Commit 006da56c authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'knative-rbac-check' into 'master'

Require Knative to be installed only on an RBAC kubernetes cluster

See merge request gitlab-org/gitlab-ce!23807
parents d432d674 47cb5a26
......@@ -32,6 +32,7 @@ export default class Clusters {
installKnativePath,
installPrometheusPath,
managePrometheusPath,
hasRbac,
clusterType,
clusterStatus,
clusterStatusReason,
......@@ -45,6 +46,7 @@ export default class Clusters {
this.store.setManagePrometheusPath(managePrometheusPath);
this.store.updateStatus(clusterStatus);
this.store.updateStatusReason(clusterStatusReason);
this.store.updateRbac(hasRbac);
this.service = new ClustersService({
endpoint: statusPath,
installHelmEndpoint: installHelmPath,
......@@ -102,6 +104,7 @@ export default class Clusters {
ingressHelpPath: this.state.ingressHelpPath,
managePrometheusPath: this.state.managePrometheusPath,
ingressDnsHelpPath: this.state.ingressDnsHelpPath,
rbac: this.state.rbac,
},
});
},
......
......@@ -52,6 +52,11 @@ export default {
required: false,
default: '',
},
rbac: {
type: Boolean,
required: false,
default: false,
},
},
data: () => ({
elasticsearchLogo,
......@@ -442,6 +447,18 @@ export default {
title-link="https://github.com/knative/docs"
>
<div slot="description">
<span v-if="!rbac">
<p v-if="!rbac" class="bs-callout bs-callout-info append-bottom-0">
{{
s__(`ClusterIntegration|You must have an RBAC-enabled cluster
to install Knative.`)
}}
<a :href="helpPath" target="_blank" rel="noopener noreferrer">
{{ __('More information') }}
</a>
</p>
<br />
</span>
<p>
{{
s__(`ClusterIntegration|Knative extends Kubernetes to provide
......@@ -465,7 +482,7 @@ export default {
/>
</div>
</template>
<template v-else-if="helmInstalled">
<template v-else-if="helmInstalled && rbac">
<div class="form-group">
<label for="knative-domainname">
{{ s__('ClusterIntegration|Knative Domain Name:') }}
......
import { s__ } from '../../locale';
import { parseBoolean } from '../../lib/utils/common_utils';
import { INGRESS, JUPYTER, KNATIVE, CERT_MANAGER } from '../constants';
export default class ClusterStore {
......@@ -7,6 +8,7 @@ export default class ClusterStore {
helpPath: null,
ingressHelpPath: null,
status: null,
rbac: false,
statusReason: null,
applications: {
helm: {
......@@ -81,6 +83,10 @@ export default class ClusterStore {
this.state.status = status;
}
updateRbac(rbac) {
this.state.rbac = parseBoolean(rbac);
}
updateStatusReason(reason) {
this.state.statusReason = reason;
}
......
......@@ -19,6 +19,13 @@ module Clusters
self.reactive_cache_key = ->(knative) { [knative.class.model_name.singular, knative.id] }
def set_initial_status
return unless not_installable?
return unless verify_cluster?
self.status = 'installable'
end
state_machine :status do
after_transition any => [:installed] do |application|
application.run_after_commit do
......@@ -99,6 +106,10 @@ module Clusters
def install_knative_metrics
["kubectl apply -f #{METRICS_CONFIG}"] if cluster.application_prometheus_available?
end
def verify_cluster?
cluster&.application_helm_available? && cluster&.platform_kubernetes_rbac?
end
end
end
end
......@@ -16,6 +16,7 @@
install_jupyter_path: clusterable.install_applications_cluster_path(@cluster, :jupyter),
install_knative_path: clusterable.install_applications_cluster_path(@cluster, :knative),
toggle_status: @cluster.enabled? ? 'true': 'false',
has_rbac: @cluster.platform_kubernetes_rbac? ? 'true': 'false',
cluster_type: @cluster.cluster_type,
cluster_status: @cluster.status_name,
cluster_status_reason: @cluster.status_reason,
......
---
title: Require Knative to be installed only on an RBAC kubernetes cluster
merge_request: 23807
author: Chris Baumbauer
type: changed
......@@ -1842,6 +1842,9 @@ msgstr ""
msgid "ClusterIntegration|You must first install Helm Tiller before installing the applications below"
msgstr ""
msgid "ClusterIntegration|You must have an RBAC-enabled cluster to install Knative."
msgstr ""
msgid "ClusterIntegration|Your account must have %{link_to_kubernetes_engine}"
msgstr ""
......
......@@ -44,6 +44,10 @@ FactoryBot.define do
provider_gcp factory: [:cluster_provider_gcp, :creating]
end
trait :rbac_disabled do
platform_kubernetes factory: [:cluster_platform_kubernetes, :configured, :rbac_disabled]
end
trait :disabled do
enabled false
end
......
......@@ -16,8 +16,8 @@ FactoryBot.define do
end
end
trait :rbac_enabled do
authorization_type :rbac
trait :rbac_disabled do
authorization_type :abac
end
end
end
......@@ -70,6 +70,34 @@ describe 'Clusters Applications', :js do
end
end
context 'when user installs Knative' do
before do
create(:clusters_applications_helm, :installed, cluster: cluster)
end
context 'on an abac cluster' do
let(:cluster) { create(:cluster, :provided_by_gcp, :rbac_disabled, projects: [project])}
it 'should show info block and not be installable' do
page.within('.js-cluster-application-row-knative') do
expect(page).to have_css('.bs-callout-info')
expect(page.find(:css, '.js-cluster-application-install-button')['disabled']).to eq('true')
end
end
end
context 'on an rbac cluster' do
let(:cluster) { create(:cluster, :provided_by_gcp, projects: [project])}
it 'should not show callout block and be installable' do
page.within('.js-cluster-application-row-knative') do
expect(page).not_to have_css('.bs-callout-info')
expect(page).to have_css('.js-cluster-application-install-button:not([disabled])')
end
end
end
end
context 'when user installs Cert Manager' do
before do
allow(ClusterInstallAppWorker).to receive(:perform_async)
......
......@@ -62,6 +62,7 @@ describe('Clusters Store', () => {
ingressHelpPath: null,
status: mockResponseData.status,
statusReason: mockResponseData.status_reason,
rbac: false,
applications: {
helm: {
title: 'Helm Tiller',
......
......@@ -15,6 +15,13 @@ describe Clusters::Applications::Knative do
allow(ClusterWaitForIngressIpAddressWorker).to receive(:perform_async)
end
describe 'when rbac is not enabled' do
let(:cluster) { create(:cluster, :provided_by_gcp, :rbac_disabled) }
let(:knative_no_rbac) { create(:clusters_applications_knative, cluster: cluster) }
it { expect(knative_no_rbac).to be_not_installable }
end
describe '.installed' do
subject { described_class.installed }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment