summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml5
-rw-r--r--lib/api/helpers.rb4
-rw-r--r--lib/api/project_clusters.rb2
-rw-r--r--spec/requests/api/project_clusters_spec.rb17
4 files changed, 25 insertions, 3 deletions
diff --git a/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml b/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml
new file mode 100644
index 00000000000..4da14114225
--- /dev/null
+++ b/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml
@@ -0,0 +1,5 @@
+---
+title: Improves restriction of multiple Kubernetes clusters through API
+merge_request: 24251
+author:
+type: fixed
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 74927b4db81..fa6c9777824 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -235,8 +235,8 @@ module API
forbidden! unless current_user.admin?
end
- def authorize!(action, subject = :global)
- forbidden! unless can?(current_user, action, subject)
+ def authorize!(action, subject = :global, reason = nil)
+ forbidden!(reason) unless can?(current_user, action, subject)
end
def authorize_push_project
diff --git a/lib/api/project_clusters.rb b/lib/api/project_clusters.rb
index 7aada260297..c96261a7b57 100644
--- a/lib/api/project_clusters.rb
+++ b/lib/api/project_clusters.rb
@@ -63,7 +63,7 @@ module API
use :create_params_ee
end
post ':id/clusters/user' do
- authorize! :create_cluster, user_project
+ authorize! :add_cluster, user_project, 'Instance does not support multiple Kubernetes clusters'
user_cluster = ::Clusters::CreateService
.new(current_user, create_cluster_user_params)
diff --git a/spec/requests/api/project_clusters_spec.rb b/spec/requests/api/project_clusters_spec.rb
index e34164aa66a..9bab1f95150 100644
--- a/spec/requests/api/project_clusters_spec.rb
+++ b/spec/requests/api/project_clusters_spec.rb
@@ -266,6 +266,23 @@ describe API::ProjectClusters do
end
end
end
+
+ context 'when user tries to add multiple clusters' do
+ before do
+ create(:cluster, :provided_by_gcp, :project,
+ projects: [project])
+
+ post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params
+ end
+
+ it 'should respond with 403' do
+ expect(response).to have_gitlab_http_status(403)
+ end
+
+ it 'should return an appropriate message' do
+ expect(json_response['message']).to include('Instance does not support multiple Kubernetes clusters')
+ end
+ end
end
describe 'PUT /projects/:id/clusters/:cluster_id' do