Fix issue with missing knative cluster role binding, and cleanup tests

97441486 · Chris Baumbauer · 1435fe60 · 97441486 · 97441486 · 97441486
Commit 97441486 authored Nov 05, 2018 by Chris Baumbauer
6 changed files
--- a/app/models/clusters/applications/knative.rb
+++ b/app/models/clusters/applications/knative.rb
@@ -18,21 +18,18 @@ module Clusters
      include ::Clusters::Concerns::ApplicationData

      default_value_for :version, VERSION
-      default_value_for :hostname, nil
+
+      validates :hostname, presence: true

      def chart
        'knative/knative'
      end

      def values
-        content_values.to_yaml
+        { domain: hostname }.to_yaml
      end

      def install_command
-        if hostname.nil?
-          raise 'Hostname is required'
-        end
-
        Gitlab::Kubernetes::Helm::InstallCommand.new(
          name: name,
          version: VERSION,
@@ -40,25 +37,60 @@ module Clusters
          chart: chart,
          files: files,
          repository: REPOSITORY,
-          script: install_script
+          preinstall: install_script,
+          postinstall: setup_knative_role
        )
      end

+      private
+
      def install_script
-        ['/usr/bin/kubectl', 'apply', '-f', ISTIO_CRDS]
+        ["/usr/bin/kubectl apply -f #{ISTIO_CRDS} >/dev/null"]
      end

-      private
-
-      def content_values
-        YAML.load_file(chart_values_file).deep_merge!(knative_configs)
+      def setup_knative_role
+        if !cluster.kubernetes_namespace.nil?
+          [
+            "echo \'#{create_rolebinding.to_yaml}\' > /tmp/rolebinding.yaml\n",
+            "/usr/bin/kubectl apply -f /tmp/rolebinding.yaml > /dev/null"
+          ]
+        else
+          nil
+        end
      end

-      def knative_configs
+      def create_rolebinding
        {
-          "domain" => hostname
+          "apiVersion" => "rbac.authorization.k8s.io/v1",
+          "kind" => "ClusterRoleBinding",
+          "metadata" => {
+            "name" => create_role_binding_name,
+            "namespace" => namespace
+          },
+          "roleRef" => {
+            "apiGroup" => "rbac.authorization.k8s.io",
+            "kind" => "ClusterRole",
+            "name" => "knative-serving-admin"
+          },
+          "subjects" => role_subject
        }
      end
+
+      def create_role_binding_name
+        "#{namespace}-knative-binding"
+      end
+
+      def service_account_name
+        cluster.kubernetes_namespace.service_account_name
+      end
+
+      def role_subject
+        [{ "kind" => 'ServiceAccount', "name" => service_account_name, "namespace" => namespace }]
+      end
+
+      def namespace
+        cluster.kubernetes_namespace.namespace
+      end
    end
  end
 end
--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -4,16 +4,17 @@ module Gitlab
      class InstallCommand
        include BaseCommand

-        attr_reader :name, :files, :chart, :version, :repository, :script
+        attr_reader :name, :files, :chart, :version, :repository, :preinstall, :postinstall

-        def initialize(name:, chart:, files:, rbac:, version: nil, repository: nil, script: nil)
+        def initialize(name:, chart:, files:, rbac:, version: nil, repository: nil, preinstall: nil, postinstall: nil)
          @name = name
          @chart = chart
          @version = version
          @rbac = rbac
          @files = files
          @repository = repository
-          @script = script
+          @preinstall = preinstall
+          @postinstall = postinstall
        end

        def generate_script
@@ -21,8 +22,9 @@ module Gitlab
            init_command,
            repository_command,
            repository_update_command,
-            script_command,
-            install_command
+            preinstall_command,
+            install_command,
+            postinstall_command
          ].compact.join("\n")
        end

@@ -50,9 +52,15 @@ module Gitlab
          command.shelljoin + " >/dev/null\n"
        end

-        def script_command
-          unless script.nil?
-            script.shelljoin + " >/dev/null\n"
+        def preinstall_command
+          unless preinstall.nil?
+            preinstall.join("\n")
+          end
+        end
+
+        def postinstall_command
+          unless postinstall.nil?
+            postinstall.join("\n")
          end
        end


--- a/spec/factories/clusters/applications/helm.rb
+++ b/spec/factories/clusters/applications/helm.rb
@@ -58,6 +58,7 @@ FactoryBot.define do
    end

    factory :clusters_applications_knative, class: Clusters::Applications::Knative do
+      hostname 'example.com'
      cluster factory: %i(cluster with_installed_helm provided_by_gcp)
    end


--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -5,6 +5,8 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
  let(:repository) { 'https://repository.example.com' }
  let(:rbac) { false }
  let(:version) { '1.2.3' }
+  let(:preinstall) { nil }
+  let(:postinstall) { nil }

  let(:install_command) do
    described_class.new(
@@ -13,7 +15,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
      rbac: rbac,
      files: files,
      version: version,
-      repository: repository
+      repository: repository,
+      preinstall: preinstall,
+      postinstall: postinstall
    )
  end

@@ -101,6 +105,53 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    end
  end

+  context 'when there is a pre-install script' do
+    let(:preinstall) { ['/bin/date', '/bin/true'] }
+
+    it_behaves_like 'helm commands' do
+      let(:commands) do
+        <<~EOS
+        helm init --client-only >/dev/null
+        helm repo add app-name https://repository.example.com
+        helm repo update >/dev/null
+        #{helm_install_command}
+        EOS
+      end
+
+      let(:helm_install_command) do
+        <<~EOS.strip
+        /bin/date
+        /bin/true
+        helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
+        EOS
+      end
+    end
+  end
+
+  context 'when there is a post-install script' do
+    let(:postinstall) { ['/bin/date', "/bin/false\n"] }
+
+    it_behaves_like 'helm commands' do
+      let(:commands) do
+        <<~EOS
+        helm init --client-only >/dev/null
+        helm repo add app-name https://repository.example.com
+        helm repo update >/dev/null
+        #{helm_install_command}
+        EOS
+      end
+
+      let(:helm_install_command) do
+        <<~EOS.strip
+        helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
+
+        /bin/date
+        /bin/false
+        EOS
+      end
+    end
+  end
+
  context 'when there is no ca.pem file' do
    let(:files) { { 'file.txt': 'some content' } }


--- a/spec/models/clusters/applications/knative_spec.rb
+++ b/spec/models/clusters/applications/knative_spec.rb
 require 'rails_helper'

 describe Clusters::Applications::Knative do
-  let(:knative) { create(:clusters_applications_knative, hostname: 'example.com') }
+  let(:knative) { create(:clusters_applications_knative) }

  include_examples 'cluster application core specs', :clusters_applications_knative
  include_examples 'cluster application status specs', :clusters_applications_knative
@@ -47,7 +47,9 @@ describe Clusters::Applications::Knative do
  describe '#install_command' do
    subject { knative.install_command }

-    it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand) }
+    it 'should be an instance of Helm::InstallCommand' do
+      expect(subject).to be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand)
+    end

    it 'should be initialized with knative arguments' do
      expect(subject.name).to eq('knative')
@@ -55,14 +57,6 @@ describe Clusters::Applications::Knative do
      expect(subject.version).to eq('0.1.3')
      expect(subject.files).to eq(knative.files)
    end
-
-    context 'application failed to install previously' do
-      let(:knative) { create(:clusters_applications_knative, :errored, version: 'knative', hostname: 'example.com') }
-
-      it 'should be initialized with the locked version' do
-        expect(subject.version).to eq('0.1.3')
-      end
-    end
  end

  describe '#files' do
@@ -71,7 +65,7 @@ describe Clusters::Applications::Knative do

    subject { application.files }

-    it 'should include knative valid keys in values' do
+    it 'should include knative specific keys in the values.yaml file' do
      expect(values).to include('domain')
    end

@@ -80,20 +74,15 @@ describe Clusters::Applications::Knative do
        application.cluster.application_helm.ca_cert = nil
      end

-      it 'should not include cert files' do
-        expect(subject[:'ca.pem']).not_to be_present
-        expect(subject[:'cert.pem']).not_to be_present
-        expect(subject[:'key.pem']).not_to be_present
+      it 'should not include cert files when there is no ca_cert entry' do
+        expect(subject).not_to include(:'ca.pem', :'cert.pem', :'key.pem')
      end
    end

-    it 'should include cert files' do
-      expect(subject[:'ca.pem']).to be_present
+    it 'should include cert files when there is a ca_cert entry' do
+      expect(subject).to include(:'ca.pem', :'cert.pem', :'key.pem')
      expect(subject[:'ca.pem']).to eq(application.cluster.application_helm.ca_cert)

-      expect(subject[:'cert.pem']).to be_present
-      expect(subject[:'key.pem']).to be_present
-
      cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem'])
      expect(cert.not_after).to be < 60.minutes.from_now
    end

--- a/vendor/knative/values.yaml
+++ b/vendor/knative/values.yaml
-domain: example.com