diff options
Diffstat (limited to 'spec/services/clusters')
22 files changed, 179 insertions, 23 deletions
diff --git a/spec/services/clusters/agent_tokens/create_service_spec.rb b/spec/services/clusters/agent_tokens/create_service_spec.rb index dc7abd1504b..519a3ba7ce5 100644 --- a/spec/services/clusters/agent_tokens/create_service_spec.rb +++ b/spec/services/clusters/agent_tokens/create_service_spec.rb @@ -2,14 +2,14 @@ require 'spec_helper' -RSpec.describe Clusters::AgentTokens::CreateService do - subject(:service) { described_class.new(container: project, current_user: user, params: params) } +RSpec.describe Clusters::AgentTokens::CreateService, feature_category: :kubernetes_management do + subject(:service) { described_class.new(agent: cluster_agent, current_user: user, params: params) } let_it_be(:user) { create(:user) } let(:cluster_agent) { create(:cluster_agent) } let(:project) { cluster_agent.project } - let(:params) { { agent_id: cluster_agent.id, description: 'token description', name: 'token name' } } + let(:params) { { description: 'token description', name: 'token name' } } describe '#execute' do subject { service.execute } @@ -75,7 +75,7 @@ RSpec.describe Clusters::AgentTokens::CreateService do it 'returns validation errors', :aggregate_failures do expect(subject.status).to eq(:error) - expect(subject.message).to eq(["Agent must exist", "Name can't be blank"]) + expect(subject.message).to eq(["Name can't be blank"]) end end end diff --git a/spec/services/clusters/agent_tokens/revoke_service_spec.rb b/spec/services/clusters/agent_tokens/revoke_service_spec.rb new file mode 100644 index 00000000000..9e511de0a13 --- /dev/null +++ b/spec/services/clusters/agent_tokens/revoke_service_spec.rb @@ -0,0 +1,77 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Clusters::AgentTokens::RevokeService, feature_category: :kubernetes_management do + describe '#execute' do + subject { described_class.new(token: agent_token, current_user: user).execute } + + let(:agent) { create(:cluster_agent) } + let(:agent_token) { create(:cluster_agent_token, agent: agent) } + let(:project) { agent.project } + let(:user) { agent.created_by_user } + + before do + project.add_maintainer(user) + end + + context 'when user is authorized' do + before do + project.add_maintainer(user) + end + + context 'when user revokes agent token' do + it 'succeeds' do + subject + + expect(agent_token.revoked?).to be true + end + + it 'creates an activity event' do + expect { subject }.to change { ::Clusters::Agents::ActivityEvent.count }.by(1) + + event = agent.activity_events.last + + expect(event).to have_attributes( + kind: 'token_revoked', + level: 'info', + recorded_at: agent_token.reload.updated_at, + user: user, + agent_token: agent_token + ) + end + end + + context 'when there is a validation failure' do + before do + agent_token.name = '' # make the record invalid, as we require a name to be present + end + + it 'fails without raising an error', :aggregate_failures do + expect(subject[:status]).to eq(:error) + expect(subject[:message]).to eq(["Name can't be blank"]) + end + + it 'does not create an activity event' do + expect { subject }.not_to change { ::Clusters::Agents::ActivityEvent.count } + end + end + end + + context 'when user is not authorized' do + let(:user) { create(:user) } + + before do + project.add_guest(user) + end + + context 'when user attempts to revoke agent token' do + it 'fails' do + subject + + expect(agent_token.revoked?).to be false + end + end + end + end +end diff --git a/spec/services/clusters/agent_tokens/track_usage_service_spec.rb b/spec/services/clusters/agent_tokens/track_usage_service_spec.rb index 3350b15a5ce..e9e1a5f7ad9 100644 --- a/spec/services/clusters/agent_tokens/track_usage_service_spec.rb +++ b/spec/services/clusters/agent_tokens/track_usage_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::AgentTokens::TrackUsageService do +RSpec.describe Clusters::AgentTokens::TrackUsageService, feature_category: :kubernetes_management do let_it_be(:agent) { create(:cluster_agent) } describe '#execute', :clean_gitlab_redis_cache do diff --git a/spec/services/clusters/agents/authorize_proxy_user_service_spec.rb b/spec/services/clusters/agents/authorize_proxy_user_service_spec.rb new file mode 100644 index 00000000000..c099d87f6eb --- /dev/null +++ b/spec/services/clusters/agents/authorize_proxy_user_service_spec.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Clusters::Agents::AuthorizeProxyUserService, feature_category: :kubernetes_management do + subject(:service_response) { service.execute } + + let(:service) { described_class.new(user, agent) } + let(:user) { create(:user) } + + let_it_be(:project) { create(:project) } + let_it_be(:group) { create(:group) } + let_it_be(:user_access_config) do + { + 'user_access' => { + 'access_as' => { 'agent' => {} }, + 'projects' => [{ 'id' => project.full_path }], + 'groups' => [{ 'id' => group.full_path }] + } + } + end + + let_it_be(:configuration_project) do + create( + :project, :custom_repo, + files: { + ".gitlab/agents/the-agent/config.yaml" => user_access_config.to_yaml + } + ) + end + + let_it_be(:agent) { create(:cluster_agent, name: 'the-agent', project: configuration_project) } + + it 'returns forbidden when user has no access to any project', :aggregate_failures do + expect(service_response).to be_error + expect(service_response.reason).to eq :forbidden + end + + context 'when user is member of an authorized group' do + it 'authorizes developers', :aggregate_failures do + group.add_member(user, :developer) + expect(service_response).to be_success + expect(service_response.payload[:user]).to include(id: user.id, username: user.username) + expect(service_response.payload[:agent]).to include(id: agent.id, config_project: { id: agent.project.id }) + end + + it 'does not authorize reporters', :aggregate_failures do + group.add_member(user, :reporter) + expect(service_response).to be_error + expect(service_response.reason).to eq :forbidden + end + end + + context 'when user is member of an authorized project' do + it 'authorizes developers', :aggregate_failures do + project.add_member(user, :developer) + expect(service_response).to be_success + expect(service_response.payload[:user]).to include(id: user.id, username: user.username) + expect(service_response.payload[:agent]).to include(id: agent.id, config_project: { id: agent.project.id }) + end + + it 'does not authorize reporters', :aggregate_failures do + project.add_member(user, :reporter) + expect(service_response).to be_error + expect(service_response.reason).to eq :forbidden + end + end +end diff --git a/spec/services/clusters/agents/create_activity_event_service_spec.rb b/spec/services/clusters/agents/create_activity_event_service_spec.rb index 7a8f0e16d60..3da8ecddb8d 100644 --- a/spec/services/clusters/agents/create_activity_event_service_spec.rb +++ b/spec/services/clusters/agents/create_activity_event_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Agents::CreateActivityEventService do +RSpec.describe Clusters::Agents::CreateActivityEventService, feature_category: :kubernetes_management do let_it_be(:agent) { create(:cluster_agent) } let_it_be(:token) { create(:cluster_agent_token, agent: agent) } let_it_be(:user) { create(:user) } @@ -40,5 +40,16 @@ RSpec.describe Clusters::Agents::CreateActivityEventService do subject end + + context 'when activity event creation fails' do + let(:params) { {} } + + it 'tracks the exception without raising' do + expect(Gitlab::ErrorTracking).to receive(:track_exception) + .with(instance_of(ActiveRecord::RecordInvalid), agent_id: agent.id) + + subject + end + end end end diff --git a/spec/services/clusters/agents/create_service_spec.rb b/spec/services/clusters/agents/create_service_spec.rb index 2b3bbcae13c..dc69dfb5e27 100644 --- a/spec/services/clusters/agents/create_service_spec.rb +++ b/spec/services/clusters/agents/create_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Agents::CreateService do +RSpec.describe Clusters::Agents::CreateService, feature_category: :kubernetes_management do subject(:service) { described_class.new(project, user) } let(:project) { create(:project, :public, :repository) } diff --git a/spec/services/clusters/agents/delete_expired_events_service_spec.rb b/spec/services/clusters/agents/delete_expired_events_service_spec.rb index 3dc166f54eb..892cd5a70ea 100644 --- a/spec/services/clusters/agents/delete_expired_events_service_spec.rb +++ b/spec/services/clusters/agents/delete_expired_events_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Agents::DeleteExpiredEventsService do +RSpec.describe Clusters::Agents::DeleteExpiredEventsService, feature_category: :kubernetes_management do let_it_be(:agent) { create(:cluster_agent) } describe '#execute' do diff --git a/spec/services/clusters/agents/delete_service_spec.rb b/spec/services/clusters/agents/delete_service_spec.rb index abe1bdaab27..da97cdee4ca 100644 --- a/spec/services/clusters/agents/delete_service_spec.rb +++ b/spec/services/clusters/agents/delete_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Agents::DeleteService do +RSpec.describe Clusters::Agents::DeleteService, feature_category: :kubernetes_management do subject(:service) { described_class.new(container: project, current_user: user) } let(:cluster_agent) { create(:cluster_agent) } diff --git a/spec/services/clusters/build_kubernetes_namespace_service_spec.rb b/spec/services/clusters/build_kubernetes_namespace_service_spec.rb index 4ee933374f6..b1be3eb4199 100644 --- a/spec/services/clusters/build_kubernetes_namespace_service_spec.rb +++ b/spec/services/clusters/build_kubernetes_namespace_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::BuildKubernetesNamespaceService do +RSpec.describe Clusters::BuildKubernetesNamespaceService, feature_category: :kubernetes_management do let(:cluster) { create(:cluster, :project, :provided_by_gcp) } let(:environment) { create(:environment) } let(:project) { environment.project } diff --git a/spec/services/clusters/build_service_spec.rb b/spec/services/clusters/build_service_spec.rb index c7a64435d3b..9e71b7a8115 100644 --- a/spec/services/clusters/build_service_spec.rb +++ b/spec/services/clusters/build_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::BuildService do +RSpec.describe Clusters::BuildService, feature_category: :kubernetes_management do describe '#execute' do subject { described_class.new(cluster_subject).execute } diff --git a/spec/services/clusters/cleanup/project_namespace_service_spec.rb b/spec/services/clusters/cleanup/project_namespace_service_spec.rb index 8d3ae217a9f..366e4fa9c03 100644 --- a/spec/services/clusters/cleanup/project_namespace_service_spec.rb +++ b/spec/services/clusters/cleanup/project_namespace_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Cleanup::ProjectNamespaceService do +RSpec.describe Clusters::Cleanup::ProjectNamespaceService, feature_category: :kubernetes_management do describe '#execute' do subject { service.execute } diff --git a/spec/services/clusters/cleanup/service_account_service_spec.rb b/spec/services/clusters/cleanup/service_account_service_spec.rb index 769762237f9..881ec85b3d5 100644 --- a/spec/services/clusters/cleanup/service_account_service_spec.rb +++ b/spec/services/clusters/cleanup/service_account_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Cleanup::ServiceAccountService do +RSpec.describe Clusters::Cleanup::ServiceAccountService, feature_category: :kubernetes_management do describe '#execute' do subject { service.execute } diff --git a/spec/services/clusters/create_service_spec.rb b/spec/services/clusters/create_service_spec.rb index 95f10cdbd80..0d170f66f4a 100644 --- a/spec/services/clusters/create_service_spec.rb +++ b/spec/services/clusters/create_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::CreateService do +RSpec.describe Clusters::CreateService, feature_category: :kubernetes_management do let(:access_token) { 'xxx' } let(:project) { create(:project) } let(:user) { create(:user) } diff --git a/spec/services/clusters/destroy_service_spec.rb b/spec/services/clusters/destroy_service_spec.rb index dc600c9e830..2bc0099ff04 100644 --- a/spec/services/clusters/destroy_service_spec.rb +++ b/spec/services/clusters/destroy_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::DestroyService do +RSpec.describe Clusters::DestroyService, feature_category: :kubernetes_management do describe '#execute' do subject { described_class.new(cluster.user, params).execute(cluster) } diff --git a/spec/services/clusters/integrations/create_service_spec.rb b/spec/services/clusters/integrations/create_service_spec.rb index 9104e07504d..fa47811dc6b 100644 --- a/spec/services/clusters/integrations/create_service_spec.rb +++ b/spec/services/clusters/integrations/create_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Integrations::CreateService, '#execute' do +RSpec.describe Clusters::Integrations::CreateService, '#execute', feature_category: :kubernetes_management do let_it_be(:project) { create(:project) } let_it_be_with_reload(:cluster) { create(:cluster, :provided_by_gcp, projects: [project]) } diff --git a/spec/services/clusters/integrations/prometheus_health_check_service_spec.rb b/spec/services/clusters/integrations/prometheus_health_check_service_spec.rb index 526462931a6..2d527bb0872 100644 --- a/spec/services/clusters/integrations/prometheus_health_check_service_spec.rb +++ b/spec/services/clusters/integrations/prometheus_health_check_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Integrations::PrometheusHealthCheckService, '#execute' do +RSpec.describe Clusters::Integrations::PrometheusHealthCheckService, '#execute', feature_category: :kubernetes_management do let(:service) { described_class.new(cluster) } subject { service.execute } diff --git a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb index 90956e7b4ea..8ae34e4f9ab 100644 --- a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do +RSpec.describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute', feature_category: :kubernetes_management do include KubernetesHelpers let(:cluster) { create(:cluster, :project, :provided_by_gcp) } diff --git a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb index 37478a0bcd9..bdf46c19e36 100644 --- a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true require 'spec_helper' -RSpec.describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do +RSpec.describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService, feature_category: :kubernetes_management do include KubernetesHelpers let(:api_url) { 'http://111.111.111.111' } diff --git a/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb index 03c402fb066..2b77df1eb6d 100644 --- a/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb +++ b/spec/services/clusters/kubernetes/fetch_kubernetes_token_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Kubernetes::FetchKubernetesTokenService do +RSpec.describe Clusters::Kubernetes::FetchKubernetesTokenService, feature_category: :kubernetes_management do include KubernetesHelpers describe '#execute' do diff --git a/spec/services/clusters/kubernetes_spec.rb b/spec/services/clusters/kubernetes_spec.rb index 12af63890fc..7e22c2f95df 100644 --- a/spec/services/clusters/kubernetes_spec.rb +++ b/spec/services/clusters/kubernetes_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Kubernetes do +RSpec.describe Clusters::Kubernetes, feature_category: :kubernetes_management do it { is_expected.to be_const_defined(:GITLAB_SERVICE_ACCOUNT_NAME) } it { is_expected.to be_const_defined(:GITLAB_SERVICE_ACCOUNT_NAMESPACE) } it { is_expected.to be_const_defined(:GITLAB_ADMIN_TOKEN_NAME) } diff --git a/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb index a21c378d3d1..8a49d90aa48 100644 --- a/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb +++ b/spec/services/clusters/management/validate_management_project_permissions_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::Management::ValidateManagementProjectPermissionsService do +RSpec.describe Clusters::Management::ValidateManagementProjectPermissionsService, feature_category: :kubernetes_management do describe '#execute' do subject { described_class.new(user).execute(cluster, management_project_id) } diff --git a/spec/services/clusters/update_service_spec.rb b/spec/services/clusters/update_service_spec.rb index 9aead97f41c..31661d30f41 100644 --- a/spec/services/clusters/update_service_spec.rb +++ b/spec/services/clusters/update_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Clusters::UpdateService do +RSpec.describe Clusters::UpdateService, feature_category: :kubernetes_management do include KubernetesHelpers describe '#execute' do |