| ... | @@ -3,6 +3,7 @@ |
... | @@ -3,6 +3,7 @@ |
|
|
require 'spec_helper'
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Gitlab::Kubernetes::KubeClient do
|
|
describe Gitlab::Kubernetes::KubeClient do
|
|
|
|
include StubRequests
|
|
|
include KubernetesHelpers
|
|
include KubernetesHelpers
|
|
|
|
|
|
|
|
let(:api_url) { 'https://kubernetes.example.com/prefix' }
|
|
let(:api_url) { 'https://kubernetes.example.com/prefix' }
|
| ... | @@ -14,6 +15,17 @@ describe Gitlab::Kubernetes::KubeClient do |
... | @@ -14,6 +15,17 @@ describe Gitlab::Kubernetes::KubeClient do |
|
|
stub_kubeclient_discover(api_url)
|
|
stub_kubeclient_discover(api_url)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
|
def method_call(client, method_name)
|
|
|
|
case method_name
|
|
|
|
when /\A(get_|delete_)/
|
|
|
|
client.public_send(method_name)
|
|
|
|
when /\A(create_|update_)/
|
|
|
|
client.public_send(method_name, {})
|
|
|
|
else
|
|
|
|
raise "Unknown method name #{method_name}"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
shared_examples 'a Kubeclient' do
|
|
shared_examples 'a Kubeclient' do
|
|
|
it 'is a Kubeclient::Client' do
|
|
it 'is a Kubeclient::Client' do
|
|
|
is_expected.to be_an_instance_of Kubeclient::Client
|
|
is_expected.to be_an_instance_of Kubeclient::Client
|
| ... | @@ -25,28 +37,30 @@ describe Gitlab::Kubernetes::KubeClient do |
... | @@ -25,28 +37,30 @@ describe Gitlab::Kubernetes::KubeClient do |
|
|
end
|
|
end
|
|
|
|
|
|
|
|
shared_examples 'redirection not allowed' do |method_name|
|
|
shared_examples 'redirection not allowed' do |method_name|
|
|
|
before do
|
|
context 'api_url is redirected' do
|
|
|
redirect_url = 'https://not-under-our-control.example.com/api/v1/pods'
|
|
before do
|
|
|
|
redirect_url = 'https://not-under-our-control.example.com/api/v1/pods'
|
|
|
|
|
|
|
|
stub_request(:get, %r{\A#{api_url}/})
|
|
stub_request(:get, %r{\A#{api_url}/})
|
|
|
.to_return(status: 302, headers: { location: redirect_url })
|
|
.to_return(status: 302, headers: { location: redirect_url })
|
|
|
|
|
|
|
|
stub_request(:get, redirect_url)
|
|
stub_request(:get, redirect_url)
|
|
|
.to_return(status: 200, body: '{}')
|
|
.to_return(status: 200, body: '{}')
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
it 'does not follow redirects' do
|
|
it 'does not follow redirects' do
|
|
|
method_call = -> do
|
|
expect { method_call(client, method_name) }.to raise_error(Kubeclient::HttpError)
|
|
|
case method_name
|
|
|
|
|
when /\A(get_|delete_)/
|
|
|
|
|
client.public_send(method_name)
|
|
|
|
|
when /\A(create_|update_)/
|
|
|
|
|
client.public_send(method_name, {})
|
|
|
|
|
else
|
|
|
|
|
raise "Unknown method name #{method_name}"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
end
|
|
|
expect { method_call.call }.to raise_error(Kubeclient::HttpError)
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples 'dns rebinding not allowed' do |method_name|
|
|
|
|
it 'does not allow DNS rebinding' do
|
|
|
|
stub_dns(api_url, ip_address: '8.8.8.8')
|
|
|
|
client
|
|
|
|
|
|
|
|
stub_dns(api_url, ip_address: '192.168.2.120')
|
|
|
|
expect { method_call(client, method_name) }.to raise_error(ArgumentError, /is blocked/)
|
|
|
end
|
|
end
|
|
|
end
|
|
end
|
|
|
|
|
|
| ... | @@ -160,6 +174,7 @@ describe Gitlab::Kubernetes::KubeClient do |
... | @@ -160,6 +174,7 @@ describe Gitlab::Kubernetes::KubeClient do |
|
|
].each do |method|
|
|
].each do |method|
|
|
|
describe "##{method}" do
|
|
describe "##{method}" do
|
|
|
include_examples 'redirection not allowed', method
|
|
include_examples 'redirection not allowed', method
|
|
|
|
include_examples 'dns rebinding not allowed', method
|
|
|
|
|
|
|
|
it 'delegates to the core client' do
|
|
it 'delegates to the core client' do
|
|
|
expect(client).to delegate_method(method).to(:core_client)
|
|
expect(client).to delegate_method(method).to(:core_client)
|
| ... | @@ -185,6 +200,7 @@ describe Gitlab::Kubernetes::KubeClient do |
... | @@ -185,6 +200,7 @@ describe Gitlab::Kubernetes::KubeClient do |
|
|
].each do |method|
|
|
].each do |method|
|
|
|
describe "##{method}" do
|
|
describe "##{method}" do
|
|
|
include_examples 'redirection not allowed', method
|
|
include_examples 'redirection not allowed', method
|
|
|
|
include_examples 'dns rebinding not allowed', method
|
|
|
|
|
|
|
|
it 'delegates to the rbac client' do
|
|
it 'delegates to the rbac client' do
|
|
|
expect(client).to delegate_method(method).to(:rbac_client)
|
|
expect(client).to delegate_method(method).to(:rbac_client)
|
| ... | @@ -203,6 +219,7 @@ describe Gitlab::Kubernetes::KubeClient do |
... | @@ -203,6 +219,7 @@ describe Gitlab::Kubernetes::KubeClient do |
|
|
|
|
|
|
|
describe '#get_deployments' do
|
|
describe '#get_deployments' do
|
|
|
include_examples 'redirection not allowed', 'get_deployments'
|
|
include_examples 'redirection not allowed', 'get_deployments'
|
|
|
|
include_examples 'dns rebinding not allowed', 'get_deployments'
|
|
|
|
|
|
|
|
it 'delegates to the extensions client' do
|
|
it 'delegates to the extensions client' do
|
|
|
expect(client).to delegate_method(:get_deployments).to(:extensions_client)
|
|
expect(client).to delegate_method(:get_deployments).to(:extensions_client)
|
| ... | |
... | |
| ... | | ... | |