1 files changed, 185 insertions, 0 deletions

diff --git a/spec/controllers/projects/clusters/gcp_controller_spec.rb b/spec/controllers/projects/clusters/gcp_controller_spec.rb
new file mode 100644
index 00000000000..bb5ef7bb365
--- /dev/null
+++ b/spec/controllers/projects/clusters/gcp_controller_spec.rb
@@ -0,0 +1,185 @@
+require 'spec_helper'
+
+describe Projects::Clusters::GcpController do
+  include AccessMatchersForController
+  include GoogleApi::CloudPlatformHelpers
+
+  set(:project) { create(:project) }
+
+  describe 'GET login' do
+    describe 'functionality' do
+      let(:user) { create(:user) }
+
+      before do
+        project.add_master(user)
+        sign_in(user)
+      end
+
+      context 'when omniauth has been configured' do
+        let(:key) { 'secret-key' }
+
+        let(:session_key_for_redirect_uri) do
+          GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(key)
+        end
+
+        before do
+          allow(SecureRandom).to receive(:hex).and_return(key)
+        end
+
+        it 'has authorize_url' do
+          go
+
+          expect(assigns(:authorize_url)).to include(key)
+          expect(session[session_key_for_redirect_uri]).to eq(gcp_new_project_clusters_path(project))
+        end
+      end
+
+      context 'when omniauth has not configured' do
+        before do
+          stub_omniauth_setting(providers: [])
+        end
+
+        it 'does not have authorize_url' do
+          go
+
+          expect(assigns(:authorize_url)).to be_nil
+        end
+      end
+    end
+
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+
+    def go
+      get :login, namespace_id: project.namespace, project_id: project
+    end
+  end
+
+  describe 'GET new' do
+    describe 'functionality' do
+      let(:user) { create(:user) }
+
+      before do
+        project.add_master(user)
+        sign_in(user)
+      end
+
+      context 'when access token is valid' do
+        before do
+          stub_google_api_validate_token
+        end
+
+        it 'has new object' do
+          go
+
+          expect(assigns(:cluster)).to be_an_instance_of(Clusters::Cluster)
+        end
+      end
+
+      context 'when access token is expired' do
+        before do
+          stub_google_api_expired_token
+        end
+
+        it { expect(go).to redirect_to(gcp_login_project_clusters_path(project)) }
+      end
+
+      context 'when access token is not stored in session' do
+        it { expect(go).to redirect_to(gcp_login_project_clusters_path(project)) }
+      end
+    end
+
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+
+    def go
+      get :new, namespace_id: project.namespace, project_id: project
+    end
+  end
+
+  describe 'POST create' do
+    let(:params) do
+      {
+        cluster: {
+          name: 'new-cluster',
+          provider_gcp_attributes: {
+            gcp_project_id: '111'
+          }
+        }
+      }
+    end
+
+    describe 'functionality' do
+      let(:user) { create(:user) }
+
+      before do
+        project.add_master(user)
+        sign_in(user)
+      end
+
+      context 'when access token is valid' do
+        before do
+          stub_google_api_validate_token
+        end
+
+        context 'when creates a cluster on gke' do
+          it 'creates a new cluster' do
+            expect(ClusterProvisionWorker).to receive(:perform_async)
+            expect { go }.to change { Clusters::Cluster.count }
+              .and change { Clusters::Providers::Gcp.count }
+            expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+            expect(project.cluster).to be_gcp
+            expect(project.cluster).to be_kubernetes
+          end
+        end
+      end
+
+      context 'when access token is expired' do
+        before do
+          stub_google_api_expired_token
+        end
+
+        it 'redirects to login page' do
+          expect(go).to redirect_to(gcp_login_project_clusters_path(project))
+        end
+      end
+
+      context 'when access token is not stored in session' do
+        it 'redirects to login page' do
+          expect(go).to redirect_to(gcp_login_project_clusters_path(project))
+        end
+      end
+    end
+
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+
+    def go
+      post :create, params.merge(namespace_id: project.namespace, project_id: project)
+    end
+  end
+end