Skip to content

G
gitlab-ce
Commit 10e72ff5 authored by Tiger Watson's avatar Tiger Watson
Browse files
Options

Merge branch '270116-region-field' into 'master' 

Add region field to AWS Role

See merge request gitlab-org/gitlab!47209
parents 13a30718 e0796dee
Hide whitespace changes
Inline Side-by-side
Showing with 45 additions and 9 deletions
app/services/clusters/aws/authorize_role_service.rb
View file @ 10e72ff5
...@@ -41,11 +41,11 @@ module Clusters ...@@ -41,11 +41,11 @@ module Clusters
end end
def update_role_arn! def update_role_arn!
role.update!(role_arn: role_arn) role.update!(role_arn: role_arn, region: region)
end end
def credentials def credentials
Clusters::Aws::FetchCredentialsService.new(role, region: region).execute Clusters::Aws::FetchCredentialsService.new(role).execute
end end
end end
end end
......
app/services/clusters/aws/fetch_credentials_service.rb
View file @ 10e72ff5
...@@ -7,10 +7,10 @@ module Clusters ...@@ -7,10 +7,10 @@ module Clusters
MissingRoleError = Class.new(StandardError) MissingRoleError = Class.new(StandardError)
def initialize(provision_role, provider: nil, region: nil) def initialize(provision_role, provider: nil)
@provision_role = provision_role @provision_role = provision_role
@provider = provider @provider = provider
@region = provider&.region || region @region = provider&.region || provision_role&.region || Clusters::Providers::Aws::DEFAULT_REGION
end end
def execute def execute
......
changelogs/unreleased/270116-region-field.yml 0 → 100644
View file @ 10e72ff5
---
title: Add region field to AWS Role
merge_request: 47209
author:
type: changed
db/migrate/20201109144634_add_region_field_to_aws_role.rb 0 → 100644
View file @ 10e72ff5
# frozen_string_literal: true
class AddRegionFieldToAwsRole < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
unless column_exists?(:aws_roles, :region)
add_column :aws_roles, :region, :text
end
add_text_limit :aws_roles, :region, 255
end
def down
remove_column :aws_roles, :region
end
end
db/schema_migrations/20201109144634 0 → 100644
View file @ 10e72ff5
cbb2a2027fb6083771e97510a00c07a4ded0576e89fafd6cff4faba4e21c82c0
\ No newline at end of file
db/structure.sql
View file @ 10e72ff5
...@@ -9659,7 +9659,9 @@ CREATE TABLE aws_roles ( ...@@ -9659,7 +9659,9 @@ CREATE TABLE aws_roles (
created_at timestamp with time zone NOT NULL, created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL,
role_arn character varying(2048), role_arn character varying(2048),
role_external_id character varying(64) NOT NULL role_external_id character varying(64) NOT NULL,
region text,
CONSTRAINT check_57adedab55 CHECK ((char_length(region) <= 255))
); );
CREATE TABLE background_migration_jobs ( CREATE TABLE background_migration_jobs (
......
spec/services/clusters/aws/authorize_role_service_spec.rb
View file @ 10e72ff5
...@@ -25,7 +25,7 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do ...@@ -25,7 +25,7 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do
before do before do
allow(Clusters::Aws::FetchCredentialsService).to receive(:new) allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
.with(instance_of(Aws::Role), region: region).and_return(credentials_service) .with(instance_of(Aws::Role)).and_return(credentials_service)
end end
context 'role exists' do context 'role exists' do
......
spec/services/clusters/aws/fetch_credentials_service_spec.rb
View file @ 10e72ff5
...@@ -19,7 +19,7 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do ...@@ -19,7 +19,7 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do
subject { described_class.new(provision_role, provider: provider).execute } subject { described_class.new(provision_role, provider: provider).execute }
context 'provision role is configured' do context 'provision role is configured' do
let(:provision_role) { create(:aws_role, user: user) } let(:provision_role) { create(:aws_role, user: user, region: 'custom-region') }
before do before do
stub_application_setting(eks_access_key_id: gitlab_access_key_id) stub_application_setting(eks_access_key_id: gitlab_access_key_id)
...@@ -53,11 +53,11 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do ...@@ -53,11 +53,11 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do
context 'provider is not specifed' do context 'provider is not specifed' do
let(:provider) { nil } let(:provider) { nil }
let(:region) { 'custom-region' } let(:region) { provision_role.region }
let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" } let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" }
let(:session_policy) { 'policy-document' } let(:session_policy) { 'policy-document' }
subject { described_class.new(provision_role, provider: provider, region: region).execute } subject { described_class.new(provision_role, provider: provider).execute }
before do before do
allow(File).to receive(:read) allow(File).to receive(:read)
...@@ -66,6 +66,13 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do ...@@ -66,6 +66,13 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do
end end
it { is_expected.to eq assumed_role_credentials } it { is_expected.to eq assumed_role_credentials }
context 'region is not specifed' do
let(:region) { Clusters::Providers::Aws::DEFAULT_REGION }
let(:provision_role) { create(:aws_role, user: user, region: nil) }
it { is_expected.to eq assumed_role_credentials }
end
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7