Allow group install of JupyterHub

Removes limitations on cluster types that can install JupyterHub

Allow group install of JupyterHub
Removes limitations on cluster types that can install JupyterHub
bc04a1dc · James Fargher · 632b4075 · bc04a1dc · bc04a1dc · bc04a1dc
5 changed file
--- a/app/models/clusters/applications/jupyter.rb
+++ b/app/models/clusters/applications/jupyter.rb
@@ -85,7 +85,8 @@ module Clusters
              "clientId" => oauth_application.uid,
              "clientSecret" => oauth_application.secret,
              "callbackUrl" => callback_url,
-              "gitlabProjectIdWhitelist" => [project_id]
+              "gitlabProjectIdWhitelist" => cluster.projects.ids,
+              "gitlabGroupWhitelist" => cluster.groups.map(&:to_param)
            }
          },
          "singleuser" => {
@@ -101,10 +102,6 @@ module Clusters
        @crypto_key ||= SecureRandom.hex(32)
      end

-      def project_id
-        cluster&.project&.id
-      end
-
      def gitlab_url
        Gitlab.config.gitlab.url
      end

--- a/app/models/clusters/cluster.rb
+++ b/app/models/clusters/cluster.rb
@@ -10,15 +10,15 @@ module Clusters
    self.table_name = 'clusters'

    PROJECT_ONLY_APPLICATIONS = {
-      Applications::Jupyter.application_name => Applications::Jupyter,
      Applications::Knative.application_name => Applications::Knative
    }.freeze
    APPLICATIONS = {
      Applications::Helm.application_name => Applications::Helm,
      Applications::Ingress.application_name => Applications::Ingress,
      Applications::CertManager.application_name => Applications::CertManager,
+      Applications::Prometheus.application_name => Applications::Prometheus,
      Applications::Runner.application_name => Applications::Runner,
-      Applications::Prometheus.application_name => Applications::Prometheus
+      Applications::Jupyter.application_name => Applications::Jupyter
    }.merge(PROJECT_ONLY_APPLICATIONS).freeze
    DEFAULT_ENVIRONMENT = '*'
    KUBE_INGRESS_BASE_DOMAIN = 'KUBE_INGRESS_BASE_DOMAIN'

--- a/changelogs/unreleased/group_level_jupyterhub.yml
+++ b/changelogs/unreleased/group_level_jupyterhub.yml
+---
+title: Group level JupyterHub
+merge_request: 32512
+author:
+type: added
--- a/spec/models/clusters/applications/jupyter_spec.rb
+++ b/spec/models/clusters/applications/jupyter_spec.rb
@@ -81,27 +81,45 @@ describe Clusters::Applications::Jupyter do
  end

  describe '#files' do
-    let(:application) { create(:clusters_applications_jupyter) }
+    let(:cluster) { create(:cluster, :with_installed_helm, :provided_by_gcp, :project) }
+    let(:application) { create(:clusters_applications_jupyter, cluster: cluster) }
    let(:values) { subject[:'values.yaml'] }

    subject { application.files }

-    it 'includes valid values' do
-      expect(values).to include('ingress')
-      expect(values).to include('hub')
-      expect(values).to include('rbac')
-      expect(values).to include('proxy')
-      expect(values).to include('auth')
-      expect(values).to include('singleuser')
-      expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
-      expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
-      expect(values).to include("gitlabProjectIdWhitelist:\n    - #{application.cluster.project.id}")
-      expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
-      expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
+    context 'when cluster belongs to a project' do
+      it 'includes valid values' do
+        expect(values).to include('ingress')
+        expect(values).to include('hub')
+        expect(values).to include('rbac')
+        expect(values).to include('proxy')
+        expect(values).to include('auth')
+        expect(values).to include('singleuser')
+        expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
+        expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
+        expect(values).to include("gitlabProjectIdWhitelist:\n    - #{application.cluster.project.id}")
+        expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
+        expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
+        expect(values).to match(/GITLAB_CLUSTER_ID: '?#{application.cluster.id}/)
+      end
    end

-    context 'when cluster belongs to a project' do
-      it 'sets GitLab project id' do
+    context 'when cluster belongs to a group' do
+      let(:group) { create(:group) }
+      let(:cluster) { create(:cluster, :with_installed_helm, :provided_by_gcp, :group, groups: [group]) }
+
+      it 'includes valid values' do
+        expect(values).to include('ingress')
+        expect(values).to include('hub')
+        expect(values).to include('rbac')
+        expect(values).to include('proxy')
+        expect(values).to include('auth')
+        expect(values).to include('singleuser')
+        expect(values).to match(/clientId: '?#{application.oauth_application.uid}/)
+        expect(values).to match(/callbackUrl: '?#{application.callback_url}/)
+        expect(values).to include("gitlabGroupWhitelist:\n    - #{group.to_param}")
+        expect(values).to include("c.GitLabOAuthenticator.scope = ['api read_repository write_repository']")
+        expect(values).to match(/GITLAB_HOST: '?#{Gitlab.config.gitlab.host}/)
        expect(values).to match(/GITLAB_CLUSTER_ID: '?#{application.cluster.id}/)
      end
    end

--- a/spec/services/clusters/applications/create_service_spec.rb
+++ b/spec/services/clusters/applications/create_service_spec.rb
@@ -147,12 +147,12 @@ describe Clusters::Applications::CreateService do

      using RSpec::Parameterized::TableSyntax

-      where(:application, :association, :allowed, :pre_create_helm) do
-        'helm'       | :application_helm       | true | false
-        'ingress'    | :application_ingress    | true | true
-        'runner'     | :application_runner     | true | true
-        'prometheus' | :application_prometheus | true | true
-        'jupyter'    | :application_jupyter    | false | true
+      where(:application, :association, :allowed, :pre_create_helm, :pre_create_ingress) do
+        'helm'       | :application_helm       | true | false | false
+        'ingress'    | :application_ingress    | true | true | false
+        'runner'     | :application_runner     | true | true | false
+        'prometheus' | :application_prometheus | true | true | false
+        'jupyter'    | :application_jupyter    | true | true | true
      end

      with_them do
@@ -160,6 +160,7 @@ describe Clusters::Applications::CreateService do
          klass = "Clusters::Applications::#{application.titleize}"
          allow_any_instance_of(klass.constantize).to receive(:make_scheduled!).and_call_original
          create(:clusters_applications_helm, :installed, cluster: cluster) if pre_create_helm
+          create(:clusters_applications_ingress, :installed, cluster: cluster, external_hostname: 'example.com') if pre_create_ingress
        end

        let(:params) { { application: application } }