Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b2173011
Commit
b2173011
authored
Jul 31, 2018
by
Mayra Cabrera
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "Merge branch '48098-mutual-auth-cluster-applications' into 'master'"
This reverts merge request !20801
parent
5a3948a5
Changes
34
Hide whitespace changes
Inline
Side-by-side
Showing
34 changed files
with
178 additions
and
534 deletions
+178
-534
app/models/clusters/applications/helm.rb
app/models/clusters/applications/helm.rb
+1
-48
app/models/clusters/applications/ingress.rb
app/models/clusters/applications/ingress.rb
+2
-2
app/models/clusters/applications/jupyter.rb
app/models/clusters/applications/jupyter.rb
+2
-2
app/models/clusters/applications/prometheus.rb
app/models/clusters/applications/prometheus.rb
+2
-2
app/models/clusters/applications/runner.rb
app/models/clusters/applications/runner.rb
+2
-2
app/models/clusters/concerns/application_data.rb
app/models/clusters/concerns/application_data.rb
+0
-26
changelogs/unreleased/48098-mutual-auth-cluster-applications.yml
...ogs/unreleased/48098-mutual-auth-cluster-applications.yml
+0
-6
db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb
...0180612103626_add_columns_for_helm_tiller_certificates.rb
+0
-11
db/schema.rb
db/schema.rb
+0
-3
lib/gitlab/kubernetes/config_map.rb
lib/gitlab/kubernetes/config_map.rb
+4
-4
lib/gitlab/kubernetes/helm/api.rb
lib/gitlab/kubernetes/helm/api.rb
+1
-1
lib/gitlab/kubernetes/helm/base_command.rb
lib/gitlab/kubernetes/helm/base_command.rb
+11
-21
lib/gitlab/kubernetes/helm/certificate.rb
lib/gitlab/kubernetes/helm/certificate.rb
+0
-72
lib/gitlab/kubernetes/helm/init_command.rb
lib/gitlab/kubernetes/helm/init_command.rb
+2
-16
lib/gitlab/kubernetes/helm/install_command.rb
lib/gitlab/kubernetes/helm/install_command.rb
+15
-22
lib/gitlab/kubernetes/helm/pod.rb
lib/gitlab/kubernetes/helm/pod.rb
+5
-3
qa/qa/factory/resource/kubernetes_cluster.rb
qa/qa/factory/resource/kubernetes_cluster.rb
+2
-3
qa/qa/page/project/operations/kubernetes/show.rb
qa/qa/page/project/operations/kubernetes/show.rb
+0
-1
spec/factories/clusters/applications/helm.rb
spec/factories/clusters/applications/helm.rb
+3
-13
spec/factories/clusters/clusters.rb
spec/factories/clusters/clusters.rb
+0
-4
spec/features/projects/clusters/applications_spec.rb
spec/features/projects/clusters/applications_spec.rb
+2
-14
spec/lib/gitlab/kubernetes/config_map_spec.rb
spec/lib/gitlab/kubernetes/config_map_spec.rb
+2
-2
spec/lib/gitlab/kubernetes/helm/api_spec.rb
spec/lib/gitlab/kubernetes/helm/api_spec.rb
+1
-1
spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
+8
-20
spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
+0
-27
spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
+2
-2
spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+35
-34
spec/lib/gitlab/kubernetes/helm/pod_spec.rb
spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+25
-4
spec/models/clusters/applications/helm_spec.rb
spec/models/clusters/applications/helm_spec.rb
+2
-24
spec/models/clusters/applications/ingress_spec.rb
spec/models/clusters/applications/ingress_spec.rb
+8
-33
spec/models/clusters/applications/jupyter_spec.rb
spec/models/clusters/applications/jupyter_spec.rb
+11
-34
spec/models/clusters/applications/prometheus_spec.rb
spec/models/clusters/applications/prometheus_spec.rb
+9
-32
spec/models/clusters/applications/runner_spec.rb
spec/models/clusters/applications/runner_spec.rb
+20
-44
spec/services/clusters/applications/install_service_spec.rb
spec/services/clusters/applications/install_service_spec.rb
+1
-1
No files found.
app/models/clusters/applications/helm.rb
View file @
b2173011
require
'openssl'
module
Clusters
module
Clusters
module
Applications
module
Applications
class
Helm
<
ActiveRecord
::
Base
class
Helm
<
ActiveRecord
::
Base
self
.
table_name
=
'clusters_applications_helm'
self
.
table_name
=
'clusters_applications_helm'
attr_encrypted
:ca_key
,
mode: :per_attribute_iv
,
key:
Settings
.
attr_encrypted_db_key_base_truncated
,
algorithm:
'aes-256-cbc'
include
::
Clusters
::
Concerns
::
ApplicationCore
include
::
Clusters
::
Concerns
::
ApplicationCore
include
::
Clusters
::
Concerns
::
ApplicationStatus
include
::
Clusters
::
Concerns
::
ApplicationStatus
default_value_for
:version
,
Gitlab
::
Kubernetes
::
Helm
::
HELM_VERSION
default_value_for
:version
,
Gitlab
::
Kubernetes
::
Helm
::
HELM_VERSION
before_create
:create_keys_and_certs
def
issue_client_cert
ca_cert_obj
.
issue
end
def
set_initial_status
def
set_initial_status
return
unless
not_installable?
return
unless
not_installable?
...
@@ -28,41 +15,7 @@ module Clusters
...
@@ -28,41 +15,7 @@ module Clusters
end
end
def
install_command
def
install_command
Gitlab
::
Kubernetes
::
Helm
::
InitCommand
.
new
(
Gitlab
::
Kubernetes
::
Helm
::
InitCommand
.
new
(
name
)
name:
name
,
files:
files
)
end
def
has_ssl?
ca_key
.
present?
&&
ca_cert
.
present?
end
private
def
files
{
'ca.pem'
:
ca_cert
,
'cert.pem'
:
tiller_cert
.
cert_string
,
'key.pem'
:
tiller_cert
.
key_string
}
end
def
create_keys_and_certs
ca_cert
=
Gitlab
::
Kubernetes
::
Helm
::
Certificate
.
generate_root
self
.
ca_key
=
ca_cert
.
key_string
self
.
ca_cert
=
ca_cert
.
cert_string
end
def
tiller_cert
@tiller_cert
||=
ca_cert_obj
.
issue
(
expires_in:
Gitlab
::
Kubernetes
::
Helm
::
Certificate
::
INFINITE_EXPIRY
)
end
def
ca_cert_obj
return
unless
has_ssl?
Gitlab
::
Kubernetes
::
Helm
::
Certificate
.
from_strings
(
ca_key
,
ca_cert
)
end
end
end
end
end
end
...
...
app/models/clusters/applications/ingress.rb
View file @
b2173011
...
@@ -32,9 +32,9 @@ module Clusters
...
@@ -32,9 +32,9 @@ module Clusters
def
install_command
def
install_command
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
name
:
name
,
name
,
chart:
chart
,
chart:
chart
,
files:
fil
es
values:
valu
es
)
)
end
end
...
...
app/models/clusters/applications/jupyter.rb
View file @
b2173011
...
@@ -35,9 +35,9 @@ module Clusters
...
@@ -35,9 +35,9 @@ module Clusters
def
install_command
def
install_command
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
name
:
name
,
name
,
chart:
chart
,
chart:
chart
,
files:
fil
es
,
values:
valu
es
,
repository:
repository
repository:
repository
)
)
end
end
...
...
app/models/clusters/applications/prometheus.rb
View file @
b2173011
...
@@ -43,10 +43,10 @@ module Clusters
...
@@ -43,10 +43,10 @@ module Clusters
def
install_command
def
install_command
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
name
:
name
,
name
,
chart:
chart
,
chart:
chart
,
version:
version
,
version:
version
,
files:
fil
es
values:
valu
es
)
)
end
end
...
...
app/models/clusters/applications/runner.rb
View file @
b2173011
...
@@ -28,9 +28,9 @@ module Clusters
...
@@ -28,9 +28,9 @@ module Clusters
def
install_command
def
install_command
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
.
new
(
name
:
name
,
name
,
chart:
chart
,
chart:
chart
,
files:
fil
es
,
values:
valu
es
,
repository:
repository
repository:
repository
)
)
end
end
...
...
app/models/clusters/concerns/application_data.rb
View file @
b2173011
...
@@ -12,34 +12,8 @@ module Clusters
...
@@ -12,34 +12,8 @@ module Clusters
File
.
read
(
chart_values_file
)
File
.
read
(
chart_values_file
)
end
end
def
files
@files
||=
begin
files
=
{
'values.yaml'
:
values
}
files
.
merge!
(
certificate_files
)
if
cluster
.
application_helm
.
has_ssl?
files
end
end
private
private
def
certificate_files
{
'ca.pem'
:
ca_cert
,
'cert.pem'
:
helm_cert
.
cert_string
,
'key.pem'
:
helm_cert
.
key_string
}
end
def
ca_cert
cluster
.
application_helm
.
ca_cert
end
def
helm_cert
@helm_cert
||=
cluster
.
application_helm
.
issue_client_cert
end
def
chart_values_file
def
chart_values_file
"
#{
Rails
.
root
}
/vendor/
#{
name
}
/values.yaml"
"
#{
Rails
.
root
}
/vendor/
#{
name
}
/values.yaml"
end
end
...
...
changelogs/unreleased/48098-mutual-auth-cluster-applications.yml
deleted
100644 → 0
View file @
5a3948a5
---
title
:
Ensure installed Helm Tiller For GitLab Managed Apps Is protected by mutual
auth
merge_request
:
20801
author
:
type
:
changed
db/migrate/20180612103626_add_columns_for_helm_tiller_certificates.rb
deleted
100644 → 0
View file @
5a3948a5
class
AddColumnsForHelmTillerCertificates
<
ActiveRecord
::
Migration
include
Gitlab
::
Database
::
MigrationHelpers
DOWNTIME
=
false
def
change
add_column
:clusters_applications_helm
,
:encrypted_ca_key
,
:text
add_column
:clusters_applications_helm
,
:encrypted_ca_key_iv
,
:text
add_column
:clusters_applications_helm
,
:ca_cert
,
:text
end
end
db/schema.rb
View file @
b2173011
...
@@ -636,9 +636,6 @@ ActiveRecord::Schema.define(version: 20180722103201) do
...
@@ -636,9 +636,6 @@ ActiveRecord::Schema.define(version: 20180722103201) do
t
.
integer
"status"
,
null:
false
t
.
integer
"status"
,
null:
false
t
.
string
"version"
,
null:
false
t
.
string
"version"
,
null:
false
t
.
text
"status_reason"
t
.
text
"status_reason"
t
.
text
"encrypted_ca_key"
t
.
text
"encrypted_ca_key_iv"
t
.
text
"ca_cert"
end
end
create_table
"clusters_applications_ingress"
,
force: :cascade
do
|
t
|
create_table
"clusters_applications_ingress"
,
force: :cascade
do
|
t
|
...
...
lib/gitlab/kubernetes/config_map.rb
View file @
b2173011
module
Gitlab
module
Gitlab
module
Kubernetes
module
Kubernetes
class
ConfigMap
class
ConfigMap
def
initialize
(
name
,
files
)
def
initialize
(
name
,
values
=
""
)
@name
=
name
@name
=
name
@
files
=
fil
es
@
values
=
valu
es
end
end
def
generate
def
generate
resource
=
::
Kubeclient
::
Resource
.
new
resource
=
::
Kubeclient
::
Resource
.
new
resource
.
metadata
=
metadata
resource
.
metadata
=
metadata
resource
.
data
=
files
resource
.
data
=
{
values:
values
}
resource
resource
end
end
...
@@ -19,7 +19,7 @@ module Gitlab
...
@@ -19,7 +19,7 @@ module Gitlab
private
private
attr_reader
:name
,
:
fil
es
attr_reader
:name
,
:
valu
es
def
metadata
def
metadata
{
{
...
...
lib/gitlab/kubernetes/helm/api.rb
View file @
b2173011
...
@@ -9,7 +9,7 @@ module Gitlab
...
@@ -9,7 +9,7 @@ module Gitlab
def
install
(
command
)
def
install
(
command
)
namespace
.
ensure_exists!
namespace
.
ensure_exists!
create_config_map
(
command
)
create_config_map
(
command
)
if
command
.
config_map?
kubeclient
.
create_pod
(
command
.
pod_resource
)
kubeclient
.
create_pod
(
command
.
pod_resource
)
end
end
...
...
lib/gitlab/kubernetes/helm/base_command.rb
View file @
b2173011
module
Gitlab
module
Gitlab
module
Kubernetes
module
Kubernetes
module
Helm
module
Helm
module
BaseCommand
class
BaseCommand
attr_reader
:name
def
initialize
(
name
)
@name
=
name
end
def
pod_resource
def
pod_resource
Gitlab
::
Kubernetes
::
Helm
::
Pod
.
new
(
self
,
namespace
).
generate
Gitlab
::
Kubernetes
::
Helm
::
Pod
.
new
(
self
,
namespace
).
generate
end
end
...
@@ -18,32 +24,16 @@ module Gitlab
...
@@ -18,32 +24,16 @@ module Gitlab
HEREDOC
HEREDOC
end
end
def
pod_name
def
config_map?
"install-
#{
name
}
"
false
end
def
config_map_resource
Gitlab
::
Kubernetes
::
ConfigMap
.
new
(
name
,
files
).
generate
end
end
def
file_names
def
pod_name
files
.
keys
"install-
#{
name
}
"
end
def
name
raise
"Not implemented"
end
def
files
raise
"Not implemented"
end
end
private
private
def
files_dir
"/data/helm/
#{
name
}
/config"
end
def
namespace
def
namespace
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
end
end
...
...
lib/gitlab/kubernetes/helm/certificate.rb
deleted
100644 → 0
View file @
5a3948a5
module
Gitlab
module
Kubernetes
module
Helm
class
Certificate
INFINITE_EXPIRY
=
1000
.
years
SHORT_EXPIRY
=
30
.
minutes
attr_reader
:key
,
:cert
def
key_string
@key
.
to_s
end
def
cert_string
@cert
.
to_pem
end
def
self
.
from_strings
(
key_string
,
cert_string
)
key
=
OpenSSL
::
PKey
::
RSA
.
new
(
key_string
)
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
cert_string
)
new
(
key
,
cert
)
end
def
self
.
generate_root
_issue
(
signed_by:
nil
,
expires_in:
INFINITE_EXPIRY
,
certificate_authority:
true
)
end
def
issue
(
expires_in:
SHORT_EXPIRY
)
self
.
class
.
_issue
(
signed_by:
self
,
expires_in:
expires_in
,
certificate_authority:
false
)
end
private
def
self
.
_issue
(
signed_by
:,
expires_in
:,
certificate_authority
:)
key
=
OpenSSL
::
PKey
::
RSA
.
new
(
4096
)
public_key
=
key
.
public_key
subject
=
OpenSSL
::
X509
::
Name
.
parse
(
"/C=US"
)
cert
=
OpenSSL
::
X509
::
Certificate
.
new
cert
.
subject
=
subject
cert
.
issuer
=
signed_by
&
.
cert
&
.
subject
||
subject
cert
.
not_before
=
Time
.
now
cert
.
not_after
=
expires_in
.
from_now
cert
.
public_key
=
public_key
cert
.
serial
=
0x0
cert
.
version
=
2
if
certificate_authority
extension_factory
=
OpenSSL
::
X509
::
ExtensionFactory
.
new
extension_factory
.
subject_certificate
=
cert
extension_factory
.
issuer_certificate
=
cert
cert
.
add_extension
(
extension_factory
.
create_extension
(
'subjectKeyIdentifier'
,
'hash'
))
cert
.
add_extension
(
extension_factory
.
create_extension
(
'basicConstraints'
,
'CA:TRUE'
,
true
))
cert
.
add_extension
(
extension_factory
.
create_extension
(
'keyUsage'
,
'cRLSign,keyCertSign'
,
true
))
end
cert
.
sign
(
signed_by
&
.
key
||
key
,
OpenSSL
::
Digest
::
SHA256
.
new
)
new
(
key
,
cert
)
end
def
initialize
(
key
,
cert
)
@key
=
key
@cert
=
cert
end
end
end
end
end
lib/gitlab/kubernetes/helm/init_command.rb
View file @
b2173011
module
Gitlab
module
Gitlab
module
Kubernetes
module
Kubernetes
module
Helm
module
Helm
class
InitCommand
class
InitCommand
<
BaseCommand
include
BaseCommand
attr_reader
:name
,
:files
def
initialize
(
name
:,
files
:)
@name
=
name
@files
=
files
end
def
generate_script
def
generate_script
super
+
[
super
+
[
init_helm_command
init_helm_command
...
@@ -20,12 +11,7 @@ module Gitlab
...
@@ -20,12 +11,7 @@ module Gitlab
private
private
def
init_helm_command
def
init_helm_command
tls_flags
=
"--tiller-tls"
\
"helm init >/dev/null"
" --tiller-tls-verify --tls-ca-cert
#{
files_dir
}
/ca.pem"
\
" --tiller-tls-cert
#{
files_dir
}
/cert.pem"
\
" --tiller-tls-key
#{
files_dir
}
/key.pem"
"helm init
#{
tls_flags
}
>/dev/null"
end
end
end
end
end
end
...
...
lib/gitlab/kubernetes/helm/install_command.rb
View file @
b2173011
module
Gitlab
module
Gitlab
module
Kubernetes
module
Kubernetes
module
Helm
module
Helm
class
InstallCommand
class
InstallCommand
<
BaseCommand
include
BaseCommand
attr_reader
:name
,
:chart
,
:version
,
:repository
,
:values
attr_reader
:name
,
:files
,
:chart
,
:version
,
:repository
def
initialize
(
name
,
chart
:,
values
:,
version:
nil
,
repository:
nil
)
def
initialize
(
name
:,
chart
:,
files
:,
version:
nil
,
repository:
nil
)
@name
=
name
@name
=
name
@chart
=
chart
@chart
=
chart
@version
=
version
@version
=
version
@
files
=
fil
es
@
values
=
valu
es
@repository
=
repository
@repository
=
repository
end
end
...
@@ -22,6 +20,14 @@ module Gitlab
...
@@ -22,6 +20,14 @@ module Gitlab
].
compact
.
join
(
"
\n
"
)
].
compact
.
join
(
"
\n
"
)
end
end
def
config_map?
true
end
def
config_map_resource
Gitlab
::
Kubernetes
::
ConfigMap
.
new
(
name
,
values
).
generate
end
private
private
def
init_command
def
init_command
...
@@ -33,27 +39,14 @@ module Gitlab
...
@@ -33,27 +39,14 @@ module Gitlab
end
end
def
script_command
def
script_command
"helm install"
\
<<~
HEREDOC
"
#{
optional_tls_flags
}
"
\
helm install
#{
chart
}
--name
#{
name
}#{
optional_version_flag
}
--namespace
#{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
-f /data/helm/
#{
name
}
/config/values.yaml >/dev/null
"
#{
chart
}
"
\
HEREDOC
"--name
#{
name
}
"
\
"
#{
optional_version_flag
}
"
\
"--namespace
#{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
"
\
"-f /data/helm/
#{
name
}
/config/values.yaml >/dev/null
\n
"
end
end
def
optional_version_flag
def
optional_version_flag
" --version
#{
version
}
"
if
version
" --version
#{
version
}
"
if
version
end
end
def
optional_tls_flags
return
unless
files
.
key?
(
:'ca.pem'
)
" --tls"
\
" --tls-ca-cert
#{
files_dir
}
/ca.pem"
\
" --tls-cert
#{
files_dir
}
/cert.pem"
\
" --tls-key
#{
files_dir
}
/key.pem"
end
end
end
end
end
end
end
...
...
lib/gitlab/kubernetes/helm/pod.rb
View file @
b2173011
...
@@ -10,8 +10,10 @@ module Gitlab
...
@@ -10,8 +10,10 @@ module Gitlab
def
generate
def
generate
spec
=
{
containers:
[
container_specification
],
restartPolicy:
'Never'
}
spec
=
{
containers:
[
container_specification
],
restartPolicy:
'Never'
}
spec
[
:volumes
]
=
volumes_specification
if
command
.
config_map?
spec
[
:containers
][
0
][
:volumeMounts
]
=
volume_mounts_specification
spec
[
:volumes
]
=
volumes_specification
spec
[
:containers
][
0
][
:volumeMounts
]
=
volume_mounts_specification
end
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
spec:
spec
)
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
spec:
spec
)
end
end
...
@@ -59,7 +61,7 @@ module Gitlab
...
@@ -59,7 +61,7 @@ module Gitlab
name:
'configuration-volume'
,
name:
'configuration-volume'
,
configMap:
{
configMap:
{
name:
"values-content-configuration-
#{
command
.
name
}
"
,
name:
"values-content-configuration-
#{
command
.
name
}
"
,
items:
command
.
file_names
.
map
{
|
name
|
{
key:
name
,
path:
name
}
}
items:
[{
key:
'values'
,
path:
'values.yaml'
}]
}
}
}
}
]
]
...
...
qa/qa/factory/resource/kubernetes_cluster.rb
View file @
b2173011
...
@@ -44,11 +44,10 @@ module QA
...
@@ -44,11 +44,10 @@ module QA
page
.
await_installed
(
:helm
)
page
.
await_installed
(
:helm
)
page
.
install!
(
:ingress
)
if
@install_ingress
page
.
install!
(
:ingress
)
if
@install_ingress
page
.
install!
(
:prometheus
)
if
@install_prometheus
page
.
install!
(
:runner
)
if
@install_runner
page
.
await_installed
(
:ingress
)
if
@install_ingress
page
.
await_installed
(
:ingress
)
if
@install_ingress
page
.
install!
(
:prometheus
)
if
@install_prometheus
page
.
await_installed
(
:prometheus
)
if
@install_prometheus
page
.
await_installed
(
:prometheus
)
if
@install_prometheus
page
.
install!
(
:runner
)
if
@install_runner
page
.
await_installed
(
:runner
)
if
@install_runner
page
.
await_installed
(
:runner
)
if
@install_runner
end
end
end
end
...
...
qa/qa/page/project/operations/kubernetes/show.rb
View file @
b2173011
...
@@ -16,7 +16,6 @@ module QA
...
@@ -16,7 +16,6 @@ module QA
def
install!
(
application_name
)
def
install!
(
application_name
)
within
(
".js-cluster-application-row-
#{
application_name
}
"
)
do
within
(
".js-cluster-application-row-
#{
application_name
}
"
)
do
page
.
has_button?
(
'Install'
,
wait:
30
)
click_on
'Install'
click_on
'Install'
end
end
end
end
...
...
spec/factories/clusters/applications/helm.rb
View file @
b2173011
...
@@ -32,21 +32,11 @@ FactoryBot.define do
...
@@ -32,21 +32,11 @@ FactoryBot.define do
updated_at
ClusterWaitForAppInstallationWorker
::
TIMEOUT
.
ago
updated_at
ClusterWaitForAppInstallationWorker
::
TIMEOUT
.
ago
end
end
factory
:clusters_applications_ingress
,
class:
Clusters
::
Applications
::
Ingress
do
factory
:clusters_applications_ingress
,
class:
Clusters
::
Applications
::
Ingress
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
factory
:clusters_applications_prometheus
,
class:
Clusters
::
Applications
::
Prometheus
end
factory
:clusters_applications_runner
,
class:
Clusters
::
Applications
::
Runner
factory
:clusters_applications_prometheus
,
class:
Clusters
::
Applications
::
Prometheus
do
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
factory
:clusters_applications_runner
,
class:
Clusters
::
Applications
::
Runner
do
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
factory
:clusters_applications_jupyter
,
class:
Clusters
::
Applications
::
Jupyter
do
factory
:clusters_applications_jupyter
,
class:
Clusters
::
Applications
::
Jupyter
do
oauth_application
factory: :oauth_application
oauth_application
factory: :oauth_application
cluster
factory:
%i(cluster with_installed_helm provided_by_gcp)
end
end
end
end
end
end
spec/factories/clusters/clusters.rb
View file @
b2173011
...
@@ -36,9 +36,5 @@ FactoryBot.define do
...
@@ -36,9 +36,5 @@ FactoryBot.define do
trait
:production_environment
do
trait
:production_environment
do
sequence
(
:environment_scope
)
{
|
n
|
"production
#{
n
}
/*"
}
sequence
(
:environment_scope
)
{
|
n
|
"production
#{
n
}
/*"
}
end
end
trait
:with_installed_helm
do
application_helm
factory:
%i(clusters_applications_helm installed)
end
end
end
end
end
spec/features/projects/clusters/applications_spec.rb
View file @
b2173011
...
@@ -46,14 +46,12 @@ describe 'Clusters Applications', :js do
...
@@ -46,14 +46,12 @@ describe 'Clusters Applications', :js do
end
end
end
end
it
'
they see
status transition'
do
it
'
he sees
status transition'
do
page
.
within
(
'.js-cluster-application-row-helm'
)
do
page
.
within
(
'.js-cluster-application-row-helm'
)
do
# FE sends request and gets the response, then the buttons is "Install"
# FE sends request and gets the response, then the buttons is "Install"
expect
(
page
.
find
(
:css
,
'.js-cluster-application-install-button'
)[
'disabled'
]).
to
eq
(
'true'
)
expect
(
page
.
find
(
:css
,
'.js-cluster-application-install-button'
)[
'disabled'
]).
to
eq
(
'true'
)
expect
(
page
).
to
have_css
(
'.js-cluster-application-install-button'
,
exact_text:
'Install'
)
expect
(
page
).
to
have_css
(
'.js-cluster-application-install-button'
,
exact_text:
'Install'
)
wait_until_helm_created!
Clusters
::
Cluster
.
last
.
application_helm
.
make_installing!
Clusters
::
Cluster
.
last
.
application_helm
.
make_installing!
# FE starts polling and update the buttons to "Installing"
# FE starts polling and update the buttons to "Installing"
...
@@ -85,7 +83,7 @@ describe 'Clusters Applications', :js do
...
@@ -85,7 +83,7 @@ describe 'Clusters Applications', :js do
end
end
end
end
it
'
they see
status transition'
do
it
'
he sees
status transition'
do
page
.
within
(
'.js-cluster-application-row-ingress'
)
do
page
.
within
(
'.js-cluster-application-row-ingress'
)
do
# FE sends request and gets the response, then the buttons is "Install"
# FE sends request and gets the response, then the buttons is "Install"
expect
(
page
).
to
have_css
(
'.js-cluster-application-install-button[disabled]'
)
expect
(
page
).
to
have_css
(
'.js-cluster-application-install-button[disabled]'
)
...
@@ -118,14 +116,4 @@ describe 'Clusters Applications', :js do
...
@@ -118,14 +116,4 @@ describe 'Clusters Applications', :js do
end
end
end
end
end
end
def
wait_until_helm_created!
retries
=
0
while
Clusters
::
Cluster
.
last
.
application_helm
.
nil?
raise
"Timed out waiting for helm application to be created in DB"
if
(
retries
+=
1
)
>
3
sleep
(
1
)
end
end
end
end
spec/lib/gitlab/kubernetes/config_map_spec.rb
View file @
b2173011
...
@@ -3,7 +3,7 @@ require 'spec_helper'
...
@@ -3,7 +3,7 @@ require 'spec_helper'
describe
Gitlab
::
Kubernetes
::
ConfigMap
do
describe
Gitlab
::
Kubernetes
::
ConfigMap
do
let
(
:kubeclient
)
{
double
(
'kubernetes client'
)
}
let
(
:kubeclient
)
{
double
(
'kubernetes client'
)
}
let
(
:application
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:application
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:config_map
)
{
described_class
.
new
(
application
.
name
,
application
.
fil
es
)
}
let
(
:config_map
)
{
described_class
.
new
(
application
.
name
,
application
.
valu
es
)
}
let
(
:namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
let
(
:namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
let
(
:metadata
)
do
let
(
:metadata
)
do
...
@@ -15,7 +15,7 @@ describe Gitlab::Kubernetes::ConfigMap do
...
@@ -15,7 +15,7 @@ describe Gitlab::Kubernetes::ConfigMap do
end
end
describe
'#generate'
do
describe
'#generate'
do
let
(
:resource
)
{
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
data:
application
.
files
)
}
let
(
:resource
)
{
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
data:
{
values:
application
.
values
}
)
}
subject
{
config_map
.
generate
}
subject
{
config_map
.
generate
}
it
'should build a Kubeclient Resource'
do
it
'should build a Kubeclient Resource'
do
...
...
spec/lib/gitlab/kubernetes/helm/api_spec.rb
View file @
b2173011
...
@@ -39,7 +39,7 @@ describe Gitlab::Kubernetes::Helm::Api do
...
@@ -39,7 +39,7 @@ describe Gitlab::Kubernetes::Helm::Api do
end
end
context
'with a ConfigMap'
do
context
'with a ConfigMap'
do
let
(
:resource
)
{
Gitlab
::
Kubernetes
::
ConfigMap
.
new
(
application
.
name
,
application
.
fil
es
).
generate
}
let
(
:resource
)
{
Gitlab
::
Kubernetes
::
ConfigMap
.
new
(
application
.
name
,
application
.
valu
es
).
generate
}
it
'creates a ConfigMap on kubeclient'
do
it
'creates a ConfigMap on kubeclient'
do
expect
(
client
).
to
receive
(
:create_config_map
).
with
(
resource
).
once
expect
(
client
).
to
receive
(
:create_config_map
).
with
(
resource
).
once
...
...
spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
View file @
b2173011
...
@@ -2,25 +2,7 @@ require 'spec_helper'
...
@@ -2,25 +2,7 @@ require 'spec_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
BaseCommand
do
describe
Gitlab
::
Kubernetes
::
Helm
::
BaseCommand
do
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
let
(
:test_class
)
do
let
(
:base_command
)
{
described_class
.
new
(
application
.
name
)
}
Class
.
new
do
include
Gitlab
::
Kubernetes
::
Helm
::
BaseCommand
def
name
"test-class-name"
end
def
files
{
some:
'value'
}
end
end
end
let
(
:base_command
)
do
test_class
.
new
end
subject
{
base_command
}
subject
{
base_command
}
...
@@ -36,9 +18,15 @@ describe Gitlab::Kubernetes::Helm::BaseCommand do
...
@@ -36,9 +18,15 @@ describe Gitlab::Kubernetes::Helm::BaseCommand do
end
end
end
end
describe
'#config_map?'
do
subject
{
base_command
.
config_map?
}
it
{
is_expected
.
to
be_falsy
}
end
describe
'#pod_name'
do
describe
'#pod_name'
do
subject
{
base_command
.
pod_name
}
subject
{
base_command
.
pod_name
}
it
{
is_expected
.
to
eq
(
'install-
test-class-name
'
)
}
it
{
is_expected
.
to
eq
(
'install-
helm
'
)
}
end
end
end
end
spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
deleted
100644 → 0
View file @
5a3948a5
require
'spec_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
Certificate
do
describe
'.generate_root'
do
subject
{
described_class
.
generate_root
}
it
'should generate a root CA that expires a long way in the future'
do
expect
(
subject
.
cert
.
not_after
).
to
be
>
999
.
years
.
from_now
end
end
describe
'#issue'
do
subject
{
described_class
.
generate_root
.
issue
}
it
'should generate a cert that expires soon'
do
expect
(
subject
.
cert
.
not_after
).
to
be
<
60
.
minutes
.
from_now
end
context
'passing in INFINITE_EXPIRY'
do
subject
{
described_class
.
generate_root
.
issue
(
expires_in:
described_class
::
INFINITE_EXPIRY
)
}
it
'should generate a cert that expires a long way in the future'
do
expect
(
subject
.
cert
.
not_after
).
to
be
>
999
.
years
.
from_now
end
end
end
end
spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
View file @
b2173011
...
@@ -2,9 +2,9 @@ require 'spec_helper'
...
@@ -2,9 +2,9 @@ require 'spec_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
InitCommand
do
describe
Gitlab
::
Kubernetes
::
Helm
::
InitCommand
do
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
let
(
:commands
)
{
'helm init
--tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem
>/dev/null'
}
let
(
:commands
)
{
'helm init >/dev/null'
}
subject
{
described_class
.
new
(
name:
application
.
name
,
files:
{}
)
}
subject
{
described_class
.
new
(
application
.
name
)
}
it_behaves_like
'helm commands'
it_behaves_like
'helm commands'
end
end
spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
View file @
b2173011
require
'rails_helper'
require
'rails_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
do
describe
Gitlab
::
Kubernetes
::
Helm
::
InstallCommand
do
let
(
:files
)
{
{
'ca.pem'
:
'some file content'
}
}
let
(
:application
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:repository
)
{
'https://repository.example.com'
}
let
(
:namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
let
(
:version
)
{
'1.2.3'
}
let
(
:install_command
)
{
application
.
install_command
}
let
(
:install_command
)
do
described_class
.
new
(
name:
'app-name'
,
chart:
'chart-name'
,
files:
files
,
version:
version
,
repository:
repository
)
end
subject
{
install_command
}
subject
{
install_command
}
it_behaves_like
'helm commands'
do
context
'for ingress'
do
let
(
:commands
)
do
let
(
:application
)
{
create
(
:clusters_applications_ingress
)
}
<<~
EOS
helm init --client-only >/dev/null
it_behaves_like
'helm commands'
do
helm repo add app-name https://repository.example.com
let
(
:commands
)
do
helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
<<~
EOS
EOS
helm init --client-only >/dev/null
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
EOS
end
end
end
end
end
context
'
when there is no repository
'
do
context
'
for prometheus
'
do
let
(
:
repository
)
{
nil
}
let
(
:
application
)
{
create
(
:clusters_applications_prometheus
)
}
it_behaves_like
'helm commands'
do
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
let
(
:commands
)
do
<<~
EOS
<<~
EOS
helm init --client-only >/dev/null
helm init --client-only >/dev/null
helm install
--tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name
/config/values.yaml >/dev/null
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--version
#{
application
.
version
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
EOS
EOS
end
end
end
end
end
end
context
'when there is no ca.pem file'
do
context
'for runner'
do
let
(
:files
)
{
{
'file.txt'
:
'some content'
}
}
let
(
:ci_runner
)
{
create
(
:ci_runner
)
}
let
(
:application
)
{
create
(
:clusters_applications_runner
,
runner:
ci_runner
)
}
it_behaves_like
'helm commands'
do
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
let
(
:commands
)
do
<<~
EOS
<<~
EOS
helm init --client-only >/dev/null
helm init --client-only >/dev/null
helm repo add
app-name https://repository.example.com
helm repo add
#{
application
.
name
}
#{
application
.
repository
}
helm install
chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name
/config/values.yaml >/dev/null
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
EOS
EOS
end
end
end
end
end
end
context
'
when there is no version
'
do
context
'
for jupyter
'
do
let
(
:
version
)
{
nil
}
let
(
:
application
)
{
create
(
:clusters_applications_jupyter
)
}
it_behaves_like
'helm commands'
do
it_behaves_like
'helm commands'
do
let
(
:commands
)
do
let
(
:commands
)
do
<<~
EOS
<<~
EOS
helm init --client-only >/dev/null
helm init --client-only >/dev/null
helm repo add
app-name https://repository.example.com
helm repo add
#{
application
.
name
}
#{
application
.
repository
}
helm install
--tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --namespace gitlab-managed-apps -f /data/helm/app-name
/config/values.yaml >/dev/null
helm install
#{
application
.
chart
}
--name
#{
application
.
name
}
--namespace
#{
namespace
}
-f /data/helm/
#{
application
.
name
}
/config/values.yaml >/dev/null
EOS
EOS
end
end
end
end
end
end
describe
'#config_map?'
do
subject
{
install_command
.
config_map?
}
it
{
is_expected
.
to
be_truthy
}
end
describe
'#config_map_resource'
do
describe
'#config_map_resource'
do
let
(
:metadata
)
do
let
(
:metadata
)
do
{
{
name:
"values-content-configuration-
app-name
"
,
name:
"values-content-configuration-
#{
application
.
name
}
"
,
namespace:
'gitlab-managed-apps'
,
namespace:
namespace
,
labels:
{
name:
"values-content-configuration-
app-name
"
}
labels:
{
name:
"values-content-configuration-
#{
application
.
name
}
"
}
}
}
end
end
let
(
:resource
)
{
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
data:
files
)
}
let
(
:resource
)
{
::
Kubeclient
::
Resource
.
new
(
metadata:
metadata
,
data:
{
values:
application
.
values
}
)
}
subject
{
install_command
.
config_map_resource
}
subject
{
install_command
.
config_map_resource
}
...
...
spec/lib/gitlab/kubernetes/helm/pod_spec.rb
View file @
b2173011
...
@@ -2,13 +2,14 @@ require 'rails_helper'
...
@@ -2,13 +2,14 @@ require 'rails_helper'
describe
Gitlab
::
Kubernetes
::
Helm
::
Pod
do
describe
Gitlab
::
Kubernetes
::
Helm
::
Pod
do
describe
'#generate'
do
describe
'#generate'
do
let
(
:app
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:cluster
)
{
create
(
:cluster
)
}
let
(
:app
)
{
create
(
:clusters_applications_prometheus
,
cluster:
cluster
)
}
let
(
:command
)
{
app
.
install_command
}
let
(
:command
)
{
app
.
install_command
}
let
(
:namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
let
(
:namespace
)
{
Gitlab
::
Kubernetes
::
Helm
::
NAMESPACE
}
subject
{
described_class
.
new
(
command
,
namespace
)
}
subject
{
described_class
.
new
(
command
,
namespace
)
}
context
'with a comman
d'
do
shared_examples
'helm po
d'
do
it
'should generate a Kubeclient::Resource'
do
it
'should generate a Kubeclient::Resource'
do
expect
(
subject
.
generate
).
to
be_a_kind_of
(
Kubeclient
::
Resource
)
expect
(
subject
.
generate
).
to
be_a_kind_of
(
Kubeclient
::
Resource
)
end
end
...
@@ -40,6 +41,10 @@ describe Gitlab::Kubernetes::Helm::Pod do
...
@@ -40,6 +41,10 @@ describe Gitlab::Kubernetes::Helm::Pod do
spec
=
subject
.
generate
.
spec
spec
=
subject
.
generate
.
spec
expect
(
spec
.
restartPolicy
).
to
eq
(
'Never'
)
expect
(
spec
.
restartPolicy
).
to
eq
(
'Never'
)
end
end
end
context
'with a install command'
do
it_behaves_like
'helm pod'
it
'should include volumes for the container'
do
it
'should include volumes for the container'
do
container
=
subject
.
generate
.
spec
.
containers
.
first
container
=
subject
.
generate
.
spec
.
containers
.
first
...
@@ -55,8 +60,24 @@ describe Gitlab::Kubernetes::Helm::Pod do
...
@@ -55,8 +60,24 @@ describe Gitlab::Kubernetes::Helm::Pod do
it
'should mount configMap specification in the volume'
do
it
'should mount configMap specification in the volume'
do
volume
=
subject
.
generate
.
spec
.
volumes
.
first
volume
=
subject
.
generate
.
spec
.
volumes
.
first
expect
(
volume
.
configMap
[
'name'
]).
to
eq
(
"values-content-configuration-
#{
app
.
name
}
"
)
expect
(
volume
.
configMap
[
'name'
]).
to
eq
(
"values-content-configuration-
#{
app
.
name
}
"
)
expect
(
volume
.
configMap
[
'items'
].
first
[
'key'
]).
to
eq
(
:'values.yaml'
)
expect
(
volume
.
configMap
[
'items'
].
first
[
'key'
]).
to
eq
(
'values'
)
expect
(
volume
.
configMap
[
'items'
].
first
[
'path'
]).
to
eq
(
:'values.yaml'
)
expect
(
volume
.
configMap
[
'items'
].
first
[
'path'
]).
to
eq
(
'values.yaml'
)
end
end
context
'with a init command'
do
let
(
:app
)
{
create
(
:clusters_applications_helm
,
cluster:
cluster
)
}
it_behaves_like
'helm pod'
it
'should not include volumeMounts inside the container'
do
container
=
subject
.
generate
.
spec
.
containers
.
first
expect
(
container
.
volumeMounts
).
to
be_nil
end
it
'should not a volume inside the specification'
do
spec
=
subject
.
generate
.
spec
expect
(
spec
.
volumes
).
to
be_nil
end
end
end
end
end
end
...
...
spec/models/clusters/applications/helm_spec.rb
View file @
b2173011
...
@@ -6,24 +6,13 @@ describe Clusters::Applications::Helm do
...
@@ -6,24 +6,13 @@ describe Clusters::Applications::Helm do
describe
'.installed'
do
describe
'.installed'
do
subject
{
described_class
.
installed
}
subject
{
described_class
.
installed
}
let!
(
:
installed_
cluster
)
{
create
(
:clusters_applications_helm
,
:installed
)
}
let!
(
:cluster
)
{
create
(
:clusters_applications_helm
,
:installed
)
}
before
do
before
do
create
(
:clusters_applications_helm
,
:errored
)
create
(
:clusters_applications_helm
,
:errored
)
end
end
it
{
is_expected
.
to
contain_exactly
(
installed_cluster
)
}
it
{
is_expected
.
to
contain_exactly
(
cluster
)
}
end
describe
'#issue_client_cert'
do
let
(
:application
)
{
create
(
:clusters_applications_helm
)
}
subject
{
application
.
issue_client_cert
}
it
'returns a new cert'
do
is_expected
.
to
be_kind_of
(
Gitlab
::
Kubernetes
::
Helm
::
Certificate
)
expect
(
subject
.
cert_string
).
not_to
eq
(
application
.
ca_cert
)
expect
(
subject
.
key_string
).
not_to
eq
(
application
.
ca_key
)
end
end
end
describe
'#install_command'
do
describe
'#install_command'
do
...
@@ -36,16 +25,5 @@ describe Clusters::Applications::Helm do
...
@@ -36,16 +25,5 @@ describe Clusters::Applications::Helm do
it
'should be initialized with 1 arguments'
do
it
'should be initialized with 1 arguments'
do
expect
(
subject
.
name
).
to
eq
(
'helm'
)
expect
(
subject
.
name
).
to
eq
(
'helm'
)
end
end
it
'should have cert files'
do
expect
(
subject
.
files
[
:'ca.pem'
]).
to
be_present
expect
(
subject
.
files
[
:'ca.pem'
]).
to
eq
(
helm
.
ca_cert
)
expect
(
subject
.
files
[
:'cert.pem'
]).
to
be_present
expect
(
subject
.
files
[
:'key.pem'
]).
to
be_present
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
subject
.
files
[
:'cert.pem'
])
expect
(
cert
.
not_after
).
to
be
>
999
.
years
.
from_now
end
end
end
end
end
spec/models/clusters/applications/ingress_spec.rb
View file @
b2173011
...
@@ -74,43 +74,18 @@ describe Clusters::Applications::Ingress do
...
@@ -74,43 +74,18 @@ describe Clusters::Applications::Ingress do
expect
(
subject
.
name
).
to
eq
(
'ingress'
)
expect
(
subject
.
name
).
to
eq
(
'ingress'
)
expect
(
subject
.
chart
).
to
eq
(
'stable/nginx-ingress'
)
expect
(
subject
.
chart
).
to
eq
(
'stable/nginx-ingress'
)
expect
(
subject
.
version
).
to
be_nil
expect
(
subject
.
version
).
to
be_nil
expect
(
subject
.
files
).
to
eq
(
ingress
.
fil
es
)
expect
(
subject
.
values
).
to
eq
(
ingress
.
valu
es
)
end
end
end
end
describe
'#files'
do
describe
'#values'
do
let
(
:application
)
{
ingress
}
subject
{
ingress
.
values
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include ingress valid keys in values'
do
it
'should include ingress valid keys'
do
expect
(
values
).
to
include
(
'image'
)
is_expected
.
to
include
(
'image'
)
expect
(
values
).
to
include
(
'repository'
)
is_expected
.
to
include
(
'repository'
)
expect
(
values
).
to
include
(
'stats'
)
is_expected
.
to
include
(
'stats'
)
expect
(
values
).
to
include
(
'podAnnotations'
)
is_expected
.
to
include
(
'podAnnotations'
)
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
subject
[
:'cert.pem'
])
expect
(
cert
.
not_after
).
to
be
<
60
.
minutes
.
from_now
end
end
end
end
end
end
spec/models/clusters/applications/jupyter_spec.rb
View file @
b2173011
...
@@ -38,46 +38,23 @@ describe Clusters::Applications::Jupyter do
...
@@ -38,46 +38,23 @@ describe Clusters::Applications::Jupyter do
expect
(
subject
.
chart
).
to
eq
(
'jupyter/jupyterhub'
)
expect
(
subject
.
chart
).
to
eq
(
'jupyter/jupyterhub'
)
expect
(
subject
.
version
).
to
be_nil
expect
(
subject
.
version
).
to
be_nil
expect
(
subject
.
repository
).
to
eq
(
'https://jupyterhub.github.io/helm-chart/'
)
expect
(
subject
.
repository
).
to
eq
(
'https://jupyterhub.github.io/helm-chart/'
)
expect
(
subject
.
files
).
to
eq
(
jupyter
.
fil
es
)
expect
(
subject
.
values
).
to
eq
(
jupyter
.
valu
es
)
end
end
end
end
describe
'#files'
do
describe
'#values'
do
let
(
:application
)
{
create
(
:clusters_applications_jupyter
)
}
let
(
:jupyter
)
{
create
(
:clusters_applications_jupyter
)
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include cert files'
do
subject
{
jupyter
.
values
}
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
subject
[
:'cert.pem'
])
expect
(
cert
.
not_after
).
to
be
<
60
.
minutes
.
from_now
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include valid values'
do
it
'should include valid values'
do
expect
(
values
)
.
to
include
(
'ingress'
)
is_expected
.
to
include
(
'ingress'
)
expect
(
values
)
.
to
include
(
'hub'
)
is_expected
.
to
include
(
'hub'
)
expect
(
values
)
.
to
include
(
'rbac'
)
is_expected
.
to
include
(
'rbac'
)
expect
(
values
)
.
to
include
(
'proxy'
)
is_expected
.
to
include
(
'proxy'
)
expect
(
values
)
.
to
include
(
'auth'
)
is_expected
.
to
include
(
'auth'
)
expect
(
values
).
to
match
(
/clientId: '?
#{
application
.
oauth_application
.
uid
}
/
)
is_expected
.
to
include
(
"clientId:
#{
jupyter
.
oauth_application
.
uid
}
"
)
expect
(
values
).
to
match
(
/callbackUrl: '?
#{
application
.
callback_url
}
/
)
is_expected
.
to
include
(
"callbackUrl:
#{
jupyter
.
callback_url
}
"
)
end
end
end
end
end
end
spec/models/clusters/applications/prometheus_spec.rb
View file @
b2173011
...
@@ -153,44 +153,21 @@ describe Clusters::Applications::Prometheus do
...
@@ -153,44 +153,21 @@ describe Clusters::Applications::Prometheus do
expect
(
command
.
name
).
to
eq
(
'prometheus'
)
expect
(
command
.
name
).
to
eq
(
'prometheus'
)
expect
(
command
.
chart
).
to
eq
(
'stable/prometheus'
)
expect
(
command
.
chart
).
to
eq
(
'stable/prometheus'
)
expect
(
command
.
version
).
to
eq
(
'6.7.3'
)
expect
(
command
.
version
).
to
eq
(
'6.7.3'
)
expect
(
command
.
files
).
to
eq
(
prometheus
.
fil
es
)
expect
(
command
.
values
).
to
eq
(
prometheus
.
valu
es
)
end
end
end
end
describe
'#files'
do
describe
'#values'
do
let
(
:application
)
{
create
(
:clusters_applications_prometheus
)
}
let
(
:prometheus
)
{
create
(
:clusters_applications_prometheus
)
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
subject
[
:'cert.pem'
])
expect
(
cert
.
not_after
).
to
be
<
60
.
minutes
.
from_now
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
subject
{
prometheus
.
values
}
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include prometheus valid values'
do
it
'should include prometheus valid values'
do
expect
(
values
)
.
to
include
(
'alertmanager'
)
is_expected
.
to
include
(
'alertmanager'
)
expect
(
values
)
.
to
include
(
'kubeStateMetrics'
)
is_expected
.
to
include
(
'kubeStateMetrics'
)
expect
(
values
)
.
to
include
(
'nodeExporter'
)
is_expected
.
to
include
(
'nodeExporter'
)
expect
(
values
)
.
to
include
(
'pushgateway'
)
is_expected
.
to
include
(
'pushgateway'
)
expect
(
values
)
.
to
include
(
'serverFiles'
)
is_expected
.
to
include
(
'serverFiles'
)
end
end
end
end
end
end
spec/models/clusters/applications/runner_spec.rb
View file @
b2173011
...
@@ -33,55 +33,31 @@ describe Clusters::Applications::Runner do
...
@@ -33,55 +33,31 @@ describe Clusters::Applications::Runner do
expect
(
subject
.
chart
).
to
eq
(
'runner/gitlab-runner'
)
expect
(
subject
.
chart
).
to
eq
(
'runner/gitlab-runner'
)
expect
(
subject
.
version
).
to
be_nil
expect
(
subject
.
version
).
to
be_nil
expect
(
subject
.
repository
).
to
eq
(
'https://charts.gitlab.io'
)
expect
(
subject
.
repository
).
to
eq
(
'https://charts.gitlab.io'
)
expect
(
subject
.
files
).
to
eq
(
gitlab_runner
.
fil
es
)
expect
(
subject
.
values
).
to
eq
(
gitlab_runner
.
valu
es
)
end
end
end
end
describe
'#files'
do
describe
'#values'
do
let
(
:application
)
{
create
(
:clusters_applications_runner
,
runner:
ci_runner
)
}
let
(
:gitlab_runner
)
{
create
(
:clusters_applications_runner
,
runner:
ci_runner
)
}
subject
{
application
.
files
}
let
(
:values
)
{
subject
[
:'values.yaml'
]
}
it
'should include cert files'
do
expect
(
subject
[
:'ca.pem'
]).
to
be_present
expect
(
subject
[
:'ca.pem'
]).
to
eq
(
application
.
cluster
.
application_helm
.
ca_cert
)
expect
(
subject
[
:'cert.pem'
]).
to
be_present
expect
(
subject
[
:'key.pem'
]).
to
be_present
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
subject
[
:'cert.pem'
])
expect
(
cert
.
not_after
).
to
be
<
60
.
minutes
.
from_now
end
context
'when the helm application does not have a ca_cert'
do
before
do
application
.
cluster
.
application_helm
.
ca_cert
=
nil
end
it
'should not include cert files'
do
subject
{
gitlab_runner
.
values
}
expect
(
subject
[
:'ca.pem'
]).
not_to
be_present
expect
(
subject
[
:'cert.pem'
]).
not_to
be_present
expect
(
subject
[
:'key.pem'
]).
not_to
be_present
end
end
it
'should include runner valid values'
do
it
'should include runner valid values'
do
expect
(
values
)
.
to
include
(
'concurrent'
)
is_expected
.
to
include
(
'concurrent'
)
expect
(
values
)
.
to
include
(
'checkInterval'
)
is_expected
.
to
include
(
'checkInterval'
)
expect
(
values
)
.
to
include
(
'rbac'
)
is_expected
.
to
include
(
'rbac'
)
expect
(
values
)
.
to
include
(
'runners'
)
is_expected
.
to
include
(
'runners'
)
expect
(
values
)
.
to
include
(
'privileged: true'
)
is_expected
.
to
include
(
'privileged: true'
)
expect
(
values
)
.
to
include
(
'image: ubuntu:16.04'
)
is_expected
.
to
include
(
'image: ubuntu:16.04'
)
expect
(
values
)
.
to
include
(
'resources'
)
is_expected
.
to
include
(
'resources'
)
expect
(
values
).
to
match
(
/runnerToken: '?
#{
ci_runner
.
token
}
/
)
is_expected
.
to
include
(
"runnerToken:
#{
ci_runner
.
token
}
"
)
expect
(
values
).
to
match
(
/gitlabUrl: '?
#{
Gitlab
::
Routing
.
url_helpers
.
root_url
}
/
)
is_expected
.
to
include
(
"gitlabUrl:
#{
Gitlab
::
Routing
.
url_helpers
.
root_url
}
"
)
end
end
context
'without a runner'
do
context
'without a runner'
do
let
(
:project
)
{
create
(
:project
)
}
let
(
:project
)
{
create
(
:project
)
}
let
(
:cluster
)
{
create
(
:cluster
,
:with_installed_helm
,
projects:
[
project
])
}
let
(
:cluster
)
{
create
(
:cluster
,
projects:
[
project
])
}
let
(
:
application
)
{
create
(
:clusters_applications_runner
,
cluster:
cluster
)
}
let
(
:
gitlab_runner
)
{
create
(
:clusters_applications_runner
,
cluster:
cluster
)
}
it
'creates a runner'
do
it
'creates a runner'
do
expect
do
expect
do
...
@@ -90,18 +66,18 @@ describe Clusters::Applications::Runner do
...
@@ -90,18 +66,18 @@ describe Clusters::Applications::Runner do
end
end
it
'uses the new runner token'
do
it
'uses the new runner token'
do
expect
(
values
).
to
match
(
/runnerToken: '?
#{
application
.
reload
.
runner
.
token
}
/
)
expect
(
subject
).
to
include
(
"runnerToken:
#{
gitlab_runner
.
reload
.
runner
.
token
}
"
)
end
end
it
'assigns the new runner to runner'
do
it
'assigns the new runner to runner'
do
subject
subject
expect
(
application
.
reload
.
runner
).
to
be_project_type
expect
(
gitlab_runner
.
reload
.
runner
).
to
be_project_type
end
end
end
end
context
'with duplicated values on vendor/runner/values.yaml'
do
context
'with duplicated values on vendor/runner/values.yaml'
do
let
(
:
stub_
values
)
do
let
(
:values
)
do
{
{
"concurrent"
=>
4
,
"concurrent"
=>
4
,
"checkInterval"
=>
3
,
"checkInterval"
=>
3
,
...
@@ -120,11 +96,11 @@ describe Clusters::Applications::Runner do
...
@@ -120,11 +96,11 @@ describe Clusters::Applications::Runner do
end
end
before
do
before
do
allow
(
application
).
to
receive
(
:chart_values
).
and_return
(
stub_
values
)
allow
(
gitlab_runner
).
to
receive
(
:chart_values
).
and_return
(
values
)
end
end
it
'should overwrite values.yaml'
do
it
'should overwrite values.yaml'
do
expect
(
values
).
to
match
(
/privileged: '?
#{
application
.
privileged
}
/
)
is_expected
.
to
include
(
"privileged:
#{
gitlab_runner
.
privileged
}
"
)
end
end
end
end
end
end
...
...
spec/services/clusters/applications/install_service_spec.rb
View file @
b2173011
...
@@ -47,7 +47,7 @@ describe Clusters::Applications::InstallService do
...
@@ -47,7 +47,7 @@ describe Clusters::Applications::InstallService do
end
end
context
'when application cannot be persisted'
do
context
'when application cannot be persisted'
do
let
(
:application
)
{
create
(
:clusters_applications_helm
,
:scheduled
)
}
let
(
:application
)
{
build
(
:clusters_applications_helm
,
:scheduled
)
}
it
'make the application errored'
do
it
'make the application errored'
do
expect
(
application
).
to
receive
(
:make_installing!
).
once
.
and_raise
(
ActiveRecord
::
RecordInvalid
)
expect
(
application
).
to
receive
(
:make_installing!
).
once
.
and_raise
(
ActiveRecord
::
RecordInvalid
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment