diff options
-rw-r--r-- | changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml | 5 | ||||
-rw-r--r-- | lib/api/helpers.rb | 4 | ||||
-rw-r--r-- | lib/api/project_clusters.rb | 2 | ||||
-rw-r--r-- | spec/requests/api/project_clusters_spec.rb | 17 |
4 files changed, 25 insertions, 3 deletions
diff --git a/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml b/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml new file mode 100644 index 00000000000..4da14114225 --- /dev/null +++ b/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml @@ -0,0 +1,5 @@ +--- +title: Improves restriction of multiple Kubernetes clusters through API +merge_request: 24251 +author: +type: fixed diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 74927b4db81..fa6c9777824 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -235,8 +235,8 @@ module API forbidden! unless current_user.admin? end - def authorize!(action, subject = :global) - forbidden! unless can?(current_user, action, subject) + def authorize!(action, subject = :global, reason = nil) + forbidden!(reason) unless can?(current_user, action, subject) end def authorize_push_project diff --git a/lib/api/project_clusters.rb b/lib/api/project_clusters.rb index 7aada260297..c96261a7b57 100644 --- a/lib/api/project_clusters.rb +++ b/lib/api/project_clusters.rb @@ -63,7 +63,7 @@ module API use :create_params_ee end post ':id/clusters/user' do - authorize! :create_cluster, user_project + authorize! :add_cluster, user_project, 'Instance does not support multiple Kubernetes clusters' user_cluster = ::Clusters::CreateService .new(current_user, create_cluster_user_params) diff --git a/spec/requests/api/project_clusters_spec.rb b/spec/requests/api/project_clusters_spec.rb index e34164aa66a..9bab1f95150 100644 --- a/spec/requests/api/project_clusters_spec.rb +++ b/spec/requests/api/project_clusters_spec.rb @@ -266,6 +266,23 @@ describe API::ProjectClusters do end end end + + context 'when user tries to add multiple clusters' do + before do + create(:cluster, :provided_by_gcp, :project, + projects: [project]) + + post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params + end + + it 'should respond with 403' do + expect(response).to have_gitlab_http_status(403) + end + + it 'should return an appropriate message' do + expect(json_response['message']).to include('Instance does not support multiple Kubernetes clusters') + end + end end describe 'PUT /projects/:id/clusters/:cluster_id' do |