diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 18:25:58 +0000 |
commit | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch) | |
tree | fb69158581673816a8cd895f9d352dcb3c678b1e /spec/models/clusters | |
parent | d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff) | |
download | gitlab-ce-a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4.tar.gz |
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to 'spec/models/clusters')
-rw-r--r-- | spec/models/clusters/applications/fluentd_spec.rb | 84 | ||||
-rw-r--r-- | spec/models/clusters/applications/ingress_spec.rb | 90 | ||||
-rw-r--r-- | spec/models/clusters/cluster_spec.rb | 96 | ||||
-rw-r--r-- | spec/models/clusters/clusters_hierarchy_spec.rb | 8 |
4 files changed, 22 insertions, 256 deletions
diff --git a/spec/models/clusters/applications/fluentd_spec.rb b/spec/models/clusters/applications/fluentd_spec.rb deleted file mode 100644 index ccdf6b0e40d..00000000000 --- a/spec/models/clusters/applications/fluentd_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Clusters::Applications::Fluentd do - let(:waf_log_enabled) { true } - let(:cilium_log_enabled) { true } - let(:fluentd) { create(:clusters_applications_fluentd, waf_log_enabled: waf_log_enabled, cilium_log_enabled: cilium_log_enabled) } - - include_examples 'cluster application core specs', :clusters_applications_fluentd - include_examples 'cluster application status specs', :clusters_applications_fluentd - include_examples 'cluster application version specs', :clusters_applications_fluentd - include_examples 'cluster application initial status specs' - - describe '#can_uninstall?' do - subject { fluentd.can_uninstall? } - - it { is_expected.to be true } - end - - describe '#install_command' do - subject { fluentd.install_command } - - it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::V3::InstallCommand) } - - it 'is initialized with fluentd arguments' do - expect(subject.name).to eq('fluentd') - expect(subject.chart).to eq('fluentd/fluentd') - expect(subject.version).to eq('2.4.0') - expect(subject).to be_rbac - end - - context 'application failed to install previously' do - let(:fluentd) { create(:clusters_applications_fluentd, :errored, version: '0.0.1') } - - it 'is initialized with the locked version' do - expect(subject.version).to eq('2.4.0') - end - end - end - - describe '#files' do - let(:application) { fluentd } - let(:values) { subject[:'values.yaml'] } - - subject { application.files } - - it 'includes fluentd specific keys in the values.yaml file' do - expect(values).to include('output.conf', 'general.conf') - end - end - - describe '#values' do - let(:modsecurity_log_path) { "/var/log/containers/*#{Clusters::Applications::Ingress::MODSECURITY_LOG_CONTAINER_NAME}*.log" } - let(:cilium_log_path) { "/var/log/containers/*#{described_class::CILIUM_CONTAINER_NAME}*.log" } - - subject { fluentd.values } - - context 'with both logs variables set to false' do - let(:waf_log_enabled) { false } - let(:cilium_log_enabled) { false } - - it "raises ActiveRecord::RecordInvalid" do - expect {subject}.to raise_error(ActiveRecord::RecordInvalid) - end - end - - context 'with both logs variables set to true' do - it { is_expected.to include("#{modsecurity_log_path},#{cilium_log_path}") } - end - - context 'with waf_log_enabled set to true' do - let(:cilium_log_enabled) { false } - - it { is_expected.to include(modsecurity_log_path) } - end - - context 'with cilium_log_enabled set to true' do - let(:waf_log_enabled) { false } - - it { is_expected.to include(cilium_log_path) } - end - end -end diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb index 1bc1a4343aa..e16d97c42d9 100644 --- a/spec/models/clusters/applications/ingress_spec.rb +++ b/spec/models/clusters/applications/ingress_spec.rb @@ -172,94 +172,4 @@ RSpec.describe Clusters::Applications::Ingress do expect(values).to include('clusterIP') end end - - describe '#values' do - subject { ingress } - - context 'when modsecurity_enabled is enabled' do - before do - allow(subject).to receive(:modsecurity_enabled).and_return(true) - end - - it 'includes modsecurity module enablement' do - expect(subject.values).to include("enable-modsecurity: 'true'") - end - - it 'includes modsecurity core ruleset enablement set to false' do - expect(subject.values).to include("enable-owasp-modsecurity-crs: 'false'") - end - - it 'includes modsecurity snippet with information related to security rules' do - expect(subject.values).to include("SecRuleEngine DetectionOnly") - expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}") - end - - context 'when modsecurity_mode is set to :blocking' do - before do - subject.blocking! - end - - it 'includes modsecurity snippet with information related to security rules' do - expect(subject.values).to include("SecRuleEngine On") - expect(subject.values).to include("Include #{described_class::MODSECURITY_OWASP_RULES_FILE}") - end - end - - it 'includes modsecurity.conf content' do - expect(subject.values).to include('modsecurity.conf') - # Includes file content from Ingress#modsecurity_config_content - expect(subject.values).to include('SecAuditLog') - - expect(subject.values).to include('extraVolumes') - expect(subject.values).to include('extraVolumeMounts') - end - - it 'includes modsecurity sidecar container' do - expect(subject.values).to include('modsecurity-log-volume') - - expect(subject.values).to include('extraContainers') - end - - it 'executes command to tail modsecurity logs with -F option' do - args = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'args') - - expect(args).to eq(['/bin/sh', '-c', 'tail -F /var/log/modsec/audit.log']) - end - - it 'includes livenessProbe for modsecurity sidecar container' do - probe_config = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'livenessProbe') - - expect(probe_config).to eq('exec' => { 'command' => ['ls', '/var/log/modsec/audit.log'] }) - end - end - - context 'when modsecurity_enabled is disabled' do - before do - allow(subject).to receive(:modsecurity_enabled).and_return(false) - end - - it 'excludes modsecurity module enablement' do - expect(subject.values).not_to include('enable-modsecurity') - end - - it 'excludes modsecurity core ruleset enablement' do - expect(subject.values).not_to include('enable-owasp-modsecurity-crs') - end - - it 'excludes modsecurity.conf content' do - expect(subject.values).not_to include('modsecurity.conf') - # Excludes file content from Ingress#modsecurity_config_content - expect(subject.values).not_to include('SecAuditLog') - - expect(subject.values).not_to include('extraVolumes') - expect(subject.values).not_to include('extraVolumeMounts') - end - - it 'excludes modsecurity sidecar container' do - expect(subject.values).not_to include('modsecurity-log-volume') - - expect(subject.values).not_to include('extraContainers') - end - end - end end diff --git a/spec/models/clusters/cluster_spec.rb b/spec/models/clusters/cluster_spec.rb index b2ed64fd9b0..278e200b05c 100644 --- a/spec/models/clusters/cluster_spec.rb +++ b/spec/models/clusters/cluster_spec.rb @@ -42,7 +42,8 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do it { is_expected.to delegate_method(:available?).to(:application_helm).with_prefix } it { is_expected.to delegate_method(:available?).to(:application_ingress).with_prefix } it { is_expected.to delegate_method(:available?).to(:application_knative).with_prefix } - it { is_expected.to delegate_method(:available?).to(:application_elastic_stack).with_prefix } + it { is_expected.to delegate_method(:available?).to(:integration_elastic_stack).with_prefix } + it { is_expected.to delegate_method(:available?).to(:integration_prometheus).with_prefix } it { is_expected.to delegate_method(:external_ip).to(:application_ingress).with_prefix } it { is_expected.to delegate_method(:external_hostname).to(:application_ingress).with_prefix } @@ -195,28 +196,6 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do end end - describe '.with_enabled_modsecurity' do - subject { described_class.with_enabled_modsecurity } - - let_it_be(:cluster) { create(:cluster) } - - context 'cluster has ingress application with enabled modsecurity' do - let!(:application) { create(:clusters_applications_ingress, :installed, :modsecurity_logging, cluster: cluster) } - - it { is_expected.to include(cluster) } - end - - context 'cluster has ingress application with disabled modsecurity' do - let!(:application) { create(:clusters_applications_ingress, :installed, :modsecurity_disabled, cluster: cluster) } - - it { is_expected.not_to include(cluster) } - end - - context 'cluster does not have ingress application' do - it { is_expected.not_to include(cluster) } - end - end - describe '.with_available_elasticstack' do subject { described_class.with_available_elasticstack } @@ -1042,7 +1021,6 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do where(:status_name, :cleanup_status) do provider_status | :cleanup_not_started - :cleanup_ongoing | :cleanup_uninstalling_applications :cleanup_ongoing | :cleanup_removing_project_namespaces :cleanup_ongoing | :cleanup_removing_service_account :cleanup_errored | :cleanup_errored @@ -1098,8 +1076,8 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do end describe '#start_cleanup!' do - let(:expected_worker_class) { Clusters::Cleanup::AppWorker } - let(:to_state) { :cleanup_uninstalling_applications } + let(:expected_worker_class) { Clusters::Cleanup::ProjectNamespaceWorker } + let(:to_state) { :cleanup_removing_project_namespaces } subject { cluster.start_cleanup! } @@ -1137,25 +1115,13 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do end describe '#continue_cleanup!' do - context 'when cleanup_status is cleanup_uninstalling_applications' do - let(:expected_worker_class) { Clusters::Cleanup::ProjectNamespaceWorker } - let(:from_state) { :cleanup_uninstalling_applications } - let(:to_state) { :cleanup_removing_project_namespaces } - - subject { cluster.continue_cleanup! } + let(:expected_worker_class) { Clusters::Cleanup::ServiceAccountWorker } + let(:from_state) { :cleanup_removing_project_namespaces } + let(:to_state) { :cleanup_removing_service_account } - it_behaves_like 'cleanup_status transition' - end - - context 'when cleanup_status is cleanup_removing_project_namespaces' do - let(:expected_worker_class) { Clusters::Cleanup::ServiceAccountWorker } - let(:from_state) { :cleanup_removing_project_namespaces } - let(:to_state) { :cleanup_removing_service_account } + subject { cluster.continue_cleanup! } - subject { cluster.continue_cleanup! } - - it_behaves_like 'cleanup_status transition' - end + it_behaves_like 'cleanup_status transition' end end @@ -1349,45 +1315,23 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do end end - describe '#application_prometheus_available?' do + describe '#integration_prometheus_available?' do let_it_be_with_reload(:cluster) { create(:cluster, :project) } - subject { cluster.application_prometheus_available? } + subject { cluster.integration_prometheus_available? } it { is_expected.to be_falsey } - context 'has a integration_prometheus' do - let_it_be(:integration) { create(:clusters_integrations_prometheus, cluster: cluster) } + context 'when integration is enabled' do + let!(:integration) { create(:clusters_integrations_prometheus, cluster: cluster) } it { is_expected.to be_truthy } - - context 'disabled' do - before do - cluster.integration_prometheus.enabled = false - end - - it { is_expected.to be_falsey } - end end - context 'has a application_prometheus' do - let_it_be(:application) { create(:clusters_applications_prometheus, :installed, :no_helm_installed, cluster: cluster) } + context 'when integration is disabled' do + let!(:integration) { create(:clusters_integrations_prometheus, enabled: false, cluster: cluster) } - it { is_expected.to be_truthy } - - context 'errored' do - before do - cluster.application_prometheus.status = Clusters::Applications::Prometheus.state_machines[:status].states[:errored] - end - - it { is_expected.to be_falsey } - end - - context 'also has a integration_prometheus' do - let_it_be(:integration) { create(:clusters_integrations_prometheus, cluster: cluster) } - - it { is_expected.to be_truthy } - end + it { is_expected.to be_falsey } end end @@ -1398,7 +1342,7 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do expect(cluster.prometheus_adapter).to be_nil end - context 'has a integration_prometheus' do + context 'has integration_prometheus' do let_it_be(:integration) { create(:clusters_integrations_prometheus, cluster: cluster) } it 'returns the integration' do @@ -1406,11 +1350,11 @@ RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do end end - context 'has a application_prometheus' do + context 'has application_prometheus' do let_it_be(:application) { create(:clusters_applications_prometheus, :no_helm_installed, cluster: cluster) } - it 'returns the application' do - expect(cluster.prometheus_adapter).to eq(application) + it 'returns nil' do + expect(cluster.prometheus_adapter).to be_nil end context 'also has a integration_prometheus' do diff --git a/spec/models/clusters/clusters_hierarchy_spec.rb b/spec/models/clusters/clusters_hierarchy_spec.rb index 5ac561eb2d0..5dd2fe98352 100644 --- a/spec/models/clusters/clusters_hierarchy_spec.rb +++ b/spec/models/clusters/clusters_hierarchy_spec.rb @@ -4,8 +4,8 @@ require 'spec_helper' RSpec.describe Clusters::ClustersHierarchy do describe '#base_and_ancestors' do - def base_and_ancestors(clusterable, include_management_project: true) - described_class.new(clusterable, include_management_project: include_management_project).base_and_ancestors + def base_and_ancestors(clusterable) + described_class.new(clusterable).base_and_ancestors end context 'project in nested group with clusters at every level' do @@ -101,10 +101,6 @@ RSpec.describe Clusters::ClustersHierarchy do expect(base_and_ancestors(management_project)).to eq([ancestor, child]) end - it 'returns clusters for management_project' do - expect(base_and_ancestors(management_project, include_management_project: false)).to eq([child, ancestor]) - end - it 'returns clusters for project' do expect(base_and_ancestors(project)).to eq([child, ancestor]) end |