Commit 6b34eaae authored by Thong Kuah's avatar Thong Kuah

Add GitLab.com only feature flag for KAS rollout

This allows us to rollout KAS progressively for projects
parent bd3f7118
---
name: kubernetes_agent_on_gitlab_com
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53322
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300960
milestone: '13.9'
type: development
group: group::configure
default_enabled: false
...@@ -4,6 +4,7 @@ module Clusters ...@@ -4,6 +4,7 @@ module Clusters
module Agents module Agents
class CreateService < BaseService class CreateService < BaseService
def execute(name:) def execute(name:)
return error_rollout_gitlab_com unless included_in_gitlab_com_rollout?
return error_not_premium_plan unless project.feature_available?(:cluster_agents) return error_not_premium_plan unless project.feature_available?(:cluster_agents)
return error_no_permissions unless cluster_agent_permissions? return error_no_permissions unless cluster_agent_permissions?
...@@ -18,6 +19,14 @@ module Clusters ...@@ -18,6 +19,14 @@ module Clusters
private private
def included_in_gitlab_com_rollout?
Gitlab::Kas.included_in_gitlab_com_rollout?(project)
end
def error_rollout_gitlab_com
error(s_('ClusterAgent|This project is not included in the GitLab.com rollout for Kubernetes agent'))
end
def cluster_agent_permissions? def cluster_agent_permissions?
current_user.can?(:admin_pipeline, project) && current_user.can?(:create_cluster, project) current_user.can?(:admin_pipeline, project) && current_user.can?(:create_cluster, project)
end end
......
...@@ -76,12 +76,42 @@ RSpec.describe API::Internal::Kubernetes do ...@@ -76,12 +76,42 @@ RSpec.describe API::Internal::Kubernetes do
} }
end end
it 'returns no_content for valid alert payload' do it 'returns success for valid alert payload' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" }) send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(AlertManagement::Alert.count).to eq(1) expect(AlertManagement::Alert.count).to eq(1)
expect(AlertManagement::Alert.all.first.project).to eq(agent.project) expect(AlertManagement::Alert.all.first.project).to eq(agent.project)
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:success)
end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns 403' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
end
it 'returns success' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
end
end end
context 'when payload is invalid' do context 'when payload is invalid' do
......
...@@ -59,6 +59,57 @@ RSpec.describe Clusters::Agents::CreateService do ...@@ -59,6 +59,57 @@ RSpec.describe Clusters::Agents::CreateService do
message: ["Name can contain only lowercase letters, digits, and '-', but cannot start or end with '-'"] message: ["Name can contain only lowercase letters, digits, and '-', but cannot start or end with '-'"]
}) })
end end
context 'not on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(false)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
end
it 'returns success status', :aggregate_failures do
result = service.execute(name: 'success')
expect(result[:status]).to eq(:success)
expect(result[:message]).to be_nil
end
end
end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns errors when project is not in rollout' do
expect(service.execute(name: 'not-in-rollout')).to eq({
status: :error,
message: 'This project is not included in the GitLab.com rollout for Kubernetes agent'
})
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
end
it 'returns success status', :aggregate_failures do
result = service.execute(name: 'success')
expect(result[:status]).to eq(:success)
expect(result[:message]).to be_nil
end
end
end
end end
end end
end end
...@@ -52,6 +52,8 @@ module API ...@@ -52,6 +52,8 @@ module API
def check_agent_token def check_agent_token
forbidden! unless agent_token forbidden! unless agent_token
forbidden! unless Gitlab::Kas.included_in_gitlab_com_rollout?(agent.project)
end end
end end
......
...@@ -23,6 +23,12 @@ module Gitlab ...@@ -23,6 +23,12 @@ module Gitlab
write_secret write_secret
end end
def included_in_gitlab_com_rollout?(project)
return true unless ::Gitlab.com?
Feature.enabled?(:kubernetes_agent_on_gitlab_com, project)
end
end end
end end
end end
...@@ -6051,6 +6051,9 @@ msgstr "" ...@@ -6051,6 +6051,9 @@ msgstr ""
msgid "ClusterAgent|This feature is only available for premium plans" msgid "ClusterAgent|This feature is only available for premium plans"
msgstr "" msgstr ""
msgid "ClusterAgent|This project is not included in the GitLab.com rollout for Kubernetes agent"
msgstr ""
msgid "ClusterAgent|User has insufficient permissions to create a token for this project" msgid "ClusterAgent|User has insufficient permissions to create a token for this project"
msgstr "" msgstr ""
......
...@@ -58,4 +58,48 @@ RSpec.describe Gitlab::Kas do ...@@ -58,4 +58,48 @@ RSpec.describe Gitlab::Kas do
end end
end end
end end
describe '.included_in_gitlab_com_rollout?' do
let_it_be(:project) { create(:project) }
context 'not GitLab.com' do
before do
allow(Gitlab).to receive(:com?).and_return(false)
end
it 'returns true' do
expect(described_class.included_in_gitlab_com_rollout?(project)).to be_truthy
end
end
context 'GitLab.com' do
before do
allow(Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns false' do
expect(described_class.included_in_gitlab_com_rollout?(project)).to be_falsey
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
end
it 'returns true' do
expect(described_class.included_in_gitlab_com_rollout?(project)).to be_truthy
end
it 'returns false for another project' do
expect(described_class.included_in_gitlab_com_rollout?(create(:project))).to be_falsey
end
end
end
end
end end
...@@ -125,6 +125,36 @@ RSpec.describe API::Internal::Kubernetes do ...@@ -125,6 +125,36 @@ RSpec.describe API::Internal::Kubernetes do
) )
) )
end end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns 403' do
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
end
it 'returns success' do
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
end
end
end end
end end
...@@ -174,6 +204,36 @@ RSpec.describe API::Internal::Kubernetes do ...@@ -174,6 +204,36 @@ RSpec.describe API::Internal::Kubernetes do
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns 403' do
send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
end
it 'returns success' do
send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
end
end
end end
context 'project is private' do context 'project is private' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment