2019-02-15 15:39:39 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe Groups::ClustersController do
|
2019-02-15 15:39:39 +05:30
|
|
|
include AccessMatchersForController
|
|
|
|
include GoogleApi::CloudPlatformHelpers
|
|
|
|
|
2019-12-21 20:55:43 +05:30
|
|
|
let_it_be(:group) { create(:group) }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
|
|
|
let(:user) { create(:user) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
group.add_maintainer(user)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET index' do
|
|
|
|
def go(params = {})
|
|
|
|
get :index, params: params.reverse_merge(group_id: group)
|
|
|
|
end
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
describe 'functionality' do
|
|
|
|
context 'when group has one or more clusters' do
|
|
|
|
let(:group) { create(:group) }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
let!(:enabled_cluster) do
|
|
|
|
create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group])
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
let!(:disabled_cluster) do
|
|
|
|
create(:cluster, :disabled, :provided_by_gcp, :production_environment, cluster_type: :group_type, groups: [group])
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
it 'lists available clusters and renders html' do
|
2019-09-30 21:07:59 +05:30
|
|
|
go
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response).to render_template(:index)
|
|
|
|
expect(assigns(:clusters)).to match_array([enabled_cluster, disabled_cluster])
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
it 'lists available clusters with json serializer' do
|
|
|
|
go(format: :json)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response).to match_response_schema('cluster_list')
|
|
|
|
end
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
it 'sets the polling interval header for json requests' do
|
|
|
|
go(format: :json)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response.headers['Poll-Interval']).to eq("10000")
|
|
|
|
end
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
context 'when page is specified' do
|
|
|
|
let(:last_page) { group.clusters.page.total_pages }
|
2020-05-24 23:13:21 +05:30
|
|
|
let(:total_count) { group.clusters.page.total_count }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
before do
|
2020-05-24 23:13:21 +05:30
|
|
|
create_list(:cluster, 30, :provided_by_gcp, :production_environment, cluster_type: :group_type, groups: [group])
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
it 'redirects to the page' do
|
2020-05-24 23:13:21 +05:30
|
|
|
expect(last_page).to be > 1
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
go(page: last_page)
|
2019-02-15 15:39:39 +05:30
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2019-09-30 21:07:59 +05:30
|
|
|
expect(assigns(:clusters).current_page).to eq(last_page)
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
2020-05-24 23:13:21 +05:30
|
|
|
|
|
|
|
it 'displays cluster list for associated page' do
|
|
|
|
expect(last_page).to be > 1
|
|
|
|
|
|
|
|
go(page: last_page, format: :json)
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response.headers['X-Page'].to_i).to eq(last_page)
|
|
|
|
expect(response.headers['X-Total'].to_i).to eq(total_count)
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
2019-09-30 21:07:59 +05:30
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
context 'when group does not have a cluster' do
|
|
|
|
let(:group) { create(:group) }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
it 'returns an empty state page' do
|
|
|
|
go
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response).to render_template(:index, partial: :empty_state)
|
|
|
|
expect(assigns(:clusters)).to eq([])
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
|
|
|
let(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
2022-04-04 11:22:00 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:developer).of(group) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
it_behaves_like 'GET #metrics_dashboard for dashboard', 'Cluster health' do
|
|
|
|
let(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
|
|
|
let(:metrics_dashboard_req_params) do
|
|
|
|
{
|
|
|
|
id: cluster.id,
|
|
|
|
group_id: group.name
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET #prometheus_proxy' do
|
|
|
|
let(:proxyable) do
|
|
|
|
create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group])
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'metrics dashboard prometheus api proxy' do
|
|
|
|
let(:proxyable_params) do
|
|
|
|
{
|
|
|
|
id: proxyable.id.to_s,
|
|
|
|
group_id: group.name
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with anonymous user' do
|
|
|
|
let(:prometheus_body) { nil }
|
|
|
|
|
|
|
|
before do
|
|
|
|
sign_out(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404' do
|
|
|
|
get :prometheus_proxy, params: prometheus_proxy_params
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST create for existing cluster' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
name: 'new-cluster',
|
2019-07-31 22:56:46 +05:30
|
|
|
managed: '1',
|
2019-02-15 15:39:39 +05:30
|
|
|
platform_kubernetes_attributes: {
|
|
|
|
api_url: 'http://my-url',
|
|
|
|
token: 'test'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def go
|
|
|
|
post :create_user, params: params.merge(group_id: group)
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
describe 'functionality' do
|
|
|
|
context 'when creates a cluster' do
|
|
|
|
it 'creates a new cluster' do
|
|
|
|
expect(ClusterProvisionWorker).to receive(:perform_async)
|
|
|
|
|
|
|
|
expect { go }.to change { Clusters::Cluster.count }
|
|
|
|
.and change { Clusters::Platforms::Kubernetes.count }
|
|
|
|
|
|
|
|
cluster = group.clusters.first
|
|
|
|
|
|
|
|
expect(response).to redirect_to(group_cluster_path(group, cluster))
|
|
|
|
expect(cluster).to be_user
|
|
|
|
expect(cluster).to be_kubernetes
|
2019-07-31 22:56:46 +05:30
|
|
|
expect(cluster).to be_managed
|
2021-01-03 14:25:43 +05:30
|
|
|
expect(cluster).to be_namespace_per_environment
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when creates a RBAC-enabled cluster' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
name: 'new-cluster',
|
|
|
|
platform_kubernetes_attributes: {
|
|
|
|
api_url: 'http://my-url',
|
|
|
|
token: 'test',
|
|
|
|
authorization_type: 'rbac'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates a new cluster' do
|
|
|
|
expect(ClusterProvisionWorker).to receive(:perform_async)
|
|
|
|
|
|
|
|
expect { go }.to change { Clusters::Cluster.count }
|
|
|
|
.and change { Clusters::Platforms::Kubernetes.count }
|
|
|
|
|
|
|
|
cluster = group.clusters.first
|
|
|
|
|
|
|
|
expect(response).to redirect_to(group_cluster_path(group, cluster))
|
|
|
|
expect(cluster).to be_user
|
|
|
|
expect(cluster).to be_kubernetes
|
|
|
|
expect(cluster).to be_platform_kubernetes_rbac
|
2021-01-03 14:25:43 +05:30
|
|
|
expect(cluster).to be_namespace_per_environment
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
end
|
2019-07-31 22:56:46 +05:30
|
|
|
|
|
|
|
context 'when creates a user-managed cluster' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
name: 'new-cluster',
|
|
|
|
managed: '0',
|
|
|
|
platform_kubernetes_attributes: {
|
|
|
|
api_url: 'http://my-url',
|
|
|
|
token: 'test',
|
|
|
|
authorization_type: 'rbac'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates a new user-managed cluster' do
|
|
|
|
go
|
|
|
|
|
|
|
|
cluster = group.clusters.first
|
|
|
|
expect(cluster.managed?).to be_falsy
|
|
|
|
end
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
describe 'POST #create_aws' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
name: 'new-cluster',
|
|
|
|
provider_aws_attributes: {
|
|
|
|
key_name: 'key',
|
|
|
|
role_arn: 'arn:role',
|
|
|
|
region: 'region',
|
|
|
|
vpc_id: 'vpc',
|
|
|
|
instance_type: 'instance type',
|
|
|
|
num_nodes: 3,
|
|
|
|
security_group_id: 'security group',
|
|
|
|
subnet_ids: %w(subnet1 subnet2)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def post_create_aws
|
|
|
|
post :create_aws, params: params.merge(group_id: group)
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { post_create_aws }
|
|
|
|
end
|
|
|
|
|
2019-12-26 22:10:19 +05:30
|
|
|
it 'creates a new cluster' do
|
|
|
|
expect(ClusterProvisionWorker).to receive(:perform_async)
|
|
|
|
expect { post_create_aws }.to change { Clusters::Cluster.count }
|
|
|
|
.and change { Clusters::Providers::Aws.count }
|
|
|
|
|
|
|
|
cluster = group.clusters.first
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:created)
|
2019-12-26 22:10:19 +05:30
|
|
|
expect(response.location).to eq(group_cluster_path(group, cluster))
|
|
|
|
expect(cluster).to be_aws
|
|
|
|
expect(cluster).to be_kubernetes
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'params are invalid' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: { name: '' }
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create a cluster' do
|
|
|
|
expect { post_create_aws }.not_to change { Clusters::Cluster.count }
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
2021-02-22 17:27:13 +05:30
|
|
|
expect(response.media_type).to eq('application/json')
|
2019-12-26 22:10:19 +05:30
|
|
|
expect(response.body).to include('is invalid')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
|
|
|
before do
|
|
|
|
allow(WaitForClusterCreationWorker).to receive(:perform_in)
|
|
|
|
end
|
|
|
|
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { post_create_aws }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { post_create_aws }.to be_denied_for(:admin) }
|
2019-12-26 22:10:19 +05:30
|
|
|
it { expect { post_create_aws }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { post_create_aws }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { post_create_aws }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { post_create_aws }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { post_create_aws }.to be_denied_for(:user) }
|
|
|
|
it { expect { post_create_aws }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST authorize AWS role for EKS cluster' do
|
2020-09-03 11:15:55 +05:30
|
|
|
let!(:role) { create(:aws_role, user: user) }
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2020-09-03 11:15:55 +05:30
|
|
|
let(:role_arn) { 'arn:new-role' }
|
2019-12-26 22:10:19 +05:30
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
2020-09-03 11:15:55 +05:30
|
|
|
role_arn: role_arn
|
2019-12-26 22:10:19 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def go
|
|
|
|
post :authorize_aws_role, params: params.merge(group_id: group)
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
before do
|
|
|
|
allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
|
|
|
|
.and_return(double(execute: double))
|
|
|
|
end
|
|
|
|
|
2020-09-03 11:15:55 +05:30
|
|
|
it 'updates the associated role with the supplied ARN' do
|
|
|
|
go
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
2020-09-03 11:15:55 +05:30
|
|
|
expect(role.reload.role_arn).to eq(role_arn)
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
2020-09-03 11:15:55 +05:30
|
|
|
context 'supplied role is invalid' do
|
2019-12-26 22:10:19 +05:30
|
|
|
let(:role_arn) { 'invalid-role' }
|
|
|
|
|
2020-09-03 11:15:55 +05:30
|
|
|
it 'does not update the associated role' do
|
|
|
|
expect { go }.not_to change { role.role_arn }
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:unprocessable_entity)
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2020-09-03 11:15:55 +05:30
|
|
|
before do
|
|
|
|
allow_next_instance_of(Clusters::Aws::AuthorizeRoleService) do |service|
|
|
|
|
response = double(status: :ok, body: double)
|
|
|
|
|
|
|
|
allow(service).to receive(:execute).and_return(response)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-12-26 22:10:19 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
describe 'DELETE clear cluster cache' do
|
|
|
|
let(:cluster) { create(:cluster, :group, groups: [group]) }
|
|
|
|
let!(:kubernetes_namespace) do
|
|
|
|
create(:cluster_kubernetes_namespace,
|
|
|
|
cluster: cluster,
|
|
|
|
project: create(:project)
|
|
|
|
)
|
|
|
|
end
|
2019-12-26 22:10:19 +05:30
|
|
|
|
|
|
|
def go
|
2020-01-01 13:55:28 +05:30
|
|
|
delete :clear_cache,
|
|
|
|
params: {
|
|
|
|
group_id: group,
|
|
|
|
id: cluster
|
|
|
|
}
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
it 'deletes the namespaces associated with the cluster' do
|
|
|
|
expect { go }.to change { Clusters::KubernetesNamespace.count }
|
2019-12-26 22:10:19 +05:30
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
expect(response).to redirect_to(group_cluster_path(group, cluster))
|
|
|
|
expect(cluster.kubernetes_namespaces).to be_empty
|
2019-12-26 22:10:19 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-12-26 22:10:19 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
describe 'GET cluster_status' do
|
|
|
|
let(:cluster) { create(:cluster, :providing_by_gcp, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
|
|
|
def go
|
|
|
|
get :cluster_status,
|
|
|
|
params: {
|
|
|
|
group_id: group.to_param,
|
|
|
|
id: cluster
|
|
|
|
},
|
|
|
|
format: :json
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
describe 'functionality' do
|
|
|
|
it 'responds with matching schema' do
|
|
|
|
go
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(response).to match_response_schema('cluster_status')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'invokes schedule_status_update on each application' do
|
|
|
|
expect_any_instance_of(Clusters::Applications::Ingress).to receive(:schedule_status_update)
|
|
|
|
|
|
|
|
go
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET show' do
|
|
|
|
let(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
def go(tab: nil)
|
2019-02-15 15:39:39 +05:30
|
|
|
get :show,
|
|
|
|
params: {
|
|
|
|
group_id: group,
|
2021-04-29 21:17:54 +05:30
|
|
|
id: cluster,
|
|
|
|
tab: tab
|
2019-02-15 15:39:39 +05:30
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
describe 'functionality' do
|
2021-04-29 21:17:54 +05:30
|
|
|
render_views
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
it 'renders view' do
|
|
|
|
go
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
expect(assigns(:cluster)).to eq(cluster)
|
|
|
|
end
|
2021-04-29 21:17:54 +05:30
|
|
|
|
|
|
|
it 'renders integration tab view', :aggregate_failures do
|
|
|
|
go(tab: 'integrations')
|
|
|
|
|
|
|
|
expect(response).to render_template('clusters/clusters/_integrations')
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
2022-04-04 11:22:00 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:developer).of(group) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'PUT update' do
|
|
|
|
def go(format: :html)
|
|
|
|
put :update, params: params.merge(
|
|
|
|
group_id: group.to_param,
|
|
|
|
id: cluster,
|
|
|
|
format: format
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:cluster) { create(:cluster, :provided_by_user, cluster_type: :group_type, groups: [group]) }
|
2019-03-02 22:35:43 +05:30
|
|
|
let(:domain) { 'test-domain.com' }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
enabled: false,
|
2019-03-02 22:35:43 +05:30
|
|
|
name: 'my-new-cluster-name',
|
2019-09-04 21:01:54 +05:30
|
|
|
managed: false,
|
2019-03-02 22:35:43 +05:30
|
|
|
base_domain: domain
|
2019-02-15 15:39:39 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
it 'updates and redirects back to show page' do
|
|
|
|
go
|
|
|
|
|
|
|
|
cluster.reload
|
|
|
|
expect(response).to redirect_to(group_cluster_path(group, cluster))
|
|
|
|
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
|
|
|
|
expect(cluster.enabled).to be_falsey
|
|
|
|
expect(cluster.name).to eq('my-new-cluster-name')
|
2019-09-04 21:01:54 +05:30
|
|
|
expect(cluster).not_to be_managed
|
2019-03-02 22:35:43 +05:30
|
|
|
expect(cluster.domain).to eq('test-domain.com')
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when domain is invalid' do
|
|
|
|
let(:domain) { 'http://not-a-valid-domain' }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
it 'does not update cluster attributes' do
|
2019-03-02 22:35:43 +05:30
|
|
|
go
|
|
|
|
|
|
|
|
cluster.reload
|
|
|
|
expect(response).to render_template(:show)
|
|
|
|
expect(cluster.name).not_to eq('my-new-cluster-name')
|
|
|
|
expect(cluster.domain).not_to eq('test-domain.com')
|
|
|
|
end
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when format is json' do
|
|
|
|
context 'when changing parameters' do
|
|
|
|
context 'when valid parameters are used' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
enabled: false,
|
2019-03-02 22:35:43 +05:30
|
|
|
name: 'my-new-cluster-name',
|
2019-09-04 21:01:54 +05:30
|
|
|
managed: false,
|
2021-01-03 14:25:43 +05:30
|
|
|
namespace_per_environment: false,
|
2019-03-02 22:35:43 +05:30
|
|
|
domain: domain
|
2019-02-15 15:39:39 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'updates and redirects back to show page' do
|
|
|
|
go(format: :json)
|
|
|
|
|
|
|
|
cluster.reload
|
2020-03-13 15:44:24 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:no_content)
|
2019-02-15 15:39:39 +05:30
|
|
|
expect(cluster.enabled).to be_falsey
|
|
|
|
expect(cluster.name).to eq('my-new-cluster-name')
|
2019-09-04 21:01:54 +05:30
|
|
|
expect(cluster).not_to be_managed
|
2021-01-03 14:25:43 +05:30
|
|
|
expect(cluster).not_to be_namespace_per_environment
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when invalid parameters are used' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
cluster: {
|
|
|
|
enabled: false,
|
|
|
|
name: ''
|
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'rejects changes' do
|
|
|
|
go(format: :json)
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
2019-02-15 15:39:39 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2019-12-21 20:55:43 +05:30
|
|
|
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE destroy' do
|
|
|
|
let!(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
|
|
|
def go
|
|
|
|
delete :destroy,
|
|
|
|
params: {
|
|
|
|
group_id: group,
|
|
|
|
id: cluster
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
include_examples ':certificate_based_clusters feature flag controller responses' do
|
|
|
|
let(:subject) { go }
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
describe 'functionality' do
|
|
|
|
context 'when cluster is provided by GCP' do
|
|
|
|
context 'when cluster is created' do
|
|
|
|
it 'destroys and redirects back to clusters list' do
|
|
|
|
expect { go }
|
|
|
|
.to change { Clusters::Cluster.count }.by(-1)
|
|
|
|
.and change { Clusters::Platforms::Kubernetes.count }.by(-1)
|
|
|
|
.and change { Clusters::Providers::Gcp.count }.by(-1)
|
|
|
|
|
|
|
|
expect(response).to redirect_to(group_clusters_path(group))
|
|
|
|
expect(flash[:notice]).to eq('Kubernetes cluster integration was successfully removed.')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when cluster is being created' do
|
|
|
|
let!(:cluster) { create(:cluster, :providing_by_gcp, :production_environment, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
|
|
|
it 'destroys and redirects back to clusters list' do
|
|
|
|
expect { go }
|
|
|
|
.to change { Clusters::Cluster.count }.by(-1)
|
|
|
|
.and change { Clusters::Providers::Gcp.count }.by(-1)
|
|
|
|
|
|
|
|
expect(response).to redirect_to(group_clusters_path(group))
|
|
|
|
expect(flash[:notice]).to eq('Kubernetes cluster integration was successfully removed.')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when cluster is provided by user' do
|
|
|
|
let!(:cluster) { create(:cluster, :provided_by_user, :production_environment, cluster_type: :group_type, groups: [group]) }
|
|
|
|
|
|
|
|
it 'destroys and redirects back to clusters list' do
|
|
|
|
expect { go }
|
|
|
|
.to change { Clusters::Cluster.count }.by(-1)
|
|
|
|
.and change { Clusters::Platforms::Kubernetes.count }.by(-1)
|
|
|
|
.and change { Clusters::Providers::Gcp.count }.by(0)
|
|
|
|
|
|
|
|
expect(response).to redirect_to(group_clusters_path(group))
|
|
|
|
expect(flash[:notice]).to eq('Kubernetes cluster integration was successfully removed.')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'security' do
|
2019-12-21 20:55:43 +05:30
|
|
|
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, cluster_type: :group_type, groups: [group]) }
|
2019-02-15 15:39:39 +05:30
|
|
|
|
2021-04-17 20:07:23 +05:30
|
|
|
it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) }
|
|
|
|
it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) }
|
2019-02-15 15:39:39 +05:30
|
|
|
it { expect { go }.to be_allowed_for(:owner).of(group) }
|
|
|
|
it { expect { go }.to be_allowed_for(:maintainer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:developer).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:reporter).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:guest).of(group) }
|
|
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'no group_id param' do
|
|
|
|
it 'does not respond to any action without group_id param' do
|
|
|
|
expect { get :index }.to raise_error(ActionController::UrlGenerationError)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|