summaryrefslogtreecommitdiff
path: root/spec/services/clusters/gcp
diff options
context:
space:
mode:
authorDylan Griffith <dyl.griffith@gmail.com>2019-06-21 15:13:54 +1000
committerDylan Griffith <dyl.griffith@gmail.com>2019-06-21 16:36:34 +1000
commit4855667dad5d1ff61725bebf0683f0491bffc87c (patch)
tree3b9b91f386c815ae6124480d52d756574abc2ca7 /spec/services/clusters/gcp
parent148516ba36855095fa995c2d4e8077919cdb6db6 (diff)
downloadgitlab-ce-4855667dad5d1ff61725bebf0683f0491bffc87c.tar.gz
Retry fetching Kubernetes Secret token
Since Kubernetes is creating the Secret and token asynchronously it is necessary that we implement some delay or retrying logic to avoid a race condition where we fetch a Secret before the token is even set. There does not appear to be any way for us to force it to be set with any synchronous API call so retrying seems to be the only option.
Diffstat (limited to 'spec/services/clusters/gcp')
-rw-r--r--spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb56
1 files changed, 52 insertions, 4 deletions
diff --git a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
index a5806559b14..93c0dc37ade 100644
--- a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
@@ -17,7 +17,7 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
)
end
- subject { described_class.new(kubeclient, service_account_token_name, namespace).execute }
+ subject { described_class.new(kubeclient, service_account_token_name, namespace, token_retry_delay: 0).execute }
before do
stub_kubeclient_discover(api_url)
@@ -26,8 +26,7 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
context 'when params correct' do
let(:decoded_token) { 'xxx.token.xxx' }
let(:token) { Base64.encode64(decoded_token) }
-
- context 'when gitlab-token exists' do
+ context 'when the secret exists' do
before do
stub_kubeclient_get_secret(
api_url,
@@ -50,13 +49,62 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
it { expect { subject }.to raise_error(Kubeclient::HttpError) }
end
- context 'when gitlab-token does not exist' do
+ context 'when the secret does not exist on the first try' do
+ before do
+ stub_kubeclient_get_secret_not_found_then_found(
+ api_url,
+ {
+ metadata_name: service_account_token_name,
+ namespace: namespace,
+ token: token
+ }
+ )
+ end
+
+ it 'retries and finds the token' do
+ expect(subject).to eq(decoded_token)
+ end
+ end
+
+ context 'when the secret permanently does not exist' do
before do
stub_kubeclient_get_secret_error(api_url, service_account_token_name, namespace: namespace, status: 404)
end
it { is_expected.to be_nil }
end
+
+ context 'when the secret is missing a token on the first try' do
+ before do
+ stub_kubeclient_get_secret_missing_token_then_with_token(
+ api_url,
+ {
+ metadata_name: service_account_token_name,
+ namespace: namespace,
+ token: token
+ }
+ )
+ end
+
+ it 'retries and finds the token' do
+ expect(subject).to eq(decoded_token)
+ end
+ end
+
+ context 'when the secret is permanently missing a token' do
+ before do
+ stub_kubeclient_get_secret(
+ api_url,
+ {
+ metadata_name: service_account_token_name,
+ namespace: namespace,
+ token: nil
+ }
+ )
+ end
+
+ it { is_expected.to be_nil }
+ end
end
end
end
View Lorry Controller Status