Merge branch 'kubernetes-http-response-code' into 'master'

Show HTTP response code for Kubernetes errors Closes #53628 See merge request gitlab-org/gitlab-ce!22964

Merge branch 'kubernetes-http-response-code' into 'master'
Show HTTP response code for Kubernetes errors Closes #53628 See merge request gitlab-org/gitlab-ce!22964
5d16ee7b · Kamil Trzciński · f2ef5e2e · 14b3033a · 5d16ee7b · 5d16ee7b
Commit 5d16ee7b authored Nov 13, 2018 by Kamil Trzciński
14 changed files
--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -173,9 +173,7 @@ module Clusters
        kubeclient = build_kube_client!
        kubeclient.get_pods(namespace: actual_namespace).as_json
-      rescue Kubeclient::HttpError => err
+      rescue Kubeclient::ResourceNotFoundError
-        raise err unless err.error_code == 404
        []
      end

--- a/app/models/project_services/kubernetes_service.rb
+++ b/app/models/project_services/kubernetes_service.rb
@@ -203,9 +203,7 @@ class KubernetesService < DeploymentService
    kubeclient = build_kube_client!
    kubeclient.get_pods(namespace: actual_namespace).as_json
-  rescue Kubeclient::HttpError => err
+  rescue Kubeclient::ResourceNotFoundError
-    raise err unless err.error_code == 404
    []
  end

--- a/app/services/clusters/applications/check_installation_progress_service.rb
+++ b/app/services/clusters/applications/check_installation_progress_service.rb
@@ -15,8 +15,8 @@ module Clusters
          check_timeout
        end
      rescue Kubeclient::HttpError => e
-        Rails.logger.error "Kubernetes error: #{e.class.name} #{e.message}"
+        Rails.logger.error("Kubernetes error: #{e.error_code} #{e.message}")
-        app.make_errored!("Kubernetes error") unless app.errored?
+        app.make_errored!("Kubernetes error: #{e.error_code}") unless app.errored?
      end
      private
@@ -53,7 +53,7 @@ module Clusters
      def remove_installation_pod
        helm_api.delete_pod!(install_command.pod_name)
      rescue => e
-        Rails.logger.error "Kubernetes error: #{e.class.name} #{e.message}"
+        Rails.logger.error("Kubernetes error: #{e.class.name} #{e.message}")
        # no-op
      end

--- a/app/services/clusters/applications/install_service.rb
+++ b/app/services/clusters/applications/install_service.rb
@@ -13,8 +13,8 @@ module Clusters
          ClusterWaitForAppInstallationWorker.perform_in(
            ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id)
        rescue Kubeclient::HttpError => e
-          Rails.logger.error "Kubernetes error: #{e.class.name} #{e.message}"
+          Rails.logger.error("Kubernetes error: #{e.error_code} #{e.message}")
-          app.make_errored!("Kubernetes error.")
+          app.make_errored!("Kubernetes error: #{e.error_code}")
        rescue StandardError => e
          Rails.logger.error "Can't start installation process: #{e.class.name} #{e.message}"
          app.make_errored!("Can't start installation process.")

--- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -21,10 +21,7 @@ module Clusters
        def get_secret
          kubeclient.get_secret(service_account_token_name, namespace).as_json
-        rescue Kubeclient::HttpError => err
+        rescue Kubeclient::ResourceNotFoundError
-          raise err unless err.error_code == 404
-          nil
        end
      end
    end

--- a/changelogs/unreleased/kubernetes-http-response-code.yml
+++ b/changelogs/unreleased/kubernetes-http-response-code.yml
+---
+title: Show HTTP response code for Kubernetes errors
+merge_request: 22964
+author:
+type: other
--- a/lib/gitlab/kubernetes/helm/api.rb
+++ b/lib/gitlab/kubernetes/helm/api.rb
@@ -89,22 +89,14 @@ module Gitlab
        end
        def service_account_exists?(resource)
-          resource_exists? do
+          kubeclient.get_service_account(resource.metadata.name, resource.metadata.namespace)
-            kubeclient.get_service_account(resource.metadata.name, resource.metadata.namespace)
+        rescue ::Kubeclient::ResourceNotFoundError
-          end
+          false
        end
        def cluster_role_binding_exists?(resource)
-          resource_exists? do
+          kubeclient.get_cluster_role_binding(resource.metadata.name)
-            kubeclient.get_cluster_role_binding(resource.metadata.name)
+        rescue ::Kubeclient::ResourceNotFoundError
-          end
-        end
-        def resource_exists?
-          yield
-        rescue ::Kubeclient::HttpError => e
-          raise e unless e.error_code == 404
          false
        end
      end

--- a/lib/gitlab/kubernetes/namespace.rb
+++ b/lib/gitlab/kubernetes/namespace.rb
@@ -10,9 +10,7 @@ module Gitlab
      def exists?
        @client.get_namespace(name)
-      rescue ::Kubeclient::HttpError => ke
+      rescue ::Kubeclient::ResourceNotFoundError
-        raise ke unless ke.error_code == 404
        false
      end

--- a/spec/lib/gitlab/kubernetes/helm/api_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/api_spec.rb
@@ -88,8 +88,8 @@ describe Gitlab::Kubernetes::Helm::Api do
        context 'service account and cluster role binding does not exist' do
          before do
-            expect(client).to receive('get_service_account').with('tiller', 'gitlab-managed-apps').and_raise(Kubeclient::HttpError.new(404, 'Not found', nil))
+            expect(client).to receive('get_service_account').with('tiller', 'gitlab-managed-apps').and_raise(Kubeclient::ResourceNotFoundError.new(404, 'Not found', nil))
-            expect(client).to receive('get_cluster_role_binding').with('tiller-admin').and_raise(Kubeclient::HttpError.new(404, 'Not found', nil))
+            expect(client).to receive('get_cluster_role_binding').with('tiller-admin').and_raise(Kubeclient::ResourceNotFoundError.new(404, 'Not found', nil))
          end
          it 'creates a service account, followed the cluster role binding on kubeclient' do
@@ -103,7 +103,7 @@ describe Gitlab::Kubernetes::Helm::Api do
        context 'service account already exists' do
          before do
            expect(client).to receive('get_service_account').with('tiller', 'gitlab-managed-apps').and_return(service_account_resource)
-            expect(client).to receive('get_cluster_role_binding').with('tiller-admin').and_raise(Kubeclient::HttpError.new(404, 'Not found', nil))
+            expect(client).to receive('get_cluster_role_binding').with('tiller-admin').and_raise(Kubeclient::ResourceNotFoundError.new(404, 'Not found', nil))
          end
          it 'updates the service account, followed by creating the cluster role binding' do

--- a/spec/lib/gitlab/kubernetes/namespace_spec.rb
+++ b/spec/lib/gitlab/kubernetes/namespace_spec.rb
@@ -9,7 +9,7 @@ describe Gitlab::Kubernetes::Namespace do
  describe '#exists?' do
    context 'when namespace do not exits' do
-      let(:exception) { ::Kubeclient::HttpError.new(404, "namespace #{name} not found", nil) }
+      let(:exception) { ::Kubeclient::ResourceNotFoundError.new(404, "namespace #{name} not found", nil) }
      it 'returns false' do
        expect(client).to receive(:get_namespace).with(name).once.and_raise(exception)

--- a/spec/services/clusters/applications/check_installation_progress_service_spec.rb
+++ b/spec/services/clusters/applications/check_installation_progress_service_spec.rb
@@ -19,6 +19,10 @@ describe Clusters::Applications::CheckInstallationProgressService do
  shared_examples 'a not yet terminated installation' do |a_phase|
    let(:phase) { a_phase }
+    before do
+      expect(service).to receive(:installation_phase).once.and_return(phase)
+    end
    context "when phase is #{a_phase}" do
      context 'when not timeouted' do
        it 'reschedule a new check' do
@@ -50,8 +54,6 @@ describe Clusters::Applications::CheckInstallationProgressService do
  end
  before do
-    expect(service).to receive(:installation_phase).once.and_return(phase)
    allow(service).to receive(:installation_errors).and_return(errors)
    allow(service).to receive(:remove_installation_pod).and_return(nil)
  end
@@ -60,6 +62,10 @@ describe Clusters::Applications::CheckInstallationProgressService do
    context 'when installation POD succeeded' do
      let(:phase) { Gitlab::Kubernetes::Pod::SUCCEEDED }
+      before do
+        expect(service).to receive(:installation_phase).once.and_return(phase)
+      end
      it_behaves_like 'a terminated installation'
      it 'make the application installed' do
@@ -76,6 +82,10 @@ describe Clusters::Applications::CheckInstallationProgressService do
      let(:phase) { Gitlab::Kubernetes::Pod::FAILED }
      let(:errors) { 'test installation failed' }
+      before do
+        expect(service).to receive(:installation_phase).once.and_return(phase)
+      end
      it_behaves_like 'a terminated installation'
      it 'make the application errored' do
@@ -87,5 +97,22 @@ describe Clusters::Applications::CheckInstallationProgressService do
    end
    RESCHEDULE_PHASES.each { |phase| it_behaves_like 'a not yet terminated installation', phase }
+    context 'when installation raises a Kubeclient::HttpError' do
+      let(:cluster) { create(:cluster, :provided_by_user, :project) }
+      before do
+        application.update!(cluster: cluster)
+        expect(service).to receive(:installation_phase).and_raise(Kubeclient::HttpError.new(401, 'Unauthorized', nil))
+      end
+      it 'shows the response code from the error' do
+        service.execute
+        expect(application).to be_errored
+        expect(application.status_reason).to eq('Kubernetes error: 401')
+      end
+    end
  end
 end
--- a/spec/services/clusters/applications/install_service_spec.rb
+++ b/spec/services/clusters/applications/install_service_spec.rb
@@ -42,7 +42,7 @@ describe Clusters::Applications::InstallService do
        service.execute
        expect(application).to be_errored
-        expect(application.status_reason).to match('Kubernetes error.')
+        expect(application.status_reason).to match('Kubernetes error: 500')
      end
    end

--- a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
@@ -19,13 +19,16 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
    subject { described_class.new(kubeclient, service_account_token_name, namespace).execute }
+    before do
+      stub_kubeclient_discover(api_url)
+    end
    context 'when params correct' do
      let(:decoded_token) { 'xxx.token.xxx' }
      let(:token) { Base64.encode64(decoded_token) }
      context 'when gitlab-token exists' do
        before do
-          stub_kubeclient_discover(api_url)
          stub_kubeclient_get_secret(
            api_url,
            {
@@ -39,9 +42,17 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
        it { is_expected.to eq(decoded_token) }
      end
+      context 'when there is a 500 error' do
+        before do
+          stub_kubeclient_get_secret_error(api_url, service_account_token_name, namespace: namespace, status: 500)
+        end
+        it { expect { subject }.to raise_error(Kubeclient::HttpError) }
+      end
      context 'when gitlab-token does not exist' do
        before do
-          allow(kubeclient).to receive(:get_secret).and_raise(Kubeclient::HttpError.new(404, 'Not found', nil))
+          stub_kubeclient_get_secret_error(api_url, service_account_token_name, namespace: namespace, status: 404)
        end
        it { is_expected.to be_nil }

--- a/spec/support/helpers/kubernetes_helpers.rb
+++ b/spec/support/helpers/kubernetes_helpers.rb
@@ -41,9 +41,9 @@ module KubernetesHelpers
      .to_return(kube_response(kube_v1_secret_body(options)))
  end
-  def stub_kubeclient_get_secret_error(api_url, name, namespace: 'default')
+  def stub_kubeclient_get_secret_error(api_url, name, namespace: 'default', status: 404)
    WebMock.stub_request(:get, api_url + "/api/v1/namespaces/#{namespace}/secrets/#{name}")
-      .to_return(status: [404, "Internal Server Error"])
+      .to_return(status: [status, "Internal Server Error"])
  end
  def stub_kubeclient_create_service_account(api_url, namespace: 'default')