debian-mirror-gitlab/spec/models/clusters/applications/ingress_spec.rb

266 lines
8.5 KiB
Ruby
Raw Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
2019-12-04 20:38:33 +05:30
require 'spec_helper'
2018-03-17 18:26:18 +05:30
2020-07-28 23:09:34 +05:30
RSpec.describe Clusters::Applications::Ingress do
2018-03-27 19:54:05 +05:30
let(:ingress) { create(:clusters_applications_ingress) }
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
it_behaves_like 'having unique enum values'
2018-03-27 19:54:05 +05:30
include_examples 'cluster application core specs', :clusters_applications_ingress
2018-12-13 13:39:08 +05:30
include_examples 'cluster application status specs', :clusters_applications_ingress
2019-03-02 22:35:43 +05:30
include_examples 'cluster application version specs', :clusters_applications_ingress
2019-02-15 15:39:39 +05:30
include_examples 'cluster application helm specs', :clusters_applications_ingress
2019-03-02 22:35:43 +05:30
include_examples 'cluster application initial status specs'
2018-03-27 19:54:05 +05:30
before do
allow(ClusterWaitForIngressIpAddressWorker).to receive(:perform_in)
allow(ClusterWaitForIngressIpAddressWorker).to receive(:perform_async)
end
2019-07-31 22:56:46 +05:30
describe '#can_uninstall?' do
subject { ingress.can_uninstall? }
2020-04-22 19:07:51 +05:30
context 'with jupyter installed' do
before do
create(:clusters_applications_jupyter, :installed, cluster: ingress.cluster)
end
2019-09-30 21:07:59 +05:30
2020-04-22 19:07:51 +05:30
it 'returns false if external_ip_or_hostname? is true' do
ingress.external_ip = 'IP'
2019-09-30 21:07:59 +05:30
2020-04-22 19:07:51 +05:30
is_expected.to be_falsey
end
2019-09-30 21:07:59 +05:30
2020-04-22 19:07:51 +05:30
it 'returns false if external_ip_or_hostname? is false' do
is_expected.to be_falsey
end
2019-09-30 21:07:59 +05:30
end
2020-04-22 19:07:51 +05:30
context 'with jupyter installable' do
before do
create(:clusters_applications_jupyter, :installable, cluster: ingress.cluster)
end
2019-12-26 22:10:19 +05:30
2020-04-22 19:07:51 +05:30
it 'returns true if external_ip_or_hostname? is true' do
ingress.external_ip = 'IP'
is_expected.to be_truthy
end
it 'returns false if external_ip_or_hostname? is false' do
is_expected.to be_falsey
end
2019-12-26 22:10:19 +05:30
end
2020-04-22 19:07:51 +05:30
context 'with jupyter nil' do
it 'returns false if external_ip_or_hostname? is false' do
is_expected.to be_falsey
end
context 'if external_ip_or_hostname? is true' do
context 'with IP' do
before do
ingress.external_ip = 'IP'
end
it { is_expected.to be_truthy }
end
context 'with hostname' do
before do
ingress.external_hostname = 'example.com'
end
it { is_expected.to be_truthy }
end
end
2019-09-30 21:07:59 +05:30
end
2019-07-31 22:56:46 +05:30
end
2018-03-27 19:54:05 +05:30
describe '#make_installed!' do
before do
application.make_installed!
end
let(:application) { create(:clusters_applications_ingress, :installing) }
it 'schedules a ClusterWaitForIngressIpAddressWorker' do
expect(ClusterWaitForIngressIpAddressWorker).to have_received(:perform_in)
.with(Clusters::Applications::Ingress::FETCH_IP_ADDRESS_DELAY, 'ingress', application.id)
end
end
describe '#schedule_status_update' do
let(:application) { create(:clusters_applications_ingress, :installed) }
before do
application.schedule_status_update
end
it 'schedules a ClusterWaitForIngressIpAddressWorker' do
expect(ClusterWaitForIngressIpAddressWorker).to have_received(:perform_async)
.with('ingress', application.id)
end
context 'when the application is not installed' do
let(:application) { create(:clusters_applications_ingress, :installing) }
it 'does not schedule a ClusterWaitForIngressIpAddressWorker' do
expect(ClusterWaitForIngressIpAddressWorker).not_to have_received(:perform_async)
end
end
context 'when there is already an external_ip' do
let(:application) { create(:clusters_applications_ingress, :installed, external_ip: '111.222.222.111') }
it 'does not schedule a ClusterWaitForIngressIpAddressWorker' do
expect(ClusterWaitForIngressIpAddressWorker).not_to have_received(:perform_in)
end
end
2019-07-07 11:18:12 +05:30
context 'when there is already an external_hostname' do
let(:application) { create(:clusters_applications_ingress, :installed, external_hostname: 'localhost.localdomain') }
it 'does not schedule a ClusterWaitForIngressIpAddressWorker' do
expect(ClusterWaitForIngressIpAddressWorker).not_to have_received(:perform_in)
end
end
2018-03-27 19:54:05 +05:30
end
describe '#install_command' do
subject { ingress.install_command }
it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand) }
2019-07-07 11:18:12 +05:30
it 'is initialized with ingress arguments' do
2018-03-27 19:54:05 +05:30
expect(subject.name).to eq('ingress')
2020-10-24 23:57:45 +05:30
expect(subject.chart).to eq('ingress/nginx-ingress')
expect(subject.version).to eq('1.40.2')
2019-02-15 15:39:39 +05:30
expect(subject).to be_rbac
2018-11-18 11:00:15 +05:30
expect(subject.files).to eq(ingress.files)
end
2019-02-15 15:39:39 +05:30
context 'on a non rbac enabled cluster' do
2018-11-20 20:47:30 +05:30
before do
2019-02-15 15:39:39 +05:30
ingress.cluster.platform_kubernetes.abac!
2018-11-20 20:47:30 +05:30
end
2019-02-15 15:39:39 +05:30
it { is_expected.not_to be_rbac }
2018-11-20 20:47:30 +05:30
end
2018-11-18 11:00:15 +05:30
context 'application failed to install previously' do
let(:ingress) { create(:clusters_applications_ingress, :errored, version: 'nginx') }
2019-07-07 11:18:12 +05:30
it 'is initialized with the locked version' do
2020-10-24 23:57:45 +05:30
expect(subject.version).to eq('1.40.2')
2018-11-18 11:00:15 +05:30
end
2018-03-27 19:54:05 +05:30
end
end
2018-11-18 11:00:15 +05:30
describe '#files' do
let(:application) { ingress }
let(:values) { subject[:'values.yaml'] }
subject { application.files }
2019-07-07 11:18:12 +05:30
it 'includes ingress valid keys in values' do
2018-11-18 11:00:15 +05:30
expect(values).to include('image')
expect(values).to include('repository')
expect(values).to include('stats')
expect(values).to include('podAnnotations')
2020-04-08 14:13:33 +05:30
expect(values).to include('clusterIP')
2018-11-18 11:00:15 +05:30
end
2018-03-27 19:54:05 +05:30
end
2019-12-04 20:38:33 +05:30
describe '#values' do
2020-04-22 19:07:51 +05:30
subject { ingress }
2019-12-04 20:38:33 +05:30
2020-03-13 15:44:24 +05:30
context 'when modsecurity_enabled is enabled' do
2019-12-04 20:38:33 +05:30
before do
2020-03-13 15:44:24 +05:30
allow(subject).to receive(:modsecurity_enabled).and_return(true)
2019-12-04 20:38:33 +05:30
end
it 'includes modsecurity module enablement' do
expect(subject.values).to include("enable-modsecurity: 'true'")
end
2020-04-22 19:07:51 +05:30
it 'includes modsecurity core ruleset enablement set to false' do
expect(subject.values).to include("enable-owasp-modsecurity-crs: 'false'")
end
it 'includes modsecurity snippet with information related to security rules' do
expect(subject.values).to include("SecRuleEngine DetectionOnly")
expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}")
end
context 'when modsecurity_mode is set to :blocking' do
before do
subject.blocking!
end
it 'includes modsecurity snippet with information related to security rules' do
expect(subject.values).to include("SecRuleEngine On")
expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}")
end
2019-12-04 20:38:33 +05:30
end
2019-12-26 22:10:19 +05:30
it 'includes modsecurity.conf content' do
expect(subject.values).to include('modsecurity.conf')
# Includes file content from Ingress#modsecurity_config_content
expect(subject.values).to include('SecAuditLog')
expect(subject.values).to include('extraVolumes')
expect(subject.values).to include('extraVolumeMounts')
end
it 'includes modsecurity sidecar container' do
expect(subject.values).to include('modsecurity-log-volume')
expect(subject.values).to include('extraContainers')
end
2020-04-22 19:07:51 +05:30
2020-05-24 23:13:21 +05:30
it 'executes command to tail modsecurity logs with -F option' do
args = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'args')
expect(args).to eq(['/bin/sh', '-c', 'tail -F /var/log/modsec/audit.log'])
end
2020-04-22 19:07:51 +05:30
it 'includes livenessProbe for modsecurity sidecar container' do
probe_config = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'livenessProbe')
expect(probe_config).to eq('exec' => { 'command' => ['ls', '/var/log/modsec/audit.log'] })
end
2019-12-04 20:38:33 +05:30
end
2020-03-13 15:44:24 +05:30
context 'when modsecurity_enabled is disabled' do
2019-12-04 20:38:33 +05:30
before do
2020-04-08 14:13:33 +05:30
allow(subject).to receive(:modsecurity_enabled).and_return(false)
2019-12-04 20:38:33 +05:30
end
it 'excludes modsecurity module enablement' do
expect(subject.values).not_to include('enable-modsecurity')
end
it 'excludes modsecurity core ruleset enablement' do
expect(subject.values).not_to include('enable-owasp-modsecurity-crs')
end
2019-12-26 22:10:19 +05:30
it 'excludes modsecurity.conf content' do
expect(subject.values).not_to include('modsecurity.conf')
# Excludes file content from Ingress#modsecurity_config_content
expect(subject.values).not_to include('SecAuditLog')
expect(subject.values).not_to include('extraVolumes')
expect(subject.values).not_to include('extraVolumeMounts')
end
it 'excludes modsecurity sidecar container' do
expect(subject.values).not_to include('modsecurity-log-volume')
expect(subject.values).not_to include('extraContainers')
end
2019-12-04 20:38:33 +05:30
end
end
2018-03-17 18:26:18 +05:30
end