specs for controller. Improved validation

6a65e2f5 · Shinya Maeda · 944149ec · 6a65e2f5 · 6a65e2f5 · 6a65e2f5
Commit 6a65e2f5 authored Oct 31, 2017 by Shinya Maeda
11 changed files
--- a/app/controllers/projects/clusters_controller.rb
+++ b/app/controllers/projects/clusters_controller.rb
@@ -27,13 +27,14 @@ class Projects::ClustersController < Projects::ApplicationController
  end
  def new
-    @cluster = Clusters::Cluster.new(
+    # @cluster = Clusters::Cluster.new(
-      platform_type: :kubernetes,
+    #   platform_type: :kubernetes,
-      provider_type: :gcp).tap do |cluster|
+    #   provider_type: :gcp).tap do |cluster|
-      cluster.build_provider_gcp
+    #   cluster.build_provider_gcp
-      cluster.build_platform_kubernetes
+    #   cluster.build_platform_kubernetes
-      cluster.projects << project
+    #   cluster.projects << project
-    end
+    # end
+    @cluster = Clusters::Cluster.new
  end
  def create

--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -10,11 +10,13 @@ module Clusters
    has_many :projects, through: :cluster_projects, class_name: '::Project'
    has_one :provider_gcp, class_name: 'Clusters::Providers::Gcp'
-    has_one :platform_kubernetes, class_name: 'Clusters::Platforms::Kubernetes'
+    has_one :platform_kubernetes, class_name: 'Clusters::Platforms::Kubernetes', validate: { if: :update }
-    accepts_nested_attributes_for :provider_gcp
+    accepts_nested_attributes_for :provider_gcp, update_only: true
    accepts_nested_attributes_for :platform_kubernetes, update_only: true
+    validates :provider_type, presence: true
+    validates :platform_type, presence: true
    validates :name, cluster_name: true
    validate :restrict_modification, on: :update

--- a/app/models/clusters/platforms/kubernetes.rb
+++ b/app/models/clusters/platforms/kubernetes.rb
@@ -30,8 +30,8 @@ module Clusters
          message: Gitlab::Regex.kubernetes_namespace_regex_message
        }
-      validates :api_url, url: true, presence: true, on: :update
+      validates :api_url, url: true, presence: true
-      validates :token, presence: true, on: :update
+      validates :token, presence: true
      after_save :clear_reactive_cache!

--- a/app/services/clusters/create_service.rb
+++ b/app/services/clusters/create_service.rb
@@ -28,10 +28,10 @@ module Clusters
    def cluster_params
      return @cluster_params if defined?(@cluster_params)
-      params[:provider_gcp_attributes][:machine_type] ||=
+      params[:provider_gcp_attributes].try do |h|
-        GoogleApi::CloudPlatform::Client::DEFAULT_MACHINE_TYPE
+        h[:machine_type] ||= GoogleApi::CloudPlatform::Client::DEFAULT_MACHINE_TYPE
+        h[:access_token] ||= access_token
-      params[:provider_gcp_attributes][:access_token] ||= access_token
+      end
      @cluster_params = params.merge(user: current_user)
    end

--- a/spec/controllers/projects/clusters_controller_spec.rb
+++ b/spec/controllers/projects/clusters_controller_spec.rb
 require 'spec_helper'
 describe Projects::ClustersController do
-  set(:user) { create(:user) }
+  include AccessMatchersForController
-  set(:project) { create(:project) }
+  include GoogleApi::CloudPlatformHelpers
-  let(:role) { :master }
-  before do
+  describe 'GET index' do
-    project.team << [user, role]
+    describe 'functionality' do
+      let(:user) { create(:user) }
-    sign_in(user)
+      before do
-  end
+        project.add_master(user)
+        sign_in(user)
+      end
-  describe 'GET index' do
+      context 'when project has a cluster' do
-    subject do
+        let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
-      get :index, namespace_id: project.namespace,
+        let(:project) { cluster.project }
-                  project_id: project
-    end
-    context 'when cluster is already created' do
+        it { expect(go).to redirect_to(project_cluster_path(project, project.cluster)) }
-      let!(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+      end
-      it 'redirects to show a cluster' do
+      context 'when project does not have a cluster' do
-        subject
+        let(:project) { create(:project) }
-        expect(response).to redirect_to(project_cluster_path(project, cluster))
+        it { expect(go).to redirect_to(new_project_cluster_path(project)) }
      end
    end
-    context 'when we do not have cluster' do
+    describe 'security' do
-      it 'redirects to create a cluster' do
+      let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
-        subject
+      let(:project) { cluster.project }
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
-        expect(response).to redirect_to(new_project_cluster_path(project))
+    def go
-      end
+      get :index, namespace_id: project.namespace.to_param, project_id: project
    end
  end
  describe 'GET login' do
-    render_views
+    let(:project) { create(:project) }
-    subject do
+    describe 'functionality' do
-      get :login, namespace_id: project.namespace,
+      let(:user) { create(:user) }
-                  project_id: project
-    end
-    context 'when we do have omniauth configured' do
+      before do
-      it 'shows login button' do
+        project.add_master(user)
-        subject
+        sign_in(user)
-        expect(response.body).to include('auth_buttons/signin_with_google')
      end
-    end
-    context 'when we do not have omniauth configured' do
+      context 'when omniauth has been configured' do
-      before do
+        let(:key) { 'secere-key' }
-        stub_omniauth_setting(providers: [])
+        let(:session_key_for_redirect_uri) do
+          GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(key)
+        end
+        before do
+          allow(SecureRandom).to receive(:hex).and_return(key)
+        end
+        it 'has authorize_url' do
+          go
+          expect(assigns(:authorize_url)).to include(key)
+          expect(session[session_key_for_redirect_uri]).to eq(namespace_project_clusters_url(project.namespace, project))
+        end
      end
-      it 'shows notice message' do
+      context 'when omniauth has not configured' do
-        subject
+        before do
+          stub_omniauth_setting(providers: [])
+        end
-        expect(response.body).to include('Ask your GitLab administrator if you want to use this service.')
+        it 'does not have authorize_url' do
+          go
+          expect(assigns(:authorize_url)).to be_nil
+        end
      end
    end
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+    def go
+      get :login, namespace_id: project.namespace, project_id: project
+    end
  end
  shared_examples 'requires to login' do
@@ -74,235 +114,406 @@ describe Projects::ClustersController do
  end
  describe 'GET new' do
-    render_views
+    let(:project) { create(:project) }
-    subject do
+    describe 'functionality' do
-      get :new, namespace_id: project.namespace,
+      let(:user) { create(:user) }
-                project_id: project
-    end
-    context 'when logged' do
      before do
-        make_logged_in
+        project.add_master(user)
+        sign_in(user)
+      end
+      context 'when access token is valid' do
+        before do
+          stub_google_api_validate_token
+        end
+        it 'has new object' do
+          go
+          expect(assigns(:cluster)).to be_an_instance_of(Clusters::Cluster)
+        end
      end
-      it 'shows a creation form' do
+      context 'when access token is expired' do
-        subject
+        before do
+          stub_google_api_expired_token
+        end
+        it { expect(go).to redirect_to(login_project_clusters_path(project)) }
+      end
-        expect(response.body).to include('Create cluster')
+      context 'when access token is not stored in session' do
+        it { expect(go).to redirect_to(login_project_clusters_path(project)) }
      end
    end
-    context 'when not logged' do
+    describe 'security' do
-      it_behaves_like 'requires to login'
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+    def go
+      get :new, namespace_id: project.namespace, project_id: project
    end
  end
  describe 'POST create' do
-    subject do
+    let(:project) { create(:project) }
-      post :create, params.merge(namespace_id: project.namespace,
-                                 project_id: project)
+    let(:params) do
+      {
+        cluster: {
+          name: 'new-cluster',
+          platform_type: :kubernetes,
+          provider_type: :gcp,
+          provider_gcp_attributes: {
+            gcp_project_id: '111',
+          }
+        }
+      }
    end
-    context 'when not logged' do
+    describe 'functionality' do
-      let(:params) { {} }
+      let(:user) { create(:user) }
-      it_behaves_like 'requires to login'
-    end
-    context 'when logged in' do
      before do
-        make_logged_in
+        project.add_master(user)
+        sign_in(user)
      end
-      context 'when all required parameters are set' do
+      context 'when access token is valid' do
-        let(:params) do
+        before do
-          {
+          stub_google_api_validate_token
-            cluster: {
-              gcp_cluster_name: 'new-cluster',
-              gcp_project_id: '111'
-            }
-          }
        end
-        before do
+        context 'when creates a cluster on gke' do
-          expect(ClusterProvisionWorker).to receive(:perform_async) { }
+          it 'creates a new cluster' do
+            expect(ClusterProvisionWorker).to receive(:perform_async)
+            expect { go }.to change { Clusters::Cluster.count }
+            expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+          end
        end
-        it 'creates a new cluster' do
+        context 'when adds a cluster manually' do
-          expect { subject }.to change { Gcp::Cluster.count }
+          let(:params) do
+            {
+              cluster: {
+                name: 'new-cluster',
+                platform_type: :kubernetes,
+                provider_type: :user
+              }
+            }
+          end
-          expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+          it 'creates a new cluster' do
+            expect(ClusterProvisionWorker).to receive(:perform_async)
+            expect { go }.to change { Clusters::Cluster.count }
+            expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+          end
        end
-      end
-      context 'when not all required parameters are set' do
-        render_views
-        let(:params) do
+        context 'when not all required parameters are set' do
-          {
+          let(:params) do
-            cluster: {
+            {
-              project_namespace: 'some namespace'
+              cluster: {
+                name: 'new-cluster'
+              }
            }
-          }
+          end
+          it 'shows an error message' do
+            expect { go }.not_to change { Clusters::Cluster.count }
+            expect(assigns(:cluster).errors).not_to be_empty
+            expect(response).to render_template(:new)
+          end
+        end
+      end
+      context 'when access token is expired' do
+        before do
+          stub_google_api_expired_token
        end
-        it 'shows an error message' do
+        it 'redirects to login page' do
-          expect { subject }.not_to change { Gcp::Cluster.count }
+          expect(go).to redirect_to(login_project_clusters_path(project))
+        end
+      end
-          expect(response).to render_template(:new)
+      context 'when access token is not stored in session' do
+        it 'redirects to login page' do
+          expect(go).to redirect_to(login_project_clusters_path(project))
        end
      end
    end
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+    def go
+      post :create, params.merge(namespace_id: project.namespace, project_id: project)
+    end
  end
  describe 'GET status' do
-    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+    let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
+    let(:project) { cluster.project }
+    describe 'functionality' do
+      let(:user) { create(:user) }
-    subject do
+      before do
+        project.add_master(user)
+        sign_in(user)
+      end
+      it "responds with matching schema" do
+        go
+        expect(response).to have_http_status(:ok)
+        expect(response).to match_response_schema('cluster_status')
+      end
+    end
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+    def go
      get :status, namespace_id: project.namespace,
                   project_id: project,
                   id: cluster,
                   format: :json
    end
-    it "responds with matching schema" do
-      subject
-      expect(response).to have_http_status(:ok)
-      expect(response).to match_response_schema('cluster_status')
-    end
  end
  describe 'GET show' do
-    render_views
+    let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
+    let(:project) { cluster.project }
-    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
-    subject do
+    describe 'functionality' do
-      get :show, namespace_id: project.namespace,
+      let(:user) { create(:user) }
-                 project_id: project,
-                 id: cluster
-    end
-    context 'when logged as master' do
+      before do
-      it "allows to update cluster" do
+        project.add_master(user)
-        subject
+        sign_in(user)
-        expect(response).to have_http_status(:ok)
-        expect(response.body).to include("Save")
      end
-      it "allows remove integration" do
+      it "renders view" do
-        subject
+        go
        expect(response).to have_http_status(:ok)
-        expect(response.body).to include("Remove integration")
+        expect(assigns(:cluster)).to eq(cluster)
      end
    end
-    context 'when logged as developer' do
+    describe 'security' do
-      let(:role) { :developer }
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
-      it "does not allow to access page" do
+      it { expect { go }.to be_allowed_for(:master).of(project) }
-        subject
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
-        expect(response).to have_http_status(:not_found)
+    def go
-      end
+      get :show, namespace_id: project.namespace,
+                 project_id: project,
+                 id: cluster
    end
  end
  describe 'PUT update' do
-    render_views
+    let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
+    let(:project) { cluster.project }
-    let(:service) { project.build_kubernetes_service }
+    describe 'functionality' do
-    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project, service: service) }
+      let(:user) { create(:user) }
-    let(:params) { {} }
-    subject do
+      before do
-      put :update, params.merge(namespace_id: project.namespace,
+        project.add_master(user)
-                                project_id: project,
+        sign_in(user)
-                                id: cluster)
+      end
-    end
-    context 'when logged as master' do
+      context 'when update enabled' do
-      context 'when valid params are used' do
        let(:params) do
          {
            cluster: { enabled: false }
          }
        end
-        it "redirects back to show page" do
+        it "updates and redirects back to show page" do
-          subject
+          go
+          cluster.reload
          expect(response).to redirect_to(project_cluster_path(project, project.cluster))
          expect(flash[:notice]).to eq('Cluster was successfully updated.')
+          expect(cluster.enabled).to be_falsey
+        end
+        context 'when cluster is being created' do
+          let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
+          it "rejects changes" do
+            go
+            expect(response).to have_http_status(:ok)
+            expect(response).to render_template(:show)
+            expect(cluster.enabled).to be_truthy
+          end
        end
      end
-      context 'when invalid params are used' do
+      context 'when update namespace' do
+        let(:namespace) { 'namespace-123' }
        let(:params) do
          {
-            cluster: { project_namespace: 'my Namespace 321321321 #' }
+            cluster: {
+              platform_kubernetes_attributes: {
+                namespace: namespace
+              }
+            }
          }
        end
-        it "rejects changes" do
+        it "updates and redirects back to show page" do
-          subject
+          go
+          cluster.reload
+          expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+          expect(flash[:notice]).to eq('Cluster was successfully updated.')
+          expect(cluster.platform.namespace).to eq(namespace)
+        end
+        context 'when namespace is invalid' do
+          let(:namespace) { 'my Namespace 321321321 #' }
+          it "rejects changes" do
+            go
-          expect(response).to have_http_status(:ok)
+            expect(response).to have_http_status(:ok)
-          expect(response).to render_template(:show)
+            expect(response).to render_template(:show)
+            expect(cluster.platform.namespace).not_to eq(namespace)
+          end
        end
      end
    end
-    context 'when logged as developer' do
+    describe 'security' do
-      let(:role) { :developer }
+      let(:params) do
+        {
+          cluster: { enabled: false }
+        }
+      end
-      it "does not allow to update cluster" do
+      it { expect { go }.to be_allowed_for(:admin) }
-        subject
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
-        expect(response).to have_http_status(:not_found)
+    def go
-      end
+      put :update, params.merge(namespace_id: project.namespace,
+                                project_id: project,
+                                id: cluster)
    end
  end
  describe 'delete update' do
-    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+    let(:cluster) { create(:cluster, :project, :provided_by_gcp) }
+    let(:project) { cluster.project }
-    subject do
+    describe 'functionality' do
-      delete :destroy, namespace_id: project.namespace,
+      let(:user) { create(:user) }
-                       project_id: project,
-                       id: cluster
-    end
-    context 'when logged as master' do
+      before do
-      it "redirects back to clusters list" do
+        project.add_master(user)
-        subject
+        sign_in(user)
+      end
+      it "destroys and redirects back to clusters list" do
+        expect { go }
+          .to change { Clusters::Cluster.count }.by(-1)
+          .and change { Clusters::Platforms::Kubernetes.count }.by(-1)
+          .and change { Clusters::Providers::Gcp.count }.by(-1)
        expect(response).to redirect_to(project_clusters_path(project))
        expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
      end
-    end
-    context 'when logged as developer' do
+      context 'when cluster is being created' do
-      let(:role) { :developer }
+        let(:cluster) { create(:cluster, :project, :providing_by_gcp) }
+        it "destroys and redirects back to clusters list" do
+          expect { go }
+            .to change { Clusters::Cluster.count }.by(-1)
+            .and change { Clusters::Platforms::Kubernetes.count }.by(-1)
+            .and change { Clusters::Providers::Gcp.count }.by(-1)
+          expect(response).to redirect_to(project_clusters_path(project))
+          expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
+        end
+      end
+      context 'when provider is user' do
+        let(:cluster) { create(:cluster, :project, :provided_by_user) }
-      it "does not allow to destroy cluster" do
+        it "destroys and redirects back to clusters list" do
-        subject
+          expect { go }
+            .to change { Clusters::Cluster.count }.by(-1)
+            .and change { Clusters::Platforms::Kubernetes.count }.by(-1)
+            .and change { Clusters::Providers::Gcp.count }.by(0)
-        expect(response).to have_http_status(:not_found)
+          expect(response).to redirect_to(project_clusters_path(project))
+          expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
+        end
      end
    end
-  end
-  def make_logged_in
+    describe 'security' do
-    session[GoogleApi::CloudPlatform::Client.session_key_for_token] = '1234'
+      it { expect { go }.to be_allowed_for(:admin) }
-    session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = in_hour.to_i.to_s
+      it { expect { go }.to be_allowed_for(:owner).of(project) }
-  end
+      it { expect { go }.to be_allowed_for(:master).of(project) }
+      it { expect { go }.to be_denied_for(:developer).of(project) }
+      it { expect { go }.to be_denied_for(:reporter).of(project) }
+      it { expect { go }.to be_denied_for(:guest).of(project) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
-  def in_hour
+    def go
-    Time.now + 1.hour
+      delete :destroy, namespace_id: project.namespace,
+                       project_id: project,
+                       id: cluster
+    end
  end
 end
--- a/spec/factories/clusters/cluster.rb
+++ b/spec/factories/clusters/cluster.rb
@@ -42,7 +42,9 @@ FactoryGirl.define do
      end
      after(:create) do |cluster, evaluator|
-        create(:platform_kubernetes, cluster: cluster)
+        build(:platform_kubernetes, cluster: cluster).tap do |platform|
+          platform.save!(validate: false)
+        end
      end
    end
  end

--- a/spec/factories/clusters/platforms/kubernetes.rb
+++ b/spec/factories/clusters/platforms/kubernetes.rb
@@ -3,19 +3,16 @@ FactoryGirl.define do
    cluster
    namespace nil
-    trait :ca_cert do
-      after(:create) do |platform_kubernetes, evaluator|
-        pem_file = File.expand_path(Rails.root.join('spec/fixtures/clusters/sample_cert.pem'))
-        platform_kubernetes.ca_cert = File.read(pem_file)
-      end
-    end
    trait :configured do
      api_url 'https://kubernetes.example.com'
-      ca_cert nil
      token 'a' * 40
      username 'xxxxxx'
      password 'xxxxxx'
+      after(:create) do |platform_kubernetes, evaluator|
+        pem_file = File.expand_path(Rails.root.join('spec/fixtures/clusters/sample_cert.pem'))
+        platform_kubernetes.ca_cert = File.read(pem_file)
+      end
    end
  end
 end
--- a/spec/models/clusters/cluster_spec.rb
+++ b/spec/models/clusters/cluster_spec.rb
@@ -10,6 +10,8 @@ describe Clusters::Cluster do
  it { is_expected.to delegate_method(:status_name).to(:provider) }
  it { is_expected.to delegate_method(:on_creation?).to(:provider) }
  it { is_expected.to respond_to :project }
+  it { is_expected.to validate_presence_of(:provider_type) }
+  it { is_expected.to validate_presence_of(:platform_type) }
  describe '.enabled' do
    subject { described_class.enabled }

--- a/spec/models/clusters/platforms/kubernetes_spec.rb
+++ b/spec/models/clusters/platforms/kubernetes_spec.rb
@@ -11,7 +11,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
  describe 'before_validation' do
    context 'when namespace includes upper case' do
-      let(:kubernetes) { create(:platform_kubernetes, namespace: namespace) }
+      let(:kubernetes) { create(:platform_kubernetes, :configured, namespace: namespace) }
      let(:namespace) { 'ABC' }
      it 'converts to lower case' do
@@ -24,7 +24,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
    subject { kubernetes.valid? }
    context 'when validates namespace' do
-      let(:kubernetes) { build(:platform_kubernetes, namespace: namespace) }
+      let(:kubernetes) { build(:platform_kubernetes, :configured, namespace: namespace) }
      context 'when namespace is blank' do
        let(:namespace) { '' }
@@ -52,74 +52,42 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
    end
    context 'when validates api_url' do
-      context 'when updates a record' do
+      let(:kubernetes) { build(:platform_kubernetes, :configured) }
-        let(:kubernetes) { create(:platform_kubernetes) }
-        before do
+      before do
-          kubernetes.api_url = api_url
+        kubernetes.api_url = api_url
-        end
+      end
-        context 'when api_url is invalid url' do
-          let(:api_url) { '!!!!!!' }
-          it { expect(kubernetes.save).to be_falsey }
-        end
-        context 'when api_url is nil' do
-          let(:api_url) { nil }
-          it { expect(kubernetes.save).to be_falsey }
-        end
-        context 'when api_url is valid url' do
+      context 'when api_url is invalid url' do
-          let(:api_url) { 'https://111.111.111.111' }
+        let(:api_url) { '!!!!!!' }
-          it { expect(kubernetes.save).to be_truthy }
+        it { expect(kubernetes.save).to be_falsey }
-        end
      end
-      context 'when creates a record' do
+      context 'when api_url is nil' do
-        let(:kubernetes) { build(:platform_kubernetes) }
+        let(:api_url) { nil }
-        before do
+        it { expect(kubernetes.save).to be_falsey }
-          kubernetes.api_url = api_url
+      end
-        end
-        context 'when api_url is nil' do
+      context 'when api_url is valid url' do
-          let(:api_url) { nil }
+        let(:api_url) { 'https://111.111.111.111' }
-          it { expect(kubernetes.save).to be_truthy }
+        it { expect(kubernetes.save).to be_truthy }
-        end
      end
    end
    context 'when validates token' do
-      context 'when updates a record' do
+      let(:kubernetes) { build(:platform_kubernetes, :configured) }
-        let(:kubernetes) { create(:platform_kubernetes) }
-        before do
+      before do
-          kubernetes.token = token
+        kubernetes.token = token
-        end
-        context 'when token is nil' do
-          let(:token) { nil }
-          it { expect(kubernetes.save).to be_falsey }
-        end
      end
-      context 'when creates a record' do
+      context 'when token is nil' do
-        let(:kubernetes) { build(:platform_kubernetes) }
+        let(:token) { nil }
-        before do
+        it { expect(kubernetes.save).to be_falsey }
-          kubernetes.token = token
-        end
-        context 'when token is nil' do
-          let(:token) { nil }
-          it { expect(kubernetes.save).to be_truthy }
-        end
      end
    end
  end
@@ -128,7 +96,8 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
    subject { kubernetes.actual_namespace }
    let!(:cluster) { create(:cluster, :project, platform_kubernetes: kubernetes) }
-    let(:kubernetes) { create(:platform_kubernetes, namespace: namespace) }
+    let(:project) { cluster.project }
+    let(:kubernetes) { create(:platform_kubernetes, :configured, namespace: namespace) }
    context 'when namespace is present' do
      let(:namespace) { 'namespace-123' }
@@ -139,7 +108,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
    context 'when namespace is not present' do
      let(:namespace) { nil }
-      it { is_expected.to eq("#{cluster.project.path}-#{cluster.project.id}") }
+      it { is_expected.to eq("#{project.path}-#{project.id}") }
    end
  end
@@ -154,12 +123,13 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
  describe '#default_namespace' do
    subject { kubernetes.default_namespace }
-    let(:kubernetes) { create(:platform_kubernetes) }
+    let(:kubernetes) { create(:platform_kubernetes, :configured) }
    context 'when cluster belongs to a project' do
      let!(:cluster) { create(:cluster, :project, platform_kubernetes: kubernetes) }
+      let(:project) { cluster.project }
-      it { is_expected.to eq("#{cluster.project.path}-#{cluster.project.id}") }
+      it { is_expected.to eq("#{project.path}-#{project.id}") }
    end
    context 'when cluster belongs to nothing' do
@@ -229,7 +199,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
    let!(:cluster) { create(:cluster, :project, platform_kubernetes: service) }
    let(:project) { cluster.project }
-    let(:service) { create(:platform_kubernetes) }
+    let(:service) { create(:platform_kubernetes, :configured) }
    let(:environment) { build(:environment, project: project, name: "env", slug: "env-000000") }
    context 'with invalid pods' do
@@ -268,7 +238,7 @@ describe Clusters::Platforms::Kubernetes, :use_clean_rails_memory_store_caching
    subject { service.calculate_reactive_cache }
    let!(:cluster) { create(:cluster, :project, enabled: enabled, platform_kubernetes: service) }
-    let(:service) { create(:platform_kubernetes, :ca_cert) }
+    let(:service) { create(:platform_kubernetes, :configured) }
    let(:enabled) { true }
    context 'when cluster is disabled' do

--- a/spec/support/google_api_helpers.rb
+++ b/spec/support/google_api_helpers.rb
 module GoogleApi
  module CloudPlatformHelpers
+    def stub_google_api_validate_token
+      request.session[GoogleApi::CloudPlatform::Client.session_key_for_token] = 'token'
+      request.session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = 1.hour.since.to_i.to_s
+    end
+    def stub_google_api_expired_token
+      request.session[GoogleApi::CloudPlatform::Client.session_key_for_token] = 'token'
+      request.session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = 1.hour.ago.to_i.to_s
+    end
    def stub_cloud_platform_get_zone_cluster(project_id, zone, cluster_id, **options)
      WebMock.stub_request(:get, cloud_platform_get_zone_cluster_url(project_id, zone, cluster_id))
        .to_return(cloud_platform_response(cloud_platform_cluster_body(options)))

--- a/spec/support/kubernetes_helpers.rb
+++ b/spec/support/kubernetes_helpers.rb
@@ -14,7 +14,7 @@ module KubernetesHelpers
  end
  def stub_kubeclient_pods(response = nil)
-    stub_kubeclient_discover
+    stub_kubeclient_discover(service.api_url)
    pods_url = service.api_url + "/api/v1/namespaces/#{service.actual_namespace}/pods"
    WebMock.stub_request(:get, pods_url).to_return(response || kube_pods_response)