Merge branch 'fix_usage_metrics_to_not_auth_agent' into 'master'

Usage metrics is GitLab-KAS only, and does not involve agent See merge request gitlab-org/gitlab!41634

Merge branch 'fix_usage_metrics_to_not_auth_agent' into 'master'
Usage metrics is GitLab-KAS only, and does not involve agent See merge request gitlab-org/gitlab!41634
69e1d6fe · Mayra Cabrera · 10013895 · d64a1292 · 69e1d6fe · 69e1d6fe
Commit 69e1d6fe authored Sep 07, 2020 by Mayra Cabrera
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 17 deletions

lib/api/internal/kubernetes.rb lib/api/internal/kubernetes.rb +4 -3

spec/requests/api/internal/kubernetes_spec.rb spec/requests/api/internal/kubernetes_spec.rb +16 -14

No files found.
--- a/lib/api/internal/kubernetes.rb
+++ b/lib/api/internal/kubernetes.rb
@@ -5,6 +5,7 @@ module API
  module Internal
    class Kubernetes < Grape::API::Instance
      before do
+        check_feature_enabled
        authenticate_gitlab_kas_request!
      end

@@ -55,7 +56,6 @@ module API
      namespace 'internal' do
        namespace 'kubernetes' do
          before do
-            check_feature_enabled
            check_agent_token
          end

@@ -96,15 +96,16 @@ module API
              gitaly_repository: gitaly_repository(project)
            }
          end
+        end

+        namespace 'kubernetes/usage_metrics' do
          desc 'POST usage metrics' do
            detail 'Updates usage metrics for agent'
          end
-          route_setting :authentication, cluster_agent_token_allowed: true
          params do
            requires :gitops_sync_count, type: Integer, desc: 'The count to increment the gitops_sync metric by'
          end
-          post '/usage_metrics' do
+          post '/' do
            gitops_sync_count = params[:gitops_sync_count]

            if gitops_sync_count < 0

--- a/spec/requests/api/internal/kubernetes_spec.rb
+++ b/spec/requests/api/internal/kubernetes_spec.rb
@@ -24,20 +24,6 @@ RSpec.describe API::Internal::Kubernetes do
      end
    end

-    context 'authenticated' do
-      it 'returns 403 if Authorization header not sent' do
-        send_request
-
-        expect(response).to have_gitlab_http_status(:forbidden)
-      end
-
-      it 'returns 404 if Authorization is for non-existent agent' do
-        send_request(headers: { 'Authorization' => 'Bearer NONEXISTENT' })
-
-        expect(response).to have_gitlab_http_status(:forbidden)
-      end
-    end
-
    context 'kubernetes_agent_internal_api feature flag disabled' do
      before do
        stub_feature_flags(kubernetes_agent_internal_api: false)
@@ -51,6 +37,20 @@ RSpec.describe API::Internal::Kubernetes do
    end
  end

+  shared_examples 'agent authentication' do
+    it 'returns 403 if Authorization header not sent' do
+      send_request
+
+      expect(response).to have_gitlab_http_status(:forbidden)
+    end
+
+    it 'returns 403 if Authorization is for non-existent agent' do
+      send_request(headers: { 'Authorization' => 'Bearer NONEXISTENT' })
+
+      expect(response).to have_gitlab_http_status(:forbidden)
+    end
+  end
+
  describe 'POST /internal/kubernetes/usage_metrics' do
    def send_request(headers: {}, params: {})
      post api('/internal/kubernetes/usage_metrics'), params: params, headers: headers.reverse_merge(jwt_auth_headers)
@@ -93,6 +93,7 @@ RSpec.describe API::Internal::Kubernetes do
    end

    include_examples 'authorization'
+    include_examples 'agent authentication'

    context 'an agent is found' do
      let!(:agent_token) { create(:cluster_agent_token) }
@@ -133,6 +134,7 @@ RSpec.describe API::Internal::Kubernetes do
    end

    include_examples 'authorization'
+    include_examples 'agent authentication'

    context 'an agent is found' do
      let!(:agent_token) { create(:cluster_agent_token) }