Use the correct project path in generated `KUBECONFIG` file

Previously an Agent had to be directly associated with a project for it to be used for the CI tunnel, which meant that the Agent configuration project was the same project that was running the build. With the introduction of authorizations for arbitrary groups and projects, this assumption no longer holds. We must instead use the project associated with the Agent instead of the one associated with the build. https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70452 Changelog: fixed EE: true

Use the correct project path in generated `KUBECONFIG` file
Previously an Agent had to be directly associated with a project for it to be used for the CI tunnel, which meant that the Agent configuration project was the same project that was running the build. With the introduction of authorizations for arbitrary groups and projects, this assumption no longer holds. We must instead use the project associated with the Agent instead of the one associated with the build. https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70452 Changelog: fixed EE: true
57d828bf · Tiger · c8698910 · 57d828bf · 57d828bf
Commit 57d828bf authored Sep 16, 2021 by Tiger
Showing with 4 additions and 5 deletions

ee/app/services/ci/generate_kubeconfig_service.rb ee/app/services/ci/generate_kubeconfig_service.rb +2 -3

ee/spec/services/ci/generate_kubeconfig_service_spec.rb ee/spec/services/ci/generate_kubeconfig_service_spec.rb +2 -2

No files found.
--- a/ee/app/services/ci/generate_kubeconfig_service.rb
+++ b/ee/app/services/ci/generate_kubeconfig_service.rb
@@ -4,7 +4,6 @@ module Ci
  class GenerateKubeconfigService
    def initialize(build)
      @build = build
-      @project = build.project
      @template = Gitlab::Kubernetes::Kubeconfig::Template.new
    end

@@ -34,7 +33,7 @@ module Ci

    private

-    attr_reader :build, :project, :template
+    attr_reader :build, :template

    def agents
      build.pipeline.authorized_cluster_agents
@@ -49,7 +48,7 @@ module Ci
    end

    def context_name(agent)
-      [project.full_path, agent.name].join(delimiter)
+      [agent.project.full_path, agent.name].join(delimiter)
    end

    def agent_token(agent)

--- a/ee/spec/services/ci/generate_kubeconfig_service_spec.rb
+++ b/ee/spec/services/ci/generate_kubeconfig_service_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe Ci::GenerateKubeconfigService do
    let(:project) { create(:project) }
    let(:build) { create(:ci_build, project: project) }
    let(:agent1) { create(:cluster_agent, project: project) }
-    let(:agent2) { create(:cluster_agent, project: project) }
+    let(:agent2) { create(:cluster_agent) }

    let(:template) { instance_double(Gitlab::Kubernetes::Kubeconfig::Template) }

@@ -39,7 +39,7 @@ RSpec.describe Ci::GenerateKubeconfigService do
        user: "agent:#{agent1.id}"
      )
      expect(template).to receive(:add_context).with(
-        name: "#{project.full_path}:#{agent2.name}",
+        name: "#{agent2.project.full_path}:#{agent2.name}",
        cluster: 'gitlab',
        user: "agent:#{agent2.id}"
      )