Add latest changes from gitlab-org/gitlab@master

1 files changed, 94 insertions, 0 deletions

diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb
index 1b6b0ff025e..5a0512a042e 100644
--- a/spec/controllers/projects/clusters_controller_spec.rb
+++ b/spec/controllers/projects/clusters_controller_spec.rb
@@ -373,6 +373,74 @@ describe Projects::ClustersController do
     end
   end
 
+  describe 'POST #create_aws' do
+    let(:params) do
+      {
+        cluster: {
+          name: 'new-cluster',
+          provider_aws_attributes: {
+            key_name: 'key',
+            role_arn: 'arn:role',
+            region: 'region',
+            vpc_id: 'vpc',
+            instance_type: 'instance type',
+            num_nodes: 3,
+            security_group_id: 'security group',
+            subnet_ids: %w(subnet1 subnet2)
+          }
+        }
+      }
+    end
+
+    def post_create_aws
+      post :create_aws, params: params.merge(namespace_id: project.namespace, project_id: project)
+    end
+
+    it 'creates a new cluster' do
+      expect(ClusterProvisionWorker).to receive(:perform_async)
+      expect { post_create_aws }.to change { Clusters::Cluster.count }
+        .and change { Clusters::Providers::Aws.count }
+
+      cluster = project.clusters.first
+
+      expect(response.status).to eq(201)
+      expect(response.location).to eq(project_cluster_path(project, cluster))
+      expect(cluster).to be_aws
+      expect(cluster).to be_kubernetes
+    end
+
+    context 'params are invalid' do
+      let(:params) do
+        {
+          cluster: { name: '' }
+        }
+      end
+
+      it 'does not create a cluster' do
+        expect { post_create_aws }.not_to change { Clusters::Cluster.count }
+
+        expect(response.status).to eq(422)
+        expect(response.content_type).to eq('application/json')
+        expect(response.body).to include('is invalid')
+      end
+    end
+
+    describe 'security' do
+      before do
+        allow(WaitForClusterCreationWorker).to receive(:perform_in)
+      end
+
+      it { expect { post_create_aws }.to be_allowed_for(:admin) }
+      it { expect { post_create_aws }.to be_allowed_for(:owner).of(project) }
+      it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(project) }
+      it { expect { post_create_aws }.to be_denied_for(:developer).of(project) }
+      it { expect { post_create_aws }.to be_denied_for(:reporter).of(project) }
+      it { expect { post_create_aws }.to be_denied_for(:guest).of(project) }
+      it { expect { post_create_aws }.to be_denied_for(:user) }
+      it { expect { post_create_aws }.to be_denied_for(:external) }
+    end
+  end
+
   describe 'POST authorize AWS role for EKS cluster' do
     let(:role_arn) { 'arn:aws:iam::123456789012:role/role-name' }
     let(:role_external_id) { '12345' }
@@ -423,6 +491,32 @@ describe Projects::ClustersController do
     end
   end
 
+  describe 'DELETE revoke AWS role for EKS cluster' do
+    let!(:role) { create(:aws_role, user: user) }
+
+    def go
+      delete :revoke_aws_role, params: { namespace_id: project.namespace, project_id: project }
+    end
+
+    it 'deletes the Aws::Role record' do
+      expect { go }.to change { Aws::Role.count }
+
+      expect(response.status).to eq 204
+      expect(user.reload_aws_role).to be_nil
+    end
+
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:maintainer).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+  end
+
   describe 'GET cluster_status' do
     let(:cluster) { create(:cluster, :providing_by_gcp, projects: [project]) }