Commit 8ba4bdcb authored by Robert Speicher's avatar Robert Speicher

Merge branch 'kubernetes_agent_on_gitlab_com_ff' into 'master'

Kubernetes agent on GitLab.com feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!53322
parents 2838ad09 6b34eaae
---
name: kubernetes_agent_on_gitlab_com
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53322
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300960
milestone: '13.9'
type: development
group: group::configure
default_enabled: false
......@@ -4,6 +4,7 @@ module Clusters
module Agents
class CreateService < BaseService
def execute(name:)
return error_rollout_gitlab_com unless included_in_gitlab_com_rollout?
return error_not_premium_plan unless project.feature_available?(:cluster_agents)
return error_no_permissions unless cluster_agent_permissions?
......@@ -18,6 +19,14 @@ module Clusters
private
def included_in_gitlab_com_rollout?
Gitlab::Kas.included_in_gitlab_com_rollout?(project)
end
def error_rollout_gitlab_com
error(s_('ClusterAgent|This project is not included in the GitLab.com rollout for Kubernetes agent'))
end
def cluster_agent_permissions?
current_user.can?(:admin_pipeline, project) && current_user.can?(:create_cluster, project)
end
......
......@@ -76,12 +76,42 @@ RSpec.describe API::Internal::Kubernetes do
}
end
it 'returns no_content for valid alert payload' do
it 'returns success for valid alert payload' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(AlertManagement::Alert.count).to eq(1)
expect(AlertManagement::Alert.all.first.project).to eq(agent.project)
expect(response).to have_gitlab_http_status(:ok)
expect(response).to have_gitlab_http_status(:success)
end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns 403' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
end
it 'returns success' do
send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
end
end
context 'when payload is invalid' do
......
......@@ -59,6 +59,57 @@ RSpec.describe Clusters::Agents::CreateService do
message: ["Name can contain only lowercase letters, digits, and '-', but cannot start or end with '-'"]
})
end
context 'not on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(false)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
end
it 'returns success status', :aggregate_failures do
result = service.execute(name: 'success')
expect(result[:status]).to eq(:success)
expect(result[:message]).to be_nil
end
end
end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns errors when project is not in rollout' do
expect(service.execute(name: 'not-in-rollout')).to eq({
status: :error,
message: 'This project is not included in the GitLab.com rollout for Kubernetes agent'
})
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
end
it 'returns success status', :aggregate_failures do
result = service.execute(name: 'success')
expect(result[:status]).to eq(:success)
expect(result[:message]).to be_nil
end
end
end
end
end
end
......@@ -52,6 +52,8 @@ module API
def check_agent_token
forbidden! unless agent_token
forbidden! unless Gitlab::Kas.included_in_gitlab_com_rollout?(agent.project)
end
end
......
......@@ -23,6 +23,12 @@ module Gitlab
write_secret
end
def included_in_gitlab_com_rollout?(project)
return true unless ::Gitlab.com?
Feature.enabled?(:kubernetes_agent_on_gitlab_com, project)
end
end
end
end
......@@ -6051,6 +6051,9 @@ msgstr ""
msgid "ClusterAgent|This feature is only available for premium plans"
msgstr ""
msgid "ClusterAgent|This project is not included in the GitLab.com rollout for Kubernetes agent"
msgstr ""
msgid "ClusterAgent|User has insufficient permissions to create a token for this project"
msgstr ""
......
......@@ -58,4 +58,48 @@ RSpec.describe Gitlab::Kas do
end
end
end
describe '.included_in_gitlab_com_rollout?' do
let_it_be(:project) { create(:project) }
context 'not GitLab.com' do
before do
allow(Gitlab).to receive(:com?).and_return(false)
end
it 'returns true' do
expect(described_class.included_in_gitlab_com_rollout?(project)).to be_truthy
end
end
context 'GitLab.com' do
before do
allow(Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns false' do
expect(described_class.included_in_gitlab_com_rollout?(project)).to be_falsey
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
end
it 'returns true' do
expect(described_class.included_in_gitlab_com_rollout?(project)).to be_truthy
end
it 'returns false for another project' do
expect(described_class.included_in_gitlab_com_rollout?(create(:project))).to be_falsey
end
end
end
end
end
......@@ -62,25 +62,25 @@ RSpec.describe API::Internal::Kubernetes do
let!(:agent_token) { create(:cluster_agent_token) }
it 'returns no_content for valid gitops_sync_count' do
send_request(params: { gitops_sync_count: 10 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { gitops_sync_count: 10 })
expect(response).to have_gitlab_http_status(:no_content)
end
it 'returns no_content 0 gitops_sync_count' do
send_request(params: { gitops_sync_count: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { gitops_sync_count: 0 })
expect(response).to have_gitlab_http_status(:no_content)
end
it 'returns 400 for non number' do
send_request(params: { gitops_sync_count: 'string' }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { gitops_sync_count: 'string' })
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'returns 400 for negative number' do
send_request(params: { gitops_sync_count: '-1' }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
send_request(params: { gitops_sync_count: '-1' })
expect(response).to have_gitlab_http_status(:bad_request)
end
......@@ -125,6 +125,36 @@ RSpec.describe API::Internal::Kubernetes do
)
)
end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns 403' do
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
end
it 'returns success' do
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
end
end
end
end
......@@ -174,6 +204,36 @@ RSpec.describe API::Internal::Kubernetes do
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'on GitLab.com' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
end
context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
end
it 'returns 403' do
send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
before do
stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
end
it 'returns success' do
send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
expect(response).to have_gitlab_http_status(:success)
end
end
end
end
context 'project is private' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment