Validate kubernetes cluster CA certificate55447-validate-k8s-ca-cert

No certificate is still accepted, but if one is provided it must be valid. Only run validation if the certificate has changed to avoid making existing records invalid.
author: Tiger <twatson@gitlab.com> 2019-02-07 15:56:08 +1100
committer: Tiger <twatson@gitlab.com> 2019-02-08 10:05:05 +1100
commit: 73e5d3a2693d0469fdad925c398b6c464803c4b3 (patch)
tree: 16c20ef1d87b437e5a62ef041cb02772e489942b /spec/models/clusters/platforms
parent: 2cea4fd067e2b78600b93202e0e71b58bccbe3d1 (diff)
download: gitlab-ce-73e5d3a2693d0469fdad925c398b6c464803c4b3.tar.gz
1 files changed, 31 insertions, 1 deletions
diff --git a/spec/models/clusters/platforms/kubernetes_spec.rb b/spec/models/clusters/platforms/kubernetes_spec.rb
index 6c8a223092e..ce8269d8024 100644
--- a/spec/models/clusters/platforms/kubernetes_spec.rb
+++ b/spec/models/clusters/platforms/kubernetes_spec.rb
@@ -114,6 +114,36 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
       end
     end
 
+    context 'ca_cert' do
+      let(:kubernetes) { build(:cluster_platform_kubernetes, ca_pem: ca_pem) }
+
+      context 'with a valid certificate' do
+        let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) }
+
+        it { is_expected.to be_truthy }
+      end
+
+      context 'with an invalid certificate' do
+        let(:ca_pem) { "invalid" }
+
+        it { is_expected.to be_falsey }
+
+        context 'but the certificate is not being updated' do
+          before do
+            allow(kubernetes).to receive(:ca_cert_changed?).and_return(false)
+          end
+
+          it { is_expected.to be_truthy }
+        end
+      end
+
+      context 'with no certificate' do
+        let(:ca_pem) { "" }
+
+        it { is_expected.to be_truthy }
+      end
+    end
+
     describe 'when using reserved namespaces' do
       subject { build(:cluster_platform_kubernetes, namespace: namespace) }
 
@@ -202,7 +232,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
     let!(:cluster) { create(:cluster, :project, platform_kubernetes: kubernetes) }
     let(:kubernetes) { create(:cluster_platform_kubernetes, api_url: api_url, ca_cert: ca_pem) }
     let(:api_url) { 'https://kube.domain.com' }
-    let(:ca_pem) { 'CA PEM DATA' }
+    let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/sample_cert.pem')) }
 
     subject { kubernetes.predefined_variables(project: cluster.project) }
author	Tiger <twatson@gitlab.com>	2019-02-07 15:56:08 +1100
committer	Tiger <twatson@gitlab.com>	2019-02-08 10:05:05 +1100
commit	73e5d3a2693d0469fdad925c398b6c464803c4b3 (patch)
tree	16c20ef1d87b437e5a62ef041cb02772e489942b /spec/models/clusters/platforms
parent	2cea4fd067e2b78600b93202e0e71b58bccbe3d1 (diff)
download	gitlab-ce-73e5d3a2693d0469fdad925c398b6c464803c4b3.tar.gz