diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-11-13 14:27:55 +1300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-11-13 15:28:44 +1300 |
commit | 1e115ffd0356932b5845e297bf766018a6792edf (patch) | |
tree | 3e99645a539943c3a2a4e1c173396867407eae88 | |
parent | 182b357525afdc6cca687e2abaaa9b2a920afac4 (diff) | |
download | gitlab-ce-53879-kube-token-nil.tar.gz |
Fix deployment jobs using nil token53879-kube-token-nil
Unfortunately, it seems that the migration to
clusters_kubernetes_namespace still needs to create the new restricted
service accounts and then fetch the tokens. Until that is done, we
cannot use it and have to fall back to the main token from
clusters_platform_kubernetes.
-rw-r--r-- | app/models/clusters/kubernetes_namespace.rb | 2 | ||||
-rw-r--r-- | app/models/clusters/platforms/kubernetes.rb | 2 | ||||
-rw-r--r-- | changelogs/unreleased/53879-kube-token-nil.yml | 5 | ||||
-rw-r--r-- | spec/factories/clusters/kubernetes_namespaces.rb | 2 | ||||
-rw-r--r-- | spec/models/clusters/kubernetes_namespace_spec.rb | 16 | ||||
-rw-r--r-- | spec/models/project_spec.rb | 2 |
6 files changed, 26 insertions, 3 deletions
diff --git a/app/models/clusters/kubernetes_namespace.rb b/app/models/clusters/kubernetes_namespace.rb index ac7f9193b87..cbd52bfb48b 100644 --- a/app/models/clusters/kubernetes_namespace.rb +++ b/app/models/clusters/kubernetes_namespace.rb @@ -22,6 +22,8 @@ module Clusters key: Settings.attr_encrypted_db_key_base_truncated, algorithm: 'aes-256-cbc' + scope :has_service_account_token, -> { where.not(encrypted_service_account_token: nil) } + def token_name "#{namespace}-token" end diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb index ea02ae6c9d8..9860abeecf7 100644 --- a/app/models/clusters/platforms/kubernetes.rb +++ b/app/models/clusters/platforms/kubernetes.rb @@ -83,7 +83,7 @@ module Clusters .append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true) end - if kubernetes_namespace = cluster.kubernetes_namespaces.find_by(project: project) + if kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project) variables.concat(kubernetes_namespace.predefined_variables) else # From 11.5, every Clusters::Project should have at least one diff --git a/changelogs/unreleased/53879-kube-token-nil.yml b/changelogs/unreleased/53879-kube-token-nil.yml new file mode 100644 index 00000000000..61a0db15d84 --- /dev/null +++ b/changelogs/unreleased/53879-kube-token-nil.yml @@ -0,0 +1,5 @@ +--- +title: Fix deployment jobs using nil KUBE_TOKEN due to migration issue +merge_request: 23009 +author: +type: fixed diff --git a/spec/factories/clusters/kubernetes_namespaces.rb b/spec/factories/clusters/kubernetes_namespaces.rb index 3f10f0ecc74..3a4f5193550 100644 --- a/spec/factories/clusters/kubernetes_namespaces.rb +++ b/spec/factories/clusters/kubernetes_namespaces.rb @@ -13,7 +13,7 @@ FactoryBot.define do end trait :with_token do - service_account_token { Faker::Lorem.characters(10) } + service_account_token { FFaker::Lorem.characters(10) } end end end diff --git a/spec/models/clusters/kubernetes_namespace_spec.rb b/spec/models/clusters/kubernetes_namespace_spec.rb index 0dfeea5cd2f..c068c4d7739 100644 --- a/spec/models/clusters/kubernetes_namespace_spec.rb +++ b/spec/models/clusters/kubernetes_namespace_spec.rb @@ -8,6 +8,22 @@ RSpec.describe Clusters::KubernetesNamespace, type: :model do it { is_expected.to belong_to(:cluster) } it { is_expected.to have_one(:platform_kubernetes) } + describe 'has_service_account_token' do + subject { described_class.has_service_account_token } + + context 'namespace has service_account_token' do + let!(:namespace) { create(:cluster_kubernetes_namespace, :with_token) } + + it { is_expected.to include(namespace) } + end + + context 'namespace has no service_account_token' do + let!(:namespace) { create(:cluster_kubernetes_namespace) } + + it { is_expected.not_to include(namespace) } + end + end + describe 'namespace uniqueness validation' do let(:cluster_project) { create(:cluster_project) } let(:kubernetes_namespace) { build(:cluster_kubernetes_namespace, namespace: 'my-namespace') } diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 471f19f9b7c..74aa3315332 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -2414,7 +2414,7 @@ describe Project do end context 'when user configured kubernetes from CI/CD > Clusters and KubernetesNamespace migration has been executed' do - let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace) } + let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token) } let!(:cluster) { kubernetes_namespace.cluster } let(:project) { kubernetes_namespace.project } |