ABAC: fetch default service account token; RBAC: fetch gitlab service acount token

Keeps existing behaviour for ABAC cluster
author: Thong Kuah <tkuah@gitlab.com> 2018-09-07 18:06:02 +1200
committer: Thong Kuah <tkuah@gitlab.com> 2018-09-14 16:26:51 +1200
commit: 577c79bb58ae80f4d7aef55e76bfeff67a1cfc45 (patch)
tree: 76524765c74f5a4477b7ce5378e3ff9faf14f627 /spec/services
parent: c9af170d9aeeb39dbb41a99c00402beb384da0e9 (diff)
download: gitlab-ce-577c79bb58ae80f4d7aef55e76bfeff67a1cfc45.tar.gz
2 files changed, 46 insertions, 7 deletions
diff --git a/spec/services/clusters/gcp/finalize_creation_service_spec.rb b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
index eede10b55c6..278ba795042 100644
--- a/spec/services/clusters/gcp/finalize_creation_service_spec.rb
+++ b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
@@ -52,13 +52,14 @@ describe Clusters::Gcp::FinalizeCreationService do
       end
 
       context 'when suceeded to fetch kuberenetes token' do
+        let(:secret_name) { 'default-token-Y1a' }
         let(:token) { 'sample-token' }
 
         before do
           stub_kubeclient_get_secrets(
             api_url,
             {
-              metadata_name: 'gitlab-token-Y1a',
+              metadata_name: secret_name,
               token: Base64.encode64(token)
             } )
         end
@@ -81,6 +82,8 @@ describe Clusters::Gcp::FinalizeCreationService do
         end
 
         context 'rbac_clusters feature enabled' do
+          let(:secret_name) { 'gitlab-token-Y1a' }
+
           before do
             stub_feature_flags(rbac_clusters: true)
             stub_kubeclient_create_service_account(api_url)
@@ -106,20 +109,44 @@ describe Clusters::Gcp::FinalizeCreationService do
         end
       end
 
-      context 'when default-token is not found' do
+      context 'when no matching token is found' do
         before do
-          stub_kubeclient_get_secrets(api_url, metadata_name: 'aaaa')
+          stub_kubeclient_get_secrets(api_url, metadata_name: 'not-default-not-gitlab')
         end
 
         it_behaves_like 'error'
+
+        context 'rbac_clusters feature enabled' do
+          before do
+            stub_feature_flags(rbac_clusters: true)
+            stub_kubeclient_create_service_account(api_url)
+            stub_kubeclient_create_cluster_role_binding(api_url)
+          end
+
+          it_behaves_like 'error'
+        end
       end
 
       context 'when token is empty' do
+        let(:secret_name) { 'default-token-123' }
+
         before do
-          stub_kubeclient_get_secrets(api_url, token: '')
+          stub_kubeclient_get_secrets(api_url, token: '', metadata_name: secret_name)
         end
 
         it_behaves_like 'error'
+
+        context 'rbac_clusters feature enabled' do
+          let(:secret_name) { 'gitlab-token-321' }
+
+          before do
+            stub_feature_flags(rbac_clusters: true)
+            stub_kubeclient_create_service_account(api_url)
+            stub_kubeclient_create_cluster_role_binding(api_url)
+          end
+
+          it_behaves_like 'error'
+        end
       end
 
       context 'when failed to fetch kuberenetes token' do
@@ -128,6 +155,16 @@ describe Clusters::Gcp::FinalizeCreationService do
         end
 
         it_behaves_like 'error'
+
+        context 'rbac_clusters feature enabled' do
+          before do
+            stub_feature_flags(rbac_clusters: true)
+            stub_kubeclient_create_service_account(api_url)
+            stub_kubeclient_create_cluster_role_binding(api_url)
+          end
+
+          it_behaves_like 'error'
+        end
       end
     end
 
diff --git a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
index bd6662d7566..74d58a6d206 100644
--- a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
@@ -2,11 +2,13 @@ require 'spec_helper'
 
 describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
   describe '#execute' do
-    subject { described_class.new(kubeclient).execute }
+    subject { described_class.new(kubeclient, service_account_name).execute }
 
+    let(:service_account_name) { 'gitlab-sa' }
     let(:api_url) { 'http://111.111.111.111' }
     let(:username) { 'admin' }
     let(:password) { 'xxx' }
+
     let(:kubeclient) do
       Gitlab::Kubernetes::KubeClient.new(
         api_url,
@@ -44,8 +46,8 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
           .to receive(:get_secrets).and_return(secrets_json)
       end
 
-      context 'when gitlab-token exists' do
-        let(:metadata_name) { 'gitlab-token-123' }
+      context 'when token for service account exists' do
+        let(:metadata_name) { 'gitlab-sa-token-123' }
 
         it { is_expected.to eq(token) }
       end
author	Thong Kuah <tkuah@gitlab.com>	2018-09-07 18:06:02 +1200
committer	Thong Kuah <tkuah@gitlab.com>	2018-09-14 16:26:51 +1200
commit	577c79bb58ae80f4d7aef55e76bfeff67a1cfc45 (patch)
tree	76524765c74f5a4477b7ce5378e3ff9faf14f627 /spec/services
parent	c9af170d9aeeb39dbb41a99c00402beb384da0e9 (diff)
download	gitlab-ce-577c79bb58ae80f4d7aef55e76bfeff67a1cfc45.tar.gz