Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
11edbccc
Commit
11edbccc
authored
Jul 24, 2018
by
Dylan Griffith
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Get mutual SSL working with helm tiller
parent
ce897f11
Changes
19
Show whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
328 additions
and
59 deletions
+328
-59
app/models/clusters/applications/helm.rb
app/models/clusters/applications/helm.rb
+37
-1
app/models/clusters/concerns/application_data.rb
app/models/clusters/concerns/application_data.rb
+14
-3
db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb
...0180612103626_add_columns_for_helm_tiller_certificates.rb
+11
-0
db/schema.rb
db/schema.rb
+3
-0
lib/gitlab/kubernetes/helm/base_command.rb
lib/gitlab/kubernetes/helm/base_command.rb
+4
-0
lib/gitlab/kubernetes/helm/certificate.rb
lib/gitlab/kubernetes/helm/certificate.rb
+76
-0
lib/gitlab/kubernetes/helm/init_command.rb
lib/gitlab/kubernetes/helm/init_command.rb
+6
-1
lib/gitlab/kubernetes/helm/install_command.rb
lib/gitlab/kubernetes/helm/install_command.rb
+8
-1
spec/factories/clusters/applications/helm.rb
spec/factories/clusters/applications/helm.rb
+10
-3
spec/factories/clusters/clusters.rb
spec/factories/clusters/clusters.rb
+4
-0
spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
+1
-1
spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+34
-29
spec/lib/gitlab/kubernetes/helm/pod_spec.rb
spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+1
-2
spec/models/clusters/applications/helm_spec.rb
spec/models/clusters/applications/helm_spec.rb
+21
-2
spec/models/clusters/applications/ingress_spec.rb
spec/models/clusters/applications/ingress_spec.rb
+23
-1
spec/models/clusters/applications/jupyter_spec.rb
spec/models/clusters/applications/jupyter_spec.rb
+24
-4
spec/models/clusters/applications/prometheus_spec.rb
spec/models/clusters/applications/prometheus_spec.rb
+22
-2
spec/models/clusters/applications/runner_spec.rb
spec/models/clusters/applications/runner_spec.rb
+28
-8
spec/services/clusters/applications/install_service_spec.rb
spec/services/clusters/applications/install_service_spec.rb
+1
-1
No files found.
app/models/clusters/applications/helm.rb
View file @
11edbccc
require
'openssl'
module
Clusters
module
Applications
class
Helm
<
ActiveRecord
::
Base
self
.
table_name
=
'clusters_applications_helm'
attr_encrypted
:ca_key
,
mode: :per_attribute_iv
,
key:
Settings
.
attr_encrypted_db_key_base_truncated
,
algorithm:
'aes-256-cbc'
include
::
Clusters
::
Concerns
::
ApplicationCore
include
::
Clusters
::
Concerns
::
ApplicationStatus
default_value_for
:version
,
Gitlab
::
Kubernetes
::
Helm
::
HELM_VERSION
before_create
:create_keys_and_certs
def
create_keys_and_certs
ca_cert
=
Gitlab
::
Kubernetes
::
Helm
::
Certificate
.
generate_root
self
.
ca_key
=
ca_cert
.
key_string
self
.
ca_cert
=
ca_cert
.
cert_string
end
def
ca_cert_obj
return
unless
has_ssl?
Gitlab
::
Kubernetes
::
Helm
::
Certificate
.
from_strings
(
ca_key
,
ca_cert
)
end
def
issue_cert
ca_cert_obj
.
issue
end
def
set_initial_status
return
unless
not_installable?
...
...
@@ -15,11 +42,20 @@ module Clusters
end
def
install_command
tiller_cert
=
issue_cert
Gitlab
::
Kubernetes
::
Helm
::
InitCommand
.
new
(
name:
name
,
files:
{}
files:
{
'ca.pem'
:
ca_cert
,
'cert.pem'
:
tiller_cert
.
cert_string
,
'key.pem'
:
tiller_cert
.
key_string
}
)
end
def
has_ssl?
ca_key
.
present?
&&
ca_cert
.
present?
end
end
end
end
app/models/clusters/concerns/application_data.rb
View file @
11edbccc
...
...
@@ -13,9 +13,20 @@ module Clusters
end
def
files
{
'values.yaml'
:
values
}
@files
||=
begin
files
=
{
'values.yaml'
:
values
}
if
cluster
.
application_helm
.
has_ssl?
ca_cert
=
cluster
.
application_helm
.
ca_cert
helm_cert
=
cluster
.
application_helm
.
issue_cert
files
.
merge!
({
'ca.pem'
:
ca_cert
,
'cert.pem'
:
helm_cert
.
cert_string
,
'key.pem'
:
helm_cert
.
key_string
})
end
files
end
end
private
...
...
db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb
0 → 100644
View file @
11edbccc
class
AddColumnsForHelmTillerCertificates
<
ActiveRecord
::
Migration
include
Gitlab
::
Database
::
MigrationHelpers
DOWNTIME
=
false
def
change
add_column
:clusters_applications_helm
,
:encrypted_ca_key
,
:text
add_column
:clusters_applications_helm
,
:encrypted_ca_key_iv
,
:text
add_column
:clusters_applications_helm
,
:ca_cert
,
:text
end
end
db/schema.rb
View file @
11edbccc
...
...
@@ -635,6 +635,9 @@ ActiveRecord::Schema.define(version: 20180722103201) do
t
.
integer
"status"
,
null:
false
t
.
string
"version"
,
null:
false
t
.
text
"status_reason"
t
.
text
"encrypted_ca_key"
t
.
text
"encrypted_ca_key_iv"
t
.
text
"ca_cert"
end
create_table
"clusters_applications_ingress"
,
force: :cascade
do
|
t
|
...
...
lib/gitlab/kubernetes/helm/base_command.rb
View file @
11edbccc
...
...
@@ -36,6 +36,10 @@ module Gitlab
private
def
files_dir
"/data/helm/
#{
name
}
/config"
end
def
namespace
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
end
...
...
lib/gitlab/kubernetes/helm/certificate.rb
0 → 100644
View file @
11edbccc
module
Gitlab
module
Kubernetes
module
Helm
class
Certificate
attr_reader
:key
,
:cert
def
key_string
@key
.
to_s
end
def
cert_string
@cert
.
to_pem
end
def
self
.
from_strings
(
key_string
,
cert_string
)
key
=
OpenSSL
::
PKey
::
RSA
.
new
(
key_string
)
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
cert_string
)
new
(
key
,
cert
)
end
def
self
.
generate_root
key
=
OpenSSL
::
PKey
::
RSA
.
new
(
4096
)
public_key
=
key
.
public_key
subject
=
"/C=US"
cert
=
OpenSSL
::
X509
::
Certificate
.
new
cert
.
subject
=
cert
.
issuer
=
OpenSSL
::
X509
::
Name
.
parse
(
subject
)
cert
.
not_before
=
Time
.
now
cert
.
not_after
=
Time
.
now
+
365
*
24
*
60
*
60
cert
.
public_key
=
public_key
cert
.
serial
=
0x0
cert
.
version
=
2
extension_factory
=
OpenSSL
::
X509
::
ExtensionFactory
.
new
extension_factory
.
subject_certificate
=
cert
extension_factory
.
issuer_certificate
=
cert
cert
.
add_extension
(
extension_factory
.
create_extension
(
'subjectKeyIdentifier'
,
'hash'
))
cert
.
add_extension
(
extension_factory
.
create_extension
(
'basicConstraints'
,
'CA:TRUE'
,
true
))
cert
.
add_extension
(
extension_factory
.
create_extension
(
'keyUsage'
,
'cRLSign,keyCertSign'
,
true
))
cert
.
sign
key
,
OpenSSL
::
Digest
::
SHA256
.
new
new
(
key
,
cert
)
end
def
issue
key
=
OpenSSL
::
PKey
::
RSA
.
new
(
4096
)
public_key
=
key
.
public_key
subject
=
"/C=US"
cert
=
OpenSSL
::
X509
::
Certificate
.
new
cert
.
subject
=
OpenSSL
::
X509
::
Name
.
parse
(
subject
)
cert
.
issuer
=
self
.
cert
.
subject
cert
.
not_before
=
Time
.
now
cert
.
not_after
=
Time
.
now
+
365
*
24
*
60
*
60
cert
.
public_key
=
public_key
cert
.
serial
=
0x0
cert
.
version
=
2
cert
.
sign
self
.
key
,
OpenSSL
::
Digest
::
SHA256
.
new
self
.
class
.
new
(
key
,
cert
)
end
private
def
initialize
(
key
,
cert
)
@key
=
key
@cert
=
cert
end
end
end
end
end
lib/gitlab/kubernetes/helm/init_command.rb
View file @
11edbccc
...
...
@@ -20,7 +20,12 @@ module Gitlab
private
def
init_helm_command
"helm init >/dev/null"
tls_opts
=
"--tiller-tls"
\
" --tiller-tls-verify --tls-ca-cert
#{
files_dir
}
/ca.pem"
\
" --tiller-tls-cert
#{
files_dir
}
/cert.pem"
\
" --tiller-tls-key
#{
files_dir
}
/key.pem"
"helm init
#{
tls_opts
}
>/dev/null"
end
end
end
...
...
lib/gitlab/kubernetes/helm/install_command.rb
View file @
11edbccc
...
...
@@ -34,8 +34,15 @@ module Gitlab
end
def
script_command
if
files
.
key?
(
:'ca.pem'
)
tls_opts
=
" --tls"
\
" --tls-ca-cert
#{
files_dir
}
/ca.pem"
\
" --tls-cert
#{
files_dir
}
/cert.pem"
\
" --tls-key
#{
files_dir
}
/key.pem"
end
<<~
HEREDOC
helm install
#{
chart
}
--name
#{
name
}#{
optional_version_flag
}
--namespace
#{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
-f /data/helm/
#{
name
}
/config/values.yaml >/dev/null
helm install
#{
tls_opts
}
#{
chart
}
--name
#{
name
}#{
optional_version_flag
}
--namespace
#{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
-f /data/helm/
#{
name
}
/config/values.yaml >/dev/null
HEREDOC
end
...
...
spec/factories/clusters/applications/helm.rb
View file @
11edbccc
...
...
@@ -32,11 +32,18 @@ FactoryBot.define do
updated_at
ClusterWaitForAppInstallationWorker
::
TIMEOUT
.
ago
end
factory
:clusters_applications_ingress
,
class:
Clusters
::
Applications
::
Ingress
factory
:clusters_applications_prometheus
,
class:
Clusters
::
Applications
::
Prometheus
factory
:clusters_applications_runner
,
class:
Clusters
::
Applications
::
Runner
factory
:clusters_applications_ingress
,
class:
Clusters
::
Applications
::
Ingress
do
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
factory
:clusters_applications_prometheus
,
class:
Clusters
::
Applications
::
Prometheus
do
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
factory
:clusters_applications_runner
,
class:
Clusters
::
Applications
::
Runner
do
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
factory
:clusters_applications_jupyter
,
class:
Clusters
::
Applications
::
Jupyter
do
oauth_application
factory: :oauth_application
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
end
end
spec/factories/clusters/clusters.rb
View file @
11edbccc
...
...
@@ -36,5 +36,9 @@ FactoryBot.define do
trait
:production_environment
do
sequence
(
:environment_scope
)
{
|
n
|
"production
#{
n
}
/*"
}
end
trait
:with_installed_helm
do
application_helm
factory:
%i(clusters_applications_helm installed)
end
end
end
spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
View file @
11edbccc
...
...
@@ -2,7 +2,7 @@ require 'spec_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
InitCommand
do
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
let
(
:commands
)
{
'helm init >/dev/null'
}
let
(
:commands
)
{
'helm init
--tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem
>/dev/null'
}
subject
{
described_class
.
new
(
name:
application
.
name
,
files:
{})
}
...
...
spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
View file @
11edbccc
require
'rails_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
do
let
(
:
application
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:
namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
let
(
:
install_command
)
{
application
.
install_command
}
let
(
:
files
)
{
{
'ca.pem'
:
'some file content'
}
}
let
(
:
repository
)
{
'https://repository.example.com'
}
let
(
:
version
)
{
'1.2.3'
}
subject
{
install_command
}
let
(
:install_command
)
do
described_class
.
new
(
name:
'app-name'
,
chart:
'chart-name'
,
files:
files
,
version:
version
,
repository:
repository
)
end
context
'for ingress'
do
let
(
:application
)
{
create
(
:clusters_applications_ingress
)
}
subject
{
install_command
}
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
<<~
EOS
helm init --client-only >/dev/null
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
helm repo add app-name https://repository.example.com
helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
EOS
end
end
end
context
'
for prometheus
'
do
let
(
:
application
)
{
create
(
:clusters_applications_prometheus
)
}
context
'
when there is no repository
'
do
let
(
:
repository
)
{
nil
}
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
<<~
EOS
helm init --client-only >/dev/null
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--version
#{
application
.
version
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
helm install
--tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name
/config/values.yaml >/dev/null
EOS
end
end
end
context
'for runner'
do
let
(
:ci_runner
)
{
create
(
:ci_runner
)
}
let
(
:application
)
{
create
(
:clusters_applications_runner
,
runner:
ci_runner
)
}
context
'when there is no ca.pem file'
do
let
(
:files
)
{
{
'file.txt'
:
'some content'
}
}
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
<<~
EOS
helm init --client-only >/dev/null
helm repo add
#{
application
.
name
}
#{
application
.
repository
}
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
helm repo add
app-name https://repository.example.com
helm install
chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name
/config/values.yaml >/dev/null
EOS
end
end
end
context
'
for jupyter
'
do
let
(
:
application
)
{
create
(
:clusters_applications_jupyter
)
}
context
'
when there is no version
'
do
let
(
:
version
)
{
nil
}
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
<<~
EOS
helm init --client-only >/dev/null
helm repo add
#{
application
.
name
}
#{
application
.
repository
}
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
helm repo add
app-name https://repository.example.com
helm install
--tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --namespace gitlab-managed-apps -f /data/helm/app-name
/config/values.yaml >/dev/null
EOS
end
end
...
...
@@ -65,13 +70,13 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
describe
'#config_map_resource'
do
let
(
:metadata
)
do
{
name:
"values-content-configuration-
#{
application
.
name
}
"
,
namespace:
namespace
,
labels:
{
name:
"values-content-configuration-
#{
application
.
name
}
"
}
name:
"values-content-configuration-
app-name
"
,
namespace:
'gitlab-managed-apps'
,
labels:
{
name:
"values-content-configuration-
app-name
"
}
}
end
let
(
:resource
)
{
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
data:
application
.
files
)
}
let
(
:resource
)
{
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
data:
files
)
}
subject
{
install_command
.
config_map_resource
}
...
...
spec/lib/gitlab/kubernetes/helm/pod_spec.rb
View file @
11edbccc
...
...
@@ -2,8 +2,7 @@ require 'rails_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
Pod
do
describe
'#generate'
do
let
(
:cluster
)
{
create
(
:cluster
)
}
let
(
:app
)
{
create
(
:clusters_applications_prometheus
,
cluster:
cluster
)
}
let
(
:app
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:command
)
{
app
.
install_command
}
let
(
:namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
...
...
spec/models/clusters/applications/helm_spec.rb
View file @
11edbccc
...
...
@@ -6,13 +6,24 @@ describe Clusters::Applications::Helm do
describe
'.installed'
do
subject
{
described_class
.
installed
}
let!
(
:cluster
)
{
create
(
:clusters_applications_helm
,
:installed
)
}
let!
(
:
installed_
cluster
)
{
create
(
:clusters_applications_helm
,
:installed
)
}
before
do
create
(
:clusters_applications_helm
,
:errored
)
end
it
{
is_expected
.
to
contain_exactly
(
cluster
)
}
it
{
is_expected
.
to
contain_exactly
(
installed_cluster
)
}
end
describe
'#issue_cert'
do
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
subject
{
application
.
issue_cert
}
it
'returns a new cert'
do
is_expected
.
to
be_kind_of
(
Gitlab
::
Kubernetes
::
Helm
::
Certificate
)
expect
(
subject
.
cert_string
).
not_to
eq
(
application
.
ca_cert
)
expect
(
subject
.
key_string
).
not_to
eq
(
application
.
ca_key
)
end
end
describe
'#install_command'
do
...
...
@@ -25,5 +36,13 @@ describe Clusters::Applications::Helm do
it
'should be initialized with 1 arguments'
do
expect
(
subject
.
name
).
to
eq
(
'helm'
)
end
it
'should have cert files'
do
expect
(
subject
.
files
[
:'ca.pem'
]).
to
be_present
expect
(
subject
.
files
[
:'ca.pem'
]).
to
eq
(
helm
.
ca_cert
)
expect
(
subject
.
files
[
:'cert.pem'
]).
to
be_present
expect
(
subject
.
files
[
:'key.pem'
]).
to
be_present
end
end
end
spec/models/clusters/applications/ingress_spec.rb
View file @
11edbccc
...
...
@@ -79,7 +79,9 @@ describe Clusters::Applications::Ingress do
end
describe
'#files'
do
let
(
:values
)
{
ingress
.
files
[
:'values.yaml'
]
}
let
(
:application
)
{
ingress
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include ingress valid keys in values'
do
expect
(
values
).
to
include
(
'image'
)
...
...
@@ -87,5 +89,25 @@ describe Clusters::Applications::Ingress do
expect
(
values
).
to
include
(
'stats'
)
expect
(
values
).
to
include
(
'podAnnotations'
)
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
end
end
end
spec/models/clusters/applications/jupyter_spec.rb
View file @
11edbccc
...
...
@@ -43,9 +43,29 @@ describe Clusters::Applications::Jupyter do
end
describe
'#files'
do
let
(
:jupyter
)
{
create
(
:clusters_applications_jupyter
)
}
let
(
:application
)
{
create
(
:clusters_applications_jupyter
)
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
let
(
:values
)
{
jupyter
.
files
[
:'values.yaml'
]
}
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include valid values'
do
expect
(
values
).
to
include
(
'ingress'
)
...
...
@@ -53,8 +73,8 @@ describe Clusters::Applications::Jupyter do
expect
(
values
).
to
include
(
'rbac'
)
expect
(
values
).
to
include
(
'proxy'
)
expect
(
values
).
to
include
(
'auth'
)
expect
(
values
).
to
match
(
/clientId: '?
#{
jupyter
.
oauth_application
.
uid
}
/
)
expect
(
values
).
to
match
(
/callbackUrl: '?
#{
jupyter
.
callback_url
}
/
)
expect
(
values
).
to
match
(
/clientId: '?
#{
application
.
oauth_application
.
uid
}
/
)
expect
(
values
).
to
match
(
/callbackUrl: '?
#{
application
.
callback_url
}
/
)
end
end
end
spec/models/clusters/applications/prometheus_spec.rb
View file @
11edbccc
...
...
@@ -158,9 +158,29 @@ describe Clusters::Applications::Prometheus do
end
describe
'#files'
do
let
(
:prometheus
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:application
)
{
create
(
:clusters_applications_prometheus
)
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
let
(
:values
)
{
prometheus
.
files
[
:'values.yaml'
]
}
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include prometheus valid values'
do
expect
(
values
).
to
include
(
'alertmanager'
)
...
...
spec/models/clusters/applications/runner_spec.rb
View file @
11edbccc
...
...
@@ -38,11 +38,31 @@ describe Clusters::Applications::Runner do
end
describe
'#files'
do
let
(
:
gitlab_runner
)
{
create
(
:clusters_applications_runner
,
runner:
ci_runner
)
}
let
(
:
application
)
{
create
(
:clusters_applications_runner
,
runner:
ci_runner
)
}
subject
{
gitlab_runner
.
files
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include runner valid values'
do
expect
(
values
).
to
include
(
'concurrent'
)
expect
(
values
).
to
include
(
'checkInterval'
)
...
...
@@ -57,8 +77,8 @@ describe Clusters::Applications::Runner do
context
'without a runner'
do
let
(
:project
)
{
create
(
:project
)
}
let
(
:cluster
)
{
create
(
:cluster
,
projects:
[
project
])
}
let
(
:
gitlab_runner
)
{
create
(
:clusters_applications_runner
,
cluster:
cluster
)
}
let
(
:cluster
)
{
create
(
:cluster
,
:with_installed_helm
,
projects:
[
project
])
}
let
(
:
application
)
{
create
(
:clusters_applications_runner
,
cluster:
cluster
)
}
it
'creates a runner'
do
expect
do
...
...
@@ -67,13 +87,13 @@ describe Clusters::Applications::Runner do
end
it
'uses the new runner token'
do
expect
(
values
).
to
match
(
/runnerToken: '?
#{
gitlab_runner
.
reload
.
runner
.
token
}
/
)
expect
(
values
).
to
match
(
/runnerToken: '?
#{
application
.
reload
.
runner
.
token
}
/
)
end
it
'assigns the new runner to runner'
do
subject
expect
(
gitlab_runner
.
reload
.
runner
).
to
be_project_type
expect
(
application
.
reload
.
runner
).
to
be_project_type
end
end
...
...
@@ -97,11 +117,11 @@ describe Clusters::Applications::Runner do
end
before
do
allow
(
gitlab_runner
).
to
receive
(
:chart_values
).
and_return
(
stub_values
)
allow
(
application
).
to
receive
(
:chart_values
).
and_return
(
stub_values
)
end
it
'should overwrite values.yaml'
do
expect
(
values
).
to
match
(
/privileged: '?
#{
gitlab_runner
.
privileged
}
/
)
expect
(
values
).
to
match
(
/privileged: '?
#{
application
.
privileged
}
/
)
end
end
end
...
...
spec/services/clusters/applications/install_service_spec.rb
View file @
11edbccc
...
...
@@ -47,7 +47,7 @@ describe Clusters::Applications::InstallService do
end
context
'when application cannot be persisted'
do
let
(
:application
)
{
build
(
:clusters_applications_helm
,
:scheduled
)
}
let
(
:application
)
{
create
(
:clusters_applications_helm
,
:scheduled
)
}
it
'make the application errored'
do
expect
(
application
).
to
receive
(
:make_installing!
).
once
.
and_raise
(
ActiveRecord
::
RecordInvalid
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment