QA spec for Auto DevOps application secrets49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo

We assert that a K8S_SECRET_* variable is ingestible by our Rack application Re-use project and cluster resources in Auto DevOps QA
author: Thong Kuah <tkuah@gitlab.com> 2018-12-17 13:58:55 +1300
committer: Thong Kuah <tkuah@gitlab.com> 2019-01-04 10:28:26 +1300
commit: 82a5cf0aad4cf0c67067cf03e34f539fe72ded76 (patch)
tree: b12a9fd89daf09b70a06605679012a15e9bd71e4
parent: a08993f26f45a516efd1c1d61aa4364b12c02a96 (diff)
download: gitlab-ce-49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.tar.gz
2 files changed, 76 insertions, 31 deletions
diff --git a/qa/qa/fixtures/auto_devops_rack/config.ru b/qa/qa/fixtures/auto_devops_rack/config.ru
index bde8e15488a..e990662145a 100644
--- a/qa/qa/fixtures/auto_devops_rack/config.ru
+++ b/qa/qa/fixtures/auto_devops_rack/config.ru
@@ -1 +1 @@
-run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, StringIO.new("Hello World!\n")] }
+run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, StringIO.new("Hello World! #{ENV['OPTIONAL_MESSAGE']}\n")] }
diff --git a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
index b0c277a48c3..6cd5c06a088 100644
--- a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
+++ b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
@@ -5,60 +5,73 @@ require 'pathname'
 module QA
   context 'Configure', :orchestrated, :kubernetes do
     describe 'Auto DevOps support' do
-      after do
-        @cluster&.remove!
+      def login
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+        Page::Main::Login.act { sign_in_using_credentials }
       end
 
-      [true, false].each do |rbac|
-        context "when rbac is #{rbac ? 'enabled' : 'disabled'}" do
-          it 'user creates a new project and runs auto devops' do
-            Runtime::Browser.visit(:gitlab, Page::Main::Login)
-            Page::Main::Login.act { sign_in_using_credentials }
+      before(:all) do
+        login
 
-            project = Resource::Project.fabricate! do |p|
-              p.name = Runtime::Env.auto_devops_project_name || 'project-with-autodevops'
-              p.description = 'Project with Auto Devops'
-            end
+        @project = Resource::Project.fabricate! do |p|
+          p.name = Runtime::Env.auto_devops_project_name || 'project-with-autodevops'
+          p.description = 'Project with Auto Devops'
+        end
 
-            # Disable code_quality check in Auto DevOps pipeline as it takes
-            # too long and times out the test
-            Resource::CiVariable.fabricate! do |resource|
-              resource.project = project
-              resource.key = 'CODE_QUALITY_DISABLED'
-              resource.value = '1'
-            end
+        # Disable code_quality check in Auto DevOps pipeline as it takes
+        # too long and times out the test
+        Resource::CiVariable.fabricate! do |resource|
+          resource.project = @project
+          resource.key = 'CODE_QUALITY_DISABLED'
+          resource.value = '1'
+        end
 
-            # Create Auto Devops compatible repo
-            Resource::Repository::ProjectPush.fabricate! do |push|
-              push.project = project
-              push.directory = Pathname
-                .new(__dir__)
-                .join('../../../../../fixtures/auto_devops_rack')
-              push.commit_message = 'Create Auto DevOps compatible rack application'
-            end
+        # Create Auto Devops compatible repo
+        Resource::Repository::ProjectPush.fabricate! do |push|
+          push.project = @project
+          push.directory = Pathname
+            .new(__dir__)
+            .join('../../../../../fixtures/auto_devops_rack')
+          push.commit_message = 'Create Auto DevOps compatible rack application'
+        end
 
-            Page::Project::Show.act { wait_for_push }
+        Page::Project::Show.act { wait_for_push }
+      end
 
+      [true, false].each do |rbac|
+        context "when rbac is #{rbac ? 'enabled' : 'disabled'}" do
+          before(:all) do
             # Create and connect K8s cluster
             @cluster = Service::KubernetesCluster.new(rbac: rbac).create!
             kubernetes_cluster = Resource::KubernetesCluster.fabricate! do |cluster|
-              cluster.project = project
+              cluster.project = @project
               cluster.cluster = @cluster
               cluster.install_helm_tiller = true
               cluster.install_ingress = true
               cluster.install_prometheus = true
               cluster.install_runner = true
             end
+
             kubernetes_cluster.populate(:ingress_ip)
 
-            project.visit!
+            @project.visit!
             Page::Project::Menu.act { click_ci_cd_settings }
             Page::Project::Settings::CICD.perform do |p|
               p.enable_auto_devops_with_domain(
                 "#{kubernetes_cluster.ingress_ip}.nip.io")
             end
+          end
 
-            project.visit!
+          after(:all) do
+            @cluster&.remove!
+          end
+
+          before do
+            login
+          end
+
+          it 'runs auto devops' do
+            @project.visit!
             Page::Project::Menu.act { click_ci_cd_pipelines }
             Page::Project::Pipeline::Index.act { go_to_latest_pipeline }
 
@@ -78,6 +91,38 @@ module QA
               end
             end
           end
+
+          it 'user sets application secret variable and Auto DevOps passes it to container' do
+            # Set an application secret CI variable (prefixed with K8S_SECRET_)
+            Resource::CiVariable.fabricate! do |resource|
+              resource.project = @project
+              resource.key = 'K8S_SECRET_OPTIONAL_MESSAGE'
+              resource.value = 'You can see this application secret'
+            end
+
+            @project.visit!
+            Page::Project::Menu.act { click_ci_cd_pipelines }
+            Page::Project::Pipeline::Index.act { go_to_latest_pipeline }
+
+            Page::Project::Pipeline::Show.perform do |pipeline|
+              expect(pipeline).to have_build('build', status: :success, wait: 600)
+              expect(pipeline).to have_build('test', status: :success, wait: 600)
+              expect(pipeline).to have_build('production', status: :success, wait: 1200)
+            end
+
+            Page::Project::Menu.act { click_operations_environments }
+
+            Page::Project::Operations::Environments::Index.perform do |index|
+              index.go_to_environment('production')
+            end
+
+            Page::Project::Operations::Environments::Show.perform do |show|
+              show.view_deployment do
+                expect(page).to have_content('Hello World!')
+                expect(page).to have_content('You can see this application secret')
+              end
+            end
+          end
         end
       end
     end
author	Thong Kuah <tkuah@gitlab.com>	2018-12-17 13:58:55 +1300
committer	Thong Kuah <tkuah@gitlab.com>	2019-01-04 10:28:26 +1300
commit	82a5cf0aad4cf0c67067cf03e34f539fe72ded76 (patch)
tree	b12a9fd89daf09b70a06605679012a15e9bd71e4
parent	a08993f26f45a516efd1c1d61aa4364b12c02a96 (diff)
download	gitlab-ce-49056-configure-auto-devops-deployed-applications-with-secrets-that-aren-t-committed-to-the-repo.tar.gz