diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-12 03:07:43 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-12 03:07:43 +0300 |
commit | 2e3cbf7d89815e2915f77677388c49b48f8d20c3 (patch) | |
tree | 03bdbc99e829295e8077b2ec4032300c15b48e37 /spec/services/clusters/aws/fetch_credentials_service_spec.rb | |
parent | e44bb86539a8fb4cfb06dfe281632b6f206bd0a7 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/services/clusters/aws/fetch_credentials_service_spec.rb')
-rw-r--r-- | spec/services/clusters/aws/fetch_credentials_service_spec.rb | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/spec/services/clusters/aws/fetch_credentials_service_spec.rb b/spec/services/clusters/aws/fetch_credentials_service_spec.rb index 726d1c30603..9194947c67f 100644 --- a/spec/services/clusters/aws/fetch_credentials_service_spec.rb +++ b/spec/services/clusters/aws/fetch_credentials_service_spec.rb @@ -5,19 +5,18 @@ require 'spec_helper' describe Clusters::Aws::FetchCredentialsService do describe '#execute' do let(:user) { create(:user) } - let(:provider) { create(:cluster_provider_aws) } + let(:provider) { create(:cluster_provider_aws, region: 'ap-southeast-2') } let(:gitlab_access_key_id) { 'gitlab-access-key-id' } let(:gitlab_secret_access_key) { 'gitlab-secret-access-key' } - let(:region) { 'us-east-1' } let(:gitlab_credentials) { Aws::Credentials.new(gitlab_access_key_id, gitlab_secret_access_key) } let(:sts_client) { Aws::STS::Client.new(credentials: gitlab_credentials, region: region) } let(:assumed_role) { instance_double(Aws::AssumeRoleCredentials, credentials: assumed_role_credentials) } let(:assumed_role_credentials) { double } - subject { described_class.new(provision_role, region: region, provider: provider).execute } + subject { described_class.new(provision_role, provider: provider).execute } context 'provision role is configured' do let(:provision_role) { create(:aws_role, user: user) } @@ -39,19 +38,30 @@ describe Clusters::Aws::FetchCredentialsService do client: sts_client, role_arn: provision_role.role_arn, role_session_name: session_name, - external_id: provision_role.role_external_id + external_id: provision_role.role_external_id, + policy: session_policy ).and_return(assumed_role) end context 'provider is specified' do + let(:region) { provider.region } let(:session_name) { "gitlab-eks-cluster-#{provider.cluster_id}-user-#{user.id}" } + let(:session_policy) { nil } it { is_expected.to eq assumed_role_credentials } end context 'provider is not specifed' do let(:provider) { nil } + let(:region) { Clusters::Providers::Aws::DEFAULT_REGION } let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" } + let(:session_policy) { 'policy-document' } + + before do + allow(File).to receive(:read) + .with(Rails.root.join('vendor', 'aws', 'iam', 'eks_cluster_read_only_policy.json')) + .and_return(session_policy) + end it { is_expected.to eq assumed_role_credentials } end |