summaryrefslogtreecommitdiff
path: root/spec/services/clusters/gcp/services_account_service_spec.rb
blob: f6f08eae666f8f50a3cb889f110b82b8e553c5ac (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# frozen_string_literal: true

require 'spec_helper'

describe Clusters::Gcp::ServicesAccountService, '#execute' do
  include GoogleApi::CloudPlatformHelpers
  include KubernetesHelpers

  let(:endpoint) { '111.111.111.111' }
  let(:api_url) { 'https://' + endpoint }
  let(:cluster) { create(:cluster, :project, :providing_by_gcp, platform_kubernetes: create(:cluster_platform_kubernetes)) }
  let(:username) { 'sample-username' }
  let(:password) { 'sample-password' }

  let(:kubeclient) do
    Gitlab::Kubernetes::KubeClient.new(
      api_url,
      ['api', 'apis/rbac.authorization.k8s.io'],
      auth_options: { username: username, password: password }
    )
  end

  subject { described_class.new(kubeclient, cluster).execute }

  context 'With an ABAC cluster' do
    before do
      stub_kubeclient_discover(api_url)
      stub_kubeclient_create_service_account(api_url)
      stub_kubeclient_create_secret(api_url)
    end

    it 'creates default service account' do
      subject

      expect(WebMock).to have_requested(:post, api_url + "/api/v1/namespaces/default/serviceaccounts").with(
        body: hash_including(
          kind: 'ServiceAccount',
          metadata: { name: 'gitlab', namespace: 'default' }
        )
      )
    end
  end

  context 'With an RBAC cluster' do
    let(:namespace) { "#{cluster.project.path}-#{cluster.project.id}" }

    before do
      cluster.platform_kubernetes.rbac!

      stub_kubeclient_discover(api_url)
      stub_kubeclient_create_service_account(api_url)
      stub_kubeclient_create_secret(api_url)

      stub_kubeclient_create_namespace(api_url)
      stub_kubeclient_get_namespace(api_url, namespace: namespace)

      stub_kubeclient_create_service_account(api_url, namespace: namespace)
      stub_kubeclient_create_secret(api_url, namespace: namespace)
      stub_kubeclient_create_role_binding(api_url, namespace: namespace)
    end

    it 'creates namespaced service account' do
      subject

      expect(WebMock).to have_requested(:post, api_url + "/api/v1/namespaces/#{namespace}/serviceaccounts").with(
        body: hash_including(
          kind: 'ServiceAccount',
          metadata: { name: "gitlab-#{namespace}", namespace: namespace }
        )
      )
    end
  end
end
View Lorry Controller Status