19e1024bb8
This enables us to have other options in the future such as passing in `group:`. Also, remove project arg from UpdateService, as un-used. This will help group cluster controller to re-use this services.
224 lines
5.6 KiB
Ruby
224 lines
5.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Projects::ClustersController < Projects::ApplicationController
|
|
before_action :cluster, except: [:index, :new, :create_gcp, :create_user]
|
|
before_action :authorize_read_cluster!
|
|
before_action :generate_gcp_authorize_url, only: [:new]
|
|
before_action :validate_gcp_token, only: [:new]
|
|
before_action :gcp_cluster, only: [:new]
|
|
before_action :user_cluster, only: [:new]
|
|
before_action :authorize_create_cluster!, only: [:new]
|
|
before_action :authorize_update_cluster!, only: [:update]
|
|
before_action :authorize_admin_cluster!, only: [:destroy]
|
|
before_action :update_applications_status, only: [:status]
|
|
helper_method :token_in_session
|
|
|
|
STATUS_POLLING_INTERVAL = 10_000
|
|
|
|
def index
|
|
clusters = ClustersFinder.new(project, current_user, :all).execute
|
|
@clusters = clusters.page(params[:page]).per(20)
|
|
end
|
|
|
|
def new
|
|
end
|
|
|
|
def status
|
|
respond_to do |format|
|
|
format.json do
|
|
Gitlab::PollingInterval.set_header(response, interval: STATUS_POLLING_INTERVAL)
|
|
|
|
render json: ClusterSerializer
|
|
.new(project: @project, current_user: @current_user)
|
|
.represent_status(@cluster)
|
|
end
|
|
end
|
|
end
|
|
|
|
def show
|
|
end
|
|
|
|
def update
|
|
Clusters::UpdateService
|
|
.new(current_user, update_params)
|
|
.execute(cluster)
|
|
|
|
if cluster.valid?
|
|
respond_to do |format|
|
|
format.json do
|
|
head :no_content
|
|
end
|
|
format.html do
|
|
flash[:notice] = _('Kubernetes cluster was successfully updated.')
|
|
redirect_to project_cluster_path(project, cluster)
|
|
end
|
|
end
|
|
else
|
|
respond_to do |format|
|
|
format.json { head :bad_request }
|
|
format.html { render :show }
|
|
end
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
if cluster.destroy
|
|
flash[:notice] = _('Kubernetes cluster integration was successfully removed.')
|
|
redirect_to project_clusters_path(project), status: :found
|
|
else
|
|
flash[:notice] = _('Kubernetes cluster integration was not removed.')
|
|
render :show
|
|
end
|
|
end
|
|
|
|
def create_gcp
|
|
@gcp_cluster = ::Clusters::CreateService
|
|
.new(current_user, create_gcp_cluster_params)
|
|
.execute(project: project, access_token: token_in_session)
|
|
|
|
if @gcp_cluster.persisted?
|
|
redirect_to project_cluster_path(project, @gcp_cluster)
|
|
else
|
|
generate_gcp_authorize_url
|
|
validate_gcp_token
|
|
user_cluster
|
|
|
|
render :new, locals: { active_tab: 'gcp' }
|
|
end
|
|
end
|
|
|
|
def create_user
|
|
@user_cluster = ::Clusters::CreateService
|
|
.new(current_user, create_user_cluster_params)
|
|
.execute(project: project, access_token: token_in_session)
|
|
|
|
if @user_cluster.persisted?
|
|
redirect_to project_cluster_path(project, @user_cluster)
|
|
else
|
|
generate_gcp_authorize_url
|
|
validate_gcp_token
|
|
gcp_cluster
|
|
|
|
render :new, locals: { active_tab: 'user' }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def cluster
|
|
@cluster ||= project.clusters.find(params[:id])
|
|
.present(current_user: current_user)
|
|
end
|
|
|
|
def update_params
|
|
if cluster.managed?
|
|
params.require(:cluster).permit(
|
|
:enabled,
|
|
:environment_scope,
|
|
platform_kubernetes_attributes: [
|
|
:namespace
|
|
]
|
|
)
|
|
else
|
|
params.require(:cluster).permit(
|
|
:enabled,
|
|
:name,
|
|
:environment_scope,
|
|
platform_kubernetes_attributes: [
|
|
:api_url,
|
|
:token,
|
|
:ca_cert,
|
|
:namespace
|
|
]
|
|
)
|
|
end
|
|
end
|
|
|
|
def create_gcp_cluster_params
|
|
params.require(:cluster).permit(
|
|
:enabled,
|
|
:name,
|
|
:environment_scope,
|
|
provider_gcp_attributes: [
|
|
:gcp_project_id,
|
|
:zone,
|
|
:num_nodes,
|
|
:machine_type,
|
|
:legacy_abac
|
|
]).merge(
|
|
provider_type: :gcp,
|
|
platform_type: :kubernetes
|
|
)
|
|
end
|
|
|
|
def create_user_cluster_params
|
|
params.require(:cluster).permit(
|
|
:enabled,
|
|
:name,
|
|
:environment_scope,
|
|
platform_kubernetes_attributes: [
|
|
:namespace,
|
|
:api_url,
|
|
:token,
|
|
:ca_cert,
|
|
:authorization_type
|
|
]).merge(
|
|
provider_type: :user,
|
|
platform_type: :kubernetes
|
|
)
|
|
end
|
|
|
|
def generate_gcp_authorize_url
|
|
state = generate_session_key_redirect(new_project_cluster_path(@project).to_s)
|
|
|
|
@authorize_url = GoogleApi::CloudPlatform::Client.new(
|
|
nil, callback_google_api_auth_url,
|
|
state: state).authorize_url
|
|
rescue GoogleApi::Auth::ConfigMissingError
|
|
# no-op
|
|
end
|
|
|
|
def gcp_cluster
|
|
@gcp_cluster = ::Clusters::Cluster.new.tap do |cluster|
|
|
cluster.build_provider_gcp
|
|
end
|
|
end
|
|
|
|
def user_cluster
|
|
@user_cluster = ::Clusters::Cluster.new.tap do |cluster|
|
|
cluster.build_platform_kubernetes
|
|
end
|
|
end
|
|
|
|
def validate_gcp_token
|
|
@valid_gcp_token = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
|
|
.validate_token(expires_at_in_session)
|
|
end
|
|
|
|
def token_in_session
|
|
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
|
|
end
|
|
|
|
def expires_at_in_session
|
|
@expires_at_in_session ||=
|
|
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
|
|
end
|
|
|
|
def generate_session_key_redirect(uri)
|
|
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
|
|
session[key] = uri
|
|
end
|
|
end
|
|
|
|
def authorize_update_cluster!
|
|
access_denied! unless can?(current_user, :update_cluster, cluster)
|
|
end
|
|
|
|
def authorize_admin_cluster!
|
|
access_denied! unless can?(current_user, :admin_cluster, cluster)
|
|
end
|
|
|
|
def update_applications_status
|
|
@cluster.applications.each(&:schedule_status_update)
|
|
end
|
|
end
|