diff options
author | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-24 14:02:35 +0300 |
---|---|---|
committer | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-30 16:08:30 +0300 |
commit | 11edbcccef37f08b089386c41d3914df7f48a677 (patch) | |
tree | 3017e5e2904d11023075c5e84ddba5320e2b623f /spec/models | |
parent | ce897f11a0650b0d6938cb506a030ef00160ab7a (diff) |
Get mutual SSL working with helm tiller
Diffstat (limited to 'spec/models')
-rw-r--r-- | spec/models/clusters/applications/helm_spec.rb | 23 | ||||
-rw-r--r-- | spec/models/clusters/applications/ingress_spec.rb | 24 | ||||
-rw-r--r-- | spec/models/clusters/applications/jupyter_spec.rb | 28 | ||||
-rw-r--r-- | spec/models/clusters/applications/prometheus_spec.rb | 24 | ||||
-rw-r--r-- | spec/models/clusters/applications/runner_spec.rb | 36 |
5 files changed, 118 insertions, 17 deletions
diff --git a/spec/models/clusters/applications/helm_spec.rb b/spec/models/clusters/applications/helm_spec.rb index 0eb1e3876e2..535e9f15919 100644 --- a/spec/models/clusters/applications/helm_spec.rb +++ b/spec/models/clusters/applications/helm_spec.rb @@ -6,13 +6,24 @@ describe Clusters::Applications::Helm do describe '.installed' do subject { described_class.installed } - let!(:cluster) { create(:clusters_applications_helm, :installed) } + let!(:installed_cluster) { create(:clusters_applications_helm, :installed) } before do create(:clusters_applications_helm, :errored) end - it { is_expected.to contain_exactly(cluster) } + it { is_expected.to contain_exactly(installed_cluster) } + end + + describe '#issue_cert' do + let(:application) { create(:clusters_applications_helm) } + subject { application.issue_cert } + + it 'returns a new cert' do + is_expected.to be_kind_of(Gitlab::Kubernetes::Helm::Certificate) + expect(subject.cert_string).not_to eq(application.ca_cert) + expect(subject.key_string).not_to eq(application.ca_key) + end end describe '#install_command' do @@ -25,5 +36,13 @@ describe Clusters::Applications::Helm do it 'should be initialized with 1 arguments' do expect(subject.name).to eq('helm') end + + it 'should have cert files' do + expect(subject.files[:'ca.pem']).to be_present + expect(subject.files[:'ca.pem']).to eq(helm.ca_cert) + + expect(subject.files[:'cert.pem']).to be_present + expect(subject.files[:'key.pem']).to be_present + end end end diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb index fbb3c18319f..6426818d349 100644 --- a/spec/models/clusters/applications/ingress_spec.rb +++ b/spec/models/clusters/applications/ingress_spec.rb @@ -79,7 +79,9 @@ describe Clusters::Applications::Ingress do end describe '#files' do - let(:values) { ingress.files[:'values.yaml'] } + let(:application) { ingress } + subject { application.files } + let(:values) { subject[:'values.yaml'] } it 'should include ingress valid keys in values' do expect(values).to include('image') @@ -87,5 +89,25 @@ describe Clusters::Applications::Ingress do expect(values).to include('stats') expect(values).to include('podAnnotations') end + + context 'when the helm application does not have a ca_cert' do + before do + application.cluster.application_helm.ca_cert = nil + end + + it 'should not include cert files' do + expect(subject[:'ca.pem']).not_to be_present + expect(subject[:'cert.pem']).not_to be_present + expect(subject[:'key.pem']).not_to be_present + end + end + + it 'should include cert files' do + expect(subject[:'ca.pem']).to be_present + expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert) + + expect(subject[:'cert.pem']).to be_present + expect(subject[:'key.pem']).to be_present + end end end diff --git a/spec/models/clusters/applications/jupyter_spec.rb b/spec/models/clusters/applications/jupyter_spec.rb index 0e2847592fc..4a470bbea74 100644 --- a/spec/models/clusters/applications/jupyter_spec.rb +++ b/spec/models/clusters/applications/jupyter_spec.rb @@ -43,9 +43,29 @@ describe Clusters::Applications::Jupyter do end describe '#files' do - let(:jupyter) { create(:clusters_applications_jupyter) } + let(:application) { create(:clusters_applications_jupyter) } + subject { application.files } + let(:values) { subject[:'values.yaml'] } - let(:values) { jupyter.files[:'values.yaml'] } + it 'should include cert files' do + expect(subject[:'ca.pem']).to be_present + expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert) + + expect(subject[:'cert.pem']).to be_present + expect(subject[:'key.pem']).to be_present + end + + context 'when the helm application does not have a ca_cert' do + before do + application.cluster.application_helm.ca_cert = nil + end + + it 'should not include cert files' do + expect(subject[:'ca.pem']).not_to be_present + expect(subject[:'cert.pem']).not_to be_present + expect(subject[:'key.pem']).not_to be_present + end + end it 'should include valid values' do expect(values).to include('ingress') @@ -53,8 +73,8 @@ describe Clusters::Applications::Jupyter do expect(values).to include('rbac') expect(values).to include('proxy') expect(values).to include('auth') - expect(values).to match(/clientId: '?#{jupyter.oauth_application.uid}/) - expect(values).to match(/callbackUrl: '?#{jupyter.callback_url}/) + expect(values).to match(/clientId: '?#{application.oauth_application.uid}/) + expect(values).to match(/callbackUrl: '?#{application.callback_url}/) end end end diff --git a/spec/models/clusters/applications/prometheus_spec.rb b/spec/models/clusters/applications/prometheus_spec.rb index 013cb8da22b..c506d3a69e2 100644 --- a/spec/models/clusters/applications/prometheus_spec.rb +++ b/spec/models/clusters/applications/prometheus_spec.rb @@ -158,9 +158,29 @@ describe Clusters::Applications::Prometheus do end describe '#files' do - let(:prometheus) { create(:clusters_applications_prometheus) } + let(:application) { create(:clusters_applications_prometheus) } + subject { application.files } + let(:values) { subject[:'values.yaml'] } + + it 'should include cert files' do + expect(subject[:'ca.pem']).to be_present + expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert) - let(:values) { prometheus.files[:'values.yaml'] } + expect(subject[:'cert.pem']).to be_present + expect(subject[:'key.pem']).to be_present + end + + context 'when the helm application does not have a ca_cert' do + before do + application.cluster.application_helm.ca_cert = nil + end + + it 'should not include cert files' do + expect(subject[:'ca.pem']).not_to be_present + expect(subject[:'cert.pem']).not_to be_present + expect(subject[:'key.pem']).not_to be_present + end + end it 'should include prometheus valid values' do expect(values).to include('alertmanager') diff --git a/spec/models/clusters/applications/runner_spec.rb b/spec/models/clusters/applications/runner_spec.rb index 4ac136a6274..ab37603e4ec 100644 --- a/spec/models/clusters/applications/runner_spec.rb +++ b/spec/models/clusters/applications/runner_spec.rb @@ -38,11 +38,31 @@ describe Clusters::Applications::Runner do end describe '#files' do - let(:gitlab_runner) { create(:clusters_applications_runner, runner: ci_runner) } + let(:application) { create(:clusters_applications_runner, runner: ci_runner) } - subject { gitlab_runner.files } + subject { application.files } let(:values) { subject[:'values.yaml'] } + it 'should include cert files' do + expect(subject[:'ca.pem']).to be_present + expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert) + + expect(subject[:'cert.pem']).to be_present + expect(subject[:'key.pem']).to be_present + end + + context 'when the helm application does not have a ca_cert' do + before do + application.cluster.application_helm.ca_cert = nil + end + + it 'should not include cert files' do + expect(subject[:'ca.pem']).not_to be_present + expect(subject[:'cert.pem']).not_to be_present + expect(subject[:'key.pem']).not_to be_present + end + end + it 'should include runner valid values' do expect(values).to include('concurrent') expect(values).to include('checkInterval') @@ -57,8 +77,8 @@ describe Clusters::Applications::Runner do context 'without a runner' do let(:project) { create(:project) } - let(:cluster) { create(:cluster, projects: [project]) } - let(:gitlab_runner) { create(:clusters_applications_runner, cluster: cluster) } + let(:cluster) { create(:cluster, :with_installed_helm, projects: [project]) } + let(:application) { create(:clusters_applications_runner, cluster: cluster) } it 'creates a runner' do expect do @@ -67,13 +87,13 @@ describe Clusters::Applications::Runner do end it 'uses the new runner token' do - expect(values).to match(/runnerToken: '?#{gitlab_runner.reload.runner.token}/) + expect(values).to match(/runnerToken: '?#{application.reload.runner.token}/) end it 'assigns the new runner to runner' do subject - expect(gitlab_runner.reload.runner).to be_project_type + expect(application.reload.runner).to be_project_type end end @@ -97,11 +117,11 @@ describe Clusters::Applications::Runner do end before do - allow(gitlab_runner).to receive(:chart_values).and_return(stub_values) + allow(application).to receive(:chart_values).and_return(stub_values) end it 'should overwrite values.yaml' do - expect(values).to match(/privileged: '?#{gitlab_runner.privileged}/) + expect(values).to match(/privileged: '?#{application.privileged}/) end end end |