Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
c9078e3d
Commit
c9078e3d
authored
Oct 01, 2018
by
Dylan Griffith
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add a QA spec for RBAC cluster and auto devops
This fails now because we have not yet implemented support for this
parent
0e1fc6e0
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
118 additions
and
52 deletions
+118
-52
app/views/projects/clusters/user/_form.html.haml
app/views/projects/clusters/user/_form.html.haml
+1
-1
qa/qa/factory/resource/kubernetes_cluster.rb
qa/qa/factory/resource/kubernetes_cluster.rb
+1
-0
qa/qa/page/project/operations/kubernetes/add_existing.rb
qa/qa/page/project/operations/kubernetes/add_existing.rb
+5
-0
qa/qa/service/kubernetes_cluster.rb
qa/qa/service/kubernetes_cluster.rb
+58
-4
qa/qa/service/shellout.rb
qa/qa/service/shellout.rb
+4
-2
qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
...igure/auto_devops/create_project_with_auto_devops_spec.rb
+49
-45
No files found.
app/views/projects/clusters/user/_form.html.haml
View file @
c9078e3d
...
...
@@ -27,7 +27,7 @@
.form-group
.form-check
=
platform_kubernetes_field
.
check_box
:authorization_type
,
{
class:
'form-check-input'
},
'rbac'
,
'abac'
=
platform_kubernetes_field
.
check_box
:authorization_type
,
{
class:
'form-check-input
qa-rbac-checkbox
'
},
'rbac'
,
'abac'
=
platform_kubernetes_field
.
label
:authorization_type
,
s_
(
'ClusterIntegration|RBAC-enabled cluster (experimental)'
),
class:
'form-check-label label-bold'
.form-text.text-muted
=
s_
(
'ClusterIntegration|Enable this setting if using role-based access control (RBAC).'
)
...
...
qa/qa/factory/resource/kubernetes_cluster.rb
View file @
c9078e3d
...
...
@@ -31,6 +31,7 @@ module QA
page
.
set_api_url
(
@cluster
.
api_url
)
page
.
set_ca_certificate
(
@cluster
.
ca_certificate
)
page
.
set_token
(
@cluster
.
token
)
page
.
check_rbac!
if
@cluster
.
rbac
page
.
add_cluster!
end
...
...
qa/qa/page/project/operations/kubernetes/add_existing.rb
View file @
c9078e3d
...
...
@@ -10,6 +10,7 @@ module QA
element
:ca_certificate
,
'text_area :ca_cert'
element
:token
,
'text_field :token'
element
:add_cluster_button
,
"submit s_('ClusterIntegration|Add Kubernetes cluster')"
element
:rbac_checkbox
end
def
set_cluster_name
(
name
)
...
...
@@ -31,6 +32,10 @@ module QA
def
add_cluster!
click_on
'Add Kubernetes cluster'
end
def
check_rbac!
check_element
:rbac_checkbox
end
end
end
end
...
...
qa/qa/service/kubernetes_cluster.rb
View file @
c9078e3d
require
'securerandom'
require
'mkmf'
require
'pathname'
module
QA
module
Service
class
KubernetesCluster
include
Service
::
Shellout
attr_reader
:api_url
,
:ca_certificate
,
:token
attr_reader
:api_url
,
:ca_certificate
,
:token
,
:rbac
def
initialize
(
rbac:
false
)
@rbac
=
rbac
end
def
cluster_name
@cluster_name
||=
"qa-cluster-
#{
SecureRandom
.
hex
(
4
)
}
-
#{
Time
.
now
.
utc
.
strftime
(
"%Y%m%d%H%M%S"
)
}
"
...
...
@@ -19,7 +24,7 @@ module QA
shell
<<~
CMD
.
tr
(
"
\n
"
,
' '
)
gcloud container clusters
create
#{
cluster_name
}
--enable-legacy-authorization
#{
auth_options
}
--zone
#{
Runtime
::
Env
.
gcloud_zone
}
&& gcloud container clusters
get-credentials
...
...
@@ -28,8 +33,21 @@ module QA
CMD
@api_url
=
`kubectl config view --minify -o jsonpath='{.clusters[].cluster.server}'`
@ca_certificate
=
Base64
.
decode64
(
`kubectl get secrets -o jsonpath="{.items[0].data['ca
\\
.crt']}"`
)
@token
=
Base64
.
decode64
(
`kubectl get secrets -o jsonpath='{.items[0].data.token}'`
)
if
rbac
create_service_account
secrets
=
JSON
.
parse
(
`kubectl get secrets -o json`
)
gitlab_account
=
secrets
[
'items'
].
find
do
|
item
|
item
[
'metadata'
][
'annotations'
][
'kubernetes.io/service-account.name'
]
==
'gitlab-account'
end
@ca_certificate
=
Base64
.
decode64
(
gitlab_account
[
'data'
][
'ca.crt'
])
@token
=
Base64
.
decode64
(
gitlab_account
[
'data'
][
'token'
])
else
@ca_certificate
=
Base64
.
decode64
(
`kubectl get secrets -o jsonpath="{.items[0].data['ca
\\
.crt']}"`
)
@token
=
Base64
.
decode64
(
`kubectl get secrets -o jsonpath='{.items[0].data.token}'`
)
end
self
end
...
...
@@ -44,6 +62,42 @@ module QA
private
def
create_service_account
shell
(
'kubectl create -f -'
,
stdin_data:
service_account
)
shell
(
'kubectl create -f -'
,
stdin_data:
service_account_role_binding
)
end
def
service_account
<<~
YAML
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-account
namespace: default
YAML
end
def
service_account_role_binding
<<~
YAML
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-account-binding
subjects:
- kind: ServiceAccount
name: gitlab-account
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
YAML
end
def
auth_options
"--enable-legacy-authorization"
unless
rbac
end
def
validate_dependencies
find_executable
(
'gcloud'
)
||
raise
(
"You must first install `gcloud` executable to run these tests."
)
find_executable
(
'kubectl'
)
||
raise
(
"You must first install `kubectl` executable to run these tests."
)
...
...
qa/qa/service/shellout.rb
View file @
c9078e3d
...
...
@@ -11,10 +11,12 @@ module QA
# TODO, make it possible to use generic QA framework classes
# as a library - gitlab-org/gitlab-qa#94
#
def
shell
(
command
)
def
shell
(
command
,
stdin_data:
nil
)
puts
"Executing `
#{
command
}
`"
Open3
.
popen2e
(
*
command
)
do
|
_in
,
out
,
wait
|
Open3
.
popen2e
(
*
command
)
do
|
stdin
,
out
,
wait
|
stdin
.
puts
(
stdin_data
)
if
stdin_data
stdin
.
close
if
stdin_data
out
.
each
{
|
line
|
puts
line
}
if
wait
.
value
.
exited?
&&
wait
.
value
.
exitstatus
.
nonzero?
...
...
qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
View file @
c9078e3d
...
...
@@ -9,59 +9,63 @@ module QA
@cluster
&
.
remove!
end
it
'user creates a new project and runs auto devops'
do
Runtime
::
Browser
.
visit
(
:gitlab
,
Page
::
Main
::
Login
)
Page
::
Main
::
Login
.
act
{
sign_in_using_credentials
}
[
true
,
false
].
each
do
|
rbac
|
context
"when rbac is
#{
rbac
?
'enabled'
:
'disabled'
}
"
do
it
'user creates a new project and runs auto devops'
do
Runtime
::
Browser
.
visit
(
:gitlab
,
Page
::
Main
::
Login
)
Page
::
Main
::
Login
.
act
{
sign_in_using_credentials
}
project
=
Factory
::
Resource
::
Project
.
fabricate!
do
|
p
|
p
.
name
=
'project-with-autodevops'
p
.
description
=
'Project with Auto Devops'
end
project
=
Factory
::
Resource
::
Project
.
fabricate!
do
|
p
|
p
.
name
=
'project-with-autodevops'
p
.
description
=
'Project with Auto Devops'
end
# Disable code_quality check in Auto DevOps pipeline as it takes
# too long and times out the test
Factory
::
Resource
::
SecretVariable
.
fabricate!
do
|
resource
|
resource
.
project
=
project
resource
.
key
=
'CODE_QUALITY_DISABLED'
resource
.
value
=
'1'
end
# Disable code_quality check in Auto DevOps pipeline as it takes
# too long and times out the test
Factory
::
Resource
::
SecretVariable
.
fabricate!
do
|
resource
|
resource
.
project
=
project
resource
.
key
=
'CODE_QUALITY_DISABLED'
resource
.
value
=
'1'
end
# Create Auto Devops compatible repo
Factory
::
Repository
::
ProjectPush
.
fabricate!
do
|
push
|
push
.
project
=
project
push
.
directory
=
Pathname
.
new
(
__dir__
)
.
join
(
'../../../../../fixtures/auto_devops_rack'
)
push
.
commit_message
=
'Create Auto DevOps compatible rack application'
end
# Create Auto Devops compatible repo
Factory
::
Repository
::
ProjectPush
.
fabricate!
do
|
push
|
push
.
project
=
project
push
.
directory
=
Pathname
.
new
(
__dir__
)
.
join
(
'../../../../../fixtures/auto_devops_rack'
)
push
.
commit_message
=
'Create Auto DevOps compatible rack application'
end
Page
::
Project
::
Show
.
act
{
wait_for_push
}
Page
::
Project
::
Show
.
act
{
wait_for_push
}
# Create and connect K8s cluster
@cluster
=
Service
::
KubernetesCluster
.
new
.
create!
kubernetes_cluster
=
Factory
::
Resource
::
KubernetesCluster
.
fabricate!
do
|
cluster
|
cluster
.
project
=
project
cluster
.
cluster
=
@cluster
cluster
.
install_helm_tiller
=
true
cluster
.
install_ingress
=
true
cluster
.
install_prometheus
=
true
cluster
.
install_runner
=
true
end
# Create and connect K8s cluster
@cluster
=
Service
::
KubernetesCluster
.
new
(
rbac:
rbac
)
.
create!
kubernetes_cluster
=
Factory
::
Resource
::
KubernetesCluster
.
fabricate!
do
|
cluster
|
cluster
.
project
=
project
cluster
.
cluster
=
@cluster
cluster
.
install_helm_tiller
=
true
cluster
.
install_ingress
=
true
cluster
.
install_prometheus
=
true
cluster
.
install_runner
=
true
end
project
.
visit!
Page
::
Menu
::
Side
.
act
{
click_ci_cd_settings
}
Page
::
Project
::
Settings
::
CICD
.
perform
do
|
p
|
p
.
enable_auto_devops_with_domain
(
"
#{
kubernetes_cluster
.
ingress_ip
}
.nip.io"
)
end
project
.
visit!
Page
::
Menu
::
Side
.
act
{
click_ci_cd_settings
}
Page
::
Project
::
Settings
::
CICD
.
perform
do
|
p
|
p
.
enable_auto_devops_with_domain
(
"
#{
kubernetes_cluster
.
ingress_ip
}
.nip.io"
)
end
project
.
visit!
Page
::
Menu
::
Side
.
act
{
click_ci_cd_pipelines
}
Page
::
Project
::
Pipeline
::
Index
.
act
{
go_to_latest_pipeline
}
project
.
visit!
Page
::
Menu
::
Side
.
act
{
click_ci_cd_pipelines
}
Page
::
Project
::
Pipeline
::
Index
.
act
{
go_to_latest_pipeline
}
Page
::
Project
::
Pipeline
::
Show
.
perform
do
|
pipeline
|
expect
(
pipeline
).
to
have_build
(
'build'
,
status: :success
,
wait:
600
)
expect
(
pipeline
).
to
have_build
(
'test'
,
status: :success
,
wait:
600
)
expect
(
pipeline
).
to
have_build
(
'production'
,
status: :success
,
wait:
1200
)
Page
::
Project
::
Pipeline
::
Show
.
perform
do
|
pipeline
|
expect
(
pipeline
).
to
have_build
(
'build'
,
status: :success
,
wait:
600
)
expect
(
pipeline
).
to
have_build
(
'test'
,
status: :success
,
wait:
600
)
expect
(
pipeline
).
to
have_build
(
'production'
,
status: :success
,
wait:
1200
)
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment