Commit 4bda46a1 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch '53879-kube-token-nil' into 'master'

Fix deployment jobs using nil token

Closes #53879

See merge request gitlab-org/gitlab-ce!23009
parents 91f11727 5d2fd2ea
...@@ -22,6 +22,8 @@ module Clusters ...@@ -22,6 +22,8 @@ module Clusters
key: Settings.attr_encrypted_db_key_base_truncated, key: Settings.attr_encrypted_db_key_base_truncated,
algorithm: 'aes-256-cbc' algorithm: 'aes-256-cbc'
scope :has_service_account_token, -> { where.not(encrypted_service_account_token: nil) }
def token_name def token_name
"#{namespace}-token" "#{namespace}-token"
end end
......
...@@ -83,7 +83,7 @@ module Clusters ...@@ -83,7 +83,7 @@ module Clusters
.append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true) .append(key: 'KUBE_CA_PEM_FILE', value: ca_pem, file: true)
end end
if kubernetes_namespace = cluster.kubernetes_namespaces.find_by(project: project) if kubernetes_namespace = cluster.kubernetes_namespaces.has_service_account_token.find_by(project: project)
variables.concat(kubernetes_namespace.predefined_variables) variables.concat(kubernetes_namespace.predefined_variables)
else else
# From 11.5, every Clusters::Project should have at least one # From 11.5, every Clusters::Project should have at least one
......
---
title: Fix deployment jobs using nil KUBE_TOKEN due to migration issue
merge_request: 23009
author:
type: fixed
...@@ -13,7 +13,7 @@ FactoryBot.define do ...@@ -13,7 +13,7 @@ FactoryBot.define do
end end
trait :with_token do trait :with_token do
service_account_token { Faker::Lorem.characters(10) } service_account_token { FFaker::Lorem.characters(10) }
end end
end end
end end
...@@ -8,6 +8,22 @@ RSpec.describe Clusters::KubernetesNamespace, type: :model do ...@@ -8,6 +8,22 @@ RSpec.describe Clusters::KubernetesNamespace, type: :model do
it { is_expected.to belong_to(:cluster) } it { is_expected.to belong_to(:cluster) }
it { is_expected.to have_one(:platform_kubernetes) } it { is_expected.to have_one(:platform_kubernetes) }
describe 'has_service_account_token' do
subject { described_class.has_service_account_token }
context 'namespace has service_account_token' do
let!(:namespace) { create(:cluster_kubernetes_namespace, :with_token) }
it { is_expected.to include(namespace) }
end
context 'namespace has no service_account_token' do
let!(:namespace) { create(:cluster_kubernetes_namespace) }
it { is_expected.not_to include(namespace) }
end
end
describe 'namespace uniqueness validation' do describe 'namespace uniqueness validation' do
let(:cluster_project) { create(:cluster_project) } let(:cluster_project) { create(:cluster_project) }
let(:kubernetes_namespace) { build(:cluster_kubernetes_namespace, namespace: 'my-namespace') } let(:kubernetes_namespace) { build(:cluster_kubernetes_namespace, namespace: 'my-namespace') }
......
...@@ -210,9 +210,11 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching ...@@ -210,9 +210,11 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
let(:api_url) { 'https://kube.domain.com' } let(:api_url) { 'https://kube.domain.com' }
let(:ca_pem) { 'CA PEM DATA' } let(:ca_pem) { 'CA PEM DATA' }
subject { kubernetes.predefined_variables(project: cluster.project) }
shared_examples 'setting variables' do shared_examples 'setting variables' do
it 'sets the variables' do it 'sets the variables' do
expect(kubernetes.predefined_variables(project: cluster.project)).to include( expect(subject).to include(
{ key: 'KUBE_URL', value: api_url, public: true }, { key: 'KUBE_URL', value: api_url, public: true },
{ key: 'KUBE_CA_PEM', value: ca_pem, public: true }, { key: 'KUBE_CA_PEM', value: ca_pem, public: true },
{ key: 'KUBE_CA_PEM_FILE', value: ca_pem, public: true, file: true } { key: 'KUBE_CA_PEM_FILE', value: ca_pem, public: true, file: true }
...@@ -220,6 +222,30 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching ...@@ -220,6 +222,30 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
end end
end end
context 'kubernetes namespace is created with no service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, cluster: cluster) }
it_behaves_like 'setting variables'
it 'sets KUBE_TOKEN' do
expect(subject).to include(
{ key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
)
end
end
context 'kubernetes namespace is created with no service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token, cluster: cluster) }
it_behaves_like 'setting variables'
it 'sets KUBE_TOKEN' do
expect(subject).to include(
{ key: 'KUBE_TOKEN', value: kubernetes_namespace.service_account_token, public: false }
)
end
end
context 'namespace is provided' do context 'namespace is provided' do
let(:namespace) { 'my-project' } let(:namespace) { 'my-project' }
...@@ -228,12 +254,24 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching ...@@ -228,12 +254,24 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
end end
it_behaves_like 'setting variables' it_behaves_like 'setting variables'
it 'sets KUBE_TOKEN' do
expect(subject).to include(
{ key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
)
end
end end
context 'no namespace provided' do context 'no namespace provided' do
let(:namespace) { kubernetes.actual_namespace } let(:namespace) { kubernetes.actual_namespace }
it_behaves_like 'setting variables' it_behaves_like 'setting variables'
it 'sets KUBE_TOKEN' do
expect(subject).to include(
{ key: 'KUBE_TOKEN', value: kubernetes.token, public: false }
)
end
end end
end end
......
...@@ -2415,7 +2415,7 @@ describe Project do ...@@ -2415,7 +2415,7 @@ describe Project do
end end
context 'when user configured kubernetes from CI/CD > Clusters and KubernetesNamespace migration has been executed' do context 'when user configured kubernetes from CI/CD > Clusters and KubernetesNamespace migration has been executed' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace) } let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token) }
let!(:cluster) { kubernetes_namespace.cluster } let!(:cluster) { kubernetes_namespace.cluster }
let(:project) { kubernetes_namespace.project } let(:project) { kubernetes_namespace.project }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment