Merge branch '11-5-stable-prepare-rc7' into '11-5-stable'

Prepare 11.5 RC7 release See merge request gitlab-org/gitlab-ce!23015
author: Steve Azzopardi <sazzopardi@gitlab.com> 2018-11-13 11:47:21 +0000
committer: Steve Azzopardi <sazzopardi@gitlab.com> 2018-11-13 11:47:21 +0000
commit: e4e282dbd4760b9bc56beb0070cc6d2a5425e9d1 (patch)
tree: ec9df5f74b624db3b9105c216fdeea1211fca881
parent: b38734e99c7666ce24be7a056847443260769fe1 (diff)
parent: 4c42e4b3f7b4add1fd8aad9d5911857d4b1141f9 (diff)
download: gitlab-ce-e4e282dbd4760b9bc56beb0070cc6d2a5425e9d1.tar.gz
7 files changed, 65 insertions, 4 deletions
diff --git a/app/models/clusters/kubernetes_namespace.rb b/app/models/clusters/kubernetes_namespace.rb
index ac7f9193b87..cbd52bfb48b 100644
--- a/app/models/clusters/kubernetes_namespace.rb
+++ b/app/models/clusters/kubernetes_namespace.rb
@@ -22,6 +22,8 @@ module Clusters
         key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
+    scope :has_service_account_token, -> { where.not(encrypted_service_account_token: nil) }
+
     def token_name
       "#{namespace}-token"
     end
diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb
index d69038be532..7a2415038e6 100644
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -80,7 +80,7 @@ module Clusters
               .append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true)
           end
 
-          if kubernetes_namespace = cluster.kubernetes_namespaces.find_by(project: project)
+          if kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project)
             variables.concat(kubernetes_namespace.predefined_variables)
           else
             # From 11.5, every Clusters::Project should have at least one
diff --git a/changelogs/unreleased/53879-kube-token-nil.yml b/changelogs/unreleased/53879-kube-token-nil.yml
new file mode 100644
index 00000000000..61a0db15d84
--- /dev/null
+++ b/changelogs/unreleased/53879-kube-token-nil.yml
@@ -0,0 +1,5 @@
+---
+title: Fix deployment jobs using nil KUBE_TOKEN due to migration issue
+merge_request: 23009
+author:
+type: fixed
diff --git a/spec/factories/clusters/kubernetes_namespaces.rb b/spec/factories/clusters/kubernetes_namespaces.rb
index 3f10f0ecc74..3a4f5193550 100644
--- a/spec/factories/clusters/kubernetes_namespaces.rb
+++ b/spec/factories/clusters/kubernetes_namespaces.rb
@@ -13,7 +13,7 @@ FactoryBot.define do
     end
 
     trait :with_token do
-      service_account_token { Faker::Lorem.characters(10) }
+      service_account_token { FFaker::Lorem.characters(10) }
     end
   end
 end
diff --git a/spec/models/clusters/kubernetes_namespace_spec.rb b/spec/models/clusters/kubernetes_namespace_spec.rb
index 0dfeea5cd2f..c068c4d7739 100644
--- a/spec/models/clusters/kubernetes_namespace_spec.rb
+++ b/spec/models/clusters/kubernetes_namespace_spec.rb
@@ -8,6 +8,22 @@ RSpec.describe Clusters::KubernetesNamespace, type: :model do
   it { is_expected.to belong_to(:cluster) }
   it { is_expected.to have_one(:platform_kubernetes) }
 
+  describe 'has_service_account_token' do
+    subject { described_class.has_service_account_token }
+
+    context 'namespace has service_account_token' do
+      let!(:namespace) { create(:cluster_kubernetes_namespace, :with_token) }
+
+      it { is_expected.to include(namespace) }
+    end
+
+    context 'namespace has no service_account_token' do
+      let!(:namespace) { create(:cluster_kubernetes_namespace) }
+
+      it { is_expected.not_to include(namespace) }
+    end
+  end
+
   describe 'namespace uniqueness validation' do
     let(:cluster_project) { create(:cluster_project) }
     let(:kubernetes_namespace) { build(:cluster_kubernetes_namespace, namespace: 'my-namespace') }
diff --git a/spec/models/clusters/platforms/kubernetes_spec.rb b/spec/models/clusters/platforms/kubernetes_spec.rb
index 2bcccc8184a..9fcb4a3727b 100644
--- a/spec/models/clusters/platforms/kubernetes_spec.rb
+++ b/spec/models/clusters/platforms/kubernetes_spec.rb
@@ -198,9 +198,11 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
     let(:api_url) { 'https://kube.domain.com' }
     let(:ca_pem) { 'CA PEM DATA' }
 
+    subject { kubernetes.predefined_variables(project: cluster.project) }
+
     shared_examples 'setting variables' do
       it 'sets the variables' do
-        expect(kubernetes.predefined_variables(project: cluster.project)).to include(
+        expect(subject).to include(
           { key: 'KUBE_URL', value: api_url, public: true },
           { key: 'KUBE_CA_PEM', value: ca_pem, public: true },
           { key: 'KUBE_CA_PEM_FILE', value: ca_pem, public: true, file: true }
@@ -208,6 +210,30 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
       end
     end
 
+    context 'kubernetes namespace is created with no service account token' do
+      let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, cluster: cluster) }
+
+      it_behaves_like 'setting variables'
+
+      it 'sets KUBE_TOKEN' do
+        expect(subject).to include(
+          { key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
+        )
+      end
+    end
+
+    context 'kubernetes namespace is created with no service account token' do
+      let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token, cluster: cluster) }
+
+      it_behaves_like 'setting variables'
+
+      it 'sets KUBE_TOKEN' do
+        expect(subject).to include(
+          { key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false }
+        )
+      end
+    end
+
     context 'namespace is provided' do
       let(:namespace) { 'my-project' }
 
@@ -216,12 +242,24 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
       end
 
       it_behaves_like 'setting variables'
+
+      it 'sets KUBE_TOKEN' do
+        expect(subject).to include(
+          { key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
+        )
+      end
     end
 
     context 'no namespace provided' do
       let(:namespace) { kubernetes.actual_namespace }
 
       it_behaves_like 'setting variables'
+
+      it 'sets KUBE_TOKEN' do
+        expect(subject).to include(
+          { key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
+        )
+      end
     end
   end
 
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 471f19f9b7c..74aa3315332 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -2414,7 +2414,7 @@ describe Project do
       end
 
       context 'when user configured kubernetes from CI/CD > Clusters and KubernetesNamespace migration has been executed' do
-        let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace) }
+        let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token) }
         let!(:cluster) { kubernetes_namespace.cluster }
         let(:project) { kubernetes_namespace.project }
author	Steve Azzopardi <sazzopardi@gitlab.com>	2018-11-13 11:47:21 +0000
committer	Steve Azzopardi <sazzopardi@gitlab.com>	2018-11-13 11:47:21 +0000
commit	e4e282dbd4760b9bc56beb0070cc6d2a5425e9d1 (patch)
tree	ec9df5f74b624db3b9105c216fdeea1211fca881
parent	b38734e99c7666ce24be7a056847443260769fe1 (diff)
parent	4c42e4b3f7b4add1fd8aad9d5911857d4b1141f9 (diff)
download	gitlab-ce-e4e282dbd4760b9bc56beb0070cc6d2a5425e9d1.tar.gz