Add latest changes from gitlab-org/gitlab@master

14 files changed, 168 insertions, 19 deletions

diff --git a/spec/lib/gitlab/auth/ldap/access_spec.rb b/spec/lib/gitlab/auth/ldap/access_spec.rb
index 9d3c6855e9f..9e269f84b7e 100644
--- a/spec/lib/gitlab/auth/ldap/access_spec.rb
+++ b/spec/lib/gitlab/auth/ldap/access_spec.rb
@@ -22,7 +22,7 @@ RSpec.describe Gitlab::Auth::Ldap::Access do
     end
 
     it "does not update user's `last_credential_check_at` when in a read-only GitLab instance" do
-      allow(Gitlab::Database.main).to receive(:read_only?).and_return(true)
+      allow(Gitlab::Database).to receive(:read_only?).and_return(true)
 
       expect { described_class.allowed?(user) }
         .not_to change { user.last_credential_check_at }
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 94f3710b8d2..2e3dce3f418 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -844,7 +844,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when the database is read-only' do
         before do
-          allow(Gitlab::Database.main).to receive(:read_only?).and_return(true)
+          allow(Gitlab::Database).to receive(:read_only?).and_return(true)
         end
 
         it 'does not increment failed_attempts when true and password is incorrect' do
diff --git a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
index e8c127f0444..62de4d2e96d 100644
--- a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb
@@ -107,7 +107,6 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Populate do
     context 'when ref is protected' do
       before do
         allow(project).to receive(:protected_for?).with('master').and_return(true)
-        allow(project).to receive(:protected_for?).with('b83d6e391c22777fca1ed3012fce84f633d7fed0').and_return(true)
         allow(project).to receive(:protected_for?).with('refs/heads/master').and_return(true)
 
         dependencies.map(&:perform!)
diff --git a/spec/lib/gitlab/database/connection_spec.rb b/spec/lib/gitlab/database/connection_spec.rb
index 4cbc94660c3..517d40deb1c 100644
--- a/spec/lib/gitlab/database/connection_spec.rb
+++ b/spec/lib/gitlab/database/connection_spec.rb
@@ -162,18 +162,6 @@ RSpec.describe Gitlab::Database::Connection do
     end
   end
 
-  describe '#read_only?' do
-    it 'returns false' do
-      expect(connection.read_only?).to eq(false)
-    end
-  end
-
-  describe '#read_write' do
-    it 'returns true' do
-      expect(connection.read_write?).to eq(true)
-    end
-  end
-
   describe '#db_read_only?' do
     it 'detects a read-only database' do
       allow(connection.scope.connection)
diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb
index 7487fa0f022..c67b5af5e3c 100644
--- a/spec/lib/gitlab/database_spec.rb
+++ b/spec/lib/gitlab/database_spec.rb
@@ -190,6 +190,18 @@ RSpec.describe Gitlab::Database do
     end
   end
 
+  describe '.read_only?' do
+    it 'returns false' do
+      expect(described_class.read_only?).to eq(false)
+    end
+  end
+
+  describe '.read_write' do
+    it 'returns true' do
+      expect(described_class.read_write?).to eq(true)
+    end
+  end
+
   describe 'ActiveRecordBaseTransactionMetrics' do
     def subscribe_events
       events = []
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index a562865cd16..bf682e4e4c6 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -392,7 +392,7 @@ RSpec.describe Gitlab::GitAccess do
     context 'when in a read-only GitLab instance' do
       before do
         create(:protected_branch, name: 'feature', project: project)
-        allow(Gitlab::Database.main).to receive(:read_only?) { true }
+        allow(Gitlab::Database).to receive(:read_only?) { true }
       end
 
       it { expect { push_access_check }.to raise_forbidden(described_class::ERROR_MESSAGES[:cannot_push_to_read_only]) }
diff --git a/spec/lib/gitlab/git_access_wiki_spec.rb b/spec/lib/gitlab/git_access_wiki_spec.rb
index c6e15e4f0cc..5ada8a6ef40 100644
--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -31,7 +31,7 @@ RSpec.describe Gitlab::GitAccessWiki do
         let(:message) { "You can't push code to a read-only GitLab instance." }
 
         before do
-          allow(Gitlab::Database.main).to receive(:read_only?) { true }
+          allow(Gitlab::Database).to receive(:read_only?) { true }
         end
 
         it_behaves_like 'forbidden git access'
diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb
index 917cd5b5a83..55102554508 100644
--- a/spec/lib/gitlab/gpg/commit_spec.rb
+++ b/spec/lib/gitlab/gpg/commit_spec.rb
@@ -91,7 +91,7 @@ RSpec.describe Gitlab::Gpg::Commit do
 
           context 'read-only mode' do
             before do
-              allow(Gitlab::Database.main).to receive(:read_only?).and_return(true)
+              allow(Gitlab::Database).to receive(:read_only?).and_return(true)
             end
 
             it 'does not create a cached signature' do
diff --git a/spec/lib/gitlab/kas_spec.rb b/spec/lib/gitlab/kas_spec.rb
index 24d2b03fe2a..bf70b83fb73 100644
--- a/spec/lib/gitlab/kas_spec.rb
+++ b/spec/lib/gitlab/kas_spec.rb
@@ -65,6 +65,12 @@ RSpec.describe Gitlab::Kas do
     end
   end
 
+  describe '.tunnel_url' do
+    it 'returns gitlab_kas external_url with proxy path appended' do
+      expect(described_class.tunnel_url).to eq(Gitlab.config.gitlab_kas.external_url + '/k8s-proxy')
+    end
+  end
+
   describe '.internal_url' do
     it 'returns gitlab_kas internal_url config' do
       expect(described_class.internal_url).to eq(Gitlab.config.gitlab_kas.internal_url)
diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb
new file mode 100644
index 00000000000..508808be1be
--- /dev/null
+++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::Cluster do
+  describe '#to_h' do
+    let(:name) { 'name' }
+    let(:url) { 'url' }
+
+    subject { described_class.new(name: name, url: url).to_h }
+
+    it { is_expected.to eq({ name: name, cluster: { server: url } }) }
+
+    context 'with a certificate' do
+      let(:cert) { 'certificate' }
+      let(:cert_encoded) { Base64.strict_encode64(cert) }
+
+      subject { described_class.new(name: name, url: url, ca_pem: cert).to_h }
+
+      it { is_expected.to eq({ name: name, cluster: { server: url, 'certificate-authority-data': cert_encoded } }) }
+    end
+  end
+end
diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb
new file mode 100644
index 00000000000..43d4c46fda1
--- /dev/null
+++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::Context do
+  describe '#to_h' do
+    let(:name) { 'name' }
+    let(:user) { 'user' }
+    let(:cluster) { 'cluster' }
+
+    subject { described_class.new(name: name, user: user, cluster: cluster).to_h }
+
+    it { is_expected.to eq({ name: name, context: { cluster: cluster, user: user } }) }
+
+    context 'with a namespace' do
+      let(:namespace) { 'namespace' }
+
+      subject { described_class.new(name: name, user: user, cluster: cluster, namespace: namespace).to_h }
+
+      it { is_expected.to eq({ name: name, context: { cluster: cluster, user: user, namespace: namespace } }) }
+    end
+  end
+end
diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb
new file mode 100644
index 00000000000..3d6acc80823
--- /dev/null
+++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::User do
+  describe '#to_h' do
+    let(:name) { 'name' }
+    let(:token) { 'token' }
+
+    subject { described_class.new(name: name, token: token).to_h }
+
+    it { is_expected.to eq({ name: name, user: { token: token } }) }
+  end
+end
diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb
new file mode 100644
index 00000000000..057c4373329
--- /dev/null
+++ b/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Kubernetes::Kubeconfig::Template do
+  let(:template) { described_class.new }
+
+  describe '#valid?' do
+    subject { template.valid? }
+
+    it { is_expected.to be_falsey }
+
+    context 'with configuration added' do
+      before do
+        template.add_context(name: 'name', cluster: 'cluster', user: 'user')
+      end
+
+      it { is_expected.to be_truthy }
+    end
+  end
+
+  describe '#to_h' do
+    subject { described_class.new.to_h }
+
+    it do
+      is_expected.to eq(
+        apiVersion: 'v1',
+        kind: 'Config',
+        clusters: [],
+        users: [],
+        contexts: []
+      )
+    end
+  end
+
+  describe '#to_yaml' do
+    subject { template.to_yaml }
+
+    it { is_expected.to eq(YAML.dump(template.to_h.deep_stringify_keys)) }
+  end
+
+  describe 'adding entries' do
+    let(:entry) { instance_double(entry_class, to_h: attributes) }
+    let(:attributes) do
+      { name: 'name', other: 'other' }
+    end
+
+    subject { template.to_h }
+
+    before do
+      expect(entry_class).to receive(:new).with(attributes).and_return(entry)
+    end
+
+    describe '#add_cluster' do
+      let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::Cluster }
+
+      before do
+        template.add_cluster(**attributes)
+      end
+
+      it { is_expected.to include(clusters: [attributes]) }
+    end
+
+    describe '#add_user' do
+      let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::User }
+
+      before do
+        template.add_user(**attributes)
+      end
+
+      it { is_expected.to include(users: [attributes]) }
+    end
+
+    describe '#add_context' do
+      let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::Context }
+
+      before do
+        template.add_context(**attributes)
+      end
+
+      it { is_expected.to include(contexts: [attributes]) }
+    end
+  end
+end
diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb
index 00c2cee1ef0..642b47fe087 100644
--- a/spec/lib/gitlab/middleware/read_only_spec.rb
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe Gitlab::Middleware::ReadOnly do
   context 'when database is read-only' do
     before do
-      allow(Gitlab::Database.main).to receive(:read_only?) { true }
+      allow(Gitlab::Database).to receive(:read_only?) { true }
     end
 
     it_behaves_like 'write access for a read-only GitLab instance'