diff --git a/ee/app/models/remote_development/workspaces_agent_config.rb b/ee/app/models/remote_development/workspaces_agent_config.rb index 8f5fd5a559cb892e57054c224c788bd09cda323a..441caeb83f487843e108f4c92c9b4058aa6440ef 100644 --- a/ee/app/models/remote_development/workspaces_agent_config.rb +++ b/ee/app/models/remote_development/workspaces_agent_config.rb @@ -25,7 +25,7 @@ class WorkspacesAgentConfig < ApplicationRecord has_many :workspaces, through: :agent, source: :workspaces validates :agent, presence: true - validates :dns_zone, hostname: { allow_numeric_hostname: true } + validates :dns_zone, hostname: { allow_numeric_hostname: true }, if: :dns_zone_required? validates :enabled, inclusion: { in: [true, false] } validates :network_policy_egress, @@ -66,6 +66,8 @@ class WorkspacesAgentConfig < ApplicationRecord less_than_or_equal_to: WorkspaceOperations::MaxHoursBeforeTermination::MAX_HOURS_BEFORE_TERMINATION } + validate :validate_dns_zone_presence + validate :validate_sum_of_delayed_termination_fields_does_not_exceed_max_hours_before_termination_limit validate :validate_allow_privilege_escalation @@ -78,6 +80,19 @@ class WorkspacesAgentConfig < ApplicationRecord private + # @return [Boolean] + def dns_zone_required? + gitlab_workspaces_proxy_http_enabled + end + + # @return [void] + def validate_dns_zone_presence + return unless dns_zone_required? + return if dns_zone.present? + + errors.add(:dns_zone, "can't be blank when gitlab_workspaces_proxy_http_enabled is true") + end + # @return [void] def validate_sum_of_delayed_termination_fields_does_not_exceed_max_hours_before_termination_limit max_hours_before_termination = WorkspaceOperations::MaxHoursBeforeTermination::MAX_HOURS_BEFORE_TERMINATION diff --git a/ee/lib/remote_development/agent_config_operations/updater.rb b/ee/lib/remote_development/agent_config_operations/updater.rb index 493e468fa8cc08f72d295ff83b15710af066bd78..58dbe3649ffb8288c51762438eedbc45e70bc266 100644 --- a/ee/lib/remote_development/agent_config_operations/updater.rb +++ b/ee/lib/remote_development/agent_config_operations/updater.rb @@ -85,6 +85,7 @@ def self.update_or_initialize_workspaces_agent_config(agent:, config_from_agent_ :annotations, :default_resources_per_workspace_container, :default_runtime_class, + :dns_zone, :gitlab_workspaces_proxy_http_enabled, :gitlab_workspaces_proxy_namespace, :gitlab_workspaces_proxy_ssh_enabled, diff --git a/ee/lib/remote_development/settings/default_settings.rb b/ee/lib/remote_development/settings/default_settings.rb index a557463a43fb268714397d3a206c68ebb7001c34..628c3df6e17cd8dab8612c6076759655335e2316 100644 --- a/ee/lib/remote_development/settings/default_settings.rb +++ b/ee/lib/remote_development/settings/default_settings.rb @@ -24,6 +24,7 @@ def self.default_settings ], default_resources_per_workspace_container: [{}, Hash], default_runtime_class: ["", String], + dns_zone: ["", String], full_reconciliation_interval_seconds: [3600, Integer], gitlab_kas_external_url: ["", String], gitlab_workspaces_proxy_http_enabled: [true, :Boolean], diff --git a/ee/spec/lib/remote_development/agent_config_operations/updater_spec.rb b/ee/spec/lib/remote_development/agent_config_operations/updater_spec.rb index 1ce9a0db4f3845dd3e0ff390810b2c663e249962..222192f140607a3a65af7feaab5617e91ac94cd9 100644 --- a/ee/spec/lib/remote_development/agent_config_operations/updater_spec.rb +++ b/ee/spec/lib/remote_development/agent_config_operations/updater_spec.rb @@ -9,6 +9,7 @@ let(:enabled) { true } let(:enabled_present) { true } + let(:dns_zone_present) { true } let_it_be(:dns_zone) { 'my-awesome-domain.me' } let(:unlimited_quota) { -1 } let(:saved_quota) { 5 } @@ -75,9 +76,8 @@ let(:dns_zone_in_config) { dns_zone } let(:config) do - remote_development_config = { - 'dns_zone' => dns_zone_in_config - } + remote_development_config = {} + remote_development_config['dns_zone'] = dns_zone_in_config if dns_zone_present # noinspection RubyMismatchedArgumentType - RubyMine is misinterpreting types for Hash values remote_development_config['enabled'] = enabled if enabled_present # noinspection RubyMismatchedArgumentType - RubyMine is misinterpreting types for Hash values @@ -261,6 +261,19 @@ let(:gitlab_workspaces_proxy_http_enabled) { false } it_behaves_like 'successful update' + + context 'when dns_zone is not set' do + let(:dns_zone_present) { false } + let(:expected_dns_zone) { "" } + + it_behaves_like 'successful update' + end + + context 'when dns_zone is empty' do + let(:dns_zone) { "" } + + it_behaves_like 'successful update' + end end context 'when gitlab_workspaces_proxy.ssh_enabled is explicitly specified in the config passed' do @@ -423,6 +436,13 @@ it_behaves_like 'failed agent config update' end + context 'when dns_zone is empty' do + let(:dns_zone) { "" } + let(:error_pattern) { /dns zone/i } + + it_behaves_like 'failed agent config update' + end + context 'when allow_privilege_escalation is explicitly specified in the config passed' do let(:allow_privilege_escalation) { true } let(:error_pattern) { /allow privilege escalation/i } diff --git a/ee/spec/lib/remote_development/settings/settings_initializer_spec.rb b/ee/spec/lib/remote_development/settings/settings_initializer_spec.rb index 8800299df4719b72c6ac0cc7f4445fb98307b748..c6130c37299391f12699bdf3bedd7db6caea3d74 100644 --- a/ee/spec/lib/remote_development/settings/settings_initializer_spec.rb +++ b/ee/spec/lib/remote_development/settings/settings_initializer_spec.rb @@ -33,6 +33,7 @@ :default_devfile_yaml, :default_resources_per_workspace_container, :default_runtime_class, + :dns_zone, :full_reconciliation_interval_seconds, :gitlab_kas_external_url, :gitlab_workspaces_proxy_http_enabled, @@ -59,6 +60,7 @@ default_devfile_yaml: default_devfile_yaml, default_resources_per_workspace_container: {}, default_runtime_class: "", + dns_zone: "", full_reconciliation_interval_seconds: 3600, gitlab_kas_external_url: "", gitlab_workspaces_proxy_http_enabled: true, @@ -89,6 +91,7 @@ default_devfile_yaml: String, default_resources_per_workspace_container: Hash, default_runtime_class: String, + dns_zone: String, full_reconciliation_interval_seconds: Integer, gitlab_kas_external_url: String, gitlab_workspaces_proxy_http_enabled: :Boolean, diff --git a/ee/spec/models/remote_development/workspaces_agent_config_spec.rb b/ee/spec/models/remote_development/workspaces_agent_config_spec.rb index e1e77b4a5bc6920b34b452cfb009f9d5a8ca4888..addd27cc845ffb28e6a48cb1f17106b4bd9d512b 100644 --- a/ee/spec/models/remote_development/workspaces_agent_config_spec.rb +++ b/ee/spec/models/remote_development/workspaces_agent_config_spec.rb @@ -79,15 +79,27 @@ context 'for dns_zone' do using RSpec::Parameterized::TableSyntax - where(:dns_zone, :validity, :errors) do - "1.domain.com" | be_valid | [] - "example.1.domain.com" | be_valid | [] + where(:dns_zone, :gitlab_workspaces_proxy_http_enabled, :validity, :errors) do + # rubocop:disable Layout/LineLength -- we want single lines for RSpec::Parameterized::TableSyntax + "1.domain.com" | true | be_valid | [] + "example.1.domain.com" | true | be_valid | [] + "" | false | be_valid | [] + nil | false | be_valid | [] # noinspection RubyResolve -- RubyMine cannot find matchers that works general predicate matcher system - "invalid dns" | be_invalid | ["contains invalid characters (valid characters: [a-z0-9\\-])"] + "invalid dns" | true | be_invalid | ["contains invalid characters (valid characters: [a-z0-9\\-])"] + "" | true | be_invalid | ["must be between 1 and 255 characters long", "can't be blank when gitlab_workspaces_proxy_http_enabled is true"] + nil | true | be_invalid | ["must be between 1 and 255 characters long", "can't be blank when gitlab_workspaces_proxy_http_enabled is true"] + # rubocop:enable Layout/LineLength end with_them do - subject(:config) { build(:workspaces_agent_config, dns_zone: dns_zone) } + subject(:config) do + build( + :workspaces_agent_config, + dns_zone: dns_zone, + gitlab_workspaces_proxy_http_enabled: gitlab_workspaces_proxy_http_enabled + ) + end it 'validates' do expect(config).to validity