diff --git a/lib/tasks/sync_kubernetes_secrets.rake b/lib/tasks/sync_kubernetes_secrets.rake index ebdd0dacd..f6b468fbe 100644 --- a/lib/tasks/sync_kubernetes_secrets.rake +++ b/lib/tasks/sync_kubernetes_secrets.rake @@ -1,13 +1,9 @@ namespace :kubernetes do desc "Synchronise OAuth Token secrets in Kubernetes" - task :sync_token_secrets, %i[config_map_name] => :environment do |_, args| + task sync_token_secrets: :environment do client = Kubernetes::Client.new - config_map = client.get_config_map(args[:config_map_name]) - emails = JSON.parse(config_map.data["api_user_emails"]) - - api_users = ApiUser.where(email: emails) - missing_users = emails - api_users.map(&:email) + api_users = ApiUser.where(suspended_at: nil) api_users.each do |api_user| api_user.authorisations.not_revoked.each do |token| @@ -18,21 +14,13 @@ namespace :kubernetes do client.apply_secret(name, data) end end - - if missing_users.any? - raise StandardError, "Could not find api users for: #{missing_users.join(', ')}" - end end desc "Synchronise OAuth App secrets in Kubernetes" - task :sync_app_secrets, %i[config_map_name] => :environment do |_, args| + task sync_app_secrets: :environment do client = Kubernetes::Client.new - config_map = client.get_config_map(args[:config_map_name]) - app_names = JSON.parse(config_map.data["app_names"]) - apps = Doorkeeper::Application.where(name: app_names) - - missing_apps = app_names - apps.map(&:name) + apps = Doorkeeper::Application.where(retired: false) apps.each do |app| name = "signon-app-#{app.name}".parameterize @@ -41,9 +29,5 @@ namespace :kubernetes do Rails.logger.info(name) client.apply_secret(name, data) end - - if missing_apps.any? - raise StandardError, "Could not find apps for: #{missing_apps.join(', ')}" - end end end diff --git a/test/lib/tasks/sync_kubernetes_secrets_test.rb b/test/lib/tasks/sync_kubernetes_secrets_test.rb index fefa4ce39..dc6eb83f6 100644 --- a/test/lib/tasks/sync_kubernetes_secrets_test.rb +++ b/test/lib/tasks/sync_kubernetes_secrets_test.rb @@ -15,93 +15,30 @@ class KubernetesTaskTest < ActiveSupport::TestCase api_user_with_token("user2", token_count: 1), ] - stub_config_map(@client, [], api_users.map(&:email)) expect_secret_tokens_created_for_only_users(@client, api_users) - Rake::Task["kubernetes:sync_token_secrets"].execute({ - config_map_name: "config_map_name", - }) + Rake::Task["kubernetes:sync_token_secrets"].execute end - should "create all token secrets for only users specified" do - api_users = [ - api_user_with_token("user1", token_count: 2), - api_user_with_token("user2", token_count: 1), - ] - - specified_user = api_users[0] - - stub_config_map(@client, [], [specified_user.email]) - expect_secret_tokens_created_for_only_users(@client, [specified_user]) - - Rake::Task["kubernetes:sync_token_secrets"].execute({ - config_map_name: "config_map_name", - }) - end - - should "raise an exception about missing user, but not skip other existing users" do - api_users = [ - api_user_with_token("user1", token_count: 2), - api_user_with_token("user2", token_count: 1), - ] - - emails = [api_users[0].email, "do-not-exist@example.com", api_users[1].email] - - stub_config_map(@client, [], emails) - expect_secret_tokens_created_for_only_users(@client, api_users) + should "create token secrets for non-suspended users only" do + suspended_user = api_user_with_token("user1", token_count: 1) + suspended_user.suspend("test") + expected_user = api_user_with_token("user2", token_count: 2) - err = assert_raises StandardError do - Rake::Task["kubernetes:sync_token_secrets"].execute({ - config_map_name: "config_map_name", - }) - end + expect_secret_tokens_created_for_only_users(@client, [expected_user]) - assert_match(/do-not-exist@example.com/, err.message) + Rake::Task["kubernetes:sync_token_secrets"].execute end end context "#sync_app_secrets" do - should "create all app secrets for only specified apps" do + should "create app secrets for all non-retired apps" do app = create(:application) - create(:application) + create(:application, retired: true) - stub_config_map(@client, [app.name], []) expect_secrets_created_for_only_apps(@client, [app]) - Rake::Task["kubernetes:sync_app_secrets"].execute({ - config_map_name: "config_map_name", - }) - end - - should "raise an exception about missing app, but not skip other existing apps" do - apps = [create(:application), create(:application)] - names = [apps[0].name, "Do Not Exist", apps[1].name] - - stub_config_map(@client, names, []) - expect_secrets_created_for_only_apps(@client, apps) - - err = assert_raises StandardError do - Rake::Task["kubernetes:sync_app_secrets"].execute({ - config_map_name: "config_map_name", - }) - end - - assert_match(/Do Not Exist/, err.message) - end - - should "raise an exception about retired app" do - app = create(:application, retired: true) - - stub_config_map(@client, [app.name], []) - expect_secrets_created_for_only_apps(@client, []) - - err = assert_raises StandardError do - Rake::Task["kubernetes:sync_app_secrets"].execute({ - config_map_name: "config_map_name", - }) - end - - assert_match(/#{app.name}/, err.message) + Rake::Task["kubernetes:sync_app_secrets"].execute end end @@ -124,16 +61,4 @@ def expect_secrets_created_for_only_apps(client, apps) ) end end - - def stub_config_map(client, app_names, emails) - email_list = emails.map { |e| %("#{e}") }.join(",") - names_list = app_names.map { |n| %("#{n}") }.join(",") - - client.stubs(:get_config_map).with("config_map_name").returns( - Kubeclient::Resource.new({ - data: { "app_names" => "[#{names_list}]", - "api_user_emails" => "[#{email_list}]" }, - }), - ) - end end