blob: f0624fbf29fd43ec05034687c8c9fb30e13c8051 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# frozen_string_literal: true
shared_examples 'helm command generator' do
describe '#generate_script' do
let(:helm_setup) do
<<~EOS
set -xeo pipefail
EOS
end
it 'returns appropriate command' do
expect(subject.generate_script.strip).to eq((helm_setup + commands).strip)
end
end
end
shared_examples 'helm command' do
describe '#rbac?' do
subject { command.rbac? }
context 'rbac is enabled' do
let(:rbac) { true }
it { is_expected.to be_truthy }
end
context 'rbac is not enabled' do
let(:rbac) { false }
it { is_expected.to be_falsey }
end
end
describe '#pod_resource' do
subject { command.pod_resource }
context 'rbac is enabled' do
let(:rbac) { true }
it { is_expected.to be_an_instance_of ::Kubeclient::Resource }
it 'generates a pod that uses the tiller serviceAccountName' do
expect(subject.spec.serviceAccountName).to eq('tiller')
end
end
context 'rbac is not enabled' do
let(:rbac) { false }
it { is_expected.to be_an_instance_of ::Kubeclient::Resource }
it 'generates a pod that uses the default serviceAccountName' do
expect(subject.spec.serviceAcccountName).to be_nil
end
end
end
describe '#config_map_resource' do
subject { command.config_map_resource }
let(:metadata) do
{
name: "values-content-configuration-#{command.name}",
namespace: 'gitlab-managed-apps',
labels: { name: "values-content-configuration-#{command.name}" }
}
end
let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: command.files) }
it 'returns a KubeClient resource with config map content for the application' do
is_expected.to eq(resource)
end
end
describe '#service_account_resource' do
let(:resource) do
Kubeclient::Resource.new(metadata: { name: 'tiller', namespace: 'gitlab-managed-apps' })
end
subject { command.service_account_resource }
context 'rbac is enabled' do
let(:rbac) { true }
it 'generates a Kubeclient resource for the tiller ServiceAccount' do
is_expected.to eq(resource)
end
end
context 'rbac is not enabled' do
let(:rbac) { false }
it 'generates nothing' do
is_expected.to be_nil
end
end
end
describe '#cluster_role_binding_resource' do
let(:resource) do
Kubeclient::Resource.new(
metadata: { name: 'tiller-admin' },
roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', name: 'cluster-admin' },
subjects: [{ kind: 'ServiceAccount', name: 'tiller', namespace: 'gitlab-managed-apps' }]
)
end
subject(:cluster_role_binding_resource) { command.cluster_role_binding_resource }
context 'rbac is enabled' do
let(:rbac) { true }
it 'generates a Kubeclient resource for the ClusterRoleBinding for tiller' do
is_expected.to eq(resource)
end
it 'binds the account in #service_account_resource' do
expect(cluster_role_binding_resource.subjects.first.name).to eq(command.service_account_resource.metadata.name)
end
end
context 'rbac is not enabled' do
let(:rbac) { false }
it 'generates nothing' do
is_expected.to be_nil
end
end
end
end
|