Move Agent KUBECONFIG variable generation to core

Changelog: added

Move Agent KUBECONFIG variable generation to core
Changelog: added
0ee1914b · Tiger · Stan Hu · 0c9dbf79 · 0ee1914b · 0ee1914b
Commit 0ee1914b authored Oct 11, 2021 by Tiger Committed by Stan Hu Oct 19, 2021
10 changed files
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -1214,7 +1214,19 @@ module Ci
    end

    def kubernetes_variables
-      [] # Overridden in EE
+      ::Gitlab::Ci::Variables::Collection.new.tap do |collection|
+        # A cluster deployemnt may also define a KUBECONFIG variable, so to keep existing
+        # configurations working we shouldn't overwrite it here.
+        # This check will be removed when Cluster and Agent configurations are
+        # merged in https://gitlab.com/gitlab-org/gitlab/-/issues/335089
+        break collection if deployment&.deployment_cluster
+
+        template = ::Ci::GenerateKubeconfigService.new(self).execute # rubocop: disable CodeReuse/ServiceClass
+
+        if template.valid?
+          collection.append(key: 'KUBECONFIG', value: template.to_yaml, public: false, file: true)
+        end
+      end
    end

    def conditionally_allow_failure!(exit_code)

--- a/app/models/ci/pipeline.rb
+++ b/app/models/ci/pipeline.rb
@@ -1264,6 +1264,16 @@ module Ci
      end
    end

+    def authorized_cluster_agents
+      strong_memoize(:authorized_cluster_agents) do
+        if ::Feature.enabled?(:group_authorized_agents, project, default_enabled: :yaml)
+          ::Clusters::AgentAuthorizationsFinder.new(project).execute.map(&:agent)
+        else
+          ::Clusters::DeployableAgentsFinder.new(project).execute
+        end
+      end
+    end
+
    private

    def add_message(severity, content)

--- a/ee/app/services/ci/generate_kubeconfig_service.rb
+++ b/ee/app/services/ci/generate_kubeconfig_service.rb
--- a/ee/app/models/ee/ci/build.rb
+++ b/ee/app/models/ee/ci/build.rb
@@ -209,23 +209,6 @@ module EE
        end
      end

-      override :kubernetes_variables
-      def kubernetes_variables
-        ::Gitlab::Ci::Variables::Collection.new.tap do |collection|
-          # A cluster deployemnt may also define a KUBECONFIG variable, so to keep existing
-          # configurations working we shouldn't overwrite it here.
-          # This check will be removed when Cluster and Agent configurations are
-          # merged in https://gitlab.com/gitlab-org/gitlab/-/issues/335089
-          break collection if deployment&.deployment_cluster
-
-          template = ::Ci::GenerateKubeconfigService.new(self).execute
-
-          if template.valid?
-            collection.append(key: 'KUBECONFIG', value: template.to_yaml, public: false, file: true)
-          end
-        end
-      end
-
      def parse_security_artifact_blob(security_report, blob)
        report_clone = security_report.clone_as_blank
        parse_raw_security_artifact_blob(report_clone, blob)

--- a/ee/app/models/ee/ci/pipeline.rb
+++ b/ee/app/models/ee/ci/pipeline.rb
@@ -173,16 +173,6 @@ module EE
        ondemand_dast_scan? && parameter_source?
      end

-      def authorized_cluster_agents
-        strong_memoize(:authorized_cluster_agents) do
-          if ::Feature.enabled?(:group_authorized_agents, project, default_enabled: :yaml)
-            ::Clusters::AgentAuthorizationsFinder.new(project).execute.map(&:agent)
-          else
-            ::Clusters::DeployableAgentsFinder.new(project).execute
-          end
-        end
-      end
-
      private

      def has_security_reports?

--- a/ee/spec/models/ci/build_spec.rb
+++ b/ee/spec/models/ci/build_spec.rb
@@ -228,31 +228,6 @@ RSpec.describe Ci::Build do
        expect(requirement_variable).to be_nil
      end
    end
-
-    describe 'kubernetes variables' do
-      let(:service) { double(execute: template) }
-      let(:template) { double(to_yaml: 'example-kubeconfig', valid?: template_valid) }
-      let(:template_valid) { true }
-
-      before do
-        allow(::Ci::GenerateKubeconfigService).to receive(:new).with(job).and_return(service)
-      end
-
-      it { is_expected.to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) }
-
-      context 'job is deploying to a cluster' do
-        let(:deployment) { create(:deployment, deployment_cluster: create(:deployment_cluster)) }
-        let(:job) { create(:ci_build, pipeline: pipeline, deployment: deployment) }
-
-        it { is_expected.not_to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) }
-      end
-
-      context 'generated config is invalid' do
-        let(:template_valid) { false }
-
-        it { is_expected.not_to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) }
-      end
-    end
  end

  describe '#has_security_reports?' do

--- a/ee/spec/models/ci/pipeline_spec.rb
+++ b/ee/spec/models/ci/pipeline_spec.rb
@@ -632,36 +632,4 @@ RSpec.describe Ci::Pipeline do
      it { is_expected.to eq(true) }
    end
  end
-
-  describe '#authorized_cluster_agents' do
-    let(:agent) { instance_double(Clusters::Agent) }
-    let(:authorization) { instance_double(Clusters::Agents::GroupAuthorization, agent: agent) }
-    let(:finder) { double(execute: [authorization]) }
-
-    it 'retrieves agent records from the finder and caches the result' do
-      expect(Clusters::AgentAuthorizationsFinder).to receive(:new).once
-      .with(pipeline.project)
-      .and_return(finder)
-
-      expect(pipeline.authorized_cluster_agents).to contain_exactly(agent)
-      expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached
-    end
-
-    context 'group_authorized_agents feature flag is disabled' do
-      let(:finder) { double(execute: [agent]) }
-
-      before do
-        stub_feature_flags(group_authorized_agents: false)
-      end
-
-      it 'retrieves agent records from the legacy finder and caches the result' do
-        expect(Clusters::DeployableAgentsFinder).to receive(:new).once
-        .with(pipeline.project)
-        .and_return(finder)
-
-        expect(pipeline.authorized_cluster_agents).to contain_exactly(agent)
-        expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached
-      end
-    end
-  end
 end
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -3411,6 +3411,31 @@ RSpec.describe Ci::Build do

      it { is_expected.to include(key: job_variable.key, value: job_variable.value, public: false, masked: false) }
    end
+
+    describe 'kubernetes variables' do
+      let(:service) { double(execute: template) }
+      let(:template) { double(to_yaml: 'example-kubeconfig', valid?: template_valid) }
+      let(:template_valid) { true }
+
+      before do
+        allow(Ci::GenerateKubeconfigService).to receive(:new).with(build).and_return(service)
+      end
+
+      it { is_expected.to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) }
+
+      context 'job is deploying to a cluster' do
+        let(:deployment) { create(:deployment, deployment_cluster: create(:deployment_cluster)) }
+        let(:build) { create(:ci_build, pipeline: pipeline, deployment: deployment) }
+
+        it { is_expected.not_to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) }
+      end
+
+      context 'generated config is invalid' do
+        let(:template_valid) { false }
+
+        it { is_expected.not_to include(key: 'KUBECONFIG', value: 'example-kubeconfig', public: false, file: true) }
+      end
+    end
  end

  describe '#scoped_variables' do

--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -4595,4 +4595,37 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do
      end
    end
  end
+
+  describe '#authorized_cluster_agents' do
+    let(:pipeline) { create(:ci_empty_pipeline, :created) }
+    let(:agent) { instance_double(Clusters::Agent) }
+    let(:authorization) { instance_double(Clusters::Agents::GroupAuthorization, agent: agent) }
+    let(:finder) { double(execute: [authorization]) }
+
+    it 'retrieves agent records from the finder and caches the result' do
+      expect(Clusters::AgentAuthorizationsFinder).to receive(:new).once
+        .with(pipeline.project)
+        .and_return(finder)
+
+      expect(pipeline.authorized_cluster_agents).to contain_exactly(agent)
+      expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached
+    end
+
+    context 'group_authorized_agents feature flag is disabled' do
+      let(:finder) { double(execute: [agent]) }
+
+      before do
+        stub_feature_flags(group_authorized_agents: false)
+      end
+
+      it 'retrieves agent records from the legacy finder and caches the result' do
+        expect(Clusters::DeployableAgentsFinder).to receive(:new).once
+          .with(pipeline.project)
+          .and_return(finder)
+
+        expect(pipeline.authorized_cluster_agents).to contain_exactly(agent)
+        expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached
+      end
+    end
+  end
 end
--- a/ee/spec/services/ci/generate_kubeconfig_service_spec.rb
+++ b/ee/spec/services/ci/generate_kubeconfig_service_spec.rb