uninstall_command/ResetCommand for Tiller60516-uninstall-tiller

4 files changed, 155 insertions, 0 deletions

diff --git a/app/models/clusters/applications/helm.rb b/app/models/clusters/applications/helm.rb
index 71aff00077d..e9c838acdca 100644
--- a/app/models/clusters/applications/helm.rb
+++ b/app/models/clusters/applications/helm.rb
@@ -37,6 +37,14 @@ module Clusters
         )
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::ResetCommand.new(
+          name: name,
+          files: files,
+          rbac: cluster.platform_kubernetes_rbac?
+        )
+      end
+
       def has_ssl?
         ca_key.present? && ca_cert.present?
       end
diff --git a/lib/gitlab/kubernetes/helm/reset_command.rb b/lib/gitlab/kubernetes/helm/reset_command.rb
new file mode 100644
index 00000000000..b71278170ba
--- /dev/null
+++ b/lib/gitlab/kubernetes/helm/reset_command.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Kubernetes
+    module Helm
+      class ResetCommand
+        include BaseCommand
+
+        attr_reader :name, :files
+
+        def initialize(name:, rbac:, files:)
+          @name = name
+          @files = files
+          @rbac = rbac
+        end
+
+        def generate_script
+          super + [
+            reset_helm_command
+          ].join("\n")
+        end
+
+        def rbac?
+          @rbac
+        end
+
+        def pod_name
+          "uninstall-#{name}"
+        end
+
+        private
+
+        def reset_helm_command
+          command = %w[helm reset] + optional_tls_flags
+
+          command.shelljoin
+        end
+
+        def optional_tls_flags
+          return [] unless files.key?(:'ca.pem')
+
+          [
+            '--tls',
+            '--tls-ca-cert', "#{files_dir}/ca.pem",
+            '--tls-cert', "#{files_dir}/cert.pem",
+            '--tls-key', "#{files_dir}/key.pem"
+          ]
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb
new file mode 100644
index 00000000000..2cb263072c6
--- /dev/null
+++ b/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::Kubernetes::Helm::ResetCommand do
+  let(:rbac) { true }
+  let(:name) { 'helm' }
+  let(:files) { {} }
+  let(:reset_command) { described_class.new(name: name, rbac: rbac, files: files) }
+
+  subject { reset_command }
+
+  it_behaves_like 'helm commands' do
+    let(:commands) { 'helm reset' }
+  end
+
+  context 'when there is a ca.pem file' do
+    let(:files) { { 'ca.pem': 'some file content' } }
+
+    it_behaves_like 'helm commands' do
+      let(:commands) do
+        <<~EOS.squish
+        helm reset
+        --tls
+        --tls-ca-cert /data/helm/helm/config/ca.pem
+        --tls-cert /data/helm/helm/config/cert.pem
+        --tls-key /data/helm/helm/config/key.pem
+        EOS
+      end
+    end
+  end
+
+  describe '#pod_resource' do
+    subject { reset_command.pod_resource }
+
+    context 'rbac is enabled' do
+      let(:rbac) { true }
+
+      it 'generates a pod that uses the tiller serviceAccountName' do
+        expect(subject.spec.serviceAccountName).to eq('tiller')
+      end
+    end
+
+    context 'rbac is not enabled' do
+      let(:rbac) { false }
+
+      it 'generates a pod that uses the default serviceAccountName' do
+        expect(subject.spec.serviceAcccountName).to be_nil
+      end
+    end
+  end
+
+  describe '#pod_name' do
+    subject { reset_command.pod_name }
+
+    it { is_expected.to eq('uninstall-helm') }
+  end
+end
diff --git a/spec/models/clusters/applications/helm_spec.rb b/spec/models/clusters/applications/helm_spec.rb
index f177d493a2e..300f0595db8 100644
--- a/spec/models/clusters/applications/helm_spec.rb
+++ b/spec/models/clusters/applications/helm_spec.rb
@@ -65,4 +65,41 @@ describe Clusters::Applications::Helm do
       end
     end
   end
+
+  describe '#uninstall_command' do
+    let(:helm) { create(:clusters_applications_helm) }
+
+    subject { helm.uninstall_command }
+
+    it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::ResetCommand) }
+
+    it 'has name' do
+      expect(subject.name).to eq('helm')
+    end
+
+    it 'has cert files' do
+      expect(subject.files[:'ca.pem']).to be_present
+      expect(subject.files[:'ca.pem']).to eq(helm.ca_cert)
+
+      expect(subject.files[:'cert.pem']).to be_present
+      expect(subject.files[:'key.pem']).to be_present
+
+      cert = OpenSSL::X509::Certificate.new(subject.files[:'cert.pem'])
+      expect(cert.not_after).to be > 999.years.from_now
+    end
+
+    describe 'rbac' do
+      context 'rbac cluster' do
+        it { expect(subject).to be_rbac }
+      end
+
+      context 'non rbac cluster' do
+        before do
+          helm.cluster.platform_kubernetes.abac!
+        end
+
+        it { expect(subject).not_to be_rbac }
+      end
+    end
+  end
 end