diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2018-09-07 18:06:02 +1200 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 16:26:51 +1200 |
| commit | 577c79bb58ae80f4d7aef55e76bfeff67a1cfc45 (patch) | |
| tree | 76524765c74f5a4477b7ce5378e3ff9faf14f627 /spec/services/clusters/gcp/finalize_creation_service_spec.rb | |
| parent | c9af170d9aeeb39dbb41a99c00402beb384da0e9 (diff) | |
| download | gitlab-ce-577c79bb58ae80f4d7aef55e76bfeff67a1cfc45.tar.gz | |
ABAC: fetch default service account token; RBAC: fetch gitlab service acount token
Keeps existing behaviour for ABAC cluster
Diffstat (limited to 'spec/services/clusters/gcp/finalize_creation_service_spec.rb')
| -rw-r--r-- | spec/services/clusters/gcp/finalize_creation_service_spec.rb | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/spec/services/clusters/gcp/finalize_creation_service_spec.rb b/spec/services/clusters/gcp/finalize_creation_service_spec.rb index eede10b55c6..278ba795042 100644 --- a/spec/services/clusters/gcp/finalize_creation_service_spec.rb +++ b/spec/services/clusters/gcp/finalize_creation_service_spec.rb @@ -52,13 +52,14 @@ describe Clusters::Gcp::FinalizeCreationService do end context 'when suceeded to fetch kuberenetes token' do + let(:secret_name) { 'default-token-Y1a' } let(:token) { 'sample-token' } before do stub_kubeclient_get_secrets( api_url, { - metadata_name: 'gitlab-token-Y1a', + metadata_name: secret_name, token: Base64.encode64(token) } ) end @@ -81,6 +82,8 @@ describe Clusters::Gcp::FinalizeCreationService do end context 'rbac_clusters feature enabled' do + let(:secret_name) { 'gitlab-token-Y1a' } + before do stub_feature_flags(rbac_clusters: true) stub_kubeclient_create_service_account(api_url) @@ -106,20 +109,44 @@ describe Clusters::Gcp::FinalizeCreationService do end end - context 'when default-token is not found' do + context 'when no matching token is found' do before do - stub_kubeclient_get_secrets(api_url, metadata_name: 'aaaa') + stub_kubeclient_get_secrets(api_url, metadata_name: 'not-default-not-gitlab') end it_behaves_like 'error' + + context 'rbac_clusters feature enabled' do + before do + stub_feature_flags(rbac_clusters: true) + stub_kubeclient_create_service_account(api_url) + stub_kubeclient_create_cluster_role_binding(api_url) + end + + it_behaves_like 'error' + end end context 'when token is empty' do + let(:secret_name) { 'default-token-123' } + before do - stub_kubeclient_get_secrets(api_url, token: '') + stub_kubeclient_get_secrets(api_url, token: '', metadata_name: secret_name) end it_behaves_like 'error' + + context 'rbac_clusters feature enabled' do + let(:secret_name) { 'gitlab-token-321' } + + before do + stub_feature_flags(rbac_clusters: true) + stub_kubeclient_create_service_account(api_url) + stub_kubeclient_create_cluster_role_binding(api_url) + end + + it_behaves_like 'error' + end end context 'when failed to fetch kuberenetes token' do @@ -128,6 +155,16 @@ describe Clusters::Gcp::FinalizeCreationService do end it_behaves_like 'error' + + context 'rbac_clusters feature enabled' do + before do + stub_feature_flags(rbac_clusters: true) + stub_kubeclient_create_service_account(api_url) + stub_kubeclient_create_cluster_role_binding(api_url) + end + + it_behaves_like 'error' + end end end |