diff options
Diffstat (limited to 'spec/services/clusters')
5 files changed, 78 insertions, 67 deletions
diff --git a/spec/services/clusters/gcp/finalize_creation_service_spec.rb b/spec/services/clusters/gcp/finalize_creation_service_spec.rb index be362dc6e23..d8c95a70bd0 100644 --- a/spec/services/clusters/gcp/finalize_creation_service_spec.rb +++ b/spec/services/clusters/gcp/finalize_creation_service_spec.rb @@ -83,12 +83,7 @@ RSpec.describe Clusters::Gcp::FinalizeCreationService, '#execute' do shared_context 'kubernetes information successfully fetched' do before do stub_cloud_platform_get_zone_cluster( - provider.gcp_project_id, provider.zone, cluster.name, - { - endpoint: endpoint, - username: username, - password: password - } + provider.gcp_project_id, provider.zone, cluster.name, { endpoint: endpoint, username: username, password: password } ) stub_kubeclient_discover(api_url) @@ -101,11 +96,9 @@ RSpec.describe Clusters::Gcp::FinalizeCreationService, '#execute' do stub_kubeclient_get_secret( api_url, - { - metadata_name: secret_name, - token: Base64.encode64(token), - namespace: 'default' - } + metadata_name: secret_name, + token: Base64.encode64(token), + namespace: 'default' ) stub_kubeclient_put_cluster_role_binding(api_url, 'gitlab-admin') diff --git a/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb b/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb index b4402aadc88..f26177a56d0 100644 --- a/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb +++ b/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb @@ -26,27 +26,21 @@ RSpec.describe Clusters::Kubernetes::ConfigureIstioIngressService, '#execute' do stub_kubeclient_get_secret( api_url, - { - metadata_name: "#{namespace}-token", - token: Base64.encode64('sample-token'), - namespace: namespace - } + metadata_name: "#{namespace}-token", + token: Base64.encode64('sample-token'), + namespace: namespace ) stub_kubeclient_get_secret( api_url, - { - metadata_name: 'istio-ingressgateway-ca-certs', - namespace: 'istio-system' - } + metadata_name: 'istio-ingressgateway-ca-certs', + namespace: 'istio-system' ) stub_kubeclient_get_secret( api_url, - { - metadata_name: 'istio-ingressgateway-certs', - namespace: 'istio-system' - } + metadata_name: 'istio-ingressgateway-certs', + namespace: 'istio-system' ) stub_kubeclient_put_secret(api_url, 'istio-ingressgateway-ca-certs', namespace: 'istio-system') diff --git a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb index ee10c59390e..7e3f1fdb379 100644 --- a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb @@ -41,11 +41,9 @@ RSpec.describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' stub_kubeclient_get_secret( api_url, - { - metadata_name: "#{namespace}-token", - token: Base64.encode64('sample-token'), - namespace: namespace - } + metadata_name: "#{namespace}-token", + token: Base64.encode64('sample-token'), + namespace: namespace ) end diff --git a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb index f3fa6c2c0bb..257e2e53733 100644 --- a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb @@ -160,26 +160,60 @@ RSpec.describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do it_behaves_like 'creates service account and token' - it 'creates a namespaced role binding with edit access' do - subject + context 'kubernetes_cluster_namespace_role_admin FF is enabled' do + before do + stub_feature_flags(kubernetes_cluster_namespace_role_admin: true) + end + + it 'creates a namespaced role binding with admin access' do + subject + + expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( + body: hash_including( + metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'admin' + }, + subjects: [ + { + kind: 'ServiceAccount', + name: service_account_name, + namespace: namespace + } + ] + ) + ) + end + end - expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( - body: hash_including( - metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'edit' - }, - subjects: [ - { - kind: 'ServiceAccount', - name: service_account_name, - namespace: namespace - } - ] + context 'kubernetes_cluster_namespace_role_admin FF is disabled' do + before do + stub_feature_flags(kubernetes_cluster_namespace_role_admin: false) + end + + it 'creates a namespaced role binding with edit access' do + subject + + expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( + body: hash_including( + metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'edit' + }, + subjects: [ + { + kind: 'ServiceAccount', + name: service_account_name, + namespace: namespace + } + ] + ) ) - ) + end end it 'creates a role binding granting crossplane database permissions to the service account' do diff --git a/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb index c4daae9dbf0..03c402fb066 100644 --- a/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb +++ b/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb @@ -31,11 +31,9 @@ RSpec.describe Clusters::Kubernetes::FetchKubernetesTokenService do before do stub_kubeclient_get_secret( api_url, - { - metadata_name: service_account_token_name, - namespace: namespace, - token: token - } + metadata_name: service_account_token_name, + namespace: namespace, + token: token ) end @@ -54,11 +52,9 @@ RSpec.describe Clusters::Kubernetes::FetchKubernetesTokenService do before do stub_kubeclient_get_secret_not_found_then_found( api_url, - { - metadata_name: service_account_token_name, - namespace: namespace, - token: token - } + metadata_name: service_account_token_name, + namespace: namespace, + token: token ) end @@ -79,11 +75,9 @@ RSpec.describe Clusters::Kubernetes::FetchKubernetesTokenService do before do stub_kubeclient_get_secret_missing_token_then_with_token( api_url, - { - metadata_name: service_account_token_name, - namespace: namespace, - token: token - } + metadata_name: service_account_token_name, + namespace: namespace, + token: token ) end @@ -96,11 +90,9 @@ RSpec.describe Clusters::Kubernetes::FetchKubernetesTokenService do before do stub_kubeclient_get_secret( api_url, - { - metadata_name: service_account_token_name, - namespace: namespace, - token: nil - } + metadata_name: service_account_token_name, + namespace: namespace, + token: nil ) end |