Commit 527cca19 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents 1ce999db 11810cb2
...@@ -193,15 +193,34 @@ module Clusters ...@@ -193,15 +193,34 @@ module Clusters
platform_kubernetes.kubeclient if kubernetes? platform_kubernetes.kubeclient if kubernetes?
end end
##
# This is subtly different to #find_or_initialize_kubernetes_namespace_for_project
# below because it will ignore any namespaces that have not got a service account
# token. This provides a guarantee that any namespace selected here can be used
# for cluster operations - a namespace needs to have a service account configured
# before it it can be used.
#
# This is used for selecting a namespace to use when querying a cluster, or
# generating variables to pass to CI.
def kubernetes_namespace_for(project) def kubernetes_namespace_for(project)
find_or_initialize_kubernetes_namespace_for_project(project).namespace find_or_initialize_kubernetes_namespace_for_project(
project, scope: kubernetes_namespaces.has_service_account_token
).namespace
end end
def find_or_initialize_kubernetes_namespace_for_project(project) ##
# This is subtly different to #kubernetes_namespace_for because it will include
# namespaces that have yet to receive a service account token. This allows
# the namespace configuration process to be repeatable - if a namespace has
# already been created without a token we don't need to create another
# record entirely, just set the token on the pre-existing namespace.
#
# This is used for configuring cluster namespaces.
def find_or_initialize_kubernetes_namespace_for_project(project, scope: kubernetes_namespaces)
attributes = { project: project } attributes = { project: project }
attributes[:cluster_project] = cluster_project if project_type? attributes[:cluster_project] = cluster_project if project_type?
kubernetes_namespaces.find_or_initialize_by(attributes).tap do |namespace| scope.find_or_initialize_by(attributes).tap do |namespace|
namespace.set_defaults namespace.set_defaults
end end
end end
......
---
title: Add index on invite_email for members
merge_request: 29768
author:
type: performance
---
title: Ensure a Kubernetes namespace is not used for deployments if there is no service
account token associated with it
merge_request: 29643
author:
type: fixed
# frozen_string_literal: true
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddIndexToMembersInviteEmail < ActiveRecord::Migration[5.1]
include Gitlab::Database::MigrationHelpers
# Set this constant to true if this migration requires downtime.
DOWNTIME = false
disable_ddl_transaction!
def up
add_concurrent_index :members, [:invite_email]
end
def down
remove_concurrent_index :members, [:invite_email]
end
end
...@@ -1849,6 +1849,7 @@ ActiveRecord::Schema.define(version: 20190613030606) do ...@@ -1849,6 +1849,7 @@ ActiveRecord::Schema.define(version: 20190613030606) do
t.boolean "ldap", default: false, null: false t.boolean "ldap", default: false, null: false
t.boolean "override", default: false, null: false t.boolean "override", default: false, null: false
t.index ["access_level"], name: "index_members_on_access_level", using: :btree t.index ["access_level"], name: "index_members_on_access_level", using: :btree
t.index ["invite_email"], name: "index_members_on_invite_email", using: :btree
t.index ["invite_token"], name: "index_members_on_invite_token", unique: true, using: :btree t.index ["invite_token"], name: "index_members_on_invite_token", unique: true, using: :btree
t.index ["requested_at"], name: "index_members_on_requested_at", using: :btree t.index ["requested_at"], name: "index_members_on_requested_at", using: :btree
t.index ["source_id", "source_type"], name: "index_members_on_source_id_and_source_type", using: :btree t.index ["source_id", "source_type"], name: "index_members_on_source_id_and_source_type", using: :btree
......
...@@ -555,6 +555,63 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do ...@@ -555,6 +555,63 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
end end
end end
describe '#find_or_initialize_kubernetes_namespace_for_project' do
let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
let(:project) { cluster.projects.first }
subject { cluster.find_or_initialize_kubernetes_namespace_for_project(project) }
context 'kubernetes namespace exists' do
context 'with no service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, project: project, cluster: cluster) }
it { is_expected.to eq kubernetes_namespace }
end
context 'with a service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token, project: project, cluster: cluster) }
it { is_expected.to eq kubernetes_namespace }
end
end
context 'kubernetes namespace does not exist' do
it 'initializes a new namespace and sets default values' do
expect(subject).to be_new_record
expect(subject.project).to eq project
expect(subject.cluster).to eq cluster
expect(subject.namespace).to be_present
expect(subject.service_account_name).to be_present
end
end
context 'a custom scope is provided' do
let(:scope) { cluster.kubernetes_namespaces.has_service_account_token }
subject { cluster.find_or_initialize_kubernetes_namespace_for_project(project, scope: scope) }
context 'kubernetes namespace exists' do
context 'with no service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, project: project, cluster: cluster) }
it 'initializes a new namespace and sets default values' do
expect(subject).to be_new_record
expect(subject.project).to eq project
expect(subject.cluster).to eq cluster
expect(subject.namespace).to be_present
expect(subject.service_account_name).to be_present
end
end
context 'with a service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token, project: project, cluster: cluster) }
it { is_expected.to eq kubernetes_namespace }
end
end
end
end
describe '#predefined_variables' do describe '#predefined_variables' do
subject { cluster.predefined_variables } subject { cluster.predefined_variables }
......
...@@ -223,19 +223,33 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching ...@@ -223,19 +223,33 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
let(:namespace) { 'namespace-123' } let(:namespace) { 'namespace-123' }
it { is_expected.to eq(namespace) } it { is_expected.to eq(namespace) }
context 'kubernetes namespace is present but has no service account token' do
let!(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, cluster: cluster) }
it { is_expected.to eq(namespace) }
end
end end
context 'with no namespace assigned' do context 'with no namespace assigned' do
let(:namespace) { nil } let(:namespace) { nil }
context 'when kubernetes namespace is present' do context 'when kubernetes namespace is present' do
let(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, cluster: cluster) } let(:kubernetes_namespace) { create(:cluster_kubernetes_namespace, :with_token, cluster: cluster) }
before do before do
kubernetes_namespace kubernetes_namespace
end end
it { is_expected.to eq(kubernetes_namespace.namespace) } it { is_expected.to eq(kubernetes_namespace.namespace) }
context 'kubernetes namespace has no service account token' do
before do
kubernetes_namespace.update!(namespace: 'old-namespace', service_account_token: nil)
end
it { is_expected.to eq("#{project.path}-#{project.id}") }
end
end end
context 'when kubernetes namespace is not present' do context 'when kubernetes namespace is not present' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment