diff options
Diffstat (limited to 'spec/services/clusters')
7 files changed, 43 insertions, 64 deletions
diff --git a/spec/services/clusters/applications/check_installation_progress_service_spec.rb b/spec/services/clusters/applications/check_installation_progress_service_spec.rb index 13f7cd62002..698804ff6af 100644 --- a/spec/services/clusters/applications/check_installation_progress_service_spec.rb +++ b/spec/services/clusters/applications/check_installation_progress_service_spec.rb @@ -161,10 +161,10 @@ RSpec.describe Clusters::Applications::CheckInstallationProgressService, '#execu expect(application.status_reason).to be_nil end - it 'tracks application install' do - expect(Gitlab::Tracking).to receive(:event).with('cluster:applications', "cluster_application_helm_installed") - + it 'tracks application install', :snowplow do service.execute + + expect_snowplow_event(category: 'cluster:applications', action: 'cluster_application_helm_installed') end end diff --git a/spec/services/clusters/applications/uninstall_service_spec.rb b/spec/services/clusters/applications/uninstall_service_spec.rb index 50d7e82c47e..bfe38ba670d 100644 --- a/spec/services/clusters/applications/uninstall_service_spec.rb +++ b/spec/services/clusters/applications/uninstall_service_spec.rb @@ -14,7 +14,7 @@ RSpec.describe Clusters::Applications::UninstallService, '#execute' do context 'when there are no errors' do before do - expect(helm_client).to receive(:uninstall).with(kind_of(Gitlab::Kubernetes::Helm::DeleteCommand)) + expect(helm_client).to receive(:uninstall).with(kind_of(Gitlab::Kubernetes::Helm::V3::DeleteCommand)) allow(worker_class).to receive(:perform_in).and_return(nil) end @@ -36,7 +36,7 @@ RSpec.describe Clusters::Applications::UninstallService, '#execute' do let(:error) { Kubeclient::HttpError.new(500, 'system failure', nil) } before do - expect(helm_client).to receive(:uninstall).with(kind_of(Gitlab::Kubernetes::Helm::DeleteCommand)).and_raise(error) + expect(helm_client).to receive(:uninstall).with(kind_of(Gitlab::Kubernetes::Helm::V3::DeleteCommand)).and_raise(error) end include_examples 'logs kubernetes errors' do @@ -58,7 +58,7 @@ RSpec.describe Clusters::Applications::UninstallService, '#execute' do let(:error) { StandardError.new('something bad happened') } before do - expect(helm_client).to receive(:uninstall).with(kind_of(Gitlab::Kubernetes::Helm::DeleteCommand)).and_raise(error) + expect(helm_client).to receive(:uninstall).with(kind_of(Gitlab::Kubernetes::Helm::V3::DeleteCommand)).and_raise(error) end include_examples 'logs kubernetes errors' do diff --git a/spec/services/clusters/aws/authorize_role_service_spec.rb b/spec/services/clusters/aws/authorize_role_service_spec.rb index 5b47cf0ecde..302bae6e3ff 100644 --- a/spec/services/clusters/aws/authorize_role_service_spec.rb +++ b/spec/services/clusters/aws/authorize_role_service_spec.rb @@ -11,14 +11,16 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do let(:credentials_service) { instance_double(Clusters::Aws::FetchCredentialsService, execute: credentials) } let(:role_arn) { 'arn:my-role' } + let(:region) { 'region' } let(:params) do params = ActionController::Parameters.new({ cluster: { - role_arn: role_arn + role_arn: role_arn, + region: region } }) - params.require(:cluster).permit(:role_arn) + params.require(:cluster).permit(:role_arn, :region) end before do diff --git a/spec/services/clusters/aws/fetch_credentials_service_spec.rb b/spec/services/clusters/aws/fetch_credentials_service_spec.rb index a0e63d96a5c..361a947f634 100644 --- a/spec/services/clusters/aws/fetch_credentials_service_spec.rb +++ b/spec/services/clusters/aws/fetch_credentials_service_spec.rb @@ -19,7 +19,7 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do subject { described_class.new(provision_role, provider: provider).execute } context 'provision role is configured' do - let(:provision_role) { create(:aws_role, user: user) } + let(:provision_role) { create(:aws_role, user: user, region: 'custom-region') } before do stub_application_setting(eks_access_key_id: gitlab_access_key_id) @@ -53,10 +53,12 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do context 'provider is not specifed' do let(:provider) { nil } - let(:region) { Clusters::Providers::Aws::DEFAULT_REGION } + let(:region) { provision_role.region } let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" } let(:session_policy) { 'policy-document' } + subject { described_class.new(provision_role, provider: provider).execute } + before do allow(File).to receive(:read) .with(Rails.root.join('vendor', 'aws', 'iam', 'eks_cluster_read_only_policy.json')) @@ -64,6 +66,13 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do end it { is_expected.to eq assumed_role_credentials } + + context 'region is not specifed' do + let(:region) { Clusters::Providers::Aws::DEFAULT_REGION } + let(:provision_role) { create(:aws_role, user: user, region: nil) } + + it { is_expected.to eq assumed_role_credentials } + end end end diff --git a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb index 7e3f1fdb379..90956e7b4ea 100644 --- a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb @@ -28,6 +28,7 @@ RSpec.describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' stub_kubeclient_get_secret_error(api_url, 'gitlab-token') stub_kubeclient_create_secret(api_url) + stub_kubeclient_delete_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace) stub_kubeclient_put_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace) stub_kubeclient_get_namespace(api_url, namespace: namespace) stub_kubeclient_get_service_account_error(api_url, "#{namespace}-service-account", namespace: namespace) diff --git a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb index 257e2e53733..a4f018aec0c 100644 --- a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb @@ -141,6 +141,7 @@ RSpec.describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do before do cluster.platform_kubernetes.rbac! + stub_kubeclient_delete_role_binding(api_url, role_binding_name, namespace: namespace) stub_kubeclient_put_role_binding(api_url, role_binding_name, namespace: namespace) stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_NAME, namespace: namespace) stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME, namespace: namespace) @@ -160,60 +161,26 @@ RSpec.describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do it_behaves_like 'creates service account and token' - context 'kubernetes_cluster_namespace_role_admin FF is enabled' do - before do - stub_feature_flags(kubernetes_cluster_namespace_role_admin: true) - end - - it 'creates a namespaced role binding with admin access' do - subject - - expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( - body: hash_including( - metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'admin' - }, - subjects: [ - { - kind: 'ServiceAccount', - name: service_account_name, - namespace: namespace - } - ] - ) - ) - end - end + it 'creates a namespaced role binding with admin access' do + subject - context 'kubernetes_cluster_namespace_role_admin FF is disabled' do - before do - stub_feature_flags(kubernetes_cluster_namespace_role_admin: false) - end - - it 'creates a namespaced role binding with edit access' do - subject - - expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( - body: hash_including( - metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'edit' - }, - subjects: [ - { - kind: 'ServiceAccount', - name: service_account_name, - namespace: namespace - } - ] - ) + expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( + body: hash_including( + metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'admin' + }, + subjects: [ + { + kind: 'ServiceAccount', + name: service_account_name, + namespace: namespace + } + ] ) - end + ) end it 'creates a role binding granting crossplane database permissions to the service account' do diff --git a/spec/services/clusters/update_service_spec.rb b/spec/services/clusters/update_service_spec.rb index e496ccd5c23..9aead97f41c 100644 --- a/spec/services/clusters/update_service_spec.rb +++ b/spec/services/clusters/update_service_spec.rb @@ -197,7 +197,7 @@ RSpec.describe Clusters::UpdateService do context 'manangement_project is outside of the namespace scope' do before do - management_project.update(group: create(:group)) + management_project.update!(group: create(:group)) end let(:params) do @@ -224,7 +224,7 @@ RSpec.describe Clusters::UpdateService do context 'manangement_project is outside of the namespace scope' do before do - management_project.update(group: create(:group)) + management_project.update!(group: create(:group)) end let(:params) do |