Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/services/clusters/aws/fetch_credentials_service_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/services/clusters/aws/fetch_credentials_service_spec.rb')
-rw-r--r--spec/services/clusters/aws/fetch_credentials_service_spec.rb18
1 files changed, 14 insertions, 4 deletions
diff --git a/spec/services/clusters/aws/fetch_credentials_service_spec.rb b/spec/services/clusters/aws/fetch_credentials_service_spec.rb
index 726d1c30603..9194947c67f 100644
--- a/spec/services/clusters/aws/fetch_credentials_service_spec.rb
+++ b/spec/services/clusters/aws/fetch_credentials_service_spec.rb
@@ -5,19 +5,18 @@ require 'spec_helper'
describe Clusters::Aws::FetchCredentialsService do
describe '#execute' do
let(:user) { create(:user) }
- let(:provider) { create(:cluster_provider_aws) }
+ let(:provider) { create(:cluster_provider_aws, region: 'ap-southeast-2') }
let(:gitlab_access_key_id) { 'gitlab-access-key-id' }
let(:gitlab_secret_access_key) { 'gitlab-secret-access-key' }
- let(:region) { 'us-east-1' }
let(:gitlab_credentials) { Aws::Credentials.new(gitlab_access_key_id, gitlab_secret_access_key) }
let(:sts_client) { Aws::STS::Client.new(credentials: gitlab_credentials, region: region) }
let(:assumed_role) { instance_double(Aws::AssumeRoleCredentials, credentials: assumed_role_credentials) }
let(:assumed_role_credentials) { double }
- subject { described_class.new(provision_role, region: region, provider: provider).execute }
+ subject { described_class.new(provision_role, provider: provider).execute }
context 'provision role is configured' do
let(:provision_role) { create(:aws_role, user: user) }
@@ -39,19 +38,30 @@ describe Clusters::Aws::FetchCredentialsService do
client: sts_client,
role_arn: provision_role.role_arn,
role_session_name: session_name,
- external_id: provision_role.role_external_id
+ external_id: provision_role.role_external_id,
+ policy: session_policy
).and_return(assumed_role)
end
context 'provider is specified' do
+ let(:region) { provider.region }
let(:session_name) { "gitlab-eks-cluster-#{provider.cluster_id}-user-#{user.id}" }
+ let(:session_policy) { nil }
it { is_expected.to eq assumed_role_credentials }
end
context 'provider is not specifed' do
let(:provider) { nil }
+ let(:region) { Clusters::Providers::Aws::DEFAULT_REGION }
let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" }
+ let(:session_policy) { 'policy-document' }
+
+ before do
+ allow(File).to receive(:read)
+ .with(Rails.root.join('vendor', 'aws', 'iam', 'eks_cluster_read_only_policy.json'))
+ .and_return(session_policy)
+ end
it { is_expected.to eq assumed_role_credentials }
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 14:31:43 +0300