Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-01 03:06:26 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-01 03:06:26 +0000
commit: 56d96ad7fab4d4b95f5529d8080b3cc2873794a0 (patch)
tree: 7fe93fc8ff4d82d815000781ffb9c98d7259211a /spec/services/clusters/aws/fetch_credentials_service_spec.rb
parent: 8078bd185fd9fce86cb5a8d9a6b6209e0c23ae44 (diff)
download: gitlab-ce-56d96ad7fab4d4b95f5529d8080b3cc2873794a0.tar.gz
1 files changed, 65 insertions, 0 deletions
diff --git a/spec/services/clusters/aws/fetch_credentials_service_spec.rb b/spec/services/clusters/aws/fetch_credentials_service_spec.rb
new file mode 100644
index 00000000000..6476130ab32
--- /dev/null
+++ b/spec/services/clusters/aws/fetch_credentials_service_spec.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Clusters::Aws::FetchCredentialsService do
+  describe '#execute' do
+    let(:provider) { create(:cluster_provider_aws) }
+
+    let(:gitlab_access_key_id) { 'gitlab-access-key-id' }
+    let(:gitlab_secret_access_key) { 'gitlab-secret-access-key' }
+
+    let(:gitlab_credentials) { Aws::Credentials.new(gitlab_access_key_id, gitlab_secret_access_key) }
+    let(:sts_client) { Aws::STS::Client.new(credentials: gitlab_credentials, region: provider.region) }
+    let(:assumed_role) { instance_double(Aws::AssumeRoleCredentials, credentials: assumed_role_credentials) }
+
+    let(:kubernetes_provisioner_settings) do
+      {
+        aws: {
+          access_key_id: gitlab_access_key_id,
+          secret_access_key: gitlab_secret_access_key
+        }
+      }
+    end
+
+    let(:assumed_role_credentials) { double }
+
+    subject { described_class.new(provider).execute }
+
+    context 'provision role is configured' do
+      let(:provision_role) { create(:aws_role, user: provider.created_by_user) }
+
+      before do
+        stub_config(kubernetes: { provisioners: kubernetes_provisioner_settings })
+
+        expect(Aws::Credentials).to receive(:new)
+          .with(gitlab_access_key_id, gitlab_secret_access_key)
+          .and_return(gitlab_credentials)
+
+        expect(Aws::STS::Client).to receive(:new)
+          .with(credentials: gitlab_credentials, region: provider.region)
+          .and_return(sts_client)
+
+        expect(Aws::AssumeRoleCredentials).to receive(:new)
+          .with(
+            client: sts_client,
+            role_arn: provision_role.role_arn,
+            role_session_name: "gitlab-eks-cluster-#{provider.cluster_id}-user-#{provider.created_by_user_id}",
+            external_id: provision_role.role_external_id
+          ).and_return(assumed_role)
+      end
+
+      it { is_expected.to eq assumed_role_credentials }
+    end
+
+    context 'provision role is not configured' do
+      before do
+        expect(provider.created_by_user.aws_role).to be_nil
+      end
+
+      it 'raises an error' do
+        expect { subject }.to raise_error(described_class::MissingRoleError, 'AWS provisioning role not configured')
+      end
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-01 03:06:26 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-01 03:06:26 +0000
commit	56d96ad7fab4d4b95f5529d8080b3cc2873794a0 (patch)
tree	7fe93fc8ff4d82d815000781ffb9c98d7259211a /spec/services/clusters/aws/fetch_credentials_service_spec.rb
parent	8078bd185fd9fce86cb5a8d9a6b6209e0c23ae44 (diff)
download	gitlab-ce-56d96ad7fab4d4b95f5529d8080b3cc2873794a0.tar.gz