2018-09-25 23:45:43 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-10-31 20:39:01 -04:00
|
|
|
class Clusters::ClustersController < Clusters::BaseController
|
|
|
|
include RoutableActions
|
|
|
|
|
2019-11-26 04:08:36 -05:00
|
|
|
before_action :cluster, only: [:cluster_status, :show, :update, :destroy, :clear_cache]
|
2018-06-12 01:57:04 -04:00
|
|
|
before_action :generate_gcp_authorize_url, only: [:new]
|
|
|
|
before_action :validate_gcp_token, only: [:new]
|
2018-06-05 23:04:40 -04:00
|
|
|
before_action :gcp_cluster, only: [:new]
|
|
|
|
before_action :user_cluster, only: [:new]
|
2019-12-11 19:07:43 -05:00
|
|
|
before_action :authorize_create_cluster!, only: [:new, :authorize_aws_role]
|
2017-10-03 10:44:06 -04:00
|
|
|
before_action :authorize_update_cluster!, only: [:update]
|
2019-11-26 04:08:36 -05:00
|
|
|
before_action :authorize_admin_cluster!, only: [:destroy, :clear_cache]
|
2018-10-31 20:39:01 -04:00
|
|
|
before_action :update_applications_status, only: [:cluster_status]
|
2018-10-14 23:37:51 -04:00
|
|
|
|
2018-05-31 05:28:48 -04:00
|
|
|
helper_method :token_in_session
|
2017-09-25 03:10:25 -04:00
|
|
|
|
2017-12-03 15:34:00 -05:00
|
|
|
STATUS_POLLING_INTERVAL = 10_000
|
|
|
|
|
2017-10-05 11:04:35 -04:00
|
|
|
def index
|
2018-12-11 00:13:29 -05:00
|
|
|
finder = ClusterAncestorsFinder.new(clusterable.subject, current_user)
|
|
|
|
clusters = finder.execute
|
|
|
|
|
|
|
|
# Note: We are paginating through an array here but this should OK as:
|
|
|
|
#
|
|
|
|
# In CE, we can have a maximum group nesting depth of 21, so including
|
2019-02-25 05:42:31 -05:00
|
|
|
# project cluster, we can have max 22 clusters for a group hierarchy.
|
2018-12-11 00:13:29 -05:00
|
|
|
# In EE (Premium) we can have any number, as multiple clusters are
|
|
|
|
# supported, but the number of clusters are fairly low currently.
|
|
|
|
#
|
2019-09-18 10:02:45 -04:00
|
|
|
# See https://gitlab.com/gitlab-org/gitlab-foss/issues/55260 also.
|
2018-11-06 07:13:33 -05:00
|
|
|
@clusters = Kaminari.paginate_array(clusters).page(params[:page]).per(20)
|
2018-12-11 00:13:29 -05:00
|
|
|
|
|
|
|
@has_ancestor_clusters = finder.has_ancestor_clusters?
|
2017-10-05 11:04:35 -04:00
|
|
|
end
|
|
|
|
|
2017-12-03 09:00:33 -05:00
|
|
|
def new
|
2019-11-08 01:06:24 -05:00
|
|
|
if params[:provider] == 'aws'
|
|
|
|
@aws_role = current_user.aws_role || Aws::Role.new
|
|
|
|
@aws_role.ensure_role_external_id!
|
2019-12-11 19:07:43 -05:00
|
|
|
@instance_types = load_instance_types.to_json
|
2019-09-09 16:27:51 -04:00
|
|
|
|
2019-11-08 01:06:24 -05:00
|
|
|
elsif params[:provider] == 'gcp'
|
|
|
|
redirect_to @authorize_url if @authorize_url && !@valid_gcp_token
|
|
|
|
end
|
2017-12-03 09:00:33 -05:00
|
|
|
end
|
|
|
|
|
2018-10-31 20:39:01 -04:00
|
|
|
# Overridding ActionController::Metal#status is NOT a good idea
|
|
|
|
def cluster_status
|
2017-09-28 05:11:17 -04:00
|
|
|
respond_to do |format|
|
|
|
|
format.json do
|
2017-12-04 08:21:23 -05:00
|
|
|
Gitlab::PollingInterval.set_header(response, interval: STATUS_POLLING_INTERVAL)
|
2017-10-02 08:58:50 -04:00
|
|
|
|
2017-10-03 17:21:54 -04:00
|
|
|
render json: ClusterSerializer
|
2018-10-18 21:42:30 -04:00
|
|
|
.new(current_user: @current_user)
|
2017-10-03 17:21:54 -04:00
|
|
|
.represent_status(@cluster)
|
2017-09-27 08:53:50 -04:00
|
|
|
end
|
|
|
|
end
|
2017-09-25 03:10:25 -04:00
|
|
|
end
|
|
|
|
|
2017-10-03 10:44:06 -04:00
|
|
|
def show
|
2017-09-25 03:10:25 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def update
|
2017-10-23 04:36:35 -04:00
|
|
|
Clusters::UpdateService
|
2018-10-10 19:15:04 -04:00
|
|
|
.new(current_user, update_params)
|
2017-09-30 11:54:22 -04:00
|
|
|
.execute(cluster)
|
2017-09-28 11:08:11 -04:00
|
|
|
|
2017-10-04 15:13:01 -04:00
|
|
|
if cluster.valid?
|
2017-11-24 08:43:00 -05:00
|
|
|
respond_to do |format|
|
|
|
|
format.json do
|
|
|
|
head :no_content
|
|
|
|
end
|
|
|
|
format.html do
|
2018-01-29 14:49:00 -05:00
|
|
|
flash[:notice] = _('Kubernetes cluster was successfully updated.')
|
2018-10-30 06:33:43 -04:00
|
|
|
redirect_to cluster.show_path
|
2017-11-24 08:43:00 -05:00
|
|
|
end
|
|
|
|
end
|
2017-10-04 15:13:01 -04:00
|
|
|
else
|
2017-11-24 08:43:00 -05:00
|
|
|
respond_to do |format|
|
|
|
|
format.json { head :bad_request }
|
|
|
|
format.html { render :show }
|
|
|
|
end
|
2017-10-04 15:13:01 -04:00
|
|
|
end
|
2017-09-25 03:10:25 -04:00
|
|
|
end
|
|
|
|
|
2017-09-27 09:17:41 -04:00
|
|
|
def destroy
|
2019-11-08 07:06:32 -05:00
|
|
|
response = Clusters::DestroyService
|
|
|
|
.new(current_user, destroy_params)
|
|
|
|
.execute(cluster)
|
|
|
|
|
|
|
|
flash[:notice] = response[:message]
|
|
|
|
redirect_to clusterable.index_path, status: :found
|
2017-09-27 09:17:41 -04:00
|
|
|
end
|
|
|
|
|
2018-06-12 01:57:04 -04:00
|
|
|
def create_gcp
|
|
|
|
@gcp_cluster = ::Clusters::CreateService
|
2018-10-10 19:15:04 -04:00
|
|
|
.new(current_user, create_gcp_cluster_params)
|
2018-10-18 21:42:30 -04:00
|
|
|
.execute(access_token: token_in_session)
|
2018-10-30 06:33:43 -04:00
|
|
|
.present(current_user: current_user)
|
2018-06-12 01:57:04 -04:00
|
|
|
|
|
|
|
if @gcp_cluster.persisted?
|
2018-10-30 06:33:43 -04:00
|
|
|
redirect_to @gcp_cluster.show_path
|
2018-06-12 01:57:04 -04:00
|
|
|
else
|
|
|
|
generate_gcp_authorize_url
|
|
|
|
validate_gcp_token
|
|
|
|
user_cluster
|
2019-11-26 19:06:23 -05:00
|
|
|
params[:provider] = 'gcp'
|
2018-06-12 01:57:04 -04:00
|
|
|
|
2019-09-09 16:27:51 -04:00
|
|
|
render :new, locals: { active_tab: 'create' }
|
2018-06-12 01:57:04 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-11-13 01:06:38 -05:00
|
|
|
def create_aws
|
|
|
|
@aws_cluster = ::Clusters::CreateService
|
|
|
|
.new(current_user, create_aws_cluster_params)
|
|
|
|
.execute
|
|
|
|
.present(current_user: current_user)
|
|
|
|
|
|
|
|
if @aws_cluster.persisted?
|
|
|
|
head :created, location: @aws_cluster.show_path
|
|
|
|
else
|
|
|
|
render status: :unprocessable_entity, json: @aws_cluster.errors
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-06-12 01:57:04 -04:00
|
|
|
def create_user
|
|
|
|
@user_cluster = ::Clusters::CreateService
|
2018-10-10 19:15:04 -04:00
|
|
|
.new(current_user, create_user_cluster_params)
|
2018-10-18 21:42:30 -04:00
|
|
|
.execute(access_token: token_in_session)
|
2018-10-30 06:33:43 -04:00
|
|
|
.present(current_user: current_user)
|
2018-06-12 01:57:04 -04:00
|
|
|
|
|
|
|
if @user_cluster.persisted?
|
2018-10-30 06:33:43 -04:00
|
|
|
redirect_to @user_cluster.show_path
|
2018-06-12 01:57:04 -04:00
|
|
|
else
|
|
|
|
generate_gcp_authorize_url
|
|
|
|
validate_gcp_token
|
|
|
|
gcp_cluster
|
|
|
|
|
2019-09-09 16:27:51 -04:00
|
|
|
render :new, locals: { active_tab: 'add' }
|
2018-06-12 01:57:04 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-11-08 01:06:24 -05:00
|
|
|
def authorize_aws_role
|
2019-12-11 19:07:43 -05:00
|
|
|
response = Clusters::Aws::AuthorizeRoleService.new(
|
|
|
|
current_user,
|
|
|
|
params: aws_role_params
|
2019-11-13 01:06:38 -05:00
|
|
|
).execute
|
|
|
|
|
|
|
|
render json: response.body, status: response.status
|
|
|
|
end
|
|
|
|
|
2019-11-26 04:08:36 -05:00
|
|
|
def clear_cache
|
|
|
|
cluster.delete_cached_resources!
|
|
|
|
|
|
|
|
redirect_to cluster.show_path, notice: _('Cluster cache cleared.')
|
|
|
|
end
|
|
|
|
|
2017-09-25 03:10:25 -04:00
|
|
|
private
|
|
|
|
|
2019-11-08 07:06:32 -05:00
|
|
|
def destroy_params
|
2019-11-18 22:06:07 -05:00
|
|
|
params.permit(:cleanup)
|
2019-11-08 07:06:32 -05:00
|
|
|
end
|
|
|
|
|
2017-10-05 11:04:35 -04:00
|
|
|
def update_params
|
2019-03-29 14:23:18 -04:00
|
|
|
if cluster.provided_by_user?
|
2017-12-03 09:10:18 -05:00
|
|
|
params.require(:cluster).permit(
|
|
|
|
:enabled,
|
2019-03-29 14:23:18 -04:00
|
|
|
:name,
|
2017-12-16 11:28:59 -05:00
|
|
|
:environment_scope,
|
2019-06-06 21:24:59 -04:00
|
|
|
:managed,
|
2019-01-31 09:58:58 -05:00
|
|
|
:base_domain,
|
2019-10-24 08:06:03 -04:00
|
|
|
:management_project_id,
|
2017-12-03 09:10:18 -05:00
|
|
|
platform_kubernetes_attributes: [
|
2019-03-29 14:23:18 -04:00
|
|
|
:api_url,
|
|
|
|
:token,
|
|
|
|
:ca_cert,
|
2017-12-03 09:10:18 -05:00
|
|
|
:namespace
|
|
|
|
]
|
|
|
|
)
|
|
|
|
else
|
|
|
|
params.require(:cluster).permit(
|
|
|
|
:enabled,
|
2017-12-16 11:28:59 -05:00
|
|
|
:environment_scope,
|
2019-06-06 21:24:59 -04:00
|
|
|
:managed,
|
2019-01-31 09:58:58 -05:00
|
|
|
:base_domain,
|
2019-10-24 08:06:03 -04:00
|
|
|
:management_project_id,
|
2017-12-03 09:10:18 -05:00
|
|
|
platform_kubernetes_attributes: [
|
|
|
|
:namespace
|
2017-12-03 09:33:10 -05:00
|
|
|
]
|
2017-12-03 09:10:18 -05:00
|
|
|
)
|
|
|
|
end
|
2017-10-05 11:04:35 -04:00
|
|
|
end
|
|
|
|
|
2018-06-12 01:57:04 -04:00
|
|
|
def create_gcp_cluster_params
|
|
|
|
params.require(:cluster).permit(
|
|
|
|
:enabled,
|
|
|
|
:name,
|
|
|
|
:environment_scope,
|
2019-05-02 21:05:53 -04:00
|
|
|
:managed,
|
2018-06-12 01:57:04 -04:00
|
|
|
provider_gcp_attributes: [
|
|
|
|
:gcp_project_id,
|
|
|
|
:zone,
|
|
|
|
:num_nodes,
|
2018-09-07 09:32:31 -04:00
|
|
|
:machine_type,
|
2019-09-22 20:06:29 -04:00
|
|
|
:cloud_run,
|
2018-09-07 09:32:31 -04:00
|
|
|
:legacy_abac
|
2018-06-12 01:57:04 -04:00
|
|
|
]).merge(
|
|
|
|
provider_type: :gcp,
|
2018-10-18 21:42:30 -04:00
|
|
|
platform_type: :kubernetes,
|
2018-10-30 06:33:43 -04:00
|
|
|
clusterable: clusterable.subject
|
2019-11-13 01:06:38 -05:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_aws_cluster_params
|
|
|
|
params.require(:cluster).permit(
|
|
|
|
:enabled,
|
|
|
|
:name,
|
|
|
|
:environment_scope,
|
|
|
|
:managed,
|
|
|
|
provider_aws_attributes: [
|
|
|
|
:key_name,
|
|
|
|
:role_arn,
|
|
|
|
:region,
|
|
|
|
:vpc_id,
|
|
|
|
:instance_type,
|
|
|
|
:num_nodes,
|
|
|
|
:security_group_id,
|
|
|
|
subnet_ids: []
|
|
|
|
]).merge(
|
|
|
|
provider_type: :aws,
|
|
|
|
platform_type: :kubernetes,
|
|
|
|
clusterable: clusterable.subject
|
2018-06-12 01:57:04 -04:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_user_cluster_params
|
|
|
|
params.require(:cluster).permit(
|
|
|
|
:enabled,
|
|
|
|
:name,
|
|
|
|
:environment_scope,
|
2019-05-02 21:05:53 -04:00
|
|
|
:managed,
|
2018-06-12 01:57:04 -04:00
|
|
|
platform_kubernetes_attributes: [
|
|
|
|
:namespace,
|
|
|
|
:api_url,
|
|
|
|
:token,
|
2018-09-06 06:03:38 -04:00
|
|
|
:ca_cert,
|
|
|
|
:authorization_type
|
2018-06-12 01:57:04 -04:00
|
|
|
]).merge(
|
|
|
|
provider_type: :user,
|
2018-10-18 21:42:30 -04:00
|
|
|
platform_type: :kubernetes,
|
2018-10-30 06:33:43 -04:00
|
|
|
clusterable: clusterable.subject
|
2018-06-12 01:57:04 -04:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2019-12-11 19:07:43 -05:00
|
|
|
def aws_role_params
|
2019-11-08 01:06:24 -05:00
|
|
|
params.require(:cluster).permit(:role_arn, :role_external_id)
|
|
|
|
end
|
|
|
|
|
2018-06-12 01:57:04 -04:00
|
|
|
def generate_gcp_authorize_url
|
2019-11-26 19:06:23 -05:00
|
|
|
state = generate_session_key_redirect(clusterable.new_path(provider: :gcp).to_s)
|
2018-06-12 01:57:04 -04:00
|
|
|
|
|
|
|
@authorize_url = GoogleApi::CloudPlatform::Client.new(
|
|
|
|
nil, callback_google_api_auth_url,
|
|
|
|
state: state).authorize_url
|
|
|
|
rescue GoogleApi::Auth::ConfigMissingError
|
|
|
|
# no-op
|
|
|
|
end
|
|
|
|
|
|
|
|
def gcp_cluster
|
2018-12-10 07:33:36 -05:00
|
|
|
cluster = Clusters::BuildService.new(clusterable.subject).execute
|
|
|
|
cluster.build_provider_gcp
|
|
|
|
@gcp_cluster = cluster.present(current_user: current_user)
|
2018-06-12 01:57:04 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def user_cluster
|
2018-12-10 07:33:36 -05:00
|
|
|
cluster = Clusters::BuildService.new(clusterable.subject).execute
|
|
|
|
cluster.build_platform_kubernetes
|
|
|
|
@user_cluster = cluster.present(current_user: current_user)
|
2018-06-12 01:57:04 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_gcp_token
|
|
|
|
@valid_gcp_token = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
|
|
|
|
.validate_token(expires_at_in_session)
|
|
|
|
end
|
|
|
|
|
|
|
|
def token_in_session
|
|
|
|
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
|
|
|
|
end
|
|
|
|
|
|
|
|
def expires_at_in_session
|
|
|
|
@expires_at_in_session ||=
|
|
|
|
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
|
|
|
|
end
|
|
|
|
|
|
|
|
def generate_session_key_redirect(uri)
|
|
|
|
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
|
|
|
|
session[key] = uri
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-12-11 19:07:43 -05:00
|
|
|
##
|
|
|
|
# Unfortunately the EC2 API doesn't provide a list of
|
|
|
|
# possible instance types. There is a workaround, using
|
|
|
|
# the Pricing API, but instead of requiring the
|
|
|
|
# user to grant extra permissions for this we use the
|
|
|
|
# values that validate the CloudFormation template.
|
|
|
|
def load_instance_types
|
|
|
|
stack_template = File.read(Rails.root.join('vendor', 'aws', 'cloudformation', 'eks_cluster.yaml'))
|
|
|
|
instance_types = YAML.safe_load(stack_template).dig('Parameters', 'NodeInstanceType', 'AllowedValues')
|
|
|
|
|
|
|
|
instance_types.map { |type| Hash(name: type, value: type) }
|
|
|
|
end
|
|
|
|
|
2018-02-22 17:08:12 -05:00
|
|
|
def update_applications_status
|
|
|
|
@cluster.applications.each(&:schedule_status_update)
|
2018-02-19 21:49:35 -05:00
|
|
|
end
|
2017-09-25 03:10:25 -04:00
|
|
|
end
|
2019-09-13 09:26:31 -04:00
|
|
|
|
|
|
|
Clusters::ClustersController.prepend_if_ee('EE::Clusters::ClustersController')
|