Commit d6a069fe authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents 0966783c 6d867cad
...@@ -250,7 +250,9 @@ class Namespace < ApplicationRecord ...@@ -250,7 +250,9 @@ class Namespace < ApplicationRecord
end end
def root_ancestor def root_ancestor
self_and_ancestors.reorder(nil).find_by(parent_id: nil) strong_memoize(:root_ancestor) do
self_and_ancestors.reorder(nil).find_by(parent_id: nil)
end
end end
def subgroup? def subgroup?
......
...@@ -13,7 +13,7 @@ FactoryBot.define do ...@@ -13,7 +13,7 @@ FactoryBot.define do
cluster_type { Clusters::Cluster.cluster_types[:project_type] } cluster_type { Clusters::Cluster.cluster_types[:project_type] }
before(:create) do |cluster, evaluator| before(:create) do |cluster, evaluator|
cluster.projects << create(:project, :repository) unless cluster.projects.present? cluster.projects << create(:project) unless cluster.projects.present?
end end
end end
......
...@@ -6,11 +6,12 @@ describe API::ProjectClusters do ...@@ -6,11 +6,12 @@ describe API::ProjectClusters do
include KubernetesHelpers include KubernetesHelpers
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
let(:non_member) { create(:user) } let(:developer_user) { create(:user) }
let(:project) { create(:project, :repository) } let(:project) { create(:project) }
before do before do
project.add_maintainer(current_user) project.add_maintainer(current_user)
project.add_developer(developer_user)
end end
describe 'GET /projects/:id/clusters' do describe 'GET /projects/:id/clusters' do
...@@ -22,10 +23,10 @@ describe API::ProjectClusters do ...@@ -22,10 +23,10 @@ describe API::ProjectClusters do
end end
context 'non-authorized user' do context 'non-authorized user' do
it 'responds with 404' do it 'responds with 403' do
get api("/projects/#{project.id}/clusters", non_member) get api("/projects/#{project.id}/clusters", developer_user)
expect(response).to have_gitlab_http_status(404) expect(response).to have_gitlab_http_status(403)
end end
end end
...@@ -67,10 +68,10 @@ describe API::ProjectClusters do ...@@ -67,10 +68,10 @@ describe API::ProjectClusters do
end end
context 'non-authorized user' do context 'non-authorized user' do
it 'responds with 404' do it 'responds with 403' do
get api("/projects/#{project.id}/clusters/#{cluster_id}", non_member) get api("/projects/#{project.id}/clusters/#{cluster_id}", developer_user)
expect(response).to have_gitlab_http_status(404) expect(response).to have_gitlab_http_status(403)
end end
end end
...@@ -147,31 +148,7 @@ describe API::ProjectClusters do ...@@ -147,31 +148,7 @@ describe API::ProjectClusters do
end end
end end
shared_context 'kubernetes calls stubbed' do
before do
stub_kubeclient_discover(api_url)
stub_kubeclient_get_namespace(api_url, namespace: namespace)
stub_kubeclient_get_service_account(api_url, "#{namespace}-service-account", namespace: namespace)
stub_kubeclient_put_service_account(api_url, "#{namespace}-service-account", namespace: namespace)
stub_kubeclient_get_secret(
api_url,
{
metadata_name: "#{namespace}-token",
token: Base64.encode64('sample-token'),
namespace: namespace
}
)
stub_kubeclient_put_secret(api_url, "#{namespace}-token", namespace: namespace)
stub_kubeclient_get_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace)
stub_kubeclient_put_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace)
end
end
describe 'POST /projects/:id/clusters/user' do describe 'POST /projects/:id/clusters/user' do
include_context 'kubernetes calls stubbed'
let(:api_url) { 'https://kubernetes.example.com' } let(:api_url) { 'https://kubernetes.example.com' }
let(:namespace) { project.path } let(:namespace) { project.path }
let(:authorization_type) { 'rbac' } let(:authorization_type) { 'rbac' }
...@@ -195,10 +172,10 @@ describe API::ProjectClusters do ...@@ -195,10 +172,10 @@ describe API::ProjectClusters do
end end
context 'non-authorized user' do context 'non-authorized user' do
it 'responds with 404' do it 'responds with 403' do
post api("/projects/#{project.id}/clusters/user", non_member), params: cluster_params post api("/projects/#{project.id}/clusters/user", developer_user), params: cluster_params
expect(response).to have_gitlab_http_status(404) expect(response).to have_gitlab_http_status(403)
end end
end end
...@@ -291,8 +268,6 @@ describe API::ProjectClusters do ...@@ -291,8 +268,6 @@ describe API::ProjectClusters do
end end
describe 'PUT /projects/:id/clusters/:cluster_id' do describe 'PUT /projects/:id/clusters/:cluster_id' do
include_context 'kubernetes calls stubbed'
let(:api_url) { 'https://kubernetes.example.com' } let(:api_url) { 'https://kubernetes.example.com' }
let(:namespace) { 'new-namespace' } let(:namespace) { 'new-namespace' }
let(:platform_kubernetes_attributes) { { namespace: namespace } } let(:platform_kubernetes_attributes) { { namespace: namespace } }
...@@ -316,10 +291,10 @@ describe API::ProjectClusters do ...@@ -316,10 +291,10 @@ describe API::ProjectClusters do
end end
context 'non-authorized user' do context 'non-authorized user' do
it 'responds with 404' do it 'responds with 403' do
put api("/projects/#{project.id}/clusters/#{cluster.id}", non_member), params: update_params put api("/projects/#{project.id}/clusters/#{cluster.id}", developer_user), params: update_params
expect(response).to have_gitlab_http_status(404) expect(response).to have_gitlab_http_status(403)
end end
end end
...@@ -442,10 +417,10 @@ describe API::ProjectClusters do ...@@ -442,10 +417,10 @@ describe API::ProjectClusters do
end end
context 'non-authorized user' do context 'non-authorized user' do
it 'responds with 404' do it 'responds with 403' do
delete api("/projects/#{project.id}/clusters/#{cluster.id}", non_member), params: cluster_params delete api("/projects/#{project.id}/clusters/#{cluster.id}", developer_user), params: cluster_params
expect(response).to have_gitlab_http_status(404) expect(response).to have_gitlab_http_status(403)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment