diff options
Diffstat (limited to 'spec/models/clusters')
18 files changed, 187 insertions, 26 deletions
diff --git a/spec/models/clusters/applications/cert_manager_spec.rb b/spec/models/clusters/applications/cert_manager_spec.rb index d7fd0d06b05..7ca7f533a27 100644 --- a/spec/models/clusters/applications/cert_manager_spec.rb +++ b/spec/models/clusters/applications/cert_manager_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::CertManager do +RSpec.describe Clusters::Applications::CertManager do let(:cert_manager) { create(:clusters_applications_cert_manager) } include_examples 'cluster application core specs', :clusters_applications_cert_manager diff --git a/spec/models/clusters/applications/cilium_spec.rb b/spec/models/clusters/applications/cilium_spec.rb new file mode 100644 index 00000000000..8b01502d5c0 --- /dev/null +++ b/spec/models/clusters/applications/cilium_spec.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Clusters::Applications::Cilium do + let(:cilium) { create(:clusters_applications_cilium) } + + include_examples 'cluster application core specs', :clusters_applications_cilium + include_examples 'cluster application status specs', :clusters_applications_cilium + include_examples 'cluster application initial status specs' + + describe '#allowed_to_uninstall?' do + subject { cilium.allowed_to_uninstall? } + + it { is_expected.to be false } + end +end diff --git a/spec/models/clusters/applications/crossplane_spec.rb b/spec/models/clusters/applications/crossplane_spec.rb index ebc675497f4..a41c5f6586b 100644 --- a/spec/models/clusters/applications/crossplane_spec.rb +++ b/spec/models/clusters/applications/crossplane_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Crossplane do +RSpec.describe Clusters::Applications::Crossplane do let(:crossplane) { create(:clusters_applications_crossplane) } include_examples 'cluster application core specs', :clusters_applications_crossplane diff --git a/spec/models/clusters/applications/elastic_stack_spec.rb b/spec/models/clusters/applications/elastic_stack_spec.rb index 50042a4e29a..62123ffa542 100644 --- a/spec/models/clusters/applications/elastic_stack_spec.rb +++ b/spec/models/clusters/applications/elastic_stack_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::ElasticStack do +RSpec.describe Clusters::Applications::ElasticStack do include KubernetesHelpers include_examples 'cluster application core specs', :clusters_applications_elastic_stack @@ -27,6 +27,20 @@ describe Clusters::Applications::ElasticStack do expect(subject.preinstall).to be_empty end + context 'within values.yaml' do + let(:values_yaml_content) {subject.files[:"values.yaml"]} + + it 'contains the disabled index lifecycle management' do + expect(values_yaml_content).to include "setup.ilm.enabled: false" + end + + it 'contains daily indices with respective template' do + expect(values_yaml_content).to include "index: \"filebeat-%{[agent.version]}-%{+yyyy.MM.dd}\"" + expect(values_yaml_content).to include "setup.template.name: 'filebeat'" + expect(values_yaml_content).to include "setup.template.pattern: 'filebeat-*'" + end + end + context 'on a non rbac enabled cluster' do before do elastic_stack.cluster.platform_kubernetes.abac! diff --git a/spec/models/clusters/applications/fluentd_spec.rb b/spec/models/clusters/applications/fluentd_spec.rb index 4e9548990ed..be7b4a87947 100644 --- a/spec/models/clusters/applications/fluentd_spec.rb +++ b/spec/models/clusters/applications/fluentd_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Fluentd do +RSpec.describe Clusters::Applications::Fluentd do let(:waf_log_enabled) { true } let(:cilium_log_enabled) { true } let(:fluentd) { create(:clusters_applications_fluentd, waf_log_enabled: waf_log_enabled, cilium_log_enabled: cilium_log_enabled) } diff --git a/spec/models/clusters/applications/helm_spec.rb b/spec/models/clusters/applications/helm_spec.rb index 87454e1d3e2..6d2ecaa6d47 100644 --- a/spec/models/clusters/applications/helm_spec.rb +++ b/spec/models/clusters/applications/helm_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Helm do +RSpec.describe Clusters::Applications::Helm do include_examples 'cluster application core specs', :clusters_applications_helm describe '.available' do diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb index 8aee4eec0d3..d1138f5fa2d 100644 --- a/spec/models/clusters/applications/ingress_spec.rb +++ b/spec/models/clusters/applications/ingress_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Ingress do +RSpec.describe Clusters::Applications::Ingress do let(:ingress) { create(:clusters_applications_ingress) } it_behaves_like 'having unique enum values' diff --git a/spec/models/clusters/applications/jupyter_spec.rb b/spec/models/clusters/applications/jupyter_spec.rb index 937db9217f3..3cf24f1a9ef 100644 --- a/spec/models/clusters/applications/jupyter_spec.rb +++ b/spec/models/clusters/applications/jupyter_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Jupyter do +RSpec.describe Clusters::Applications::Jupyter do include_examples 'cluster application core specs', :clusters_applications_jupyter include_examples 'cluster application status specs', :clusters_applications_jupyter include_examples 'cluster application version specs', :clusters_applications_jupyter diff --git a/spec/models/clusters/applications/knative_spec.rb b/spec/models/clusters/applications/knative_spec.rb index 7ff7644e703..b14161ce8e6 100644 --- a/spec/models/clusters/applications/knative_spec.rb +++ b/spec/models/clusters/applications/knative_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Knative do +RSpec.describe Clusters::Applications::Knative do let(:knative) { create(:clusters_applications_knative) } include_examples 'cluster application core specs', :clusters_applications_knative diff --git a/spec/models/clusters/applications/prometheus_spec.rb b/spec/models/clusters/applications/prometheus_spec.rb index 1ed9e207b6b..1215b38a9a2 100644 --- a/spec/models/clusters/applications/prometheus_spec.rb +++ b/spec/models/clusters/applications/prometheus_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Prometheus do +RSpec.describe Clusters::Applications::Prometheus do include KubernetesHelpers include StubRequests diff --git a/spec/models/clusters/applications/runner_spec.rb b/spec/models/clusters/applications/runner_spec.rb index 6ee6711ec4b..fbabfd25b2f 100644 --- a/spec/models/clusters/applications/runner_spec.rb +++ b/spec/models/clusters/applications/runner_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Applications::Runner do +RSpec.describe Clusters::Applications::Runner do let(:ci_runner) { create(:ci_runner) } include_examples 'cluster application core specs', :clusters_applications_runner diff --git a/spec/models/clusters/cluster_spec.rb b/spec/models/clusters/cluster_spec.rb index 4dd74976028..4807957152c 100644 --- a/spec/models/clusters/cluster_spec.rb +++ b/spec/models/clusters/cluster_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Cluster, :use_clean_rails_memory_store_caching do +RSpec.describe Clusters::Cluster, :use_clean_rails_memory_store_caching do include ReactiveCachingHelpers include KubernetesHelpers @@ -10,6 +10,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do subject { build(:cluster) } + it { is_expected.to include_module(HasEnvironmentScope) } it { is_expected.to belong_to(:user) } it { is_expected.to belong_to(:management_project).class_name('::Project') } it { is_expected.to have_many(:cluster_projects) } @@ -289,6 +290,79 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do describe 'validations' do subject { cluster.valid? } + context 'when validates unique_environment_scope' do + context 'for a project cluster' do + let(:project) { create(:project) } + + before do + create(:cluster, projects: [project], environment_scope: 'product/*') + end + + context 'when identical environment scope exists in project' do + let(:cluster) { build(:cluster, projects: [project], environment_scope: 'product/*') } + + it { is_expected.to be_falsey } + end + + context 'when identical environment scope does not exist in project' do + let(:cluster) { build(:cluster, projects: [project], environment_scope: '*') } + + it { is_expected.to be_truthy } + end + + context 'when identical environment scope exists in different project' do + let(:project2) { create(:project) } + let(:cluster) { build(:cluster, projects: [project2], environment_scope: 'product/*') } + + it { is_expected.to be_truthy } + end + end + + context 'for a group cluster' do + let(:group) { create(:group) } + + before do + create(:cluster, cluster_type: :group_type, groups: [group], environment_scope: 'product/*') + end + + context 'when identical environment scope exists in group' do + let(:cluster) { build(:cluster, cluster_type: :group_type, groups: [group], environment_scope: 'product/*') } + + it { is_expected.to be_falsey } + end + + context 'when identical environment scope does not exist in group' do + let(:cluster) { build(:cluster, cluster_type: :group_type, groups: [group], environment_scope: '*') } + + it { is_expected.to be_truthy } + end + + context 'when identical environment scope exists in different group' do + let(:cluster) { build(:cluster, :group, environment_scope: 'product/*') } + + it { is_expected.to be_truthy } + end + end + + context 'for an instance cluster' do + before do + create(:cluster, :instance, environment_scope: 'product/*') + end + + context 'identical environment scope exists' do + let(:cluster) { build(:cluster, :instance, environment_scope: 'product/*') } + + it { is_expected.to be_falsey } + end + + context 'identical environment scope does not exist' do + let(:cluster) { build(:cluster, :instance, environment_scope: '*') } + + it { is_expected.to be_truthy } + end + end + end + context 'when validates name' do context 'when provided by user' do let!(:cluster) { build(:cluster, :provided_by_user, name: name) } @@ -1111,13 +1185,23 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do context 'cluster is enabled' do let(:cluster) { create(:cluster, :provided_by_user, :group) } + let(:gl_k8s_node_double) { double(Gitlab::Kubernetes::Node) } + let(:expected_nodes) { nil } before do - stub_kubeclient_nodes_and_nodes_metrics(cluster.platform.api_url) + stub_kubeclient_discover(cluster.platform.api_url) + allow(Gitlab::Kubernetes::Node).to receive(:new).with(cluster).and_return(gl_k8s_node_double) + allow(gl_k8s_node_double).to receive(:all).and_return([]) end context 'connection to the cluster is successful' do - it { is_expected.to eq(connection_status: :connected, nodes: [kube_node.merge(kube_node_metrics)]) } + before do + allow(gl_k8s_node_double).to receive(:all).and_return(expected_nodes) + end + + let(:expected_nodes) { [kube_node.merge(kube_node_metrics)] } + + it { is_expected.to eq(connection_status: :connected, nodes: expected_nodes) } end context 'cluster cannot be reached' do @@ -1126,7 +1210,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do .and_raise(SocketError) end - it { is_expected.to eq(connection_status: :unreachable, nodes: nil) } + it { is_expected.to eq(connection_status: :unreachable, nodes: expected_nodes) } end context 'cluster cannot be authenticated to' do @@ -1135,7 +1219,7 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do .and_raise(OpenSSL::X509::CertificateError.new("Certificate error")) end - it { is_expected.to eq(connection_status: :authentication_failure, nodes: nil) } + it { is_expected.to eq(connection_status: :authentication_failure, nodes: expected_nodes) } end describe 'Kubeclient::HttpError' do @@ -1147,18 +1231,18 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do .and_raise(Kubeclient::HttpError.new(error_code, error_message, nil)) end - it { is_expected.to eq(connection_status: :authentication_failure, nodes: nil) } + it { is_expected.to eq(connection_status: :authentication_failure, nodes: expected_nodes) } context 'generic timeout' do let(:error_message) { 'Timed out connecting to server'} - it { is_expected.to eq(connection_status: :unreachable, nodes: nil) } + it { is_expected.to eq(connection_status: :unreachable, nodes: expected_nodes) } end context 'gateway timeout' do let(:error_message) { '504 Gateway Timeout for GET https://kubernetes.example.com/api/v1'} - it { is_expected.to eq(connection_status: :unreachable, nodes: nil) } + it { is_expected.to eq(connection_status: :unreachable, nodes: expected_nodes) } end end @@ -1168,12 +1252,12 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do .and_raise(StandardError) end - it { is_expected.to eq(connection_status: :unknown_failure, nodes: nil) } + it { is_expected.to eq(connection_status: :unknown_failure, nodes: expected_nodes) } it 'notifies Sentry' do expect(Gitlab::ErrorTracking).to receive(:track_exception) .with(instance_of(StandardError), hash_including(cluster_id: cluster.id)) - .twice + .once subject end diff --git a/spec/models/clusters/clusters_hierarchy_spec.rb b/spec/models/clusters/clusters_hierarchy_spec.rb index 1957e1fc5ee..5ac561eb2d0 100644 --- a/spec/models/clusters/clusters_hierarchy_spec.rb +++ b/spec/models/clusters/clusters_hierarchy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::ClustersHierarchy do +RSpec.describe Clusters::ClustersHierarchy do describe '#base_and_ancestors' do def base_and_ancestors(clusterable, include_management_project: true) described_class.new(clusterable, include_management_project: include_management_project).base_and_ancestors diff --git a/spec/models/clusters/group_spec.rb b/spec/models/clusters/group_spec.rb index ba145342cb8..3b541c40938 100644 --- a/spec/models/clusters/group_spec.rb +++ b/spec/models/clusters/group_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Group do +RSpec.describe Clusters::Group do it { is_expected.to belong_to(:cluster) } it { is_expected.to belong_to(:group) } end diff --git a/spec/models/clusters/platforms/kubernetes_spec.rb b/spec/models/clusters/platforms/kubernetes_spec.rb index f0e6dd53664..adccc72d13d 100644 --- a/spec/models/clusters/platforms/kubernetes_spec.rb +++ b/spec/models/clusters/platforms/kubernetes_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Platforms::Kubernetes do +RSpec.describe Clusters::Platforms::Kubernetes do include KubernetesHelpers it { is_expected.to belong_to(:cluster) } @@ -204,6 +204,52 @@ describe Clusters::Platforms::Kubernetes do end it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::KubeClient) } + + context 'ca_pem is a single certificate' do + let(:ca_pem) { File.read(Rails.root.join('spec/fixtures/clusters/ca_certificate.pem')) } + let(:kubernetes) do + build(:cluster_platform_kubernetes, + :configured, + namespace: 'a-namespace', + cluster: cluster, + ca_pem: ca_pem) + end + + it 'adds it to cert_store' do + cert = OpenSSL::X509::Certificate.new(ca_pem) + cert_store = kubernetes.kubeclient.kubeclient_options[:ssl_options][:cert_store] + + expect(cert_store.verify(cert)).to be true + end + end + + context 'ca_pem is a chain' do + let(:cert_chain) { File.read(Rails.root.join('spec/fixtures/clusters/chain_certificates.pem')) } + let(:kubernetes) do + build(:cluster_platform_kubernetes, + :configured, + namespace: 'a-namespace', + cluster: cluster, + ca_pem: cert_chain) + end + + it 'includes chain of certificates' do + cert1_file = File.read(Rails.root.join('spec/fixtures/clusters/root_certificate.pem')) + cert1 = OpenSSL::X509::Certificate.new(cert1_file) + + cert2_file = File.read(Rails.root.join('spec/fixtures/clusters/intermediate_certificate.pem')) + cert2 = OpenSSL::X509::Certificate.new(cert2_file) + + cert3_file = File.read(Rails.root.join('spec/fixtures/clusters/ca_certificate.pem')) + cert3 = OpenSSL::X509::Certificate.new(cert3_file) + + cert_store = kubernetes.kubeclient.kubeclient_options[:ssl_options][:cert_store] + + expect(cert_store.verify(cert1)).to be true + expect(cert_store.verify(cert2)).to be true + expect(cert_store.verify(cert3)).to be true + end + end end describe '#rbac?' do diff --git a/spec/models/clusters/project_spec.rb b/spec/models/clusters/project_spec.rb index 671af085d10..e16dfa47898 100644 --- a/spec/models/clusters/project_spec.rb +++ b/spec/models/clusters/project_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Project do +RSpec.describe Clusters::Project do it { is_expected.to belong_to(:cluster) } it { is_expected.to belong_to(:project) } it { is_expected.to have_many(:kubernetes_namespaces) } diff --git a/spec/models/clusters/providers/aws_spec.rb b/spec/models/clusters/providers/aws_spec.rb index 05d6e63288e..3b4a48cc5be 100644 --- a/spec/models/clusters/providers/aws_spec.rb +++ b/spec/models/clusters/providers/aws_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Providers::Aws do +RSpec.describe Clusters::Providers::Aws do it { is_expected.to belong_to(:cluster) } it { is_expected.to validate_length_of(:key_name).is_at_least(1).is_at_most(255) } diff --git a/spec/models/clusters/providers/gcp_spec.rb b/spec/models/clusters/providers/gcp_spec.rb index e2fd777d131..ad9ada04875 100644 --- a/spec/models/clusters/providers/gcp_spec.rb +++ b/spec/models/clusters/providers/gcp_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe Clusters::Providers::Gcp do +RSpec.describe Clusters::Providers::Gcp do it { is_expected.to belong_to(:cluster) } it { is_expected.to validate_presence_of(:zone) } |