debian-mirror-gitlab/spec/controllers/projects/clusters_controller_spec.rb

849 lines
28 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2018-03-17 18:26:18 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe Projects::ClustersController do
2018-03-17 18:26:18 +05:30
include AccessMatchersForController
include GoogleApi::CloudPlatformHelpers
2018-12-13 13:39:08 +05:30
include KubernetesHelpers
2018-03-17 18:26:18 +05:30
2019-12-21 20:55:43 +05:30
let_it_be(:project) { create(:project) }
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
let(:user) { create(:user) }
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
before do
project.add_maintainer(user)
sign_in(user)
end
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
describe 'GET index' do
def go(params = {})
2019-02-15 15:39:39 +05:30
get :index, params: params.reverse_merge(namespace_id: project.namespace.to_param, project_id: project)
2018-12-13 13:39:08 +05:30
end
describe 'functionality' do
2018-03-17 18:26:18 +05:30
context 'when project has one or more clusters' do
let!(:enabled_cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
2018-05-01 15:08:00 +05:30
let!(:disabled_cluster) { create(:cluster, :disabled, :provided_by_gcp, :production_environment, projects: [project]) }
2020-03-13 15:44:24 +05:30
2020-05-24 23:13:21 +05:30
it 'lists available clusters and renders html' do
2018-03-17 18:26:18 +05:30
go
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:index)
expect(assigns(:clusters)).to match_array([enabled_cluster, disabled_cluster])
end
2020-05-24 23:13:21 +05:30
it 'lists available clusters with json serializer' do
go(format: :json)
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('cluster_list')
end
2020-06-23 00:09:42 +05:30
it 'sets the polling interval header for json requests' do
go(format: :json)
expect(response).to have_gitlab_http_status(:ok)
expect(response.headers['Poll-Interval']).to eq("10000")
end
2018-03-17 18:26:18 +05:30
context 'when page is specified' do
let(:last_page) { project.clusters.page.total_pages }
2020-05-24 23:13:21 +05:30
let(:total_count) { project.clusters.page.total_count }
2018-03-17 18:26:18 +05:30
before do
2020-05-24 23:13:21 +05:30
create_list(:cluster, 30, :provided_by_gcp, :production_environment, projects: [project])
2018-03-17 18:26:18 +05:30
end
it 'redirects to the page' do
2020-05-24 23:13:21 +05:30
expect(last_page).to be > 1
2018-12-13 13:39:08 +05:30
go(page: last_page)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(assigns(:clusters).current_page).to eq(last_page)
end
2020-05-24 23:13:21 +05:30
it 'displays cluster list for associated page' do
expect(last_page).to be > 1
go(page: last_page, format: :json)
expect(response).to have_gitlab_http_status(:ok)
expect(response.headers['X-Page'].to_i).to eq(last_page)
expect(response.headers['X-Total'].to_i).to eq(total_count)
end
2018-03-17 18:26:18 +05:30
end
end
context 'when project does not have a cluster' do
it 'returns an empty state page' do
go
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:index, partial: :empty_state)
expect(assigns(:clusters)).to eq([])
end
end
end
describe 'security' do
let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
2020-05-24 23:13:21 +05:30
2020-04-22 19:07:51 +05:30
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2020-05-24 23:13:21 +05:30
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
2018-12-13 13:39:08 +05:30
end
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
describe 'GET new' do
2019-12-26 22:10:19 +05:30
def go(provider: 'gcp')
2019-12-04 20:38:33 +05:30
get :new, params: {
namespace_id: project.namespace,
project_id: project,
provider: provider
}
2018-03-17 18:26:18 +05:30
end
2018-11-08 19:23:39 +05:30
describe 'functionality for new cluster' do
context 'when omniauth has been configured' do
let(:key) { 'secret-key' }
let(:session_key_for_redirect_uri) do
GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(key)
end
before do
allow(SecureRandom).to receive(:hex).and_return(key)
end
2020-01-01 13:55:28 +05:30
it 'redirects to gcp authorize_url' do
2018-11-08 19:23:39 +05:30
go
expect(assigns(:authorize_url)).to include(key)
2020-01-01 13:55:28 +05:30
expect(session[session_key_for_redirect_uri]).to eq(new_project_cluster_path(project, provider: :gcp))
expect(response).to redirect_to(assigns(:authorize_url))
2019-12-04 20:38:33 +05:30
end
2018-11-08 19:23:39 +05:30
end
context 'when omniauth has not configured' do
before do
stub_omniauth_setting(providers: [])
end
it 'does not have authorize_url' do
go
expect(assigns(:authorize_url)).to be_nil
end
end
context 'when access token is valid' do
before do
stub_google_api_validate_token
end
it 'has new object' do
go
2019-02-15 15:39:39 +05:30
expect(assigns(:gcp_cluster)).to be_an_instance_of(Clusters::ClusterPresenter)
2018-11-08 19:23:39 +05:30
end
end
context 'when access token is expired' do
before do
stub_google_api_expired_token
end
it { expect(@valid_gcp_token).to be_falsey }
end
context 'when access token is not stored in session' do
it { expect(@valid_gcp_token).to be_falsey }
end
end
describe 'functionality for existing cluster' do
it 'has new object' do
go
2019-02-15 15:39:39 +05:30
expect(assigns(:user_cluster)).to be_an_instance_of(Clusters::ClusterPresenter)
2018-11-08 19:23:39 +05:30
end
end
describe 'security' do
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-11-08 19:23:39 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-11-08 19:23:39 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
describe 'POST create for new cluster' do
2018-12-05 23:21:45 +05:30
let(:legacy_abac_param) { 'true' }
2018-11-08 19:23:39 +05:30
let(:params) do
{
cluster: {
name: 'new-cluster',
2019-07-31 22:56:46 +05:30
managed: '1',
2018-11-08 19:23:39 +05:30
provider_gcp_attributes: {
2018-12-05 23:21:45 +05:30
gcp_project_id: 'gcp-project-12345',
legacy_abac: legacy_abac_param
2018-11-08 19:23:39 +05:30
}
}
}
end
2018-12-13 13:39:08 +05:30
def go
2019-02-15 15:39:39 +05:30
post :create_gcp, params: params.merge(namespace_id: project.namespace, project_id: project)
2018-12-13 13:39:08 +05:30
end
2018-11-08 19:23:39 +05:30
2018-12-13 13:39:08 +05:30
describe 'functionality' do
2018-11-08 19:23:39 +05:30
context 'when access token is valid' do
before do
stub_google_api_validate_token
end
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Providers::Gcp.count }
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
expect(project.clusters.first).to be_gcp
expect(project.clusters.first).to be_kubernetes
2018-12-05 23:21:45 +05:30
expect(project.clusters.first.provider_gcp).to be_legacy_abac
2019-07-31 22:56:46 +05:30
expect(project.clusters.first.managed?).to be_truthy
2018-12-05 23:21:45 +05:30
end
context 'when legacy_abac param is false' do
let(:legacy_abac_param) { 'false' }
it 'creates a new cluster with legacy_abac_disabled' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Providers::Gcp.count }
expect(project.clusters.first.provider_gcp).not_to be_legacy_abac
end
2018-11-08 19:23:39 +05:30
end
end
context 'when access token is expired' do
before do
stub_google_api_expired_token
end
it { expect(@valid_gcp_token).to be_falsey }
end
context 'when access token is not stored in session' do
it { expect(@valid_gcp_token).to be_falsey }
end
end
describe 'security' do
before do
allow_any_instance_of(described_class)
2018-12-13 13:39:08 +05:30
.to receive(:token_in_session).and_return('token')
2018-11-08 19:23:39 +05:30
allow_any_instance_of(described_class)
2018-12-13 13:39:08 +05:30
.to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s)
2018-11-08 19:23:39 +05:30
allow_any_instance_of(GoogleApi::CloudPlatform::Client)
.to receive(:projects_zones_clusters_create) do
OpenStruct.new(
self_link: 'projects/gcp-project-12345/zones/us-central1-a/operations/ope-123',
status: 'RUNNING'
)
end
allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil)
end
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-11-08 19:23:39 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-11-08 19:23:39 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
describe 'POST create for existing cluster' do
let(:params) do
{
cluster: {
name: 'new-cluster',
2019-07-31 22:56:46 +05:30
managed: '1',
2018-11-08 19:23:39 +05:30
platform_kubernetes_attributes: {
api_url: 'http://my-url',
token: 'test',
namespace: 'aaa'
}
}
}
end
2018-12-13 13:39:08 +05:30
def go
2019-02-15 15:39:39 +05:30
post :create_user, params: params.merge(namespace_id: project.namespace, project_id: project)
2018-12-13 13:39:08 +05:30
end
2018-11-08 19:23:39 +05:30
2018-12-13 13:39:08 +05:30
describe 'functionality' do
2018-11-08 19:23:39 +05:30
context 'when creates a cluster' do
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
2018-11-20 20:47:30 +05:30
2018-11-08 19:23:39 +05:30
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Platforms::Kubernetes.count }
2018-11-20 20:47:30 +05:30
2018-11-08 19:23:39 +05:30
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
2018-11-20 20:47:30 +05:30
expect(project.clusters.first).to be_user
expect(project.clusters.first).to be_kubernetes
end
end
context 'when creates a RBAC-enabled cluster' do
let(:params) do
{
cluster: {
name: 'new-cluster',
platform_kubernetes_attributes: {
api_url: 'http://my-url',
token: 'test',
namespace: 'aaa',
authorization_type: 'rbac'
}
}
}
end
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Platforms::Kubernetes.count }
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
2019-07-31 22:56:46 +05:30
cluster = project.clusters.first
expect(cluster).to be_user
expect(cluster).to be_kubernetes
expect(cluster).to be_platform_kubernetes_rbac
end
end
context 'when creates a user-managed cluster' do
let(:params) do
{
cluster: {
name: 'new-cluster',
managed: '0',
platform_kubernetes_attributes: {
api_url: 'http://my-url',
token: 'test',
namespace: 'aaa',
authorization_type: 'rbac'
}
}
}
end
it 'creates a new user-managed cluster' do
go
cluster = project.clusters.first
expect(cluster.managed?).to be_falsy
2018-11-08 19:23:39 +05:30
end
end
end
describe 'security' do
2018-12-13 13:39:08 +05:30
before do
stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
end
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-11-08 19:23:39 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-11-08 19:23:39 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
2019-12-26 22:10:19 +05:30
describe 'POST #create_aws' do
let(:params) do
{
cluster: {
name: 'new-cluster',
provider_aws_attributes: {
key_name: 'key',
role_arn: 'arn:role',
region: 'region',
vpc_id: 'vpc',
instance_type: 'instance type',
num_nodes: 3,
security_group_id: 'security group',
subnet_ids: %w(subnet1 subnet2)
}
}
}
end
def post_create_aws
post :create_aws, params: params.merge(namespace_id: project.namespace, project_id: project)
end
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { post_create_aws }.to change { Clusters::Cluster.count }
.and change { Clusters::Providers::Aws.count }
cluster = project.clusters.first
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:created)
2019-12-26 22:10:19 +05:30
expect(response.location).to eq(project_cluster_path(project, cluster))
expect(cluster).to be_aws
expect(cluster).to be_kubernetes
end
context 'params are invalid' do
let(:params) do
{
cluster: { name: '' }
}
end
it 'does not create a cluster' do
expect { post_create_aws }.not_to change { Clusters::Cluster.count }
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:unprocessable_entity)
2019-12-26 22:10:19 +05:30
expect(response.content_type).to eq('application/json')
expect(response.body).to include('is invalid')
end
end
describe 'security' do
before do
allow(WaitForClusterCreationWorker).to receive(:perform_in)
end
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { post_create_aws }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { post_create_aws }.to be_denied_for(:admin)
end
2019-12-26 22:10:19 +05:30
it { expect { post_create_aws }.to be_allowed_for(:owner).of(project) }
it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(project) }
it { expect { post_create_aws }.to be_denied_for(:developer).of(project) }
it { expect { post_create_aws }.to be_denied_for(:reporter).of(project) }
it { expect { post_create_aws }.to be_denied_for(:guest).of(project) }
it { expect { post_create_aws }.to be_denied_for(:user) }
it { expect { post_create_aws }.to be_denied_for(:external) }
end
end
describe 'POST authorize AWS role for EKS cluster' do
let(:role_arn) { 'arn:aws:iam::123456789012:role/role-name' }
let(:role_external_id) { '12345' }
let(:params) do
{
cluster: {
role_arn: role_arn,
role_external_id: role_external_id
}
}
end
def go
post :authorize_aws_role, params: params.merge(namespace_id: project.namespace, project_id: project)
end
2020-01-01 13:55:28 +05:30
before do
allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
.and_return(double(execute: double))
end
2019-12-26 22:10:19 +05:30
it 'creates an Aws::Role record' do
expect { go }.to change { Aws::Role.count }
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-12-26 22:10:19 +05:30
role = Aws::Role.last
expect(role.user).to eq user
expect(role.role_arn).to eq role_arn
expect(role.role_external_id).to eq role_external_id
end
context 'role cannot be created' do
let(:role_arn) { 'invalid-role' }
it 'does not create a record' do
expect { go }.not_to change { Aws::Role.count }
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:unprocessable_entity)
2019-12-26 22:10:19 +05:30
end
end
describe 'security' do
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2019-12-26 22:10:19 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
2020-01-01 13:55:28 +05:30
describe 'DELETE clear cluster cache' do
let(:cluster) { create(:cluster, :project, projects: [project]) }
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, cluster: cluster) }
2019-12-26 22:10:19 +05:30
def go
2020-01-01 13:55:28 +05:30
delete :clear_cache,
params: {
namespace_id: project.namespace,
project_id: project,
id: cluster
}
2019-12-26 22:10:19 +05:30
end
2020-01-01 13:55:28 +05:30
it 'deletes the namespaces associated with the cluster' do
expect { go }.to change { Clusters::KubernetesNamespace.count }
2019-12-26 22:10:19 +05:30
2020-01-01 13:55:28 +05:30
expect(response).to redirect_to(project_cluster_path(project, cluster))
expect(cluster.kubernetes_namespaces).to be_empty
2019-12-26 22:10:19 +05:30
end
describe 'security' do
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2019-12-26 22:10:19 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
2018-12-13 13:39:08 +05:30
describe 'GET cluster_status' do
2018-03-17 18:26:18 +05:30
let(:cluster) { create(:cluster, :providing_by_gcp, projects: [project]) }
2018-12-13 13:39:08 +05:30
def go
get :cluster_status,
2019-02-15 15:39:39 +05:30
params: {
namespace_id: project.namespace.to_param,
project_id: project.to_param,
id: cluster
},
2018-12-13 13:39:08 +05:30
format: :json
end
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
describe 'functionality' do
2018-03-17 18:26:18 +05:30
it "responds with matching schema" do
go
expect(response).to have_gitlab_http_status(:ok)
expect(response).to match_response_schema('cluster_status')
end
2018-03-27 19:54:05 +05:30
it 'invokes schedule_status_update on each application' do
expect_any_instance_of(Clusters::Applications::Ingress).to receive(:schedule_status_update)
go
end
2018-03-17 18:26:18 +05:30
end
describe 'security' do
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
describe 'GET show' do
let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
2018-12-13 13:39:08 +05:30
def go
get :show,
2019-02-15 15:39:39 +05:30
params: {
namespace_id: project.namespace,
project_id: project,
id: cluster
}
2018-12-13 13:39:08 +05:30
end
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
describe 'functionality' do
2018-03-17 18:26:18 +05:30
it "renders view" do
go
expect(response).to have_gitlab_http_status(:ok)
expect(assigns(:cluster)).to eq(cluster)
end
end
describe 'security' do
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
describe 'PUT update' do
2019-02-15 15:39:39 +05:30
def go(format: :html)
put :update, params: params.merge(namespace_id: project.namespace.to_param,
project_id: project.to_param,
id: cluster,
format: format
)
end
before do
stub_kubeclient_get_namespace('https://kubernetes.example.com', namespace: 'my-namespace')
end
let(:cluster) { create(:cluster, :provided_by_user, projects: [project]) }
2019-01-03 12:48:30 +05:30
let(:params) do
{
cluster: {
enabled: false,
name: 'my-new-cluster-name',
2019-09-04 21:01:54 +05:30
managed: false,
2019-01-03 12:48:30 +05:30
platform_kubernetes_attributes: {
namespace: 'my-namespace'
}
}
}
end
2019-02-15 15:39:39 +05:30
it "updates and redirects back to show page" do
go
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
cluster.reload
expect(response).to redirect_to(project_cluster_path(project, cluster))
expect(flash[:notice]).to eq('Kubernetes cluster was successfully updated.')
expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name')
2019-09-04 21:01:54 +05:30
expect(cluster).not_to be_managed
2019-02-15 15:39:39 +05:30
expect(cluster.platform_kubernetes.namespace).to eq('my-namespace')
2018-12-13 13:39:08 +05:30
end
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
context 'when format is json' do
context 'when changing parameters' do
context 'when valid parameters are used' do
let(:params) do
{
cluster: {
enabled: false,
name: 'my-new-cluster-name',
2019-09-04 21:01:54 +05:30
managed: false,
2019-02-15 15:39:39 +05:30
platform_kubernetes_attributes: {
namespace: 'my-namespace'
2018-03-17 18:26:18 +05:30
}
}
2019-02-15 15:39:39 +05:30
}
end
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
it "updates and redirects back to show page" do
go(format: :json)
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
cluster.reload
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:no_content)
2019-02-15 15:39:39 +05:30
expect(cluster.enabled).to be_falsey
expect(cluster.name).to eq('my-new-cluster-name')
2019-09-04 21:01:54 +05:30
expect(cluster).not_to be_managed
2019-02-15 15:39:39 +05:30
expect(cluster.platform_kubernetes.namespace).to eq('my-namespace')
2018-03-17 18:26:18 +05:30
end
2019-02-15 15:39:39 +05:30
end
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
context 'when invalid parameters are used' do
let(:params) do
{
cluster: {
enabled: false,
platform_kubernetes_attributes: {
namespace: 'my invalid namespace #@'
2018-03-17 18:26:18 +05:30
}
}
2019-02-15 15:39:39 +05:30
}
end
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
it "rejects changes" do
go(format: :json)
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2018-03-17 18:26:18 +05:30
end
end
end
end
describe 'security' do
2019-12-21 20:55:43 +05:30
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
2018-03-17 18:26:18 +05:30
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
end
describe 'DELETE destroy' do
2018-12-13 13:39:08 +05:30
let!(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) }
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
def go
delete :destroy,
2019-02-15 15:39:39 +05:30
params: {
namespace_id: project.namespace,
project_id: project,
id: cluster
}
2018-12-13 13:39:08 +05:30
end
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
describe 'functionality' do
2018-03-17 18:26:18 +05:30
context 'when cluster is provided by GCP' do
context 'when cluster is created' do
it "destroys and redirects back to clusters list" do
expect { go }
.to change { Clusters::Cluster.count }.by(-1)
.and change { Clusters::Platforms::Kubernetes.count }.by(-1)
.and change { Clusters::Providers::Gcp.count }.by(-1)
expect(response).to redirect_to(project_clusters_path(project))
expect(flash[:notice]).to eq('Kubernetes cluster integration was successfully removed.')
end
end
context 'when cluster is being created' do
2018-11-08 19:23:39 +05:30
let!(:cluster) { create(:cluster, :providing_by_gcp, :production_environment, projects: [project]) }
2018-03-17 18:26:18 +05:30
it "destroys and redirects back to clusters list" do
expect { go }
.to change { Clusters::Cluster.count }.by(-1)
.and change { Clusters::Providers::Gcp.count }.by(-1)
expect(response).to redirect_to(project_clusters_path(project))
expect(flash[:notice]).to eq('Kubernetes cluster integration was successfully removed.')
end
end
end
context 'when cluster is provided by user' do
2018-11-08 19:23:39 +05:30
let!(:cluster) { create(:cluster, :provided_by_user, :production_environment, projects: [project]) }
2018-03-17 18:26:18 +05:30
it "destroys and redirects back to clusters list" do
expect { go }
.to change { Clusters::Cluster.count }.by(-1)
.and change { Clusters::Platforms::Kubernetes.count }.by(-1)
.and change { Clusters::Providers::Gcp.count }.by(0)
expect(response).to redirect_to(project_clusters_path(project))
expect(flash[:notice]).to eq('Kubernetes cluster integration was successfully removed.')
end
end
end
describe 'security' do
2019-12-21 20:55:43 +05:30
let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) }
2018-03-17 18:26:18 +05:30
2020-04-22 19:07:51 +05:30
it 'is allowed for admin when admin mode enabled', :enable_admin_mode do
expect { go }.to be_allowed_for(:admin)
end
it 'is disabled for admin when admin mode disabled' do
expect { go }.to be_denied_for(:admin)
end
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_allowed_for(:owner).of(project) }
2018-11-18 11:00:15 +05:30
it { expect { go }.to be_allowed_for(:maintainer).of(project) }
2018-03-17 18:26:18 +05:30
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
2018-12-13 13:39:08 +05:30
end
2018-03-17 18:26:18 +05:30
2018-12-13 13:39:08 +05:30
context 'no project_id param' do
it 'does not respond to any action without project_id param' do
expect { get :index }.to raise_error(ActionController::UrlGenerationError)
2018-03-17 18:26:18 +05:30
end
end
end