Adds group ClustersController create actions

Re=uses the shared concern CreatesCluster which we previously extracted
from Projects::ClustersController
Extracts creation of cluster to controller concern

Extracted from `Projects::ClustersController#new`, `#create_gcp`,
`#create_user` into new common module, with shared views and shared
examples. This allows Groups::ClustersController to share most of the
code.

app/controllers/concerns/creates_cluster.rb

@@ -85,6 +85,8 @@ module CreatesCluster
     case cluster_parent
     when Project
       new_project_cluster_path(cluster_parent)
+    when Group
+      new_group_cluster_path(cluster_parent)
     else
       raise "Cannot generate redirect gcp_authorize_redirect_url"
     end
@@ -94,6 +96,8 @@ module CreatesCluster
     case cluster_parent
     when Project
       project_cluster_path(cluster_parent, cluster)
+    when Group
+      group_cluster_path(cluster_parent, cluster)
     else
       raise "Unknown cluster_parent type: #{cluster_parent}!"
     end
@@ -103,6 +107,8 @@ module CreatesCluster
     case cluster_parent
     when Project
       :project
+    when Group
+      :group
     else
       raise "Unknown cluster_parent type: #{cluster_parent}!"
     end

app/controllers/groups/clusters_controller.rb

+# frozen_string_literal: true
+
+module Groups
+  class ClustersController < Groups::ApplicationController
+    include ::CreatesCluster
+
+    # CreatesCluster concern
+    alias_method :cluster_parent, :group
+
+    before_action :authorize_create_cluster!, only: [:new, :create_gcp, :create_user]
+
+    private
+
+    def authorize_create_cluster!
+      unless can?(current_user, :create_cluster, group)
+        access_denied!
+      end
+    end
+  end
+end

app/services/clusters/create_service.rb

@@ -8,10 +8,19 @@ module Clusters
       @current_user, @params = user, params.dup
     end
-    def execute(project:, access_token: nil)
-      raise ArgumentError.new(_('Instance does not support multiple Kubernetes clusters')) unless can_create_cluster?(project)
-      cluster_params = params.merge(user: current_user, projects: [project])
+    def execute(project: nil, group: nil, access_token: nil)
+      raise ArgumentError, 'One of project: or group: is required' if !project && !group
+
+      if project
+        raise ArgumentError.new(_('Instance does not support multiple Kubernetes clusters')) unless can_create_cluster?(project)
+      end
+
+      if project
+        cluster_params = params.merge(user: current_user, projects: [project])
+      elsif group
+        cluster_params = params.merge(user: current_user, groups: [group])
+      end
       cluster_params[:provider_gcp_attributes].try do |provider|
         provider[:access_token] = access_token
       end

app/views/shared/clusters/gcp/_form.html.haml

@@ -10,6 +10,8 @@
 - if @project
   - form_url = create_gcp_namespace_project_clusters_path(@project.namespace, @project)
+- elsif @group
+  - form_url = create_gcp_group_clusters_path(@group)
 %p
   - link_to_help_page = link_to(s_('ClusterIntegration|help page'), help_page_path('user/project/clusters/index'), target: '_blank', rel: 'noopener noreferrer')

app/views/shared/clusters/user/_form.html.haml

@@ -2,6 +2,8 @@
 - if @project
   - form_url = create_user_namespace_project_clusters_path(@project.namespace, @project)
+- elsif @group
+  - form_url = create_user_group_clusters_path(@group)
 = form_for user_cluster, url: form_url, as: :cluster do |field|
   = form_errors(user_cluster)

config/routes/group.rb

@@ -72,6 +72,13 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
         post :pause
       end
     end
+
+    resources :clusters, except: [:edit, :create] do
+      collection do
+        post :create_gcp
+        post :create_user
+      end
+    end
   end
   scope(path: '*id',

spec/controllers/groups/clusters_controller_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Groups::ClustersController do
+  include AccessMatchersForController
+  include GoogleApi::CloudPlatformHelpers
+
+  let(:group) { create(:group) }
+  let(:user) { create(:user) }
+
+  before do
+    group.add_maintainer(user)
+    sign_in(user)
+  end
+
+  describe 'GET new' do
+    def go
+      get :new, group_id: group
+    end
+
+    include_examples 'new cluster action', parent_type: :group
+
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(group) }
+      it { expect { go }.to be_allowed_for(:maintainer).of(group) }
+      it { expect { go }.to be_denied_for(:developer).of(group) }
+      it { expect { go }.to be_denied_for(:reporter).of(group) }
+      it { expect { go }.to be_denied_for(:guest).of(group) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+  end
+
+  describe 'POST create_gcp' do
+    let(:legacy_abac_param) { 'true' }
+    let(:params) do
+      {
+        cluster: {
+          name: 'new-cluster',
+          provider_gcp_attributes: {
+            gcp_project_id: 'gcp-project-12345',
+            legacy_abac: legacy_abac_param
+          }
+        }
+      }
+    end
+
+    def go
+      post :create_gcp, params.merge(group_id: group)
+    end
+
+    describe 'functionality' do
+      include_examples 'create_gcp action', parent_type: :group
+    end
+
+    describe 'security' do
+      before do
+        allow_any_instance_of(described_class)
+        .to receive(:token_in_session).and_return('token')
+        allow_any_instance_of(described_class)
+        .to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s)
+        allow_any_instance_of(GoogleApi::CloudPlatform::Client)
+          .to receive(:projects_zones_clusters_create) do
+          OpenStruct.new(
+            self_link: 'projects/gcp-project-12345/zones/us-central1-a/operations/ope-123',
+            status: 'RUNNING'
+          )
+        end
+
+        allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil)
+      end
+
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(group) }
+      it { expect { go }.to be_allowed_for(:maintainer).of(group) }
+      it { expect { go }.to be_denied_for(:developer).of(group) }
+      it { expect { go }.to be_denied_for(:reporter).of(group) }
+      it { expect { go }.to be_denied_for(:guest).of(group) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+  end
+
+  describe 'POST create_user' do
+    let(:params) do
+      {
+        cluster: {
+          name: 'new-cluster',
+          platform_kubernetes_attributes: {
+            api_url: 'http://my-url',
+            token: 'test',
+            namespace: 'aaa'
+          }
+        }
+      }
+    end
+
+    def go
+      post :create_user, params.merge(group_id: group)
+    end
+
+    describe 'functionality' do
+      include_examples 'create_user action', parent_type: :group
+    end
+
+    describe 'security' do
+      it { expect { go }.to be_allowed_for(:admin) }
+      it { expect { go }.to be_allowed_for(:owner).of(group) }
+      it { expect { go }.to be_allowed_for(:maintainer).of(group) }
+      it { expect { go }.to be_denied_for(:developer).of(group) }
+      it { expect { go }.to be_denied_for(:reporter).of(group) }
+      it { expect { go }.to be_denied_for(:guest).of(group) }
+      it { expect { go }.to be_denied_for(:user) }
+      it { expect { go }.to be_denied_for(:external) }
+    end
+  end
+end

spec/services/clusters/create_service_spec.rb

@@ -69,6 +69,22 @@ describe Clusters::CreateService do
       end
     end
+    context 'create cluster for group' do
+      let(:group) { create(:group) }
+
+      subject { service.execute(group: group, access_token: access_token) }
+
+      context 'when correct params' do
+        include_context 'valid cluster create params'
+
+        include_examples 'create cluster service success'
+
+        it 'associates group to the cluster' do
+          expect(subject.group).to eq(group)
+        end
+      end
+    end
+
     context 'create cluster for project' do
       let(:project) { create(:project) }

spec/support/shared_examples/controllers/clusters_shared_examples.rb

@@ -38,6 +38,8 @@ shared_examples 'new cluster action' do |parent_type:|
       google_redirect_url = case parent_type
                             when :project
                               new_project_cluster_path(assigns(:project))
+                            when :group
+                              new_group_cluster_path(assigns(:group))
                             end
       expect(session[session_key_for_redirect_uri]).to eq(google_redirect_url)
@@ -107,6 +109,8 @@ shared_examples 'create_gcp action' do |parent_type:|
       case parent_type
       when :project
         project.clusters.first
+      when :group
+        group.clusters.first
       end
     end
@@ -114,6 +118,8 @@ shared_examples 'create_gcp action' do |parent_type:|
       case parent_type
       when :project
         project_cluster_path(project, first_cluster)
+      when :group
+        group_cluster_path(group, first_cluster)
       end
     end
@@ -149,6 +155,8 @@ shared_examples 'create_user action' do |parent_type:|
     case parent_type
     when :project
       project.clusters.first
+    when :group
+      group.clusters.first
     end
   end
@@ -156,6 +164,8 @@ shared_examples 'create_user action' do |parent_type:|
     case parent_type
     when :project
       project_cluster_path(project, first_cluster)
+    when :group
+      group_cluster_path(group, first_cluster)
     end
   end