diff options
| author | Tiger <twatson@gitlab.com> | 2019-05-19 21:08:44 -0500 |
|---|---|---|
| committer | Tiger <twatson@gitlab.com> | 2019-05-24 10:23:41 -0500 |
| commit | 534b697b3c504edb520747ef0f73041db470ecf1 (patch) | |
| tree | a24ab006a46f49f1dfa0028d43b710a3f482fa88 | |
| parent | 91f745ef6ac0a13c491d913a1a722bd3f360b326 (diff) | |
| download | gitlab-ce-55447-validate-k8s-credentials.tar.gz | |
Remove redundant service class55447-validate-k8s-credentials
See #note_172035320 on
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27403
| -rw-r--r-- | app/models/clusters/cluster.rb | 55 | ||||
| -rw-r--r-- | app/services/clusters/verify_service.rb | 48 | ||||
| -rw-r--r-- | spec/features/groups/clusters/user_spec.rb | 2 | ||||
| -rw-r--r-- | spec/features/projects/clusters/user_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/clusters/cluster_spec.rb | 75 | ||||
| -rw-r--r-- | spec/services/clusters/verify_service_spec.rb | 79 |
6 files changed, 116 insertions, 145 deletions
diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index 465db697162..57a1e461b2d 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -127,11 +127,7 @@ module Clusters end def status_name - if provider - provider.status_name - else - connection_status.presence || :created - end + provider&.status_name || connection_status.presence || :created end def connection_status @@ -140,13 +136,11 @@ module Clusters end end - # rubocop: disable CodeReuse/ServiceClass def calculate_reactive_cache return unless enabled? - { connection_status: Clusters::VerifyService.new(self).execute } + { connection_status: retrieve_connection_status } end - # rubocop: enable CodeReuse/ServiceClass def applications [ @@ -235,6 +229,51 @@ module Clusters @instance_domain ||= Gitlab::CurrentSettings.auto_devops_domain end + def retrieve_connection_status + kubeclient.core_client.discover + rescue *Gitlab::Kubernetes::Errors::CONNECTION + :unreachable + rescue *Gitlab::Kubernetes::Errors::AUTHENTICATION + :authentication_failure + rescue Kubeclient::HttpError => e + kubeclient_error_status(e.message) + rescue => e + Gitlab::Sentry.track_acceptable_exception(e, extra: { cluster_id: id }) + + :unknown_failure + else + :connected + end + + # KubeClient uses the same error class + # For connection errors (eg. timeout) and + # for Kubernetes errors. + def kubeclient_error_status(message) + if message&.match?(/timed out|timeout/i) + :unreachable + else + :authentication_failure + end + end + + # To keep backward compatibility with AUTO_DEVOPS_DOMAIN + # environment variable, we need to ensure KUBE_INGRESS_BASE_DOMAIN + # is set if AUTO_DEVOPS_DOMAIN is set on any of the following options: + # ProjectAutoDevops#Domain, project variables or group variables, + # as the AUTO_DEVOPS_DOMAIN is needed for CI_ENVIRONMENT_URL + # + # This method should is scheduled to be removed on + # https://gitlab.com/gitlab-org/gitlab-ce/issues/56959 + def legacy_auto_devops_domain + if project_type? + project&.auto_devops&.domain.presence || + project.variables.find_by(key: 'AUTO_DEVOPS_DOMAIN')&.value.presence || + project.group&.variables&.find_by(key: 'AUTO_DEVOPS_DOMAIN')&.value.presence + elsif group_type? + group.variables.find_by(key: 'AUTO_DEVOPS_DOMAIN')&.value.presence + end + end + def restrict_modification if provider&.on_creation? errors.add(:base, "cannot modify during creation") diff --git a/app/services/clusters/verify_service.rb b/app/services/clusters/verify_service.rb deleted file mode 100644 index d5a753f6704..00000000000 --- a/app/services/clusters/verify_service.rb +++ /dev/null @@ -1,48 +0,0 @@ -# frozen_string_literal: true - -module Clusters - class VerifyService - attr_reader :cluster - - def initialize(cluster) - @cluster = cluster - end - - def execute - verify_connection! - rescue *Gitlab::Kubernetes::Errors::CONNECTION - :unreachable - rescue *Gitlab::Kubernetes::Errors::AUTHENTICATION - :authentication_failure - rescue Kubeclient::HttpError => e - kubeclient_error_status(e) - rescue => e - Gitlab::Sentry.track_acceptable_exception(e, extra: { cluster_id: cluster.id }) - - :unknown_failure - else - :connected - end - - private - - def verify_connection! - cluster.kubeclient.core_client.discover - end - - # KubeClient uses the same error class - # For connection errors (eg. timeout) and - # for Kubernetes errors. - def kubeclient_error_status(error) - if timeout?(error.message) - :unreachable - else - :authentication_failure - end - end - - def timeout?(message) - message&.match?(/timed out|timeout/i) - end - end -end diff --git a/spec/features/groups/clusters/user_spec.rb b/spec/features/groups/clusters/user_spec.rb index 693f35926fc..84a8691a7f2 100644 --- a/spec/features/groups/clusters/user_spec.rb +++ b/spec/features/groups/clusters/user_spec.rb @@ -14,7 +14,7 @@ describe 'User Cluster', :js do allow(Groups::ClustersController).to receive(:STATUS_POLLING_INTERVAL) { 100 } allow_any_instance_of(Clusters::Gcp::Kubernetes::CreateOrUpdateNamespaceService).to receive(:execute) - allow(Clusters::VerifyService).to receive(:new).and_return(double(execute: :connected)) + allow_any_instance_of(Clusters::Cluster).to receive(:retrieve_connection_status).and_return(:connected) end context 'when user does not have a cluster and visits cluster index page' do diff --git a/spec/features/projects/clusters/user_spec.rb b/spec/features/projects/clusters/user_spec.rb index 4bcced49326..31cc09ae911 100644 --- a/spec/features/projects/clusters/user_spec.rb +++ b/spec/features/projects/clusters/user_spec.rb @@ -12,7 +12,7 @@ describe 'User Cluster', :js do allow(Projects::ClustersController).to receive(:STATUS_POLLING_INTERVAL) { 100 } allow_any_instance_of(Clusters::Gcp::Kubernetes::CreateOrUpdateNamespaceService).to receive(:execute) - allow(Clusters::VerifyService).to receive(:new).and_return(double(execute: :connected)) + allow_any_instance_of(Clusters::Cluster).to receive(:retrieve_connection_status).and_return(:connected) end context 'when user does not have a cluster and visits cluster index page' do diff --git a/spec/models/clusters/cluster_spec.rb b/spec/models/clusters/cluster_spec.rb index 929c75760d5..4739e62289a 100644 --- a/spec/models/clusters/cluster_spec.rb +++ b/spec/models/clusters/cluster_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' describe Clusters::Cluster, :use_clean_rails_memory_store_caching do include ReactiveCachingHelpers + include KubernetesHelpers it_behaves_like 'having unique enum values' @@ -610,7 +611,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do it { is_expected.to eq :errored } end - context 'there is a chached connection status' do + context 'there is a cached connection status' do let(:cluster) { create(:cluster, :provided_by_user) } before do @@ -655,21 +656,79 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do let(:cluster) { create(:cluster, :disabled) } it 'does not populate the cache' do - expect(Clusters::VerifyService).not_to receive(:new) + expect(cluster).not_to receive(:retrieve_connection_status) is_expected.to be_nil end end context 'cluster is enabled' do - let(:cluster) { create(:cluster) } - let(:status) { :connected } + let(:cluster) { create(:cluster, :provided_by_user, :group) } - it 'retrieves the connection status and adds it to the cache' do - expect(Clusters::VerifyService).to receive(:new).with(cluster) - .and_return(double(execute: status)) + context 'connection to the cluster is successful' do + before do + stub_kubeclient_discover(cluster.platform.api_url) + end + + it { is_expected.to eq(connection_status: :connected) } + end - is_expected.to include(connection_status: status) + context 'cluster cannot be reached' do + before do + allow(cluster.kubeclient.core_client).to receive(:discover) + .and_raise(SocketError) + end + + it { is_expected.to eq(connection_status: :unreachable) } + end + + context 'cluster cannot be authenticated to' do + before do + allow(cluster.kubeclient.core_client).to receive(:discover) + .and_raise(OpenSSL::X509::CertificateError.new("Certificate error")) + end + + it { is_expected.to eq(connection_status: :authentication_failure) } + end + + describe 'Kubeclient::HttpError' do + let(:error_code) { 403 } + let(:error_message) { "Forbidden" } + + before do + allow(cluster.kubeclient.core_client).to receive(:discover) + .and_raise(Kubeclient::HttpError.new(error_code, error_message, nil)) + end + + it { is_expected.to eq(connection_status: :authentication_failure) } + + context 'generic timeout' do + let(:error_message) { 'Timed out connecting to server'} + + it { is_expected.to eq(connection_status: :unreachable) } + end + + context 'gateway timeout' do + let(:error_message) { '504 Gateway Timeout for GET https://kubernetes.example.com/api/v1'} + + it { is_expected.to eq(connection_status: :unreachable) } + end + end + + context 'an uncategorised error is raised' do + before do + allow(cluster.kubeclient.core_client).to receive(:discover) + .and_raise(StandardError) + end + + it { is_expected.to eq(connection_status: :unknown_failure) } + + it 'notifies Sentry' do + expect(Gitlab::Sentry).to receive(:track_acceptable_exception) + .with(instance_of(StandardError), hash_including(extra: { cluster_id: cluster.id })) + + subject + end end end end diff --git a/spec/services/clusters/verify_service_spec.rb b/spec/services/clusters/verify_service_spec.rb deleted file mode 100644 index 33ea307f971..00000000000 --- a/spec/services/clusters/verify_service_spec.rb +++ /dev/null @@ -1,79 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Clusters::VerifyService do - include KubernetesHelpers - - let(:cluster) { create(:cluster, :provided_by_user, :group) } - - describe '#execute' do - subject { described_class.new(cluster).execute } - - context 'connection to the cluster is successful' do - before do - stub_kubeclient_discover(cluster.platform.api_url) - end - - it { is_expected.to eq :connected } - end - - context 'cluster cannot be reached' do - before do - allow(cluster.kubeclient.core_client).to receive(:discover) - .and_raise(SocketError) - end - - it { is_expected.to eq :unreachable } - end - - context 'cluster cannot be authenticated to' do - before do - allow(cluster.kubeclient.core_client).to receive(:discover) - .and_raise(OpenSSL::X509::CertificateError.new("Certificate error")) - end - - it { is_expected.to eq :authentication_failure } - end - - describe 'Kubeclient::HttpError' do - let(:error_code) { 403 } - let(:error_message) { "Forbidden" } - - before do - allow(cluster.kubeclient.core_client).to receive(:discover) - .and_raise(Kubeclient::HttpError.new(error_code, error_message, nil)) - end - - it { is_expected.to eq :authentication_failure } - - context 'generic timeout' do - let(:error_message) { 'Timed out connecting to server'} - - it { is_expected.to eq :unreachable } - end - - context 'gateway timeout' do - let(:error_message) { '504 Gateway Timeout for GET https://kubernetes.example.com/api/v1'} - - it { is_expected.to eq :unreachable } - end - end - - context 'an uncategorised error is raised' do - before do - allow(cluster.kubeclient.core_client).to receive(:discover) - .and_raise(StandardError) - end - - it { is_expected.to eq :unknown_failure } - - it 'notifies Sentry' do - expect(Gitlab::Sentry).to receive(:track_acceptable_exception) - .with(instance_of(StandardError), hash_including(extra: { cluster_id: cluster.id })) - - subject - end - end - end -end |