Modify service so that it can be re-run

If the service fails mid-point, then we should be able to re-run this
service. So, detect presence of any previously created Kubernetes
resource and update or create accordingly.

Fix specs accordingly. In the case of finalize_creation_service_spec.rb,
I decided to stub out the async worker rather than maintaining
individual stubs for various kubeclient calls for that worker.

Also add test cases for group clusters

3 files changed, 91 insertions, 81 deletions

diff --git a/spec/services/clusters/gcp/finalize_creation_service_spec.rb b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
index cb8f4bd32c8..d69678c1277 100644
--- a/spec/services/clusters/gcp/finalize_creation_service_spec.rb
+++ b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
@@ -19,6 +19,10 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
 
   subject { described_class.new.execute(provider) }
 
+  before do
+    allow(ClusterPlatformConfigureWorker).to receive(:perform_async)
+  end
+
   shared_examples 'success' do
     it 'configures provider and kubernetes' do
       subject
@@ -39,16 +43,6 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
       expect(platform.token).to eq(token)
     end
 
-    it 'creates kubernetes namespace model' do
-      subject
-
-      kubernetes_namespace = cluster.reload.kubernetes_namespace
-      expect(kubernetes_namespace).to be_persisted
-      expect(kubernetes_namespace.namespace).to eq(namespace)
-      expect(kubernetes_namespace.service_account_name).to eq("#{namespace}-service-account")
-      expect(kubernetes_namespace.service_account_token).to be_present
-    end
-
     it 'calls ClusterPlatformConfigureWorker in a ascync fashion' do
       expect(ClusterPlatformConfigureWorker).to receive(:perform_async).with(cluster.id)
 
@@ -110,8 +104,10 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
       stub_kubeclient_discover(api_url)
       stub_kubeclient_get_namespace(api_url)
       stub_kubeclient_create_namespace(api_url)
+      stub_kubeclient_get_service_account_error(api_url, 'gitlab')
       stub_kubeclient_create_service_account(api_url)
       stub_kubeclient_create_secret(api_url)
+      stub_kubeclient_put_secret(api_url, 'gitlab-token')
 
       stub_kubeclient_get_secret(
         api_url,
@@ -121,19 +117,6 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
           namespace: 'default'
         }
       )
-
-      stub_kubeclient_get_namespace(api_url, namespace: namespace)
-      stub_kubeclient_create_service_account(api_url, namespace: namespace)
-      stub_kubeclient_create_secret(api_url, namespace: namespace)
-
-      stub_kubeclient_get_secret(
-        api_url,
-        {
-          metadata_name: "#{namespace}-token",
-          token: Base64.encode64(token),
-          namespace: namespace
-        }
-      )
     end
   end
 
@@ -161,8 +144,8 @@ describe Clusters::Gcp::FinalizeCreationService, '#execute' do
     before do
       provider.legacy_abac = false
 
+      stub_kubeclient_get_cluster_role_binding_error(api_url, 'gitlab-admin')
       stub_kubeclient_create_cluster_role_binding(api_url)
-      stub_kubeclient_create_role_binding(api_url, namespace: namespace)
     end
 
     include_context 'kubernetes information successfully fetched'
diff --git a/spec/services/clusters/gcp/kubernetes/create_or_update_namespace_service_spec.rb b/spec/services/clusters/gcp/kubernetes/create_or_update_namespace_service_spec.rb
index 661364ac765..62a5c26d908 100644
--- a/spec/services/clusters/gcp/kubernetes/create_or_update_namespace_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/create_or_update_namespace_service_spec.rb
@@ -10,6 +10,7 @@ describe Clusters::Gcp::Kubernetes::CreateOrUpdateNamespaceService, '#execute' d
   let(:api_url) { 'https://kubernetes.example.com' }
   let(:project) { cluster.project }
   let(:cluster_project) { cluster.cluster_project }
+  let(:namespace) { "#{project.path}-#{project.id}" }
 
   subject do
     described_class.new(
@@ -18,40 +19,31 @@ describe Clusters::Gcp::Kubernetes::CreateOrUpdateNamespaceService, '#execute' d
     ).execute
   end
 
-  shared_context 'kubernetes requests' do
-    before do
-      stub_kubeclient_discover(api_url)
-      stub_kubeclient_get_namespace(api_url)
-      stub_kubeclient_create_service_account(api_url)
-      stub_kubeclient_create_secret(api_url)
-
-      stub_kubeclient_get_namespace(api_url, namespace: namespace)
-      stub_kubeclient_create_service_account(api_url, namespace: namespace)
-      stub_kubeclient_create_secret(api_url, namespace: namespace)
-
-      stub_kubeclient_get_secret(
-        api_url,
-        {
-          metadata_name: "#{namespace}-token",
-          token: Base64.encode64('sample-token'),
-          namespace: namespace
-        }
-      )
-    end
+  before do
+    stub_kubeclient_discover(api_url)
+    stub_kubeclient_get_namespace(api_url)
+    stub_kubeclient_get_service_account_error(api_url, 'gitlab')
+    stub_kubeclient_create_service_account(api_url)
+    stub_kubeclient_get_secret_error(api_url, 'gitlab-token')
+    stub_kubeclient_create_secret(api_url)
+
+    stub_kubeclient_get_namespace(api_url, namespace: namespace)
+    stub_kubeclient_get_service_account_error(api_url, "#{namespace}-service-account", namespace: namespace)
+    stub_kubeclient_create_service_account(api_url, namespace: namespace)
+    stub_kubeclient_create_secret(api_url, namespace: namespace)
+    stub_kubeclient_put_secret(api_url, "#{namespace}-token", namespace: namespace)
+
+    stub_kubeclient_get_secret(
+      api_url,
+      {
+        metadata_name: "#{namespace}-token",
+        token: Base64.encode64('sample-token'),
+        namespace: namespace
+      }
+    )
   end
 
-  context 'when kubernetes namespace is not persisted' do
-    let(:namespace) { "#{project.path}-#{project.id}" }
-
-    let(:kubernetes_namespace) do
-      create(:cluster_kubernetes_namespace,
-            cluster: cluster,
-            project: cluster_project.project,
-            cluster_project: cluster_project)
-    end
-
-    include_context 'kubernetes requests'
-
+  shared_examples 'successful creation of kubernetes namespace' do
     it 'creates a Clusters::KubernetesNamespace' do
       expect do
         subject
@@ -74,42 +66,69 @@ describe Clusters::Gcp::Kubernetes::CreateOrUpdateNamespaceService, '#execute' d
     end
   end
 
-  context 'when there is a Kubernetes Namespace associated' do
-    let(:namespace) { 'new-namespace' }
+  context 'group clusters' do
+    let(:cluster) { create(:cluster, :group, :provided_by_gcp) }
+    let(:group) { cluster.group }
+    let(:project) { create(:project, group: group) }
+
+    context 'when kubernetes namespace is not persisted' do
+      let(:kubernetes_namespace) do
+        build(:cluster_kubernetes_namespace,
+              cluster: cluster,
+              project: project)
+      end
 
-    let(:kubernetes_namespace) do
-      create(:cluster_kubernetes_namespace,
-             cluster: cluster,
-             project: cluster_project.project,
-             cluster_project: cluster_project)
+      it_behaves_like 'successful creation of kubernetes namespace'
     end
+  end
 
-    include_context 'kubernetes requests'
+  context 'project clusters' do
+    context 'when kubernetes namespace is not persisted' do
+      let(:kubernetes_namespace) do
+        build(:cluster_kubernetes_namespace,
+              cluster: cluster,
+              project: cluster_project.project,
+              cluster_project: cluster_project)
+      end
 
-    before do
-      platform.update_column(:namespace, 'new-namespace')
+      it_behaves_like 'successful creation of kubernetes namespace'
     end
 
-    it 'does not create any Clusters::KubernetesNamespace' do
-      subject
+    context 'when there is a Kubernetes Namespace associated' do
+      let(:namespace) { 'new-namespace' }
 
-      expect(cluster.kubernetes_namespace).to eq(kubernetes_namespace)
-    end
+      let(:kubernetes_namespace) do
+        create(:cluster_kubernetes_namespace,
+               cluster: cluster,
+               project: cluster_project.project,
+               cluster_project: cluster_project)
+      end
 
-    it 'creates project service account' do
-      expect_any_instance_of(Clusters::Gcp::Kubernetes::CreateServiceAccountService).to receive(:execute).once
+      before do
+        platform.update_column(:namespace, 'new-namespace')
+      end
 
-      subject
-    end
+      it 'does not create any Clusters::KubernetesNamespace' do
+        subject
 
-    it 'updates Clusters::KubernetesNamespace' do
-      subject
+        expect(cluster.kubernetes_namespace).to eq(kubernetes_namespace)
+      end
 
-      kubernetes_namespace.reload
+      it 'creates project service account' do
+        expect_any_instance_of(Clusters::Gcp::Kubernetes::CreateServiceAccountService).to receive(:execute).once
 
-      expect(kubernetes_namespace.namespace).to eq(namespace)
-      expect(kubernetes_namespace.service_account_name).to eq("#{namespace}-service-account")
-      expect(kubernetes_namespace.encrypted_service_account_token).to be_present
+        subject
+      end
+
+      it 'updates Clusters::KubernetesNamespace' do
+        subject
+
+        kubernetes_namespace.reload
+
+        expect(kubernetes_namespace.namespace).to eq(namespace)
+        expect(kubernetes_namespace.service_account_name).to eq("#{namespace}-service-account")
+        expect(kubernetes_namespace.encrypted_service_account_token).to be_present
+      end
     end
   end
 end
diff --git a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
index 588edff85d4..647050f6ad1 100644
--- a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
@@ -55,7 +55,11 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
   before do
     stub_kubeclient_discover(api_url)
     stub_kubeclient_get_namespace(api_url, namespace: namespace)
-    stub_kubeclient_create_service_account(api_url, namespace: namespace )
+
+    stub_kubeclient_get_service_account_error(api_url, service_account_name, namespace: namespace)
+    stub_kubeclient_create_service_account(api_url, namespace: namespace)
+
+    stub_kubeclient_get_secret_error(api_url, token_name, namespace: namespace)
     stub_kubeclient_create_secret(api_url, namespace: namespace)
   end
 
@@ -74,10 +78,12 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
 
     context 'with RBAC cluster' do
       let(:rbac) { true }
+      let(:cluster_role_binding_name) { 'gitlab-admin' }
 
       before do
         cluster.platform_kubernetes.rbac!
 
+        stub_kubeclient_get_cluster_role_binding_error(api_url, cluster_role_binding_name)
         stub_kubeclient_create_cluster_role_binding(api_url)
       end
 
@@ -130,10 +136,12 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
 
     context 'With RBAC enabled cluster' do
       let(:rbac) { true }
+      let(:role_binding_name) { "gitlab-#{namespace}"}
 
       before do
         cluster.platform_kubernetes.rbac!
 
+        stub_kubeclient_get_role_binding_error(api_url, role_binding_name, namespace: namespace)
         stub_kubeclient_create_role_binding(api_url, namespace: namespace)
       end