Move local Tiller FF check to cluster level

So that we can scope the feature flag to the entity that owns the cluster (project, group or instance).

Move local Tiller FF check to cluster level
So that we can scope the feature flag to the entity that owns the cluster (project, group or instance).
4e8b00f1 · Hordur Freyr Yngvason · Heinrich Lee Yu · 9af9ec98 · 4e8b00f1 · 4e8b00f1
Commit 4e8b00f1 authored Jun 11, 2020 by Hordur Freyr Yngvason Committed by Heinrich Lee Yu Jun 11, 2020
33 changed files
--- a/app/controllers/clusters/base_controller.rb
+++ b/app/controllers/clusters/base_controller.rb
@@ -7,7 +7,7 @@ class Clusters::BaseController < ApplicationController
  before_action :authorize_read_cluster!

  before_action do
-    push_frontend_feature_flag(:managed_apps_local_tiller)
+    push_frontend_feature_flag(:managed_apps_local_tiller, clusterable)
  end

  helper_method :clusterable

--- a/app/models/clusters/applications/cert_manager.rb
+++ b/app/models/clusters/applications/cert_manager.rb
@@ -38,7 +38,8 @@ module Clusters
          chart: chart,
          files: files.merge(cluster_issuer_file),
          preinstall: pre_install_script,
-          postinstall: post_install_script
+          postinstall: post_install_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -47,7 +48,8 @@ module Clusters
          name: 'certmanager',
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
-          postdelete: post_delete_script
+          postdelete: post_delete_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/crossplane.rb
+++ b/app/models/clusters/applications/crossplane.rb
@@ -35,7 +35,8 @@ module Clusters
          version: VERSION,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/elastic_stack.rb
+++ b/app/models/clusters/applications/elastic_stack.rb
@@ -34,7 +34,8 @@ module Clusters
          repository: repository,
          files: files,
          preinstall: migrate_to_3_script,
-          postinstall: post_install_script
+          postinstall: post_install_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -43,7 +44,8 @@ module Clusters
          name: 'elastic-stack',
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
-          postdelete: post_delete_script
+          postdelete: post_delete_script,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -118,7 +120,8 @@ module Clusters
          Gitlab::Kubernetes::Helm::DeleteCommand.new(
            name: 'elastic-stack',
            rbac: cluster.platform_kubernetes_rbac?,
-            files: files
+            files: files,
+            local_tiller_enabled: cluster.local_tiller_enabled?
          ).delete_command,
          Gitlab::Kubernetes::KubectlCmd.delete("pvc", "--selector", "release=elastic-stack", "--namespace", Gitlab::Kubernetes::Helm::NAMESPACE)
        ]

--- a/app/models/clusters/applications/fluentd.rb
+++ b/app/models/clusters/applications/fluentd.rb
@@ -32,7 +32,8 @@ module Clusters
          version: VERSION,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/helm.rb
+++ b/app/models/clusters/applications/helm.rb
@@ -52,7 +52,8 @@ module Clusters
        Gitlab::Kubernetes::Helm::InitCommand.new(
          name: name,
          files: files,
-          rbac: cluster.platform_kubernetes_rbac?
+          rbac: cluster.platform_kubernetes_rbac?,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -60,7 +61,8 @@ module Clusters
        Gitlab::Kubernetes::Helm::ResetCommand.new(
          name: name,
          files: files,
-          rbac: cluster.platform_kubernetes_rbac?
+          rbac: cluster.platform_kubernetes_rbac?,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/ingress.rb
+++ b/app/models/clusters/applications/ingress.rb
@@ -63,7 +63,8 @@ module Clusters
          version: VERSION,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/jupyter.rb
+++ b/app/models/clusters/applications/jupyter.rb
@@ -45,7 +45,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
          files: files,
-          repository: repository
+          repository: repository,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/knative.rb
+++ b/app/models/clusters/applications/knative.rb
@@ -77,7 +77,8 @@ module Clusters
          chart: chart,
          files: files,
          repository: REPOSITORY,
-          postinstall: install_knative_metrics
+          postinstall: install_knative_metrics,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -99,7 +100,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
          predelete: delete_knative_services_and_metrics,
-          postdelete: delete_knative_istio_leftovers
+          postdelete: delete_knative_istio_leftovers,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/prometheus.rb
+++ b/app/models/clusters/applications/prometheus.rb
@@ -66,7 +66,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
          files: files,
-          postinstall: install_knative_metrics
+          postinstall: install_knative_metrics,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -76,7 +77,8 @@ module Clusters
          version: version,
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
-          files: files_with_replaced_values(values)
+          files: files_with_replaced_values(values),
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -85,7 +87,8 @@ module Clusters
          name: name,
          rbac: cluster.platform_kubernetes_rbac?,
          files: files,
-          predelete: delete_knative_istio_metrics
+          predelete: delete_knative_istio_metrics,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -36,7 +36,8 @@ module Clusters
          rbac: cluster.platform_kubernetes_rbac?,
          chart: chart,
          files: files,
-          repository: repository
+          repository: repository,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end


--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -326,6 +326,10 @@ module Clusters
      end
    end

+    def local_tiller_enabled?
+      Feature.enabled?(:managed_apps_local_tiller, clusterable, default_enabled: false)
+    end
+
    private

    def unique_management_project_environment_scope

--- a/app/models/clusters/concerns/application_core.rb
+++ b/app/models/clusters/concerns/application_core.rb
@@ -15,7 +15,7 @@ module Clusters
        def set_initial_status
          return unless not_installable?

-          self.status = status_states[:installable] if cluster&.application_helm_available? || ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
+          self.status = status_states[:installable] if cluster&.application_helm_available? || cluster&.local_tiller_enabled?
        end

        def can_uninstall?

--- a/app/models/clusters/concerns/application_data.rb
+++ b/app/models/clusters/concerns/application_data.rb
@@ -7,7 +7,8 @@ module Clusters
        Gitlab::Kubernetes::Helm::DeleteCommand.new(
          name: name,
          rbac: cluster.platform_kubernetes_rbac?,
-          files: files
+          files: files,
+          local_tiller_enabled: cluster.local_tiller_enabled?
        )
      end

@@ -32,7 +33,7 @@ module Clusters
      private

      def use_tiller_ssl?
-        return false if ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
+        return false if cluster.local_tiller_enabled?

        cluster.application_helm.has_ssl?
      end

--- a/app/models/clusters/concerns/application_status.rb
+++ b/app/models/clusters/concerns/application_status.rb
@@ -98,7 +98,7 @@ module Clusters
          end

          before_transition any => [:installed, :updated] do |application, transition|
-            unless ::Gitlab::Kubernetes::Helm.local_tiller_enabled? || application.is_a?(Clusters::Applications::Helm)
+            unless application.cluster.local_tiller_enabled? || application.is_a?(Clusters::Applications::Helm)
              if transition.event == :make_externally_installed
                # If an application is externally installed
                # We assume the helm application is externally installed too

--- a/lib/gitlab/kubernetes/helm.rb
+++ b/lib/gitlab/kubernetes/helm.rb
@@ -10,12 +10,6 @@ module Gitlab
      SERVICE_ACCOUNT = 'tiller'
      CLUSTER_ROLE_BINDING = 'tiller-admin'
      CLUSTER_ROLE = 'cluster-admin'
-
-      MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG = :managed_apps_local_tiller
-
-      def self.local_tiller_enabled?
-        Feature.enabled?(MANAGED_APPS_LOCAL_TILLER_FEATURE_FLAG)
-      end
    end
  end
 end
--- a/lib/gitlab/kubernetes/helm/base_command.rb
+++ b/lib/gitlab/kubernetes/helm/base_command.rb
@@ -3,7 +3,24 @@
 module Gitlab
  module Kubernetes
    module Helm
-      module BaseCommand
+      class BaseCommand
+        attr_reader :name, :files
+
+        def initialize(rbac:, name:, files:, local_tiller_enabled:)
+          @rbac = rbac
+          @name = name
+          @files = files
+          @local_tiller_enabled = local_tiller_enabled
+        end
+
+        def rbac?
+          @rbac
+        end
+
+        def local_tiller_enabled?
+          @local_tiller_enabled
+        end
+
        def pod_resource
          pod_service_account_name = rbac? ? service_account_name : nil

@@ -46,18 +63,6 @@ module Gitlab
          files.keys
        end

-        def name
-          raise "Not implemented"
-        end
-
-        def rbac?
-          raise "Not implemented"
-        end
-
-        def files
-          raise "Not implemented"
-        end
-
        private

        def files_dir

--- a/lib/gitlab/kubernetes/helm/client_command.rb
+++ b/lib/gitlab/kubernetes/helm/client_command.rb
@@ -57,10 +57,6 @@ module Gitlab
            '--tls-key', "#{files_dir}/key.pem"
          ]
        end
-
-        def local_tiller_enabled?
-          ::Gitlab::Kubernetes::Helm.local_tiller_enabled?
-        end
      end
    end
  end

--- a/lib/gitlab/kubernetes/helm/delete_command.rb
+++ b/lib/gitlab/kubernetes/helm/delete_command.rb
@@ -3,17 +3,13 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class DeleteCommand
-        include BaseCommand
+      class DeleteCommand < BaseCommand
        include ClientCommand

        attr_reader :predelete, :postdelete
-        attr_accessor :name, :files

-        def initialize(name:, rbac:, files:, predelete: nil, postdelete: nil)
-          @name = name
-          @files = files
-          @rbac = rbac
+        def initialize(predelete: nil, postdelete: nil, **args)
+          super(**args)
          @predelete = predelete
          @postdelete = postdelete
        end
@@ -32,10 +28,6 @@ module Gitlab
          "uninstall-#{name}"
        end

-        def rbac?
-          @rbac
-        end
-
        def delete_command
          command = ['helm', 'delete', '--purge', name] + tls_flags_if_remote_tiller


--- a/lib/gitlab/kubernetes/helm/init_command.rb
+++ b/lib/gitlab/kubernetes/helm/init_command.rb
@@ -3,27 +3,13 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class InitCommand
-        include BaseCommand
-
-        attr_reader :name, :files
-
-        def initialize(name:, files:, rbac:)
-          @name = name
-          @files = files
-          @rbac = rbac
-        end
-
+      class InitCommand < BaseCommand
        def generate_script
          super + [
            init_helm_command
          ].join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        private

        def init_helm_command

--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -3,19 +3,16 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class InstallCommand
-        include BaseCommand
+      class InstallCommand < BaseCommand
        include ClientCommand

-        attr_reader :name, :files, :chart, :repository, :preinstall, :postinstall
+        attr_reader :chart, :repository, :preinstall, :postinstall
        attr_accessor :version

-        def initialize(name:, chart:, files:, rbac:, version: nil, repository: nil, preinstall: nil, postinstall: nil)
-          @name = name
+        def initialize(chart:, version: nil, repository: nil, preinstall: nil, postinstall: nil, **args)
+          super(**args)
          @chart = chart
          @version = version
-          @rbac = rbac
-          @files = files
          @repository = repository
          @preinstall = preinstall
          @postinstall = postinstall
@@ -33,10 +30,6 @@ module Gitlab
          ].compact.join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        private

        # Uses `helm upgrade --install` which means we can use this for both

--- a/lib/gitlab/kubernetes/helm/patch_command.rb
+++ b/lib/gitlab/kubernetes/helm/patch_command.rb
@@ -5,23 +5,21 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class PatchCommand
-        include BaseCommand
+      class PatchCommand < BaseCommand
        include ClientCommand

-        attr_reader :name, :files, :chart, :repository
+        attr_reader :chart, :repository
        attr_accessor :version

-        def initialize(name:, chart:, files:, rbac:, version:, repository: nil)
+        def initialize(chart:, version:, repository: nil, **args)
+          super(**args)
+
          # version is mandatory to prevent chart mismatches
          # we do not want our values interpreted in the context of the wrong version
          raise ArgumentError, 'version is required' if version.blank?

-          @name = name
          @chart = chart
          @version = version
-          @rbac = rbac
-          @files = files
          @repository = repository
        end

@@ -35,10 +33,6 @@ module Gitlab
          ].compact.join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        private

        def upgrade_command

--- a/lib/gitlab/kubernetes/helm/reset_command.rb
+++ b/lib/gitlab/kubernetes/helm/reset_command.rb
@@ -3,18 +3,9 @@
 module Gitlab
  module Kubernetes
    module Helm
-      class ResetCommand
-        include BaseCommand
+      class ResetCommand < BaseCommand
        include ClientCommand

-        attr_reader :name, :files
-
-        def initialize(name:, rbac:, files:)
-          @name = name
-          @files = files
-          @rbac = rbac
-        end
-
        def generate_script
          super + [
            reset_helm_command,
@@ -23,10 +14,6 @@ module Gitlab
          ].join("\n")
        end

-        def rbac?
-          @rbac
-        end
-
        def pod_name
          "uninstall-#{name}"
        end

--- a/spec/lib/gitlab/kubernetes/helm/api_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/api_spec.rb
@@ -17,7 +17,8 @@ describe Gitlab::Kubernetes::Helm::API do
      name: application_name,
      chart: 'chart-name',
      rbac: rbac,
-      files: files
+      files: files,
+      local_tiller_enabled: true
    )
  end

@@ -142,7 +143,7 @@ describe Gitlab::Kubernetes::Helm::API do
    end

    context 'with a service account' do
-      let(:command) { Gitlab::Kubernetes::Helm::InitCommand.new(name: application_name, files: files, rbac: rbac) }
+      let(:command) { Gitlab::Kubernetes::Helm::InitCommand.new(name: application_name, files: files, rbac: rbac, local_tiller_enabled: true) }

      context 'rbac-enabled cluster' do
        let(:rbac) { true }

--- a/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/base_command_spec.rb
@@ -11,25 +11,14 @@ describe Gitlab::Kubernetes::Helm::BaseCommand do
  let(:rbac) { false }

  let(:test_class) do
-    Class.new do
-      include Gitlab::Kubernetes::Helm::BaseCommand
-
+    Class.new(Gitlab::Kubernetes::Helm::BaseCommand) do
      def initialize(rbac)
-        @rbac = rbac
-      end
-
-      def name
-        "test-class-name"
-      end
-
-      def rbac?
-        @rbac
-      end
-
-      def files
-        {
-          some: 'value'
-        }
+        super(
+          name: 'test-class-name',
+          rbac: rbac,
+          files: { some: 'value' },
+          local_tiller_enabled: false
+        )
      end
    end
  end

--- a/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
@@ -3,11 +3,12 @@
 require 'spec_helper'

 describe Gitlab::Kubernetes::Helm::DeleteCommand do
-  subject(:delete_command) { described_class.new(name: app_name, rbac: rbac, files: files) }
+  subject(:delete_command) { described_class.new(name: app_name, rbac: rbac, files: files, local_tiller_enabled: local_tiller_enabled) }

  let(:app_name) { 'app-name' }
  let(:rbac) { true }
  let(:files) { {} }
+  let(:local_tiller_enabled) { true }

  it_behaves_like 'helm command generator' do
    let(:commands) do
@@ -21,9 +22,7 @@ describe Gitlab::Kubernetes::Helm::DeleteCommand do
  end

  context 'tillerless feature disabled' do
-    before do
-      stub_feature_flags(managed_apps_local_tiller: false)
-    end
+    let(:local_tiller_enabled) { false }

    it_behaves_like 'helm command generator' do
      let(:commands) do

--- a/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'

 describe Gitlab::Kubernetes::Helm::InitCommand do
-  subject(:init_command) { described_class.new(name: application.name, files: files, rbac: rbac) }
+  subject(:init_command) { described_class.new(name: application.name, files: files, rbac: rbac, local_tiller_enabled: false) }

  let(:application) { create(:clusters_applications_helm) }
  let(:rbac) { false }

--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -12,7 +12,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
      version: version,
      repository: repository,
      preinstall: preinstall,
-      postinstall: postinstall
+      postinstall: postinstall,
+      local_tiller_enabled: local_tiller_enabled
    )
  end

@@ -22,6 +23,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
  let(:version) { '1.2.3' }
  let(:preinstall) { nil }
  let(:postinstall) { nil }
+  let(:local_tiller_enabled) { true }

  it_behaves_like 'helm command generator' do
    let(:commands) do
@@ -51,9 +53,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
  end

  context 'tillerless feature disabled' do
-    before do
-      stub_feature_flags(managed_apps_local_tiller: false)
-    end
+    let(:local_tiller_enabled) { false }

    let(:tls_flags) do
      <<~EOS.squish

--- a/spec/lib/gitlab/kubernetes/helm/patch_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/patch_command_spec.rb
@@ -7,6 +7,7 @@ describe Gitlab::Kubernetes::Helm::PatchCommand do
  let(:repository) { 'https://repository.example.com' }
  let(:rbac) { false }
  let(:version) { '1.2.3' }
+  let(:local_tiller_enabled) { true }

  subject(:patch_command) do
    described_class.new(
@@ -15,14 +16,13 @@ describe Gitlab::Kubernetes::Helm::PatchCommand do
      rbac: rbac,
      files: files,
      version: version,
-      repository: repository
+      repository: repository,
+      local_tiller_enabled: local_tiller_enabled
    )
  end

  context 'when local tiller feature is disabled' do
-    before do
-      stub_feature_flags(managed_apps_local_tiller: false)
-    end
+    let(:local_tiller_enabled) { false }

    let(:tls_flags) do
      <<~EOS.squish

--- a/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/reset_command_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'

 describe Gitlab::Kubernetes::Helm::ResetCommand do
-  subject(:reset_command) { described_class.new(name: name, rbac: rbac, files: files) }
+  subject(:reset_command) { described_class.new(name: name, rbac: rbac, files: files, local_tiller_enabled: false) }

  let(:rbac) { true }
  let(:name) { 'helm' }

--- a/spec/support/shared_examples/models/cluster_application_helm_cert_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_helm_cert_shared_examples.rb
@@ -54,7 +54,7 @@ RSpec.shared_examples 'cluster application helm specs' do |application_name|

    context 'managed_apps_local_tiller feature flag is enabled' do
      before do
-        stub_feature_flags(managed_apps_local_tiller: true)
+        stub_feature_flags(managed_apps_local_tiller: application.cluster.clusterable)
      end

      it 'does not include cert files' do

--- a/spec/support/shared_examples/models/cluster_application_initial_status_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_initial_status_shared_examples.rb
@@ -18,7 +18,7 @@ RSpec.shared_examples 'cluster application initial status specs' do

    context 'local tiller feature flag is enabled' do
      before do
-        stub_feature_flags(managed_apps_local_tiller: true)
+        stub_feature_flags(managed_apps_local_tiller: cluster.clusterable)
      end

      it 'sets a default status' do

--- a/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
+++ b/spec/support/shared_examples/models/cluster_application_status_shared_examples.rb
@@ -66,7 +66,7 @@ RSpec.shared_examples 'cluster application status specs' do |application_name|

      context 'managed_apps_local_tiller feature flag enabled' do
        before do
-          stub_feature_flags(managed_apps_local_tiller: true)
+          stub_feature_flags(managed_apps_local_tiller: subject.cluster.clusterable)
        end

        it 'does not update the helm version' do