(:iam_token) { 'iam-token' }
|
|
|
|
let(:node_role) { 'arn::aws::iam::123456789012:role/node-role' }
|
|
|
|
|
|
|
|
subject { described_class.new.execute(provider) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(Clusters::Kubernetes::CreateOrUpdateServiceAccountService).to receive(:gitlab_creator)
|
|
|
|
.with(kube_client, rbac: true)
|
|
|
|
.and_return(create_service_account_service)
|
|
|
|
|
|
|
|
allow(Clusters::Kubernetes::FetchKubernetesTokenService).to receive(:new)
|
|
|
|
.with(
|
|
|
|
kube_client,
|
|
|
|
Clusters::Kubernetes::GITLAB_ADMIN_TOKEN_NAME,
|
|
|
|
Clusters::Kubernetes::GITLAB_SERVICE_ACCOUNT_NAMESPACE)
|
|
|
|
.and_return(fetch_token_service)
|
|
|
|
|
|
|
|
allow(Gitlab::Kubernetes::KubeClient).to receive(:new)
|
|
|
|
.with(
|
|
|
|
api_url,
|
|
|
|
auth_options: { bearer_token: iam_token },
|
|
|
|
ssl_options: {
|
|
|
|
verify_ssl: OpenSSL::SSL::VERIFY_PEER,
|
|
|
|
cert_store: instance_of(OpenSSL::X509::Store)
|
|
|
|
},
|
|
|
|
http_proxy_uri: nil
|
|
|
|
)
|
|
|
|
.and_return(kube_client)
|
|
|
|
|
|
|
|
allow(provider.api_client).to receive(:describe_stacks)
|
|
|
|
.with(stack_name: provider.cluster.name)
|
|
|
|
.and_return(double(stacks: [cluster_stack]))
|
|
|
|
|
|
|
|
allow(Kubeclient::AmazonEksCredentials).to receive(:token)
|
|
|
|
.with(provider.credentials, provider.cluster.name)
|
|
|
|
.and_return(iam_token)
|
|
|
|
|
|
|
|
allow(Gitlab::Kubernetes::ConfigMaps::AwsNodeAuth).to receive(:new)
|
|
|
|
.with(node_role).and_return(double(generate: node_auth_config_map))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'configures the provider and platform' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(provider).to be_created
|
|
|
|
expect(platform.api_url).to eq(api_url)
|
|
|
|
expect(platform.ca_pem).to eq(ca_pem)
|
|
|
|
expect(platform.token).to eq(gitlab_token)
|
|
|
|
expect(platform).to be_rbac
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'calls the create_service_account_service' do
|
|
|
|
expect(create_service_account_service).to receive(:execute).once
|
|
|
|
|
|
|
|
subject
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'configures cluster node authentication' do
|
|
|
|
expect(kube_client).to receive(:create_config_map).with(node_auth_config_map).once
|
|
|
|
|
|
|
|
subject
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'error handling' do
|
|
|
|
shared_examples 'provision error' do |message|
|
|
|
|
it "sets the status to :errored with an appropriate error message" do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(provider).to be_errored
|
|
|
|
expect(provider.status_reason).to include(message)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'failed to request stack details from AWS' do
|
|
|
|
before do
|
|
|
|
allow(provider.api_client).to receive(:describe_stacks)
|
|
|
|
.and_raise(Aws::CloudFormation::Errors::ServiceError.new(double, "Error message"))
|
|
|
|
end
|
|
|
|
|
|
|
|
include_examples 'provision error', 'Failed to fetch CloudFormation stack'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'failed to create auth config map' do
|
|
|
|
before do
|
|
|
|
allow(kube_client).to receive(:create_config_map)
|
|
|
|
.and_raise(Kubeclient::HttpError.new(500, 'Error', nil))
|
|
|
|
end
|
|
|
|
|
|
|
|
include_examples 'provision error', 'Failed to run Kubeclient'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'failed to save records' do
|
|
|
|
before do
|
|
|
|
allow(provider.cluster).to receive(:save!)
|
|
|
|
.and_raise(ActiveRecord::RecordInvalid)
|
|
|
|
end
|
|
|
|
|
|
|
|
include_examples 'provision error', 'Failed to configure EKS provider'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|