Pass variables from deployment project services to CI runnerexpose-deployment-variables

This commit introduces the concept of deployment variables - variables that are collected from deployment services and passed to CI runner during a deployment build. Deployment services specify the variables by overriding "predefined_variables" method. This commit also configures variables for KubernetesService
author: Adam Niedzielski <adamsunday@gmail.com> 2016-12-16 13:24:03 +0100
committer: Adam Niedzielski <adamsunday@gmail.com> 2016-12-16 13:24:03 +0100
commit: c945a0a7141ddf80e58e821178195cc48b8143f0 (patch)
tree: 9dcc3cdf890800b6c4a3ad006c04b0c1c2e6530a
parent: 45bd2263698892b9de6eb7956e3085a61054f49f (diff)
download: gitlab-ce-expose-deployment-variables.tar.gz
10 files changed, 116 insertions, 1 deletions
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index fdbf28a1d68..591aba6bdc9 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -155,7 +155,7 @@ module Ci
     end
 
     def has_environment?
-      self.environment.present?
+      environment.present?
     end
 
     def starts_environment?
@@ -221,6 +221,7 @@ module Ci
       variables += pipeline.predefined_variables
       variables += runner.predefined_variables if runner
       variables += project.container_registry_variables
+      variables += project.deployment_variables if has_environment?
       variables += yaml_variables
       variables += user_variables
       variables += project.secret_variables
diff --git a/app/models/project.rb b/app/models/project.rb
index 2c726cfc5df..5f8058dac60 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1229,6 +1229,12 @@ class Project < ActiveRecord::Base
     end
   end
 
+  def deployment_variables
+    return [] unless deployment_service
+
+    deployment_service.predefined_variables
+  end
+
   def append_or_update_attribute(name, value)
     old_values = public_send(name.to_s)
 
diff --git a/app/models/project_services/deployment_service.rb b/app/models/project_services/deployment_service.rb
index 55e98c31251..da6be9dd7b7 100644
--- a/app/models/project_services/deployment_service.rb
+++ b/app/models/project_services/deployment_service.rb
@@ -8,4 +8,8 @@ class DeploymentService < Service
   def supported_events
     []
   end
+
+  def predefined_variables
+    []
+  end
 end
diff --git a/app/models/project_services/kubernetes_service.rb b/app/models/project_services/kubernetes_service.rb
index 80ae1191108..f5fbf8b353b 100644
--- a/app/models/project_services/kubernetes_service.rb
+++ b/app/models/project_services/kubernetes_service.rb
@@ -83,6 +83,16 @@ class KubernetesService < DeploymentService
     { success: false, result: err }
   end
 
+  def predefined_variables
+    variables = [
+      { key: 'KUBE_URL', value: api_url, public: true },
+      { key: 'KUBE_TOKEN', value: token, public: false },
+      { key: 'KUBE_NAMESPACE', value: namespace, public: true }
+    ]
+    variables << { key: 'KUBE_CA_PEM', value: ca_pem, public: true } if ca_pem.present?
+    variables
+  end
+
   private
 
   def build_kubeclient(api_path = '/api', api_version = 'v1')
diff --git a/changelogs/unreleased/expose-deployment-variables.yml b/changelogs/unreleased/expose-deployment-variables.yml
new file mode 100644
index 00000000000..7663d5b6ae5
--- /dev/null
+++ b/changelogs/unreleased/expose-deployment-variables.yml
@@ -0,0 +1,4 @@
+---
+title: Pass variables from deployment project services to CI runner
+merge_request: 8107
+author:
diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index eb540a50606..baa5fc67816 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -13,6 +13,7 @@ this order:
 1. [Secret variables](#secret-variables)
 1. YAML-defined [job-level variables](../yaml/README.md#job-variables)
 1. YAML-defined [global variables](../yaml/README.md#variables)
+1. [Deployment variables](#deployment-variables)
 1. [Predefined variables](#predefined-variables-environment-variables) (are the
    lowest in the chain)
 
@@ -148,6 +149,20 @@ Secret variables can be added by going to your project's
 
 Once you set them, they will be available for all subsequent builds.
 
+## Deployment variables
+
+>**Note:**
+This feature requires GitLab CI 8.15 or higher.
+
+[Project services](../../project_services/project_services.md) that are
+responsible for deployment configuration may define their own variables that
+are set in the build environment. These variables are only defined for
+[deployment builds](../environments.md). Please consult the documentation of
+the project services that you are using to learn which variables they define.
+
+An example project service that defines deployment variables is
+[Kubernetes Service](../../project_services/kubernetes.md).
+
 ## Debug tracing
 
 > Introduced in GitLab Runner 1.7.
diff --git a/doc/project_services/kubernetes.md b/doc/project_services/kubernetes.md
index cb577b608b4..fda364b864e 100644
--- a/doc/project_services/kubernetes.md
+++ b/doc/project_services/kubernetes.md
@@ -36,3 +36,14 @@ to create one. You can also view or create service tokens in the
 Fill in the service token and namespace according to the values you just got.
 If the API is using a self-signed TLS certificate, you'll also need to include
 the `ca.crt` contents as the `Custom CA bundle`.
+
+## Deployment variables
+
+The Kubernetes service exposes following
+[deployment variables](../ci/variables/README.md#deployment-variables) in the
+GitLab CI build environment:
+
+- `KUBE_URL` - equal to the API URL
+- `KUBE_TOKEN`
+- `KUBE_NAMESPACE`
+- `KUBE_CA_PEM` - only if a custom CA bundle was specified
diff --git a/spec/models/build_spec.rb b/spec/models/build_spec.rb
index d5f2ffcff59..6f1c2ae0fd8 100644
--- a/spec/models/build_spec.rb
+++ b/spec/models/build_spec.rb
@@ -506,6 +506,17 @@ describe Ci::Build, models: true do
       it { is_expected.to include({ key: 'CI_RUNNER_TAGS', value: 'docker, linux', public: true }) }
     end
 
+    context 'when build is for a deployment' do
+      let(:deployment_variable) { { key: 'KUBERNETES_TOKEN', value: 'TOKEN', public: false } }
+
+      before do
+        build.environment = 'production'
+        allow(project).to receive(:deployment_variables).and_return([deployment_variable])
+      end
+
+      it { is_expected.to include(deployment_variable) }
+    end
+
     context 'returns variables in valid order' do
       before do
         allow(build).to receive(:predefined_variables) { ['predefined'] }
diff --git a/spec/models/project_services/kubernetes_service_spec.rb b/spec/models/project_services/kubernetes_service_spec.rb
index ffb92012b89..3603602e41d 100644
--- a/spec/models/project_services/kubernetes_service_spec.rb
+++ b/spec/models/project_services/kubernetes_service_spec.rb
@@ -123,4 +123,37 @@ describe KubernetesService, models: true do
       end
     end
   end
+
+  describe '#predefined_variables' do
+    before do
+      subject.api_url = 'https://kube.domain.com'
+      subject.token = 'token'
+      subject.namespace = 'my-project'
+      subject.ca_pem = 'CA PEM DATA'
+    end
+
+    it 'sets KUBE_URL' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_URL', value: 'https://kube.domain.com', public: true }
+      )
+    end
+
+    it 'sets KUBE_TOKEN' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_TOKEN', value: 'token', public: false }
+      )
+    end
+
+    it 'sets KUBE_NAMESPACE' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_NAMESPACE', value: 'my-project', public: true }
+      )
+    end
+
+    it 'sets KUBE_CA_PEM' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_CA_PEM', value: 'CA PEM DATA', public: true }
+      )
+    end
+  end
 end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 21ff238841e..c7d914a81f9 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1696,6 +1696,26 @@ describe Project, models: true do
     end
   end
 
+  describe '#deployment_variables' do
+    context 'when project has no deployment service' do
+      let(:project) { create(:empty_project) }
+
+      it 'returns an empty array' do
+        expect(project.deployment_variables).to eq []
+      end
+    end
+
+    context 'when project has a deployment service' do
+      let(:project) { create(:kubernetes_project) }
+
+      it 'returns variables from this service' do
+        expect(project.deployment_variables).to include(
+          { key: 'KUBE_TOKEN', value: project.kubernetes_service.token, public: false }
+        )
+      end
+    end
+  end
+
   def enable_lfs
     allow(Gitlab.config.lfs).to receive(:enabled).and_return(true)
   end
author	Adam Niedzielski <adamsunday@gmail.com>	2016-12-16 13:24:03 +0100
committer	Adam Niedzielski <adamsunday@gmail.com>	2016-12-16 13:24:03 +0100
commit	c945a0a7141ddf80e58e821178195cc48b8143f0 (patch)
tree	9dcc3cdf890800b6c4a3ad006c04b0c1c2e6530a
parent	45bd2263698892b9de6eb7956e3085a61054f49f (diff)
download	gitlab-ce-expose-deployment-variables.tar.gz