181 lines
6.7 KiB
Ruby
181 lines
6.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do
|
|
include KubernetesHelpers
|
|
|
|
let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
|
|
let(:platform) { cluster.platform }
|
|
let(:api_url) { 'https://kubernetes.example.com' }
|
|
let(:project) { cluster.project }
|
|
let(:environment) { create(:environment, project: project) }
|
|
let(:cluster_project) { cluster.cluster_project }
|
|
let(:namespace) { "#{project.name}-#{project.id}-#{environment.slug}" }
|
|
|
|
subject do
|
|
described_class.new(
|
|
cluster: cluster,
|
|
kubernetes_namespace: kubernetes_namespace
|
|
).execute
|
|
end
|
|
|
|
before do
|
|
stub_kubeclient_discover(api_url)
|
|
stub_kubeclient_get_namespace(api_url)
|
|
stub_kubeclient_get_service_account_error(api_url, 'gitlab')
|
|
stub_kubeclient_create_service_account(api_url)
|
|
stub_kubeclient_get_secret_error(api_url, 'gitlab-token')
|
|
stub_kubeclient_create_secret(api_url)
|
|
|
|
stub_kubeclient_delete_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace)
|
|
stub_kubeclient_put_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace)
|
|
stub_kubeclient_get_namespace(api_url, namespace: namespace)
|
|
stub_kubeclient_get_service_account_error(api_url, "#{namespace}-service-account", namespace: namespace)
|
|
stub_kubeclient_create_service_account(api_url, namespace: namespace)
|
|
stub_kubeclient_create_secret(api_url, namespace: namespace)
|
|
stub_kubeclient_put_secret(api_url, "#{namespace}-token", namespace: namespace)
|
|
stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_NAME, namespace: namespace)
|
|
stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME, namespace: namespace)
|
|
stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_NAME, namespace: namespace)
|
|
stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME, namespace: namespace)
|
|
stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_CILIUM_ROLE_NAME, namespace: namespace)
|
|
stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_CILIUM_ROLE_BINDING_NAME, namespace: namespace)
|
|
|
|
stub_kubeclient_get_secret(
|
|
api_url,
|
|
metadata_name: "#{namespace}-token",
|
|
token: Base64.encode64('sample-token'),
|
|
namespace: namespace
|
|
)
|
|
end
|
|
|
|
shared_examples 'successful creation of kubernetes namespace' do
|
|
it 'creates a Clusters::KubernetesNamespace' do
|
|
expect do
|
|
subject
|
|
end.to change(Clusters::KubernetesNamespace, :count).by(1)
|
|
end
|
|
|
|
it 'creates project service account and namespace' do
|
|
account_service = double(Clusters::Kubernetes::CreateOrUpdateServiceAccountService)
|
|
expect(Clusters::Kubernetes::CreateOrUpdateServiceAccountService).to(
|
|
receive(:namespace_creator).with(
|
|
cluster.platform.kubeclient,
|
|
service_account_name: "#{namespace}-service-account",
|
|
service_account_namespace: namespace,
|
|
service_account_namespace_labels: {
|
|
'app.gitlab.com/app' => project.full_path_slug,
|
|
'app.gitlab.com/env' => environment.slug
|
|
},
|
|
rbac: true
|
|
).and_return(account_service)
|
|
)
|
|
expect(account_service).to receive(:execute).once
|
|
subject
|
|
end
|
|
|
|
it 'configures kubernetes token' do
|
|
subject
|
|
|
|
kubernetes_namespace.reload
|
|
expect(kubernetes_namespace.namespace).to eq(namespace)
|
|
expect(kubernetes_namespace.service_account_name).to eq("#{namespace}-service-account")
|
|
expect(kubernetes_namespace.encrypted_service_account_token).to be_present
|
|
end
|
|
|
|
context 'without environment' do
|
|
before do
|
|
kubernetes_namespace.environment = nil
|
|
end
|
|
|
|
it 'creates project service account and namespace' do
|
|
account_service = double(Clusters::Kubernetes::CreateOrUpdateServiceAccountService)
|
|
expect(Clusters::Kubernetes::CreateOrUpdateServiceAccountService).to(
|
|
receive(:namespace_creator).with(
|
|
cluster.platform.kubeclient,
|
|
service_account_name: "#{namespace}-service-account",
|
|
service_account_namespace: namespace,
|
|
service_account_namespace_labels: {
|
|
'app.gitlab.com/app' => project.full_path_slug
|
|
},
|
|
rbac: true
|
|
).and_return(account_service)
|
|
)
|
|
expect(account_service).to receive(:execute).once
|
|
subject
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'group clusters' do
|
|
let(:cluster) { create(:cluster, :group, :provided_by_gcp) }
|
|
let(:group) { cluster.group }
|
|
let(:project) { create(:project, group: group) }
|
|
|
|
context 'when kubernetes namespace is not persisted' do
|
|
let(:kubernetes_namespace) do
|
|
build(:cluster_kubernetes_namespace,
|
|
cluster: cluster,
|
|
project: project,
|
|
environment: environment)
|
|
end
|
|
|
|
it_behaves_like 'successful creation of kubernetes namespace'
|
|
end
|
|
end
|
|
|
|
context 'project clusters' do
|
|
context 'when kubernetes namespace is not persisted' do
|
|
let(:kubernetes_namespace) do
|
|
build(:cluster_kubernetes_namespace,
|
|
cluster: cluster,
|
|
project: cluster_project.project,
|
|
cluster_project: cluster_project,
|
|
environment: environment)
|
|
end
|
|
|
|
it_behaves_like 'successful creation of kubernetes namespace'
|
|
end
|
|
|
|
context 'when there is a Kubernetes Namespace associated' do
|
|
let(:namespace) { "new-namespace-#{environment.slug}" }
|
|
|
|
let(:kubernetes_namespace) do
|
|
create(:cluster_kubernetes_namespace,
|
|
cluster: cluster,
|
|
project: cluster_project.project,
|
|
cluster_project: cluster_project,
|
|
environment: environment)
|
|
end
|
|
|
|
before do
|
|
platform.update_column(:namespace, 'new-namespace')
|
|
end
|
|
|
|
it 'does not create any Clusters::KubernetesNamespace' do
|
|
subject
|
|
|
|
expect(cluster.kubernetes_namespaces).to eq([kubernetes_namespace])
|
|
end
|
|
|
|
it 'creates project service account' do
|
|
expect_next_instance_of(Clusters::Kubernetes::CreateOrUpdateServiceAccountService) do |instance|
|
|
expect(instance).to receive(:execute).once
|
|
end
|
|
|
|
subject
|
|
end
|
|
|
|
it 'updates Clusters::KubernetesNamespace' do
|
|
subject
|
|
|
|
kubernetes_namespace.reload
|
|
|
|
expect(kubernetes_namespace.namespace).to eq(namespace)
|
|
expect(kubernetes_namespace.service_account_name).to eq("#{namespace}-service-account")
|
|
expect(kubernetes_namespace.encrypted_service_account_token).to be_present
|
|
end
|
|
end
|
|
end
|
|
end
|