Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3eec327d
Commit
3eec327d
authored
Aug 29, 2018
by
Thong Kuah
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor to DRY out building of kube_client into originator service
parent
7ebc18d1
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
58 additions
and
122 deletions
+58
-122
app/services/clusters/gcp/finalize_creation_service.rb
app/services/clusters/gcp/finalize_creation_service.rb
+36
-10
app/services/clusters/gcp/kubernetes/create_service_account_service.rb
...clusters/gcp/kubernetes/create_service_account_service.rb
+3
-32
app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
...clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
+3
-40
spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
...ers/gcp/kubernetes/create_service_account_service_spec.rb
+8
-20
spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
...ers/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
+8
-20
No files found.
app/services/clusters/gcp/finalize_creation_service.rb
View file @
3eec327d
...
@@ -25,11 +25,7 @@ module Clusters
...
@@ -25,11 +25,7 @@ module Clusters
private
private
def
create_gitlab_service_account!
def
create_gitlab_service_account!
Clusters
::
Gcp
::
Kubernetes
::
CreateServiceAccountService
.
new
(
Clusters
::
Gcp
::
Kubernetes
::
CreateServiceAccountService
.
new
(
kube_client
).
execute
'https://'
+
gke_cluster
.
endpoint
,
Base64
.
decode64
(
gke_cluster
.
master_auth
.
cluster_ca_certificate
),
gke_cluster
.
master_auth
.
username
,
gke_cluster
.
master_auth
.
password
).
execute
end
end
def
configure_provider
def
configure_provider
...
@@ -49,11 +45,7 @@ module Clusters
...
@@ -49,11 +45,7 @@ module Clusters
end
end
def
request_kubernetes_token
def
request_kubernetes_token
Clusters
::
Gcp
::
Kubernetes
::
FetchKubernetesTokenService
.
new
(
Clusters
::
Gcp
::
Kubernetes
::
FetchKubernetesTokenService
.
new
(
kube_client
).
execute
'https://'
+
gke_cluster
.
endpoint
,
Base64
.
decode64
(
gke_cluster
.
master_auth
.
cluster_ca_certificate
),
gke_cluster
.
master_auth
.
username
,
gke_cluster
.
master_auth
.
password
).
execute
end
end
# GKE Clusters have RBAC enabled on Kubernetes >= 1.6
# GKE Clusters have RBAC enabled on Kubernetes >= 1.6
...
@@ -61,6 +53,40 @@ module Clusters
...
@@ -61,6 +53,40 @@ module Clusters
'rbac'
'rbac'
end
end
def
kube_client
@kube_client
||=
build_kube_client!
(
'https://'
+
gke_cluster
.
endpoint
,
Base64
.
decode64
(
gke_cluster
.
master_auth
.
cluster_ca_certificate
),
gke_cluster
.
master_auth
.
username
,
gke_cluster
.
master_auth
.
password
,
api_groups:
[
'api'
,
'apis/rbac.authorization.k8s.io'
]
)
end
def
build_kube_client!
(
api_url
,
ca_pem
,
username
,
password
,
api_groups:
[
'api'
],
api_version:
'v1'
)
raise
"Incomplete settings"
unless
api_url
&&
username
&&
password
Gitlab
::
Kubernetes
::
KubeClient
.
new
(
api_url
,
api_groups
,
api_version
,
auth_options:
{
username:
username
,
password:
password
},
ssl_options:
kubeclient_ssl_options
(
ca_pem
),
http_proxy_uri:
ENV
[
'http_proxy'
]
)
end
def
kubeclient_ssl_options
(
ca_pem
)
opts
=
{
verify_ssl:
OpenSSL
::
SSL
::
VERIFY_PEER
}
if
ca_pem
.
present?
opts
[
:cert_store
]
=
OpenSSL
::
X509
::
Store
.
new
opts
[
:cert_store
].
add_cert
(
OpenSSL
::
X509
::
Certificate
.
new
(
ca_pem
))
end
opts
end
def
gke_cluster
def
gke_cluster
@gke_cluster
||=
provider
.
api_client
.
projects_zones_clusters_get
(
@gke_cluster
||=
provider
.
api_client
.
projects_zones_clusters_get
(
provider
.
gcp_project_id
,
provider
.
gcp_project_id
,
...
...
app/services/clusters/gcp/kubernetes/create_service_account_service.rb
View file @
3eec327d
...
@@ -4,18 +4,13 @@ module Clusters
...
@@ -4,18 +4,13 @@ module Clusters
module
Gcp
module
Gcp
module
Kubernetes
module
Kubernetes
class
CreateServiceAccountService
class
CreateServiceAccountService
attr_reader
:
api_url
,
:ca_pem
,
:username
,
:password
attr_reader
:
kubeclient
def
initialize
(
api_url
,
ca_pem
,
username
,
password
)
def
initialize
(
kubeclient
)
@api_url
=
api_url
@kubeclient
=
kubeclient
@ca_pem
=
ca_pem
@username
=
username
@password
=
password
end
end
def
execute
def
execute
kubeclient
=
build_kube_client!
(
api_groups:
[
'api'
,
'apis/rbac.authorization.k8s.io'
])
kubeclient
.
create_service_account
(
service_account_resource
)
kubeclient
.
create_service_account
(
service_account_resource
)
kubeclient
.
create_cluster_role_binding
(
cluster_role_binding_resource
)
kubeclient
.
create_cluster_role_binding
(
cluster_role_binding_resource
)
end
end
...
@@ -35,30 +30,6 @@ module Clusters
...
@@ -35,30 +30,6 @@ module Clusters
subjects
subjects
).
generate
).
generate
end
end
def
build_kube_client!
(
api_groups:
[
'api'
],
api_version:
'v1'
)
raise
"Incomplete settings"
unless
api_url
&&
username
&&
password
Gitlab
::
Kubernetes
::
KubeClient
.
new
(
api_url
,
api_groups
,
api_version
,
auth_options:
{
username:
username
,
password:
password
},
ssl_options:
kubeclient_ssl_options
,
http_proxy_uri:
ENV
[
'http_proxy'
]
)
end
def
kubeclient_ssl_options
opts
=
{
verify_ssl:
OpenSSL
::
SSL
::
VERIFY_PEER
}
if
ca_pem
.
present?
opts
[
:cert_store
]
=
OpenSSL
::
X509
::
Store
.
new
opts
[
:cert_store
].
add_cert
(
OpenSSL
::
X509
::
Certificate
.
new
(
ca_pem
))
end
opts
end
end
end
end
end
end
end
...
...
app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
View file @
3eec327d
...
@@ -4,13 +4,10 @@ module Clusters
...
@@ -4,13 +4,10 @@ module Clusters
module
Gcp
module
Gcp
module
Kubernetes
module
Kubernetes
class
FetchKubernetesTokenService
class
FetchKubernetesTokenService
attr_reader
:
api_url
,
:ca_pem
,
:username
,
:password
attr_reader
:
kubeclient
def
initialize
(
api_url
,
ca_pem
,
username
,
password
)
def
initialize
(
kubeclient
)
@api_url
=
api_url
@kubeclient
=
kubeclient
@ca_pem
=
ca_pem
@username
=
username
@password
=
password
end
end
def
execute
def
execute
...
@@ -32,46 +29,12 @@ module Clusters
...
@@ -32,46 +29,12 @@ module Clusters
end
end
def
read_secrets
def
read_secrets
kubeclient
=
build_kubeclient!
kubeclient
.
get_secrets
.
as_json
kubeclient
.
get_secrets
.
as_json
rescue
Kubeclient
::
HttpError
=>
err
rescue
Kubeclient
::
HttpError
=>
err
raise
err
unless
err
.
error_code
==
404
raise
err
unless
err
.
error_code
==
404
[]
[]
end
end
def
build_kubeclient!
(
api_path:
'api'
,
api_version:
'v1'
)
raise
"Incomplete settings"
unless
api_url
&&
username
&&
password
::
Kubeclient
::
Client
.
new
(
join_api_url
(
api_path
),
api_version
,
auth_options:
{
username:
username
,
password:
password
},
ssl_options:
kubeclient_ssl_options
,
http_proxy_uri:
ENV
[
'http_proxy'
]
)
end
def
join_api_url
(
api_path
)
url
=
URI
.
parse
(
api_url
)
prefix
=
url
.
path
.
sub
(
%r{/+
\z
}
,
''
)
url
.
path
=
[
prefix
,
api_path
].
join
(
"/"
)
url
.
to_s
end
def
kubeclient_ssl_options
opts
=
{
verify_ssl:
OpenSSL
::
SSL
::
VERIFY_PEER
}
if
ca_pem
.
present?
opts
[
:cert_store
]
=
OpenSSL
::
X509
::
Store
.
new
opts
[
:cert_store
].
add_cert
(
OpenSSL
::
X509
::
Certificate
.
new
(
ca_pem
))
end
opts
end
end
end
end
end
end
end
...
...
spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
View file @
3eec327d
...
@@ -5,15 +5,21 @@ require 'spec_helper'
...
@@ -5,15 +5,21 @@ require 'spec_helper'
describe
Clusters
::
Gcp
::
Kubernetes
::
CreateServiceAccountService
do
describe
Clusters
::
Gcp
::
Kubernetes
::
CreateServiceAccountService
do
include
KubernetesHelpers
include
KubernetesHelpers
let
(
:service
)
{
described_class
.
new
(
api_url
,
ca_pem
,
username
,
password
)
}
let
(
:service
)
{
described_class
.
new
(
kubeclient
)
}
describe
'#execute'
do
describe
'#execute'
do
subject
{
service
.
execute
}
subject
{
service
.
execute
}
let
(
:api_url
)
{
'http://111.111.111.111'
}
let
(
:api_url
)
{
'http://111.111.111.111'
}
let
(
:ca_pem
)
{
''
}
let
(
:username
)
{
'admin'
}
let
(
:username
)
{
'admin'
}
let
(
:password
)
{
'xxx'
}
let
(
:password
)
{
'xxx'
}
let
(
:kubeclient
)
do
Gitlab
::
Kubernetes
::
KubeClient
.
new
(
api_url
,
[
'api'
,
'apis/rbac.authorization.k8s.io'
],
auth_options:
{
username:
username
,
password:
password
}
)
end
context
'when params are correct'
do
context
'when params are correct'
do
before
do
before
do
...
@@ -44,23 +50,5 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
...
@@ -44,23 +50,5 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
)
)
end
end
end
end
context
'when api_url is nil'
do
let
(
:api_url
)
{
nil
}
it
{
expect
{
subject
}.
to
raise_error
(
"Incomplete settings"
)
}
end
context
'when username is nil'
do
let
(
:username
)
{
nil
}
it
{
expect
{
subject
}.
to
raise_error
(
"Incomplete settings"
)
}
end
context
'when password is nil'
do
let
(
:password
)
{
nil
}
it
{
expect
{
subject
}.
to
raise_error
(
"Incomplete settings"
)
}
end
end
end
end
end
spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
View file @
3eec327d
...
@@ -2,12 +2,18 @@ require 'spec_helper'
...
@@ -2,12 +2,18 @@ require 'spec_helper'
describe
Clusters
::
Gcp
::
Kubernetes
::
FetchKubernetesTokenService
do
describe
Clusters
::
Gcp
::
Kubernetes
::
FetchKubernetesTokenService
do
describe
'#execute'
do
describe
'#execute'
do
subject
{
described_class
.
new
(
api_url
,
ca_pem
,
username
,
password
).
execute
}
subject
{
described_class
.
new
(
kubeclient
).
execute
}
let
(
:api_url
)
{
'http://111.111.111.111'
}
let
(
:api_url
)
{
'http://111.111.111.111'
}
let
(
:ca_pem
)
{
''
}
let
(
:username
)
{
'admin'
}
let
(
:username
)
{
'admin'
}
let
(
:password
)
{
'xxx'
}
let
(
:password
)
{
'xxx'
}
let
(
:kubeclient
)
do
Gitlab
::
Kubernetes
::
KubeClient
.
new
(
api_url
,
[
'api'
,
'apis/rbac.authorization.k8s.io'
],
auth_options:
{
username:
username
,
password:
password
}
)
end
context
'when params correct'
do
context
'when params correct'
do
let
(
:token
)
{
'xxx.token.xxx'
}
let
(
:token
)
{
'xxx.token.xxx'
}
...
@@ -50,23 +56,5 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
...
@@ -50,23 +56,5 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
it
{
is_expected
.
to
be_nil
}
it
{
is_expected
.
to
be_nil
}
end
end
end
end
context
'when api_url is nil'
do
let
(
:api_url
)
{
nil
}
it
{
expect
{
subject
}.
to
raise_error
(
"Incomplete settings"
)
}
end
context
'when username is nil'
do
let
(
:username
)
{
nil
}
it
{
expect
{
subject
}.
to
raise_error
(
"Incomplete settings"
)
}
end
context
'when password is nil'
do
let
(
:password
)
{
nil
}
it
{
expect
{
subject
}.
to
raise_error
(
"Incomplete settings"
)
}
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment