debian-mirror-gitlab/spec/models/clusters/applications/cert_manager_spec.rb

149 lines
5.3 KiB
Ruby
Raw Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
2019-12-04 20:38:33 +05:30
require 'spec_helper'
2019-02-15 15:39:39 +05:30
2020-07-28 23:09:34 +05:30
RSpec.describe Clusters::Applications::CertManager do
2019-10-12 21:52:04 +05:30
let(:cert_manager) { create(:clusters_applications_cert_manager) }
2019-02-15 15:39:39 +05:30
2019-10-12 21:52:04 +05:30
include_examples 'cluster application core specs', :clusters_applications_cert_manager
include_examples 'cluster application status specs', :clusters_applications_cert_manager
include_examples 'cluster application version specs', :clusters_applications_cert_manager
2019-03-02 22:35:43 +05:30
include_examples 'cluster application initial status specs'
2019-02-15 15:39:39 +05:30
2019-07-31 22:56:46 +05:30
describe '#can_uninstall?' do
subject { cert_manager.can_uninstall? }
2019-10-12 21:52:04 +05:30
it { is_expected.to be_truthy }
2019-07-31 22:56:46 +05:30
end
2019-02-15 15:39:39 +05:30
describe '#install_command' do
2019-07-07 11:18:12 +05:30
let(:cert_email) { 'admin@example.com' }
let(:cluster_issuer_file) do
file_contents = <<~EOF
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: #{cert_email}
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
EOF
{ "cluster_issuer.yaml": file_contents }
end
2019-02-15 15:39:39 +05:30
subject { cert_manager.install_command }
2021-01-29 00:20:46 +05:30
it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::V3::InstallCommand) }
2019-02-15 15:39:39 +05:30
2019-07-07 11:18:12 +05:30
it 'is initialized with cert_manager arguments' do
2019-02-15 15:39:39 +05:30
expect(subject.name).to eq('certmanager')
2019-12-04 20:38:33 +05:30
expect(subject.chart).to eq('certmanager/cert-manager')
expect(subject.repository).to eq('https://charts.jetstack.io')
2020-04-08 14:13:33 +05:30
expect(subject.version).to eq('v0.10.1')
2019-02-15 15:39:39 +05:30
expect(subject).to be_rbac
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
2019-12-04 20:38:33 +05:30
expect(subject.preinstall).to eq([
2020-04-08 14:13:33 +05:30
'kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.10/deploy/manifests/00-crds.yaml',
2019-12-04 20:38:33 +05:30
'kubectl label --overwrite namespace gitlab-managed-apps certmanager.k8s.io/disable-validation=true'
])
expect(subject.postinstall).to eq([
2019-12-26 22:10:19 +05:30
"for i in $(seq 1 90); do kubectl apply -f /data/helm/certmanager/config/cluster_issuer.yaml && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)"
2019-12-04 20:38:33 +05:30
])
2019-02-15 15:39:39 +05:30
end
context 'for a specific user' do
2019-07-07 11:18:12 +05:30
let(:cert_email) { 'abc@xyz.com' }
2019-02-15 15:39:39 +05:30
before do
2019-07-07 11:18:12 +05:30
cert_manager.email = cert_email
2019-02-15 15:39:39 +05:30
end
2020-03-13 15:44:24 +05:30
it 'uses their email to register issuer with certificate provider' do
2019-02-15 15:39:39 +05:30
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
end
end
context 'on a non rbac enabled cluster' do
before do
cert_manager.cluster.platform_kubernetes.abac!
end
it { is_expected.not_to be_rbac }
end
context 'application failed to install previously' do
2019-10-12 21:52:04 +05:30
let(:cert_manager) { create(:clusters_applications_cert_manager, :errored, version: '0.0.1') }
2019-02-15 15:39:39 +05:30
2019-07-07 11:18:12 +05:30
it 'is initialized with the locked version' do
2020-04-08 14:13:33 +05:30
expect(subject.version).to eq('v0.10.1')
2019-02-15 15:39:39 +05:30
end
end
end
2019-10-12 21:52:04 +05:30
describe '#uninstall_command' do
subject { cert_manager.uninstall_command }
2021-01-29 00:20:46 +05:30
it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::V3::DeleteCommand) }
2019-10-12 21:52:04 +05:30
it 'is initialized with cert_manager arguments' do
expect(subject.name).to eq('certmanager')
expect(subject).to be_rbac
expect(subject.files).to eq(cert_manager.files)
end
it 'specifies a post delete command to remove custom resource definitions' do
expect(subject.postdelete).to eq([
2019-12-04 20:38:33 +05:30
'kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found',
2019-10-12 21:52:04 +05:30
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
2019-12-04 20:38:33 +05:30
'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
2019-10-12 21:52:04 +05:30
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
2019-12-04 20:38:33 +05:30
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
2019-10-12 21:52:04 +05:30
])
end
context 'secret key name is not found' do
before do
allow(File).to receive(:read).and_call_original
expect(File).to receive(:read)
.with(Rails.root.join('vendor', 'cert_manager', 'cluster_issuer.yaml'))
.and_return('key: value')
end
it 'does not try and delete the secret' do
expect(subject.postdelete).to eq([
'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
2019-12-04 20:38:33 +05:30
'kubectl delete crd certificaterequests.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd challenges.certmanager.k8s.io --ignore-not-found',
2019-10-12 21:52:04 +05:30
'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
2019-12-04 20:38:33 +05:30
'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found',
'kubectl delete crd orders.certmanager.k8s.io --ignore-not-found'
2019-10-12 21:52:04 +05:30
])
end
end
end
2019-02-15 15:39:39 +05:30
describe '#files' do
let(:application) { cert_manager }
let(:values) { subject[:'values.yaml'] }
subject { application.files }
2019-07-07 11:18:12 +05:30
it 'includes cert_manager specific keys in the values.yaml file' do
2019-02-15 15:39:39 +05:30
expect(values).to include('ingressShim')
end
end
describe 'validations' do
it { is_expected.to validate_presence_of(:email) }
end
end