diff options
author | Tiger <twatson@gitlab.com> | 2019-02-07 15:56:08 +1100 |
---|---|---|
committer | Tiger <twatson@gitlab.com> | 2019-02-08 10:05:05 +1100 |
commit | 73e5d3a2693d0469fdad925c398b6c464803c4b3 (patch) | |
tree | 16c20ef1d87b437e5a62ef041cb02772e489942b /spec/models/clusters/platforms | |
parent | 2cea4fd067e2b78600b93202e0e71b58bccbe3d1 (diff) | |
download | gitlab-ce-73e5d3a2693d0469fdad925c398b6c464803c4b3.tar.gz |
Validate kubernetes cluster CA certificate55447-validate-k8s-ca-cert
No certificate is still accepted, but if one is provided it must
be valid. Only run validation if the certificate has changed to
avoid making existing records invalid.
Diffstat (limited to 'spec/models/clusters/platforms')
-rw-r--r-- | spec/models/clusters/platforms/kubernetes_spec.rb | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/spec/models/clusters/platforms/kubernetes_spec.rb b/spec/models/clusters/platforms/kubernetes_spec.rb index 6c8a223092e..ce8269d8024 100644 --- a/spec/models/clusters/platforms/kubernetes_spec.rb +++ b/spec/models/clusters/platforms/kubernetes_spec.rb @@ -114,6 +114,36 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching end end + context 'ca_cert' do + let(:kubernetes) { build(:cluster_platform_kubernetes, ca_pem: ca_pem) } + + context 'with a valid certificate' do + let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) } + + it { is_expected.to be_truthy } + end + + context 'with an invalid certificate' do + let(:ca_pem) { "invalid" } + + it { is_expected.to be_falsey } + + context 'but the certificate is not being updated' do + before do + allow(kubernetes).to receive(:ca_cert_changed?).and_return(false) + end + + it { is_expected.to be_truthy } + end + end + + context 'with no certificate' do + let(:ca_pem) { "" } + + it { is_expected.to be_truthy } + end + end + describe 'when using reserved namespaces' do subject { build(:cluster_platform_kubernetes, namespace: namespace) } @@ -202,7 +232,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching let!(:cluster) { create(:cluster, :project, platform_kubernetes: kubernetes) } let(:kubernetes) { create(:cluster_platform_kubernetes, api_url: api_url, ca_cert: ca_pem) } let(:api_url) { 'https://kube.domain.com' } - let(:ca_pem) { 'CA PEM DATA' } + let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) } subject { kubernetes.predefined_variables(project: cluster.project) } |