Merge branch 'kubernetes_agent_on_gitlab_com_ff' into 'master'

Kubernetes agent on GitLab.com feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!53322

Merge branch 'kubernetes_agent_on_gitlab_com_ff' into 'master'
Kubernetes agent on GitLab.com feature flag [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!53322
8ba4bdcb · Robert Speicher · 2838ad09 · 6b34eaae · 8ba4bdcb · 8ba4bdcb
Commit 8ba4bdcb authored Feb 05, 2021 by Robert Speicher
9 changed files
--- a/config/feature_flags/development/kubernetes_agent_on_gitlab_com.yml
+++ b/config/feature_flags/development/kubernetes_agent_on_gitlab_com.yml
+---
+name: kubernetes_agent_on_gitlab_com
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53322
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/300960
+milestone: '13.9'
+type: development
+group: group::configure
+default_enabled: false
--- a/ee/app/services/clusters/agents/create_service.rb
+++ b/ee/app/services/clusters/agents/create_service.rb
@@ -4,6 +4,7 @@ module Clusters
  module Agents
    class CreateService < BaseService
      def execute(name:)
+        return error_rollout_gitlab_com unless included_in_gitlab_com_rollout?
        return error_not_premium_plan unless project.feature_available?(:cluster_agents)
        return error_no_permissions unless cluster_agent_permissions?
@@ -18,6 +19,14 @@ module Clusters
      private
+      def included_in_gitlab_com_rollout?
+        Gitlab::Kas.included_in_gitlab_com_rollout?(project)
+      end
+      def error_rollout_gitlab_com
+        error(s_('ClusterAgent|This project is not included in the GitLab.com rollout for Kubernetes agent'))
+      end
      def cluster_agent_permissions?
        current_user.can?(:admin_pipeline, project) && current_user.can?(:create_cluster, project)
      end

--- a/ee/spec/requests/api/internal/kubernetes_spec.rb
+++ b/ee/spec/requests/api/internal/kubernetes_spec.rb
@@ -76,12 +76,42 @@ RSpec.describe API::Internal::Kubernetes do
        }
      end
-      it 'returns no_content for valid alert payload' do
+      it 'returns success for valid alert payload' do
        send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
        expect(AlertManagement::Alert.count).to eq(1)
        expect(AlertManagement::Alert.all.first.project).to eq(agent.project)
-        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:success)
+      end
+      context 'on GitLab.com' do
+        before do
+          allow(::Gitlab).to receive(:com?).and_return(true)
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
+          end
+          it 'returns 403' do
+            send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+            expect(response).to have_gitlab_http_status(:forbidden)
+          end
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
+          end
+          it 'returns success' do
+            send_request(params: payload, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+            expect(response).to have_gitlab_http_status(:success)
+          end
+        end
      end
      context 'when payload is invalid' do

--- a/ee/spec/services/clusters/agents/create_service_spec.rb
+++ b/ee/spec/services/clusters/agents/create_service_spec.rb
@@ -59,6 +59,57 @@ RSpec.describe Clusters::Agents::CreateService do
          message: ["Name can contain only lowercase letters, digits, and '-', but cannot start or end with '-'"]
        })
      end
+      context 'not on GitLab.com' do
+        before do
+          allow(::Gitlab).to receive(:com?).and_return(false)
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
+          end
+          it 'returns success status', :aggregate_failures do
+            result = service.execute(name: 'success')
+            expect(result[:status]).to eq(:success)
+            expect(result[:message]).to be_nil
+          end
+        end
+      end
+      context 'on GitLab.com' do
+        before do
+          allow(::Gitlab).to receive(:com?).and_return(true)
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
+          end
+          it 'returns errors when project is not in rollout' do
+            expect(service.execute(name: 'not-in-rollout')).to eq({
+              status: :error,
+              message: 'This project is not included in the GitLab.com rollout for Kubernetes agent'
+            })
+          end
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
+          end
+          it 'returns success status', :aggregate_failures do
+            result = service.execute(name: 'success')
+            expect(result[:status]).to eq(:success)
+            expect(result[:message]).to be_nil
+          end
+        end
+      end
    end
  end
 end
--- a/lib/api/internal/kubernetes.rb
+++ b/lib/api/internal/kubernetes.rb
@@ -52,6 +52,8 @@ module API
        def check_agent_token
          forbidden! unless agent_token
+          forbidden! unless Gitlab::Kas.included_in_gitlab_com_rollout?(agent.project)
        end
      end

--- a/lib/gitlab/kas.rb
+++ b/lib/gitlab/kas.rb
@@ -23,6 +23,12 @@ module Gitlab
        write_secret
      end
+      def included_in_gitlab_com_rollout?(project)
+        return true unless ::Gitlab.com?
+        Feature.enabled?(:kubernetes_agent_on_gitlab_com, project)
+      end
    end
  end
 end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -6051,6 +6051,9 @@ msgstr ""
 msgid "ClusterAgent|This feature is only available for premium plans"
 msgstr ""
+msgid "ClusterAgent|This project is not included in the GitLab.com rollout for Kubernetes agent"
+msgstr ""
 msgid "ClusterAgent|User has insufficient permissions to create a token for this project"
 msgstr ""

--- a/spec/lib/gitlab/kas_spec.rb
+++ b/spec/lib/gitlab/kas_spec.rb
@@ -58,4 +58,48 @@ RSpec.describe Gitlab::Kas do
      end
    end
  end
+  describe '.included_in_gitlab_com_rollout?' do
+    let_it_be(:project) { create(:project) }
+    context 'not GitLab.com' do
+      before do
+        allow(Gitlab).to receive(:com?).and_return(false)
+      end
+      it 'returns true' do
+        expect(described_class.included_in_gitlab_com_rollout?(project)).to be_truthy
+      end
+    end
+    context 'GitLab.com' do
+      before do
+        allow(Gitlab).to receive(:com?).and_return(true)
+      end
+      context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
+        before do
+          stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
+        end
+        it 'returns false' do
+          expect(described_class.included_in_gitlab_com_rollout?(project)).to be_falsey
+        end
+      end
+      context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
+        before do
+          stub_feature_flags(kubernetes_agent_on_gitlab_com: project)
+        end
+        it 'returns true' do
+          expect(described_class.included_in_gitlab_com_rollout?(project)).to be_truthy
+        end
+        it 'returns false for another project' do
+          expect(described_class.included_in_gitlab_com_rollout?(create(:project))).to be_falsey
+        end
+      end
+    end
+  end
 end
--- a/spec/requests/api/internal/kubernetes_spec.rb
+++ b/spec/requests/api/internal/kubernetes_spec.rb
@@ -62,25 +62,25 @@ RSpec.describe API::Internal::Kubernetes do
      let!(:agent_token) { create(:cluster_agent_token) }
      it 'returns no_content for valid gitops_sync_count' do
-        send_request(params: { gitops_sync_count: 10 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+        send_request(params: { gitops_sync_count: 10 })
        expect(response).to have_gitlab_http_status(:no_content)
      end
      it 'returns no_content 0 gitops_sync_count' do
-        send_request(params: { gitops_sync_count: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+        send_request(params: { gitops_sync_count: 0 })
        expect(response).to have_gitlab_http_status(:no_content)
      end
      it 'returns 400 for non number' do
-        send_request(params: { gitops_sync_count: 'string' }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+        send_request(params: { gitops_sync_count: 'string' })
        expect(response).to have_gitlab_http_status(:bad_request)
      end
      it 'returns 400 for negative number' do
-        send_request(params: { gitops_sync_count: '-1' }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+        send_request(params: { gitops_sync_count: '-1' })
        expect(response).to have_gitlab_http_status(:bad_request)
      end
@@ -125,6 +125,36 @@ RSpec.describe API::Internal::Kubernetes do
          )
        )
      end
+      context 'on GitLab.com' do
+        before do
+          allow(::Gitlab).to receive(:com?).and_return(true)
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
+          end
+          it 'returns 403' do
+            send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+            expect(response).to have_gitlab_http_status(:forbidden)
+          end
+        end
+        context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
+          before do
+            stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
+          end
+          it 'returns success' do
+            send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+            expect(response).to have_gitlab_http_status(:success)
+          end
+        end
+      end
    end
  end
@@ -174,6 +204,36 @@ RSpec.describe API::Internal::Kubernetes do
            expect(response).to have_gitlab_http_status(:not_found)
          end
        end
+        context 'on GitLab.com' do
+          before do
+            allow(::Gitlab).to receive(:com?).and_return(true)
+          end
+          context 'kubernetes_agent_on_gitlab_com feature flag disabled' do
+            before do
+              stub_feature_flags(kubernetes_agent_on_gitlab_com: false)
+            end
+            it 'returns 403' do
+              send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+              expect(response).to have_gitlab_http_status(:forbidden)
+            end
+          end
+          context 'kubernetes_agent_on_gitlab_com feature flag enabled' do
+            before do
+              stub_feature_flags(kubernetes_agent_on_gitlab_com: agent_token.agent.project)
+            end
+            it 'returns success' do
+              send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+              expect(response).to have_gitlab_http_status(:success)
+            end
+          end
+        end
      end
      context 'project is private' do