Skip to content

G
gitlab-ce
Commit e0796dee authored by Emily Ring's avatar Emily Ring Committed by Tiger Watson
Browse files
Options

Add region field to AWS Role 

Add migration to add field to AWS Role.
Update AuthorizeRoleService and FetchCredentialsService
to use new region field.
parent 41611031
Hide whitespace changes
Inline Side-by-side
Showing with 45 additions and 9 deletions
app/services/clusters/aws/authorize_role_service.rb
View file @ e0796dee
...@@ -41,11 +41,11 @@ module Clusters ...@@ -41,11 +41,11 @@ module Clusters
end end
def update_role_arn! def update_role_arn!
role.update!(role_arn: role_arn) role.update!(role_arn: role_arn, region: region)
end end
def credentials def credentials
Clusters::Aws::FetchCredentialsService.new(role, region: region).execute Clusters::Aws::FetchCredentialsService.new(role).execute
end end
end end
end end
......
app/services/clusters/aws/fetch_credentials_service.rb
View file @ e0796dee
...@@ -7,10 +7,10 @@ module Clusters ...@@ -7,10 +7,10 @@ module Clusters
MissingRoleError = Class.new(StandardError) MissingRoleError = Class.new(StandardError)
def initialize(provision_role, provider: nil, region: nil) def initialize(provision_role, provider: nil)
@provision_role = provision_role @provision_role = provision_role
@provider = provider @provider = provider
@region = provider&.region || region @region = provider&.region || provision_role&.region || Clusters::Providers::Aws::DEFAULT_REGION
end end
def execute def execute
......
changelogs/unreleased/270116-region-field.yml 0 → 100644
View file @ e0796dee
---
title: Add region field to AWS Role
merge_request: 47209
author:
type: changed
db/migrate/20201109144634_add_region_field_to_aws_role.rb 0 → 100644
View file @ e0796dee
# frozen_string_literal: true
class AddRegionFieldToAwsRole < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
unless column_exists?(:aws_roles, :region)
add_column :aws_roles, :region, :text
end
add_text_limit :aws_roles, :region, 255
end
def down
remove_column :aws_roles, :region
end
end
db/schema_migrations/20201109144634 0 → 100644
View file @ e0796dee
cbb2a2027fb6083771e97510a00c07a4ded0576e89fafd6cff4faba4e21c82c0
\ No newline at end of file
db/structure.sql
View file @ e0796dee
...@@ -9659,7 +9659,9 @@ CREATE TABLE aws_roles ( ...@@ -9659,7 +9659,9 @@ CREATE TABLE aws_roles (
created_at timestamp with time zone NOT NULL, created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL,
role_arn character varying(2048), role_arn character varying(2048),
role_external_id character varying(64) NOT NULL role_external_id character varying(64) NOT NULL,
region text,
CONSTRAINT check_57adedab55 CHECK ((char_length(region) <= 255))
); );
CREATE TABLE background_migration_jobs ( CREATE TABLE background_migration_jobs (
......
spec/services/clusters/aws/authorize_role_service_spec.rb
View file @ e0796dee
...@@ -25,7 +25,7 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do ...@@ -25,7 +25,7 @@ RSpec.describe Clusters::Aws::AuthorizeRoleService do
before do before do
allow(Clusters::Aws::FetchCredentialsService).to receive(:new) allow(Clusters::Aws::FetchCredentialsService).to receive(:new)
.with(instance_of(Aws::Role), region: region).and_return(credentials_service) .with(instance_of(Aws::Role)).and_return(credentials_service)
end end
context 'role exists' do context 'role exists' do
......
spec/services/clusters/aws/fetch_credentials_service_spec.rb
View file @ e0796dee
...@@ -19,7 +19,7 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do ...@@ -19,7 +19,7 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do
subject { described_class.new(provision_role, provider: provider).execute } subject { described_class.new(provision_role, provider: provider).execute }
context 'provision role is configured' do context 'provision role is configured' do
let(:provision_role) { create(:aws_role, user: user) } let(:provision_role) { create(:aws_role, user: user, region: 'custom-region') }
before do before do
stub_application_setting(eks_access_key_id: gitlab_access_key_id) stub_application_setting(eks_access_key_id: gitlab_access_key_id)
...@@ -53,11 +53,11 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do ...@@ -53,11 +53,11 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do
context 'provider is not specifed' do context 'provider is not specifed' do
let(:provider) { nil } let(:provider) { nil }
let(:region) { 'custom-region' } let(:region) { provision_role.region }
let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" } let(:session_name) { "gitlab-eks-autofill-user-#{user.id}" }
let(:session_policy) { 'policy-document' } let(:session_policy) { 'policy-document' }
subject { described_class.new(provision_role, provider: provider, region: region).execute } subject { described_class.new(provision_role, provider: provider).execute }
before do before do
allow(File).to receive(:read) allow(File).to receive(:read)
...@@ -66,6 +66,13 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do ...@@ -66,6 +66,13 @@ RSpec.describe Clusters::Aws::FetchCredentialsService do
end end
it { is_expected.to eq assumed_role_credentials } it { is_expected.to eq assumed_role_credentials }
context 'region is not specifed' do
let(:region) { Clusters::Providers::Aws::DEFAULT_REGION }
let(:provision_role) { create(:aws_role, user: user, region: nil) }
it { is_expected.to eq assumed_role_credentials }
end
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7