Create a GKE cluster with legacy_abac disabled when the `:rbac_clusters` feature flag is enabled

Explicitly persist the legacy_abac value of the cluster_provider_gcp so that we can disable abac if the `:rbac_clusters` feature flag is enabled

Create a GKE cluster with legacy_abac disabled when the `:rbac_clusters` feature flag is enabled
Explicitly persist the legacy_abac value of the cluster_provider_gcp so that we can disable abac if the `:rbac_clusters` feature flag is enabled
c9af170d · Thong Kuah · 2e47e1f8 · c9af170d · c9af170d · c9af170d
Commit c9af170d authored Sep 07, 2018 by Thong Kuah
6 changed files
--- a/app/services/clusters/create_service.rb
+++ b/app/services/clusters/create_service.rb
@@ -25,11 +25,16 @@ module Clusters
      params[:provider_gcp_attributes].try do |provider|
        provider[:access_token] = access_token
+        provider[:legacy_abac] = legacy_abac_value
      end
      @cluster_params = params.merge(user: current_user, projects: [project])
    end
+    def legacy_abac_value
+      !Feature.enabled?(:rbac_clusters)
+    end
    def can_create_cluster?
      project.clusters.empty?
    end

--- a/app/services/clusters/gcp/provision_service.rb
+++ b/app/services/clusters/gcp/provision_service.rb
@@ -28,7 +28,7 @@ module Clusters
          provider.cluster.name,
          provider.num_nodes,
          machine_type: provider.machine_type,
-          legacy_abac: true
+          legacy_abac: provider.legacy_abac
        )
        unless operation.status == 'PENDING' || operation.status == 'RUNNING'

--- a/db/migrate/20180907015926_add_legacy_abac_to_cluster_providers_gcp.rb
+++ b/db/migrate/20180907015926_add_legacy_abac_to_cluster_providers_gcp.rb
+# frozen_string_literal: true
+class AddLegacyAbacToClusterProvidersGcp < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  disable_ddl_transaction!
+  def up
+    add_column_with_default(:cluster_providers_gcp, :legacy_abac, :boolean, default: true)
+  end
+  def down
+    remove_column(:cluster_providers_gcp, :legacy_abac)
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20180906101639) do
+ActiveRecord::Schema.define(version: 20180907015926) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -620,6 +620,7 @@ ActiveRecord::Schema.define(version: 20180906101639) do
    t.string "endpoint"
    t.text "encrypted_access_token"
    t.string "encrypted_access_token_iv"
+    t.boolean "legacy_abac", default: true, null: false
  end
  add_index "cluster_providers_gcp", ["cluster_id"], name: "index_cluster_providers_gcp_on_cluster_id", unique: true, using: :btree

--- a/spec/models/clusters/providers/gcp_spec.rb
+++ b/spec/models/clusters/providers/gcp_spec.rb
@@ -74,6 +74,24 @@ describe Clusters::Providers::Gcp do
    end
  end
+  describe '#legacy_abac?' do
+    let(:gcp) { build(:cluster_provider_gcp) }
+    subject { gcp }
+    it 'should default to true' do
+      is_expected.to be_legacy_abac
+    end
+    context 'legacy_abac is set to false' do
+      let(:gcp) { build(:cluster_provider_gcp, legacy_abac: false) }
+      it 'is false' do
+        is_expected.not_to be_legacy_abac
+      end
+    end
+  end
  describe '#state_machine' do
    context 'when any => [:created]' do
      let(:gcp) { build(:cluster_provider_gcp, :creating) }

--- a/spec/support/services/clusters/create_service_shared.rb
+++ b/spec/support/services/clusters/create_service_shared.rb
@@ -29,9 +29,12 @@ shared_context 'invalid cluster create params' do
 end
 shared_examples 'create cluster service success' do
-  it 'creates a cluster object and performs a worker' do
+  before do
+    stub_feature_flags(rbac_clusters: false)
    expect(ClusterProvisionWorker).to receive(:perform_async)
+  end
+  it 'creates a cluster object and performs a worker' do
    expect { subject }
      .to change { Clusters::Cluster.count }.by(1)
      .and change { Clusters::Providers::Gcp.count }.by(1)
@@ -44,8 +47,19 @@ shared_examples 'create cluster service success' do
    expect(subject.provider.num_nodes).to eq(1)
    expect(subject.provider.machine_type).to eq('machine_type-a')
    expect(subject.provider.access_token).to eq(access_token)
+    expect(subject.provider).to be_legacy_abac
    expect(subject.platform).to be_nil
  end
+  context 'rbac_clusters feature is enabled' do
+    before do
+      stub_feature_flags(rbac_clusters: true)
+    end
+    it 'has legacy_abac false' do
+      expect(subject.provider).not_to be_legacy_abac
+    end
+  end
 end
 shared_examples 'create cluster service error' do