diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 11:59:07 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 11:59:07 +0000 |
| commit | 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch) | |
| tree | 544930fb309b30317ae9797a9683768705d664c4 /spec/services/clusters | |
| parent | 4b1de649d0168371549608993deac953eb692019 (diff) | |
| download | gitlab-ce-8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42
Diffstat (limited to 'spec/services/clusters')
6 files changed, 89 insertions, 31 deletions
diff --git a/spec/services/clusters/applications/create_service_spec.rb b/spec/services/clusters/applications/create_service_spec.rb index f93ae2c62f3..f3b420510a6 100644 --- a/spec/services/clusters/applications/create_service_spec.rb +++ b/spec/services/clusters/applications/create_service_spec.rb @@ -7,7 +7,7 @@ RSpec.describe Clusters::Applications::CreateService do let(:cluster) { create(:cluster, :project, :provided_by_gcp) } let(:user) { create(:user) } - let(:params) { { application: 'helm' } } + let(:params) { { application: 'ingress' } } let(:service) { described_class.new(cluster, user, params) } describe '#execute' do @@ -23,16 +23,16 @@ RSpec.describe Clusters::Applications::CreateService do subject cluster.reload - end.to change(cluster, :application_helm) + end.to change(cluster, :application_ingress) end context 'application already installed' do - let!(:application) { create(:clusters_applications_helm, :installed, cluster: cluster) } + let!(:application) { create(:clusters_applications_ingress, :installed, cluster: cluster) } it 'does not create a new application' do expect do subject - end.not_to change(Clusters::Applications::Helm, :count) + end.not_to change(Clusters::Applications::Ingress, :count) end it 'schedules an upgrade for the application' do @@ -43,10 +43,6 @@ RSpec.describe Clusters::Applications::CreateService do end context 'known applications' do - before do - create(:clusters_applications_helm, :installed, cluster: cluster) - end - context 'ingress application' do let(:params) do { @@ -215,19 +211,17 @@ RSpec.describe Clusters::Applications::CreateService do using RSpec::Parameterized::TableSyntax - where(:application, :association, :allowed, :pre_create_helm, :pre_create_ingress) do - 'helm' | :application_helm | true | false | false - 'ingress' | :application_ingress | true | true | false - 'runner' | :application_runner | true | true | false - 'prometheus' | :application_prometheus | true | true | false - 'jupyter' | :application_jupyter | true | true | true + where(:application, :association, :allowed, :pre_create_ingress) do + 'ingress' | :application_ingress | true | false + 'runner' | :application_runner | true | false + 'prometheus' | :application_prometheus | true | false + 'jupyter' | :application_jupyter | true | true end with_them do before do klass = "Clusters::Applications::#{application.titleize}" allow_any_instance_of(klass.constantize).to receive(:make_scheduled!).and_call_original - create(:clusters_applications_helm, :installed, cluster: cluster) if pre_create_helm create(:clusters_applications_ingress, :installed, cluster: cluster, external_hostname: 'example.com') if pre_create_ingress end @@ -252,7 +246,7 @@ RSpec.describe Clusters::Applications::CreateService do it 'makes the application scheduled' do expect do subject - end.to change { Clusters::Applications::Helm.with_status(:scheduled).count }.by(1) + end.to change { Clusters::Applications::Ingress.with_status(:scheduled).count }.by(1) end it 'schedules an install via worker' do @@ -266,7 +260,7 @@ RSpec.describe Clusters::Applications::CreateService do end context 'when application is associated with a cluster' do - let(:application) { create(:clusters_applications_helm, :installable, cluster: cluster) } + let(:application) { create(:clusters_applications_ingress, :installable, cluster: cluster) } let(:worker_arguments) { [application.name, application.id] } it_behaves_like 'installable applications' @@ -280,7 +274,7 @@ RSpec.describe Clusters::Applications::CreateService do end context 'when installation is already in progress' do - let!(:application) { create(:clusters_applications_helm, :installing, cluster: cluster) } + let!(:application) { create(:clusters_applications_ingress, :installing, cluster: cluster) } it 'raises an exception' do expect { subject } @@ -295,7 +289,7 @@ RSpec.describe Clusters::Applications::CreateService do context 'when application is installed' do %i(installed updated).each do |status| - let(:application) { create(:clusters_applications_helm, status, cluster: cluster) } + let(:application) { create(:clusters_applications_ingress, status, cluster: cluster) } it 'schedules an upgrade via worker' do expect(ClusterUpgradeAppWorker) diff --git a/spec/services/clusters/applications/prometheus_health_check_service_spec.rb b/spec/services/clusters/applications/prometheus_health_check_service_spec.rb index fc5a80688e6..ee47d00f700 100644 --- a/spec/services/clusters/applications/prometheus_health_check_service_spec.rb +++ b/spec/services/clusters/applications/prometheus_health_check_service_spec.rb @@ -18,7 +18,7 @@ RSpec.describe Clusters::Applications::PrometheusHealthCheckService, '#execute' RSpec.shared_examples 'sends alert' do it 'sends an alert' do expect_next_instance_of(Projects::Alerting::NotifyService) do |notify_service| - expect(notify_service).to receive(:execute).with(alerts_service.token) + expect(notify_service).to receive(:execute).with(integration.token, integration) end subject @@ -40,8 +40,8 @@ RSpec.describe Clusters::Applications::PrometheusHealthCheckService, '#execute' end context 'when cluster is project_type' do - let_it_be(:alerts_service) { create(:alerts_service) } - let_it_be(:project) { create(:project, alerts_service: alerts_service) } + let_it_be(:project) { create(:project) } + let_it_be(:integration) { create(:alert_management_http_integration, project: project) } let(:applications_prometheus_healthy) { true } let(:prometheus) { create(:clusters_applications_prometheus, status: prometheus_status_value, healthy: applications_prometheus_healthy) } let(:cluster) { create(:cluster, :project, application_prometheus: prometheus, projects: [project]) } diff --git a/spec/services/clusters/aws/authorize_role_service_spec.rb b/spec/services/clusters/aws/authorize_role_service_spec.rb index 302bae6e3ff..17bbc372675 100644 --- a/spec/services/clusters/aws/authorize_role_service_spec.rb +++ b/spec/services/clusters/aws/authorize_role_service_spec.rb @@ -40,7 +40,7 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do shared_examples 'bad request' do it 'returns an empty hash' do expect(subject.status).to eq(:unprocessable_entity) - expect(subject.body).to eq({}) + expect(subject.body).to eq({ message: message }) end it 'logs the error' do @@ -52,12 +52,14 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do context 'role does not exist' do let(:user) { create(:user) } + let(:message) { 'Error: Unable to find AWS role for current user' } include_examples 'bad request' end context 'supplied ARN is invalid' do let(:role_arn) { 'invalid' } + let(:message) { 'Validation failed: Role arn must be a valid Amazon Resource Name' } include_examples 'bad request' end @@ -69,18 +71,29 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do context 'error fetching credentials' do let(:error) { Aws::STS::Errors::ServiceError.new(nil, 'error message') } + let(:message) { 'AWS service error: error message' } + + include_examples 'bad request' + end + + context 'error in assuming role' do + let(:raw_message) { "User foo is not authorized to perform: sts:AssumeRole on resource bar" } + let(:error) { Aws::STS::Errors::AccessDenied.new(nil, raw_message) } + let(:message) { "Access denied: #{raw_message}" } include_examples 'bad request' end context 'credentials not configured' do let(:error) { Aws::Errors::MissingCredentialsError.new('error message') } + let(:message) { "Error: No AWS credentials were supplied" } include_examples 'bad request' end context 'role not configured' do let(:error) { Clusters::Aws::FetchCredentialsService::MissingRoleError.new('error message') } + let(:message) { "Error: No AWS provision role found for user" } include_examples 'bad request' end diff --git a/spec/services/clusters/aws/fetch_credentials_service_spec.rb b/spec/services/clusters/aws/fetch_credentials_service_spec.rb index 361a947f634..0358ca1f535 100644 --- a/spec/services/clusters/aws/fetch_credentials_service_spec.rb +++ b/spec/services/clusters/aws/fetch_credentials_service_spec.rb @@ -60,9 +60,7 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do subject { described_class.new(provision_role, provider: provider).execute } before do - allow(File).to receive(:read) - .with(Rails.root.join('vendor', 'aws', 'iam', 'eks_cluster_read_only_policy.json')) - .and_return(session_policy) + stub_file_read(Rails.root.join('vendor', 'aws', 'iam', 'eks_cluster_read_only_policy.json'), content: session_policy) end it { is_expected.to eq assumed_role_credentials } @@ -83,5 +81,59 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do expect { subject }.to raise_error(described_class::MissingRoleError, 'AWS provisioning role not configured') end end + + context 'with an instance profile attached to an IAM role' do + let(:sts_client) { Aws::STS::Client.new(region: region, stub_responses: true) } + let(:provision_role) { create(:aws_role, user: user, region: 'custom-region') } + + before do + stub_application_setting(eks_access_key_id: nil) + stub_application_setting(eks_secret_access_key: nil) + + expect(Aws::STS::Client).to receive(:new) + .with(region: region) + .and_return(sts_client) + + expect(Aws::AssumeRoleCredentials).to receive(:new) + .with( + client: sts_client, + role_arn: provision_role.role_arn, + role_session_name: session_name, + external_id: provision_role.role_external_id, + policy: session_policy + ).and_call_original + end + + context 'provider is specified' do + let(:region) { provider.region } + let(:session_name) { "gitlab-eks-cluster-#{provider.cluster_id}-user-#{user.id}" } + let(:session_policy) { nil } + + it 'returns credentials', :aggregate_failures do + expect(subject.access_key_id).to be_present + expect(subject.secret_access_key).to be_present + expect(subject.session_token).to be_present + end + end + + context 'provider is not specifed' do + let(:provider) { nil } + let(:region) { provision_role.region } + let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" } + let(:session_policy) { 'policy-document' } + + before do + stub_file_read(Rails.root.join('vendor', 'aws', 'iam', 'eks_cluster_read_only_policy.json'), content: session_policy) + end + + subject { described_class.new(provision_role, provider: provider).execute } + + it 'returns credentials', :aggregate_failures do + expect(subject.access_key_id).to be_present + expect(subject.secret_access_key).to be_present + expect(subject.session_token).to be_present + end + end + end end end diff --git a/spec/services/clusters/aws/provision_service_spec.rb b/spec/services/clusters/aws/provision_service_spec.rb index 52612e5ac40..5efac29ec1e 100644 --- a/spec/services/clusters/aws/provision_service_spec.rb +++ b/spec/services/clusters/aws/provision_service_spec.rb @@ -42,9 +42,7 @@ RSpec.describe Clusters::Aws::ProvisionService do allow(provider).to receive(:api_client) .and_return(client) - allow(File).to receive(:read) - .with(Rails.root.join('vendor', 'aws', 'cloudformation', 'eks_cluster.yaml')) - .and_return(cloudformation_template) + stub_file_read(Rails.root.join('vendor', 'aws', 'cloudformation', 'eks_cluster.yaml'), content: cloudformation_template) end it 'updates the provider status to :creating and configures the provider with credentials' do diff --git a/spec/services/clusters/cleanup/app_service_spec.rb b/spec/services/clusters/cleanup/app_service_spec.rb index ba1be7448a4..ea1194d2100 100644 --- a/spec/services/clusters/cleanup/app_service_spec.rb +++ b/spec/services/clusters/cleanup/app_service_spec.rb @@ -67,7 +67,8 @@ RSpec.describe Clusters::Cleanup::AppService do it 'only uninstalls apps that are not dependencies for other installed apps' do expect(Clusters::Applications::UninstallWorker) - .not_to receive(:perform_async).with(helm.name, helm.id) + .to receive(:perform_async).with(helm.name, helm.id) + .and_call_original expect(Clusters::Applications::UninstallWorker) .not_to receive(:perform_async).with(ingress.name, ingress.id) @@ -85,7 +86,7 @@ RSpec.describe Clusters::Cleanup::AppService do it 'logs application uninstalls and next execution' do expect(logger).to receive(:info) - .with(log_meta.merge(event: :uninstalling_app, application: kind_of(String))).twice + .with(log_meta.merge(event: :uninstalling_app, application: kind_of(String))).exactly(3).times expect(logger).to receive(:info) .with(log_meta.merge(event: :scheduling_execution, next_execution: 1)) |