EE Port: Improves restriction of multiple Kubernetes clusters via API

faa5b22e · Mayra Cabrera · Kamil Trzciński · b64f59d1 · faa5b22e · faa5b22e
Commit faa5b22e authored Jan 11, 2019 by Mayra Cabrera Committed by Kamil Trzciński Jan 11, 2019
5 changed files
--- a/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml
+++ b/changelogs/unreleased/56110-cluster-kubernetes-api-500-error-on-post-request.yml
+---
+title: Improves restriction of multiple Kubernetes clusters through API
+merge_request: 24251
+author:
+type: fixed
--- a/ee/spec/requests/api/project_clusters_spec.rb
+++ b/ee/spec/requests/api/project_clusters_spec.rb
@@ -56,12 +56,10 @@ describe API::ProjectClusters do
      }
    end
-    before do
-      post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params
-    end
    context 'when user sets specific environment scope' do
      it 'should create a cluster with that specific environment' do
+        post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params
        expect(json_response['environment_scope']).to eq('production/*')
      end
    end
@@ -75,9 +73,30 @@ describe API::ProjectClusters do
      end
      it 'should set default environment' do
+        post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params
        expect(json_response['environment_scope']).to eq('*')
      end
    end
+    context 'when license has multiple clusters feature' do
+      before do
+        stub_licensed_features(multiple_clusters: true)
+        create(:cluster, :provided_by_gcp, :project,
+               projects: [project])
+        post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params
+      end
+      it 'should respond with 201' do
+        expect(response).to have_gitlab_http_status(201)
+      end
+      it 'should allow to associate multiple cluster to project' do
+        expect(project.reload.clusters.count).to eq(2)
+      end
+    end
  end
  describe 'PUT /projects/:id/clusters/:cluster_id' do

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -248,8 +248,8 @@ module API
      forbidden! unless current_user.admin?
    end
-    def authorize!(action, subject = :global)
+    def authorize!(action, subject = :global, reason = nil)
-      forbidden! unless can?(current_user, action, subject)
+      forbidden!(reason) unless can?(current_user, action, subject)
    end
    def authorize_push_project

--- a/lib/api/project_clusters.rb
+++ b/lib/api/project_clusters.rb
@@ -65,7 +65,7 @@ module API
        use :create_params_ee
      end
      post ':id/clusters/user' do
-        authorize! :create_cluster, user_project
+        authorize! :add_cluster, user_project, 'Instance does not support multiple Kubernetes clusters'
        user_cluster = ::Clusters::CreateService
          .new(current_user, create_cluster_user_params)

--- a/spec/requests/api/project_clusters_spec.rb
+++ b/spec/requests/api/project_clusters_spec.rb
@@ -266,6 +266,23 @@ describe API::ProjectClusters do
        end
      end
    end
+    context 'when user tries to add multiple clusters' do
+      before do
+        create(:cluster, :provided_by_gcp, :project,
+               projects: [project])
+        post api("/projects/#{project.id}/clusters/user", current_user), params: cluster_params
+      end
+      it 'should respond with 403' do
+        expect(response).to have_gitlab_http_status(403)
+      end
+      it 'should return an appropriate message' do
+        expect(json_response['message']).to include('Instance does not support multiple Kubernetes clusters')
+      end
+    end
  end
  describe 'PUT /projects/:id/clusters/:cluster_id' do