Commit bbbb5d46 authored by Thong Kuah's avatar Thong Kuah

Merge branch 'gke-oauth' into 'master'

Modify default GKE OAuth Scopes

Closes #22488

See merge request gitlab-org/gitlab!20662
parents f51fece8 58566637
---
title: Allow Gitlab GKE clusters to access Google Cloud Registry private images
merge_request: 20662
author: Tan Yee Jian
type: fixed
...@@ -13,6 +13,11 @@ module GoogleApi ...@@ -13,6 +13,11 @@ module GoogleApi
LEAST_TOKEN_LIFE_TIME = 10.minutes LEAST_TOKEN_LIFE_TIME = 10.minutes
CLUSTER_MASTER_AUTH_USERNAME = 'admin' CLUSTER_MASTER_AUTH_USERNAME = 'admin'
CLUSTER_IPV4_CIDR_BLOCK = '/16' CLUSTER_IPV4_CIDR_BLOCK = '/16'
CLUSTER_OAUTH_SCOPES = [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring"
].freeze
class << self class << self
def session_key_for_token def session_key_for_token
...@@ -86,7 +91,8 @@ module GoogleApi ...@@ -86,7 +91,8 @@ module GoogleApi
name: cluster_name, name: cluster_name,
initial_node_count: cluster_size, initial_node_count: cluster_size,
node_config: { node_config: {
machine_type: machine_type machine_type: machine_type,
oauth_scopes: CLUSTER_OAUTH_SCOPES
}, },
master_auth: { master_auth: {
username: CLUSTER_MASTER_AUTH_USERNAME, username: CLUSTER_MASTER_AUTH_USERNAME,
...@@ -101,13 +107,17 @@ module GoogleApi ...@@ -101,13 +107,17 @@ module GoogleApi
use_ip_aliases: true, use_ip_aliases: true,
cluster_ipv4_cidr_block: CLUSTER_IPV4_CIDR_BLOCK cluster_ipv4_cidr_block: CLUSTER_IPV4_CIDR_BLOCK
}, },
addons_config: enable_addons.each_with_object({}) do |addon, hash| addons_config: make_addons_config(enable_addons)
hash[addon] = { disabled: false }
end
} }
} }
end end
def make_addons_config(enable_addons)
enable_addons.each_with_object({}) do |addon, hash|
hash[addon] = { disabled: false }
end
end
def token_life_time(expires_at) def token_life_time(expires_at)
DateTime.strptime(expires_at, '%s').to_time.utc - Time.now.utc DateTime.strptime(expires_at, '%s').to_time.utc - Time.now.utc
end end
......
...@@ -92,7 +92,12 @@ describe GoogleApi::CloudPlatform::Client do ...@@ -92,7 +92,12 @@ describe GoogleApi::CloudPlatform::Client do
name: cluster_name, name: cluster_name,
initial_node_count: cluster_size, initial_node_count: cluster_size,
node_config: { node_config: {
machine_type: machine_type machine_type: machine_type,
oauth_scopes: [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring"
]
}, },
master_auth: { master_auth: {
username: 'admin', username: 'admin',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment