diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
commit | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch) | |
tree | fb69158581673816a8cd895f9d352dcb3c678b1e /spec/models/clusters/applications | |
parent | d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff) | |
download | gitlab-ce-a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4.tar.gz |
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to 'spec/models/clusters/applications')
-rw-r--r-- | spec/models/clusters/applications/fluentd_spec.rb | 84 | ||||
-rw-r--r-- | spec/models/clusters/applications/ingress_spec.rb | 90 |
2 files changed, 0 insertions, 174 deletions
diff --git a/spec/models/clusters/applications/fluentd_spec.rb b/spec/models/clusters/applications/fluentd_spec.rb deleted file mode 100644 index ccdf6b0e40d..00000000000 --- a/spec/models/clusters/applications/fluentd_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Clusters::Applications::Fluentd do - let(:waf_log_enabled) { true } - let(:cilium_log_enabled) { true } - let(:fluentd) { create(:clusters_applications_fluentd, waf_log_enabled: waf_log_enabled, cilium_log_enabled: cilium_log_enabled) } - - include_examples 'cluster application core specs', :clusters_applications_fluentd - include_examples 'cluster application status specs', :clusters_applications_fluentd - include_examples 'cluster application version specs', :clusters_applications_fluentd - include_examples 'cluster application initial status specs' - - describe '#can_uninstall?' do - subject { fluentd.can_uninstall? } - - it { is_expected.to be true } - end - - describe '#install_command' do - subject { fluentd.install_command } - - it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::V3::InstallCommand) } - - it 'is initialized with fluentd arguments' do - expect(subject.name).to eq('fluentd') - expect(subject.chart).to eq('fluentd/fluentd') - expect(subject.version).to eq('2.4.0') - expect(subject).to be_rbac - end - - context 'application failed to install previously' do - let(:fluentd) { create(:clusters_applications_fluentd, :errored, version: '0.0.1') } - - it 'is initialized with the locked version' do - expect(subject.version).to eq('2.4.0') - end - end - end - - describe '#files' do - let(:application) { fluentd } - let(:values) { subject[:'values.yaml'] } - - subject { application.files } - - it 'includes fluentd specific keys in the values.yaml file' do - expect(values).to include('output.conf', 'general.conf') - end - end - - describe '#values' do - let(:modsecurity_log_path) { "/var/log/containers/*#{Clusters::Applications::Ingress::MODSECURITY_LOG_CONTAINER_NAME}*.log" } - let(:cilium_log_path) { "/var/log/containers/*#{described_class::CILIUM_CONTAINER_NAME}*.log" } - - subject { fluentd.values } - - context 'with both logs variables set to false' do - let(:waf_log_enabled) { false } - let(:cilium_log_enabled) { false } - - it "raises ActiveRecord::RecordInvalid" do - expect {subject}.to raise_error(ActiveRecord::RecordInvalid) - end - end - - context 'with both logs variables set to true' do - it { is_expected.to include("#{modsecurity_log_path},#{cilium_log_path}") } - end - - context 'with waf_log_enabled set to true' do - let(:cilium_log_enabled) { false } - - it { is_expected.to include(modsecurity_log_path) } - end - - context 'with cilium_log_enabled set to true' do - let(:waf_log_enabled) { false } - - it { is_expected.to include(cilium_log_path) } - end - end -end diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb index 1bc1a4343aa..e16d97c42d9 100644 --- a/spec/models/clusters/applications/ingress_spec.rb +++ b/spec/models/clusters/applications/ingress_spec.rb @@ -172,94 +172,4 @@ RSpec.describe Clusters::Applications::Ingress do expect(values).to include('clusterIP') end end - - describe '#values' do - subject { ingress } - - context 'when modsecurity_enabled is enabled' do - before do - allow(subject).to receive(:modsecurity_enabled).and_return(true) - end - - it 'includes modsecurity module enablement' do - expect(subject.values).to include("enable-modsecurity: 'true'") - end - - it 'includes modsecurity core ruleset enablement set to false' do - expect(subject.values).to include("enable-owasp-modsecurity-crs: 'false'") - end - - it 'includes modsecurity snippet with information related to security rules' do - expect(subject.values).to include("SecRuleEngine DetectionOnly") - expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}") - end - - context 'when modsecurity_mode is set to :blocking' do - before do - subject.blocking! - end - - it 'includes modsecurity snippet with information related to security rules' do - expect(subject.values).to include("SecRuleEngine On") - expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}") - end - end - - it 'includes modsecurity.conf content' do - expect(subject.values).to include('modsecurity.conf') - # Includes file content from Ingress#modsecurity_config_content - expect(subject.values).to include('SecAuditLog') - - expect(subject.values).to include('extraVolumes') - expect(subject.values).to include('extraVolumeMounts') - end - - it 'includes modsecurity sidecar container' do - expect(subject.values).to include('modsecurity-log-volume') - - expect(subject.values).to include('extraContainers') - end - - it 'executes command to tail modsecurity logs with -F option' do - args = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'args') - - expect(args).to eq(['/bin/sh', '-c', 'tail -F /var/log/modsec/audit.log']) - end - - it 'includes livenessProbe for modsecurity sidecar container' do - probe_config = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'livenessProbe') - - expect(probe_config).to eq('exec' => { 'command' => ['ls', '/var/log/modsec/audit.log'] }) - end - end - - context 'when modsecurity_enabled is disabled' do - before do - allow(subject).to receive(:modsecurity_enabled).and_return(false) - end - - it 'excludes modsecurity module enablement' do - expect(subject.values).not_to include('enable-modsecurity') - end - - it 'excludes modsecurity core ruleset enablement' do - expect(subject.values).not_to include('enable-owasp-modsecurity-crs') - end - - it 'excludes modsecurity.conf content' do - expect(subject.values).not_to include('modsecurity.conf') - # Excludes file content from Ingress#modsecurity_config_content - expect(subject.values).not_to include('SecAuditLog') - - expect(subject.values).not_to include('extraVolumes') - expect(subject.values).not_to include('extraVolumeMounts') - end - - it 'excludes modsecurity sidecar container' do - expect(subject.values).not_to include('modsecurity-log-volume') - - expect(subject.values).not_to include('extraContainers') - end - end - end end |