Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/controllers/projects/clusters_controller_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers/projects/clusters_controller_spec.rb')
-rw-r--r--spec/controllers/projects/clusters_controller_spec.rb52
1 files changed, 51 insertions, 1 deletions
diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb
index e1f6d571d27..1b6b0ff025e 100644
--- a/spec/controllers/projects/clusters_controller_spec.rb
+++ b/spec/controllers/projects/clusters_controller_spec.rb
@@ -79,7 +79,7 @@ describe Projects::ClustersController do
end
describe 'GET new' do
- def go(provider: 'gke')
+ def go(provider: 'gcp')
get :new, params: {
namespace_id: project.namespace,
project_id: project,
@@ -373,6 +373,56 @@ describe Projects::ClustersController do
end
end
+ describe 'POST authorize AWS role for EKS cluster' do
+ let(:role_arn) { 'arn:aws:iam::123456789012:role/role-name' }
+ let(:role_external_id) { '12345' }
+
+ let(:params) do
+ {
+ cluster: {
+ role_arn: role_arn,
+ role_external_id: role_external_id
+ }
+ }
+ end
+
+ def go
+ post :authorize_aws_role, params: params.merge(namespace_id: project.namespace, project_id: project)
+ end
+
+ it 'creates an Aws::Role record' do
+ expect { go }.to change { Aws::Role.count }
+
+ expect(response.status).to eq 201
+
+ role = Aws::Role.last
+ expect(role.user).to eq user
+ expect(role.role_arn).to eq role_arn
+ expect(role.role_external_id).to eq role_external_id
+ end
+
+ context 'role cannot be created' do
+ let(:role_arn) { 'invalid-role' }
+
+ it 'does not create a record' do
+ expect { go }.not_to change { Aws::Role.count }
+
+ expect(response.status).to eq 422
+ end
+ end
+
+ describe 'security' do
+ it { expect { go }.to be_allowed_for(:admin) }
+ it { expect { go }.to be_allowed_for(:owner).of(project) }
+ it { expect { go }.to be_allowed_for(:maintainer).of(project) }
+ it { expect { go }.to be_denied_for(:developer).of(project) }
+ it { expect { go }.to be_denied_for(:reporter).of(project) }
+ it { expect { go }.to be_denied_for(:guest).of(project) }
+ it { expect { go }.to be_denied_for(:user) }
+ it { expect { go }.to be_denied_for(:external) }
+ end
+ end
+
describe 'GET cluster_status' do
let(:cluster) { create(:cluster, :providing_by_gcp, projects: [project]) }
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-07 05:08:00 +0300