Revert back FetchKubernetesTokenService
This commit is contained in:
parent
ccf09824f6
commit
1427bdcadf
|
@ -29,7 +29,6 @@ class Projects::ClustersController < Projects::ApplicationController
|
|||
def new
|
||||
@cluster = Clusters::Cluster.new.tap do |cluster|
|
||||
cluster.build_provider_gcp
|
||||
cluster.build_platform_kubernetes
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -18,8 +18,6 @@ module Clusters
|
|||
accepts_nested_attributes_for :provider_gcp, update_only: true
|
||||
accepts_nested_attributes_for :platform_kubernetes, update_only: true
|
||||
|
||||
validates :provider_type, presence: true
|
||||
validates :platform_type, presence: true
|
||||
validates :name, cluster_name: true
|
||||
validate :restrict_modification, on: :update
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ module Clusters
|
|||
}
|
||||
|
||||
# We expect to be `active?` only when enabled and cluster is created (the api_url is assigned)
|
||||
with_options presence: true, if: :active? do
|
||||
with_options presence: true, if: :enabled? do
|
||||
validates :api_url, url: true, presence: true
|
||||
validates :token, presence: true
|
||||
end
|
||||
|
@ -42,10 +42,6 @@ module Clusters
|
|||
delegate :project, to: :cluster, allow_nil: true
|
||||
delegate :enabled?, to: :cluster, allow_nil: true
|
||||
|
||||
def active?
|
||||
enabled? && api_url.present?
|
||||
end
|
||||
|
||||
class << self
|
||||
def namespace_for_project(project)
|
||||
"#{project.path}-#{project.id}"
|
||||
|
@ -87,7 +83,7 @@ module Clusters
|
|||
return raise 'Kubernetes service already configured' unless manages_kubernetes_service?
|
||||
|
||||
ensure_kubernetes_service.update!(
|
||||
active: active?,
|
||||
active: enabled?,
|
||||
api_url: api_url,
|
||||
namespace: namespace,
|
||||
token: token,
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
##
|
||||
# TODO:
|
||||
# Almost components in this class were copied from app/models/project_services/kubernetes_service.rb
|
||||
# We should dry up those classes not to repeat the same code.
|
||||
# Maybe we should have a special facility (e.g. lib/kubernetes_api) to maintain all Kubernetes API caller.
|
||||
module Ci
|
||||
class FetchKubernetesTokenService
|
||||
attr_reader :api_url, :ca_pem, :username, :password
|
||||
|
||||
def initialize(api_url, ca_pem, username, password)
|
||||
@api_url = api_url
|
||||
@ca_pem = ca_pem
|
||||
@username = username
|
||||
@password = password
|
||||
end
|
||||
|
||||
def execute
|
||||
read_secrets.each do |secret|
|
||||
name = secret.dig('metadata', 'name')
|
||||
if /default-token/ =~ name
|
||||
token_base64 = secret.dig('data', 'token')
|
||||
return Base64.decode64(token_base64) if token_base64
|
||||
end
|
||||
end
|
||||
|
||||
nil
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def read_secrets
|
||||
kubeclient = build_kubeclient!
|
||||
|
||||
kubeclient.get_secrets.as_json
|
||||
rescue KubeException => err
|
||||
raise err unless err.error_code == 404
|
||||
[]
|
||||
end
|
||||
|
||||
def build_kubeclient!(api_path: 'api', api_version: 'v1')
|
||||
raise "Incomplete settings" unless api_url && username && password
|
||||
|
||||
::Kubeclient::Client.new(
|
||||
join_api_url(api_path),
|
||||
api_version,
|
||||
auth_options: { username: username, password: password },
|
||||
ssl_options: kubeclient_ssl_options,
|
||||
http_proxy_uri: ENV['http_proxy']
|
||||
)
|
||||
end
|
||||
|
||||
def join_api_url(api_path)
|
||||
url = URI.parse(api_url)
|
||||
prefix = url.path.sub(%r{/+\z}, '')
|
||||
|
||||
url.path = [prefix, api_path].join("/")
|
||||
|
||||
url.to_s
|
||||
end
|
||||
|
||||
def kubeclient_ssl_options
|
||||
opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
|
||||
|
||||
if ca_pem.present?
|
||||
opts[:cert_store] = OpenSSL::X509::Store.new
|
||||
opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
|
||||
end
|
||||
|
||||
opts
|
||||
end
|
||||
end
|
||||
end
|
|
@ -9,10 +9,7 @@ module Clusters
|
|||
configure_provider
|
||||
configure_kubernetes
|
||||
|
||||
ActiveRecord::Base.transaction do
|
||||
kubernetes.save!
|
||||
provider.make_created!
|
||||
end
|
||||
rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
|
||||
provider.make_errored!("Failed to request to CloudPlatform; #{e.message}")
|
||||
rescue KubeException => e
|
||||
|
@ -28,23 +25,21 @@ module Clusters
|
|||
end
|
||||
|
||||
def configure_kubernetes
|
||||
kubernetes.api_url = 'https://' + gke_cluster.endpoint
|
||||
kubernetes.ca_cert = Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate)
|
||||
kubernetes.username = gke_cluster.master_auth.username
|
||||
kubernetes.password = gke_cluster.master_auth.password
|
||||
kubernetes.token = request_kuberenetes_token
|
||||
cluster.platform_type = :kubernetes
|
||||
cluster.build_platform_kubernetes(
|
||||
api_url: 'https://' + gke_cluster.endpoint,
|
||||
ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
|
||||
username: gke_cluster.master_auth.username,
|
||||
password: gke_cluster.master_auth.password,
|
||||
token: request_kuberenetes_token)
|
||||
end
|
||||
|
||||
def request_kuberenetes_token
|
||||
kubernetes.read_secrets.each do |secret|
|
||||
name = secret.dig('metadata', 'name')
|
||||
if /default-token/ =~ name
|
||||
token_base64 = secret.dig('data', 'token')
|
||||
return Base64.decode64(token_base64) if token_base64
|
||||
end
|
||||
end
|
||||
|
||||
nil
|
||||
Ci::FetchKubernetesTokenService.new(
|
||||
'https://' + gke_cluster.endpoint,
|
||||
Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
|
||||
gke_cluster.master_auth.username,
|
||||
gke_cluster.master_auth.password)
|
||||
end
|
||||
|
||||
def gke_cluster
|
||||
|
@ -57,10 +52,6 @@ module Clusters
|
|||
def cluster
|
||||
@cluster ||= provider.cluster
|
||||
end
|
||||
|
||||
def kubernetes
|
||||
@kubernetes ||= cluster.platform_kubernetes
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -5,8 +5,7 @@
|
|||
= s_('ClusterIntegration|Read our %{link_to_help_page} on cluster integration.').html_safe % { link_to_help_page: link_to_help_page}
|
||||
|
||||
= form_for @cluster, url: namespace_project_clusters_path(@project.namespace, @project, @cluster), as: :cluster do |field|
|
||||
= field.hidden_field :platform_type, :value => 'kubernetes'
|
||||
= field.hidden_field :provider_type, :value => 'gcp'
|
||||
= field.hidden_field :provider_type, value: :gcp
|
||||
= form_errors(@cluster)
|
||||
.form-group
|
||||
= field.label :name, s_('ClusterIntegration|Cluster name')
|
||||
|
@ -32,10 +31,5 @@
|
|||
= link_to(s_('ClusterIntegration|See machine types'), 'https://cloud.google.com/compute/docs/machine-types', target: '_blank', rel: 'noopener noreferrer')
|
||||
= provider_gcp_field.text_field :machine_type, class: 'form-control', placeholder: 'n1-standard-4'
|
||||
|
||||
= field.fields_for :platform_kubernetes, @cluster.platform_kubernetes do |platform_kubernetes_field|
|
||||
.form-group
|
||||
= platform_kubernetes_field.label :namespace, s_('ClusterIntegration|Project namespace (optional, unique)')
|
||||
= platform_kubernetes_field.text_field :namespace, class: 'form-control', placeholder: Clusters::Platforms::Kubernetes.namespace_for_project(@project)
|
||||
|
||||
.form-group
|
||||
= field.submit s_('ClusterIntegration|Create cluster'), class: 'btn btn-save'
|
||||
|
|
|
@ -5,8 +5,8 @@ class CreateNewClustersArchitectures < ActiveRecord::Migration
|
|||
create_table :clusters do |t|
|
||||
t.references :user, null: false, index: true, foreign_key: { on_delete: :nullify }
|
||||
|
||||
t.integer :provider_type, null: false
|
||||
t.integer :platform_type, null: false
|
||||
t.integer :provider_type
|
||||
t.integer :platform_type
|
||||
|
||||
t.datetime_with_timezone :created_at, null: false
|
||||
t.datetime_with_timezone :updated_at, null: false
|
||||
|
|
|
@ -508,8 +508,8 @@ ActiveRecord::Schema.define(version: 20171017145932) do
|
|||
|
||||
create_table "clusters", force: :cascade do |t|
|
||||
t.integer "user_id", null: false
|
||||
t.integer "provider_type", null: false
|
||||
t.integer "platform_type", null: false
|
||||
t.integer "provider_type"
|
||||
t.integer "platform_type"
|
||||
t.datetime "created_at", null: false
|
||||
t.datetime "updated_at", null: false
|
||||
t.boolean "enabled", default: true
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Ci::FetchKubernetesTokenService do
|
||||
describe '#execute' do
|
||||
subject { described_class.new(api_url, ca_pem, username, password).execute }
|
||||
|
||||
let(:api_url) { 'http://111.111.111.111' }
|
||||
let(:ca_pem) { '' }
|
||||
let(:username) { 'admin' }
|
||||
let(:password) { 'xxx' }
|
||||
|
||||
context 'when params correct' do
|
||||
let(:token) { 'xxx.token.xxx' }
|
||||
|
||||
let(:secrets_json) do
|
||||
[
|
||||
{
|
||||
'metadata': {
|
||||
name: metadata_name
|
||||
},
|
||||
'data': {
|
||||
'token': Base64.encode64(token)
|
||||
}
|
||||
}
|
||||
]
|
||||
end
|
||||
|
||||
before do
|
||||
allow_any_instance_of(Kubeclient::Client)
|
||||
.to receive(:get_secrets).and_return(secrets_json)
|
||||
end
|
||||
|
||||
context 'when default-token exists' do
|
||||
let(:metadata_name) { 'default-token-123' }
|
||||
|
||||
it { is_expected.to eq(token) }
|
||||
end
|
||||
|
||||
context 'when default-token does not exist' do
|
||||
let(:metadata_name) { 'another-token-123' }
|
||||
|
||||
it { is_expected.to be_nil }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when api_url is nil' do
|
||||
let(:api_url) { nil }
|
||||
|
||||
it { expect { subject }.to raise_error("Incomplete settings") }
|
||||
end
|
||||
|
||||
context 'when username is nil' do
|
||||
let(:username) { nil }
|
||||
|
||||
it { expect { subject }.to raise_error("Incomplete settings") }
|
||||
end
|
||||
|
||||
context 'when password is nil' do
|
||||
let(:password) { nil }
|
||||
|
||||
it { expect { subject }.to raise_error("Incomplete settings") }
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue