Commit ba14fca2 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge branch 'cluster_management_projects_updating' into 'master'

Adds ability to set management project for cluster via API

See merge request gitlab-org/gitlab!18429
parents c24432ee 9c7617a9
......@@ -142,6 +142,7 @@ class Clusters::ClustersController < Clusters::BaseController
:environment_scope,
:managed,
:base_domain,
:management_project_id,
platform_kubernetes_attributes: [
:api_url,
:token,
......@@ -155,6 +156,7 @@ class Clusters::ClustersController < Clusters::BaseController
:environment_scope,
:managed,
:base_domain,
:management_project_id,
platform_kubernetes_attributes: [
:namespace
]
......
......@@ -117,6 +117,8 @@ module Clusters
scope :default_environment, -> { where(environment_scope: DEFAULT_ENVIRONMENT) }
scope :for_project_namespace, -> (namespace_id) { joins(:projects).where(projects: { namespace_id: namespace_id }) }
def self.ancestor_clusters_for_clusterable(clusterable, hierarchy_order: :asc)
return [] if clusterable.is_a?(Instance)
......
......@@ -20,7 +20,7 @@ module Clusters
.with
.recursive(cte.to_arel)
.from(cte_alias)
.order(DEPTH_COLUMN => :asc)
.order(depth_order_clause)
end
private
......@@ -40,7 +40,7 @@ module Clusters
end
if clusterable.is_a?(::Project) && include_management_project
cte << management_clusters_query
cte << same_namespace_management_clusters_query
end
cte << base_query
......@@ -49,13 +49,42 @@ module Clusters
cte
end
# Returns project-level clusters where the project is the management project
# for the cluster. The management project has to be in the same namespace /
# group as the cluster's project.
#
# Support for management project in sub-groups is planned in
# https://gitlab.com/gitlab-org/gitlab/issues/34650
#
# NB: group_parent_id is un-used but we still need to match the same number of
# columns as other queries in the CTE.
def same_namespace_management_clusters_query
clusterable.management_clusters
.project_type
.select([clusters_star, 'NULL AS group_parent_id', "0 AS #{DEPTH_COLUMN}"])
.for_project_namespace(clusterable.namespace_id)
end
# Management clusters should be first in the hierarchy so we use 0 for the
# depth column.
#
# group_parent_id is un-used but we still need to match the same number of
# columns as other queries in the CTE.
def management_clusters_query
clusterable.management_clusters.select([clusters_star, 'NULL AS group_parent_id', "0 AS #{DEPTH_COLUMN}"])
# Only applicable if the clusterable is a project (most especially when
# requesting project.deployment_platform).
def depth_order_clause
return { DEPTH_COLUMN => :asc } unless clusterable.is_a?(::Project) && include_management_project
order = <<~SQL
(CASE clusters.management_project_id
WHEN :project_id THEN 0
ELSE #{DEPTH_COLUMN}
END) ASC
SQL
values = {
project_id: clusterable.id
}
model.sanitize_sql_array([Arel.sql(order), values])
end
def group_clusters_base_query
......
......@@ -12,7 +12,7 @@ module DeploymentPlatform
private
def cluster_management_project_enabled?
Feature.enabled?(:cluster_management_project, default_enabled: true)
Feature.enabled?(:cluster_management_project, self)
end
def find_deployment_platform(environment)
......
......@@ -9,7 +9,55 @@ module Clusters
end
def execute(cluster)
if validate_params(cluster)
cluster.update(params)
else
false
end
end
private
def can_admin_pipeline_for_project?(project)
Ability.allowed?(current_user, :admin_pipeline, project)
end
def validate_params(cluster)
if params[:management_project_id]
management_project = management_project_scope(cluster).find_by_id(params[:management_project_id])
unless management_project
cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
return false
end
unless can_admin_pipeline_for_project?(management_project)
# Use same message as not found to prevent enumeration
cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
return false
end
end
true
end
def management_project_scope(cluster)
return ::Project.all if cluster.instance_type?
group =
if cluster.group_type?
cluster.first_group
elsif cluster.project_type?
cluster.first_project&.namespace
end
# Prevent users from selecting nested projects until
# https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved
include_subgroups = cluster.group_type?
::GroupProjectsFinder.new(group: group, current_user: current_user, options: { only_owned: true, include_subgroups: include_subgroups }).execute
end
end
end
---
title: Adds ability to set management project for cluster via API
merge_request: 18429
author:
type: added
......@@ -53,6 +53,16 @@ Example response:
"api_url":"https://104.197.68.152",
"authorization_type":"rbac",
"ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
},
"management_project":
{
"id":2,
"description":null,
"name":"project2",
"name_with_namespace":"John Doe8 / project2",
"path":"project2",
"path_with_namespace":"namespace2/project2",
"created_at":"2019-10-11T02:55:54.138Z"
}
},
{
......@@ -111,6 +121,16 @@ Example response:
"authorization_type":"rbac",
"ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
},
"management_project":
{
"id":2,
"description":null,
"name":"project2",
"name_with_namespace":"John Doe8 / project2",
"path":"project2",
"path_with_namespace":"namespace2/project2",
"created_at":"2019-10-11T02:55:54.138Z"
},
"group":
{
"id":26,
......@@ -135,6 +155,7 @@ Parameters:
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `name` | String | yes | The name of the cluster |
| `domain` | String | no | The [base domain](../user/group/clusters/index.md#base-domain) of the cluster |
| `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster |
| `enabled` | Boolean | no | Determines if cluster is active or not, defaults to true |
| `managed` | Boolean | no | Determines if GitLab will manage namespaces and service accounts for this cluster, defaults to true |
| `platform_kubernetes_attributes[api_url]` | String | yes | The URL to access the Kubernetes API |
......@@ -178,6 +199,7 @@ Example response:
"authorization_type":"rbac",
"ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
},
"management_project":null,
"group":
{
"id":26,
......@@ -248,6 +270,16 @@ Example response:
"authorization_type":"rbac",
"ca_cert":null
},
"management_project":
{
"id":2,
"description":null,
"name":"project2",
"name_with_namespace":"John Doe8 / project2",
"path":"project2",
"path_with_namespace":"namespace2/project2",
"created_at":"2019-10-11T02:55:54.138Z"
},
"group":
{
"id":26,
......
......@@ -54,6 +54,16 @@ Example response:
"namespace":"cluster-1-namespace",
"authorization_type":"rbac",
"ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
},
"management_project":
{
"id":2,
"description":null,
"name":"project2",
"name_with_namespace":"John Doe8 / project2",
"path":"project2",
"path_with_namespace":"namespace2/project2",
"created_at":"2019-10-11T02:55:54.138Z"
}
},
{
......@@ -113,6 +123,16 @@ Example response:
"authorization_type":"rbac",
"ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
},
"management_project":
{
"id":2,
"description":null,
"name":"project2",
"name_with_namespace":"John Doe8 / project2",
"path":"project2",
"path_with_namespace":"namespace2/project2",
"created_at":"2019-10-11T02:55:54.138Z"
},
"project":
{
"id":26,
......@@ -205,6 +225,7 @@ Example response:
"authorization_type":"rbac",
"ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
},
"management_project":null,
"project":
{
"id":26,
......@@ -253,6 +274,7 @@ Parameters:
| `cluster_id` | integer | yes | The ID of the cluster |
| `name` | String | no | The name of the cluster |
| `domain` | String | no | The [base domain](../user/project/clusters/index.md#base-domain) of the cluster |
| `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster |
| `platform_kubernetes_attributes[api_url]` | String | no | The URL to access the Kubernetes API |
| `platform_kubernetes_attributes[token]` | String | no | The token to authenticate against Kubernetes |
| `platform_kubernetes_attributes[ca_cert]` | String | no | TLS certificate (needed if API is using a self-signed TLS certificate |
......@@ -300,6 +322,16 @@ Example response:
"authorization_type":"rbac",
"ca_cert":null
},
"management_project":
{
"id":2,
"description":null,
"name":"project2",
"name_with_namespace":"John Doe8 / project2",
"path":"project2",
"path_with_namespace":"namespace2/project2",
"created_at":"2019-10-11T02:55:54.138Z"
},
"project":
{
"id":26,
......
......@@ -4,7 +4,7 @@ CAUTION: **Warning:**
This is an _alpha_ feature, and it is subject to change at any time without
prior notice.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/17866) in GitLab 12.4
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32810) in GitLab 12.5
A project can be designated as the management project for a cluster.
A management project can be used to run deployment jobs with
......@@ -22,6 +22,14 @@ This can be useful for:
Only the management project will receive `cluster-admin` privileges. All
other projects will continue to receive [namespace scoped `edit` level privileges](../project/clusters/index.md#rbac-cluster-resources).
Management projects are restricted to the following:
- For project-level clusters, the management project must in the same
namespace (or descendants) as the cluster's project.
- For group-level clusters, the management project must in the same
group (or descendants) as as the cluster's group.
- For instance-level clusters, there are no such restrictions.
## Usage
### Selecting a cluster management project
......@@ -87,9 +95,9 @@ configure production cluster:
name: production
```
## Disabling this feature
## Enabling this feature
This feature is enabled by default. To disable this feature, disable the
This feature is disabled by default. To enable this feature, enable the
feature flag `:cluster_management_project`.
To check if the feature flag is enabled on your GitLab instance,
......
......@@ -1791,6 +1791,7 @@ module API
expose :user, using: Entities::UserBasic
expose :platform_kubernetes, using: Entities::Platform::Kubernetes
expose :provider_gcp, using: Entities::Provider::Gcp
expose :management_project, using: Entities::ProjectIdentity
end
class ClusterProject < Cluster
......
......@@ -84,6 +84,7 @@ module API
requires :cluster_id, type: Integer, desc: 'The cluster ID'
optional :name, type: String, desc: 'Cluster name'
optional :domain, type: String, desc: 'Cluster base domain'
optional :management_project_id, type: Integer, desc: 'The ID of the management project'
optional :platform_kubernetes_attributes, type: Hash, desc: %q(Platform Kubernetes data) do
optional :api_url, type: String, desc: 'URL to access the Kubernetes API'
optional :token, type: String, desc: 'Token to authenticate against Kubernetes'
......
......@@ -88,6 +88,7 @@ module API
requires :cluster_id, type: Integer, desc: 'The cluster ID'
optional :name, type: String, desc: 'Cluster name'
optional :domain, type: String, desc: 'Cluster base domain'
optional :management_project_id, type: Integer, desc: 'The ID of the management project'
optional :platform_kubernetes_attributes, type: Hash, desc: %q(Platform Kubernetes data) do
optional :api_url, type: String, desc: 'URL to access the Kubernetes API'
optional :token, type: String, desc: 'Token to authenticate against Kubernetes'
......
......@@ -12701,6 +12701,9 @@ msgstr ""
msgid "Project details"
msgstr ""
msgid "Project does not exist or you don't have permission to perform this action"
msgstr ""
msgid "Project export could not be deleted."
msgstr ""
......
......@@ -152,6 +152,16 @@ describe Clusters::Cluster, :use_clean_rails_memory_store_caching do
end
end
describe '.for_project_namespace' do
subject { described_class.for_project_namespace(namespace_id) }
let!(:cluster) { create(:cluster, :project) }
let!(:another_cluster) { create(:cluster, :project) }
let(:namespace_id) { cluster.first_project.namespace_id }
it { is_expected.to contain_exactly(cluster) }
end
describe 'validations' do
subject { cluster.valid? }
......
......@@ -42,6 +42,28 @@ describe Clusters::ClustersHierarchy do
it 'returns clusters for project' do
expect(base_and_ancestors(cluster.project)).to eq([cluster])
end
context 'cluster has management project' do
let(:management_project) { create(:project, namespace: cluster.first_project.namespace) }
before do
cluster.update!(management_project: management_project)
end
context 'management_project is in same namespace as cluster' do
it 'returns cluster for management_project' do
expect(base_and_ancestors(management_project)).to eq([cluster])
end
end
context 'management_project is in a different namespace from cluster' do
let(:management_project) { create(:project) }
it 'returns nothing' do
expect(base_and_ancestors(management_project)).to be_empty
end
end
end
end
context 'cluster has management project' do
......@@ -50,16 +72,12 @@ describe Clusters::ClustersHierarchy do
let(:group) { create(:group) }
let(:project) { create(:project, group: group) }
let(:management_project) { create(:project) }
let(:management_project) { create(:project, group: group) }
it 'returns clusters for management_project' do
expect(base_and_ancestors(management_project)).to eq([group_cluster])
end
it 'returns nothing if include_management_project is false' do
expect(base_and_ancestors(management_project, include_management_project: false)).to be_empty
end
it 'returns clusters for project' do
expect(base_and_ancestors(project)).to eq([project_cluster, group_cluster])
end
......@@ -70,17 +88,21 @@ describe Clusters::ClustersHierarchy do
end
context 'project in nested group with clusters at some levels' do
let!(:child) { create(:cluster, :group, groups: [child_group], management_project: management_project) }
let!(:ancestor) { create(:cluster, :group, groups: [ancestor_group]) }
let!(:child) { create(:cluster, :group, groups: [child_group]) }
let!(:ancestor) { create(:cluster, :group, groups: [ancestor_group], management_project: management_project) }
let(:ancestor_group) { create(:group) }
let(:parent_group) { create(:group, parent: ancestor_group) }
let(:child_group) { create(:group, parent: parent_group) }
let(:project) { create(:project, group: child_group) }
let(:management_project) { create(:project) }
let(:management_project) { create(:project, group: child_group) }
it 'returns clusters for management_project' do
expect(base_and_ancestors(management_project)).to eq([ancestor, child])
end
it 'returns clusters for management_project' do
expect(base_and_ancestors(management_project)).to eq([child])
expect(base_and_ancestors(management_project, include_management_project: false)).to eq([child, ancestor])
end
it 'returns clusters for project' do
......
......@@ -13,7 +13,11 @@ describe DeploymentPlatform do
end
context 'when project is the cluster\'s management project ' do
let!(:cluster_with_management_project) { create(:cluster, :provided_by_user, management_project: project) }
let(:another_project) { create(:project, namespace: project.namespace) }
let!(:cluster_with_management_project) do
create(:cluster, :provided_by_user, projects: [another_project], management_project: project)
end
context 'cluster_management_project feature is enabled' do
it 'returns the cluster with management project' do
......@@ -66,7 +70,11 @@ describe DeploymentPlatform do
end
context 'when project is the cluster\'s management project ' do
let!(:cluster_with_management_project) { create(:cluster, :provided_by_user, management_project: project) }
let(:another_project) { create(:project, namespace: project.namespace) }
let!(:cluster_with_management_project) do
create(:cluster, :provided_by_user, projects: [another_project], management_project: project)
end
context 'cluster_management_project feature is enabled' do
it 'returns the cluster with management project' do
......
......@@ -286,12 +286,15 @@ describe API::GroupClusters do
let(:update_params) do
{
domain: domain,
platform_kubernetes_attributes: platform_kubernetes_attributes
platform_kubernetes_attributes: platform_kubernetes_attributes,
management_project_id: management_project_id
}
end
let(:domain) { 'new-domain.com' }
let(:platform_kubernetes_attributes) { {} }
let(:management_project) { create(:project, group: group) }
let(:management_project_id) { management_project.id }
let(:cluster) do
create(:cluster, :group, :provided_by_gcp,
......@@ -308,6 +311,8 @@ describe API::GroupClusters do
context 'authorized user' do
before do
management_project.add_maintainer(current_user)
put api("/groups/#{group.id}/clusters/#{cluster.id}", current_user), params: update_params
cluster.reload
......@@ -320,6 +325,7 @@ describe API::GroupClusters do
it 'updates cluster attributes' do
expect(cluster.domain).to eq('new-domain.com')
expect(cluster.management_project).to eq(management_project)
end
end
......@@ -332,6 +338,7 @@ describe API::GroupClusters do
it 'does not update cluster attributes' do
expect(cluster.domain).to eq('old-domain.com')
expect(cluster.management_project).to be_nil
end
it 'returns validation errors' do
......@@ -339,6 +346,18 @@ describe API::GroupClusters do
end
end
context 'current user does not have access to management_project_id' do
let(:management_project_id) { create(:project).id }
it 'responds with 400' do
expect(response).to have_gitlab_http_status(400)
end
it 'returns validation errors' do
expect(json_response['message']['management_project_id'].first).to match('don\'t have permission')
end
end
context 'with a GCP cluster' do
context 'when user tries to change GCP specific fields' do
let(:platform_kubernetes_attributes) do
......
......@@ -281,11 +281,14 @@ describe API::ProjectClusters do
let(:api_url) { 'https://kubernetes.example.com' }
let(:namespace) { 'new-namespace' }
let(:platform_kubernetes_attributes) { { namespace: namespace } }
let(:management_project) { create(:project, namespace: project.namespace) }
let(:management_project_id) { management_project.id }
let(:update_params) do
{
domain: 'new-domain.com',
platform_kubernetes_attributes: platform_kubernetes_attributes
platform_kubernetes_attributes: platform_kubernetes_attributes,
management_project_id: management_project_id
}
end
......@@ -310,6 +313,8 @@ describe API::ProjectClusters do
context 'authorized user' do
before do
management_project.add_maintainer(current_user)
put api("/projects/#{project.id}/clusters/#{cluster.id}", current_user), params: update_params
cluster.reload
......@@ -323,6 +328,7 @@ describe API::ProjectClusters do
it 'updates cluster attributes' do
expect(cluster.domain).to eq('new-domain.com')
expect(cluster.platform_kubernetes.namespace).to eq('new-namespace')
expect(cluster.management_project).to eq(management_project)
end
end
......@@ -336,6 +342,7 @@ describe API::ProjectClusters do
it 'does not update cluster attributes' do
expect(cluster.domain).not_to eq('new_domain.com')
expect(cluster.platform_kubernetes.namespace).not_to eq('invalid_namespace')
expect(cluster.management_project).not_to eq(management_project)
end
it 'returns validation errors' do
......@@ -343,6 +350,18 @@ describe API::ProjectClusters do
end
end
context 'current user does not have access to management_project_id' do
let(:management_project_id) { create(:project).id }
it 'responds with 400' do
expect(response).to have_gitlab_http_status(400)
end
it 'returns validation errors' do
expect(json_response['message']['management_project_id'].first).to match('don\'t have permission')
end
end
context 'with a GCP cluster' do
context 'when user tries to change GCP specific fields' do
let(:platform_kubernetes_attributes) do
......
......@@ -90,5 +90,115 @@ describe Clusters::UpdateService do
end
end
end
context 'when params includes :management_project_id' do
context 'management_project is non-existent' do
let(:params) do
{ management_project_id: 0 }
end
it 'does not update management_project_id' do
is_expected.to eq(false)
expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
cluster.reload
expect(cluster.management_project_id).to be_nil
end
end
shared_examples 'setting a management project' do
context 'user is authorized to adminster manangement_project' do
before do
management_project.add_maintainer(cluster.user)
end
let(:params) do
{ management_project_id: management_project.id }
end
it 'updates management_project_id' do
is_expected.to eq(true)
expect(cluster.management_project).to eq(management_project)
end
end
context 'user is not authorized to adminster manangement_project' do
let(:params) do
{ management_project_id: management_project.id }
end
it 'does not update management_project_id' do
is_expected.to eq(false)
expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
cluster.reload
expect(cluster.management_project_id).to be_nil
end
end
end
context 'project cluster' do
include_examples 'setting a management project' do
let(:management_project) { create(:project, namespace: cluster.first_project.namespace) }
end
context 'manangement_project is outside of the namespace scope' do
before do
management_project.update(group: create(:group))
end
let(:params) do
{ management_project_id: management_project.id }
end
it 'does not update management_project_id' do
is_expected.to eq(false)
expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
cluster.reload
expect(cluster.management_project_id).to be_nil
end
end
end
context 'group cluster' do
let(:cluster) { create(:cluster, :group) }
include_examples 'setting a management project' do
let(:management_project) { create(:project, group: cluster.first_group) }
end
context 'manangement_project is outside of the namespace scope' do
before do
management_project.update(group: create(:group))
end
let(:params) do
{ management_project_id: management_project.id }
end
it 'does not update management_project_id' do
is_expected.to eq(false)
expect(cluster.errors[:management_project_id]).to include('Project does not exist or you don\'t have permission to perform this action')
cluster.reload
expect(cluster.management_project_id).to be_nil
end
end
end
context 'instance cluster' do
let(:cluster) { create(:cluster, :instance) }
include_examples 'setting a management project' do
let(:management_project) { create(:project) }
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment