mirror of
https://gitlab.com/gitlab-org/gitlab-foss.git
synced 2025-08-20 14:11:11 +00:00
544 lines
16 KiB
Ruby
544 lines
16 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Projects::ClustersController do
|
|
include AccessMatchersForController
|
|
include GoogleApi::CloudPlatformHelpers
|
|
|
|
describe 'GET index' do
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when project has one or more clusters' do
|
|
let(:project) { create(:project) }
|
|
let(:enabled_cluster) { create(:cluster, :provided_by_gcp, projects: [project]) }
|
|
let(:disabled_cluster) { create(:cluster, :disabled, :provided_by_gcp, projects: [project]) }
|
|
|
|
it 'lists available clusters' do
|
|
go
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(response).to render_template(:index)
|
|
expect(assigns(:clusters)).to match_array([enabled_cluster, disabled_cluster])
|
|
end
|
|
|
|
it 'assigns counters to correct values' do
|
|
go
|
|
|
|
expect(assigns(:active_count)).to eq(project.clusters.enabled.count)
|
|
expect(assigns(:inactive_count)).to eq(project.clusters.disabled.count)
|
|
end
|
|
|
|
context 'when page is specified' do
|
|
let(:last_page) { project.clusters.page.total_pages }
|
|
|
|
before do
|
|
Clusters::Cluster.paginates_per(1)
|
|
create_list(:cluster, 2, :provided_by_gcp, projects: [project])
|
|
get :index, namespace_id: project.namespace, project_id: project, page: last_page
|
|
end
|
|
|
|
it 'redirects to the page' do
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(assigns(:clusters).current_page).to eq(last_page)
|
|
end
|
|
end
|
|
|
|
context 'when only enabled clusters are requested' do
|
|
it 'returns only enabled clusters' do
|
|
get :index, namespace_id: project.namespace, project_id: project, scope: 'active'
|
|
view_clusters = assigns(:clusters)
|
|
expect(view_clusters.all? { |cluster| cluster.enabled == true }).to eq(true)
|
|
end
|
|
end
|
|
|
|
context 'when only disabled clusters are requested' do
|
|
it 'returns only disabled clusters' do
|
|
get :index, namespace_id: project.namespace, project_id: project, scope: 'inactive'
|
|
view_clusters = assigns(:clusters)
|
|
expect(view_clusters.all? { |cluster| cluster.enabled == false }).to eq(true)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when project does not have a cluster' do
|
|
let(:project) { create(:project) }
|
|
|
|
it 'returns an empty state page' do
|
|
go
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(response).to render_template(:index)
|
|
expect(assigns(:clusters)).to eq([])
|
|
end
|
|
|
|
it 'assigns counters to zero' do
|
|
go
|
|
|
|
expect(assigns(:active_count)).to eq(0)
|
|
expect(assigns(:inactive_count)).to eq(0)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
|
|
let(:project) { cluster.project }
|
|
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
get :index, namespace_id: project.namespace.to_param, project_id: project
|
|
end
|
|
end
|
|
|
|
describe 'GET login' do
|
|
let(:project) { create(:project) }
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when omniauth has been configured' do
|
|
let(:key) { 'secere-key' }
|
|
|
|
let(:session_key_for_redirect_uri) do
|
|
GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(key)
|
|
end
|
|
|
|
before do
|
|
allow(SecureRandom).to receive(:hex).and_return(key)
|
|
end
|
|
|
|
it 'has authorize_url' do
|
|
go
|
|
|
|
expect(assigns(:authorize_url)).to include(key)
|
|
expect(session[session_key_for_redirect_uri]).to eq(providers_gcp_new_project_clusters_url(project))
|
|
end
|
|
end
|
|
|
|
context 'when omniauth has not configured' do
|
|
before do
|
|
stub_omniauth_setting(providers: [])
|
|
end
|
|
|
|
it 'does not have authorize_url' do
|
|
go
|
|
|
|
expect(assigns(:authorize_url)).to be_nil
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
get :login, namespace_id: project.namespace, project_id: project
|
|
end
|
|
end
|
|
|
|
shared_examples 'requires to login' do
|
|
it 'redirects to create a cluster' do
|
|
subject
|
|
|
|
expect(response).to redirect_to(login_project_clusters_path(project))
|
|
end
|
|
end
|
|
|
|
describe 'GET new_gcp' do
|
|
let(:project) { create(:project) }
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when access token is valid' do
|
|
before do
|
|
stub_google_api_validate_token
|
|
end
|
|
|
|
it 'has new object' do
|
|
go
|
|
|
|
expect(assigns(:cluster)).to be_an_instance_of(Clusters::Cluster)
|
|
end
|
|
end
|
|
|
|
context 'when access token is expired' do
|
|
before do
|
|
stub_google_api_expired_token
|
|
end
|
|
|
|
it { expect(go).to redirect_to(login_project_clusters_path(project)) }
|
|
end
|
|
|
|
context 'when access token is not stored in session' do
|
|
it { expect(go).to redirect_to(login_project_clusters_path(project)) }
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
get :new_gcp, namespace_id: project.namespace, project_id: project
|
|
end
|
|
end
|
|
|
|
describe 'POST create' do
|
|
let(:project) { create(:project) }
|
|
|
|
let(:params) do
|
|
{
|
|
cluster: {
|
|
name: 'new-cluster',
|
|
provider_type: :gcp,
|
|
provider_gcp_attributes: {
|
|
gcp_project_id: '111'
|
|
}
|
|
}
|
|
}
|
|
end
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when access token is valid' do
|
|
before do
|
|
stub_google_api_validate_token
|
|
end
|
|
|
|
context 'when creates a cluster on gke' do
|
|
it 'creates a new cluster' do
|
|
expect(ClusterProvisionWorker).to receive(:perform_async)
|
|
expect { go }.to change { Clusters::Cluster.count }
|
|
expect(response).to redirect_to(project_cluster_path(project, project.clusters.last))
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when access token is expired' do
|
|
before do
|
|
stub_google_api_expired_token
|
|
end
|
|
|
|
it 'redirects to login page' do
|
|
expect(go).to redirect_to(login_project_clusters_path(project))
|
|
end
|
|
end
|
|
|
|
context 'when access token is not stored in session' do
|
|
it 'redirects to login page' do
|
|
expect(go).to redirect_to(login_project_clusters_path(project))
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
post :create, params.merge(namespace_id: project.namespace, project_id: project)
|
|
end
|
|
end
|
|
|
|
describe 'GET status' do
|
|
let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
|
|
let(:project) { cluster.project }
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "responds with matching schema" do
|
|
go
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(response).to match_response_schema('cluster_status')
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
get :status, namespace_id: project.namespace,
|
|
project_id: project,
|
|
id: cluster,
|
|
format: :json
|
|
end
|
|
end
|
|
|
|
describe 'GET show' do
|
|
let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
|
|
let(:project) { cluster.project }
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "renders view" do
|
|
go
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(assigns(:cluster)).to eq(cluster)
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
get :show, namespace_id: project.namespace,
|
|
project_id: project,
|
|
id: cluster
|
|
end
|
|
end
|
|
|
|
describe 'PUT update' do
|
|
let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
|
|
let(:project) { cluster.project }
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
context 'when format is json' do
|
|
context 'when update enabled' do
|
|
let(:params) do
|
|
{
|
|
cluster: { enabled: false }
|
|
}
|
|
end
|
|
|
|
it "updates and redirects back to show page" do
|
|
go_json
|
|
|
|
cluster.reload
|
|
expect(response).to have_http_status(:no_content)
|
|
end
|
|
|
|
context 'when cluster is being created' do
|
|
let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
|
|
|
|
it "rejects changes" do
|
|
go_json
|
|
|
|
# head bad_request
|
|
expect(response).to have_http_status(:bad_request)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when format is html' do
|
|
context 'when update enabled' do
|
|
let(:params) do
|
|
{
|
|
cluster: { enabled: false }
|
|
}
|
|
end
|
|
|
|
it "updates and redirects back to show page" do
|
|
go
|
|
|
|
cluster.reload
|
|
expect(response).to redirect_to(project_cluster_path(project, cluster))
|
|
expect(flash[:notice]).to eq('Cluster was successfully updated.')
|
|
expect(cluster.enabled).to be_falsey
|
|
end
|
|
|
|
context 'when cluster is being created' do
|
|
let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
|
|
|
|
it "rejects changes" do
|
|
go
|
|
|
|
expect(response).to have_gitlab_http_status(:ok)
|
|
expect(response).to render_template(:show)
|
|
expect(cluster.enabled).to be_truthy
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
let(:params) do
|
|
{
|
|
cluster: { enabled: false }
|
|
}
|
|
end
|
|
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
put :update, params.merge(namespace_id: project.namespace,
|
|
project_id: project,
|
|
id: cluster)
|
|
end
|
|
|
|
def go_json
|
|
put :update, params.merge(namespace_id: project.namespace,
|
|
project_id: project,
|
|
id: cluster,
|
|
format: :json)
|
|
end
|
|
end
|
|
|
|
describe 'delete update' do
|
|
let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
|
|
let(:project) { cluster.project }
|
|
|
|
describe 'functionality' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
project.add_master(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it "destroys and redirects back to clusters list" do
|
|
expect { go }
|
|
.to change { Clusters::Cluster.count }.by(-1)
|
|
.and change { Clusters::Platforms::Kubernetes.count }.by(-1)
|
|
.and change { Clusters::Providers::Gcp.count }.by(-1)
|
|
|
|
expect(response).to redirect_to(project_clusters_path(project))
|
|
expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
|
|
end
|
|
|
|
context 'when cluster is being created' do
|
|
let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
|
|
|
|
it "destroys and redirects back to clusters list" do
|
|
expect { go }
|
|
.to change { Clusters::Cluster.count }.by(-1)
|
|
.and change { Clusters::Providers::Gcp.count }.by(-1)
|
|
|
|
expect(response).to redirect_to(project_clusters_path(project))
|
|
expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
|
|
end
|
|
end
|
|
|
|
context 'when provider is user' do
|
|
let(:cluster) { create(:cluster, :project, :provided_by_user) }
|
|
|
|
it "destroys and redirects back to clusters list" do
|
|
expect { go }
|
|
.to change { Clusters::Cluster.count }.by(-1)
|
|
.and change { Clusters::Platforms::Kubernetes.count }.by(-1)
|
|
.and change { Clusters::Providers::Gcp.count }.by(0)
|
|
|
|
expect(response).to redirect_to(project_clusters_path(project))
|
|
expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'security' do
|
|
it { expect { go }.to be_allowed_for(:admin) }
|
|
it { expect { go }.to be_allowed_for(:owner).of(project) }
|
|
it { expect { go }.to be_allowed_for(:master).of(project) }
|
|
it { expect { go }.to be_denied_for(:developer).of(project) }
|
|
it { expect { go }.to be_denied_for(:reporter).of(project) }
|
|
it { expect { go }.to be_denied_for(:guest).of(project) }
|
|
it { expect { go }.to be_denied_for(:user) }
|
|
it { expect { go }.to be_denied_for(:external) }
|
|
end
|
|
|
|
def go
|
|
delete :destroy, namespace_id: project.namespace,
|
|
project_id: project,
|
|
id: cluster
|
|
end
|
|
end
|
|
end
|