Skip to content

G
gitlab-ce
Commit 3eec327d authored by Thong Kuah's avatar Thong Kuah
Browse files
Options

Refactor to DRY out building of kube_client into originator service

parent 7ebc18d1
Hide whitespace changes
Inline Side-by-side
Showing with 58 additions and 122 deletions
app/services/clusters/gcp/finalize_creation_service.rb
View file @ 3eec327d
......@@ -25,11 +25,7 @@ module Clusters
private
def create_gitlab_service_account!
Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(
'https://' + gke_cluster.endpoint,
Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
gke_cluster.master_auth.username,
gke_cluster.master_auth.password).execute
Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute
end
def configure_provider
......@@ -49,11 +45,7 @@ module Clusters
end
def request_kubernetes_token
Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(
'https://' + gke_cluster.endpoint,
Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
gke_cluster.master_auth.username,
gke_cluster.master_auth.password).execute
Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute
end
# GKE Clusters have RBAC enabled on Kubernetes >= 1.6
......@@ -61,6 +53,40 @@ module Clusters
'rbac'
end
def kube_client
@kube_client ||= build_kube_client!(
'https://' + gke_cluster.endpoint,
Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
gke_cluster.master_auth.username,
gke_cluster.master_auth.password,
api_groups: ['api', 'apis/rbac.authorization.k8s.io']
)
end
def build_kube_client!(api_url, ca_pem, username, password, api_groups: ['api'], api_version: 'v1')
raise "Incomplete settings" unless api_url && username && password
Gitlab::Kubernetes::KubeClient.new(
api_url,
api_groups,
api_version,
auth_options: { username: username, password: password },
ssl_options: kubeclient_ssl_options(ca_pem),
http_proxy_uri: ENV['http_proxy']
)
end
def kubeclient_ssl_options(ca_pem)
opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
if ca_pem.present?
opts[:cert_store] = OpenSSL::X509::Store.new
opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
end
opts
end
def gke_cluster
@gke_cluster ||= provider.api_client.projects_zones_clusters_get(
provider.gcp_project_id,
......
app/services/clusters/gcp/kubernetes/create_service_account_service.rb
View file @ 3eec327d
......@@ -4,18 +4,13 @@ module Clusters
module Gcp
module Kubernetes
class CreateServiceAccountService
attr_reader :api_url, :ca_pem, :username, :password
attr_reader :kubeclient
def initialize(api_url, ca_pem, username, password)
@api_url = api_url
@ca_pem = ca_pem
@username = username
@password = password
def initialize(kubeclient)
@kubeclient = kubeclient
end
def execute
kubeclient = build_kube_client!(api_groups: ['api', 'apis/rbac.authorization.k8s.io'])
kubeclient.create_service_account(service_account_resource)
kubeclient.create_cluster_role_binding(cluster_role_binding_resource)
end
......@@ -35,30 +30,6 @@ module Clusters
subjects
).generate
end
def build_kube_client!(api_groups: ['api'], api_version: 'v1')
raise "Incomplete settings" unless api_url && username && password
Gitlab::Kubernetes::KubeClient.new(
api_url,
api_groups,
api_version,
auth_options: { username: username, password: password },
ssl_options: kubeclient_ssl_options,
http_proxy_uri: ENV['http_proxy']
)
end
def kubeclient_ssl_options
opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
if ca_pem.present?
opts[:cert_store] = OpenSSL::X509::Store.new
opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
end
opts
end
end
end
end
......
app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
View file @ 3eec327d
......@@ -4,13 +4,10 @@ module Clusters
module Gcp
module Kubernetes
class FetchKubernetesTokenService
attr_reader :api_url, :ca_pem, :username, :password
attr_reader :kubeclient
def initialize(api_url, ca_pem, username, password)
@api_url = api_url
@ca_pem = ca_pem
@username = username
@password = password
def initialize(kubeclient)
@kubeclient = kubeclient
end
def execute
......@@ -32,46 +29,12 @@ module Clusters
end
def read_secrets
kubeclient = build_kubeclient!
kubeclient.get_secrets.as_json
rescue Kubeclient::HttpError => err
raise err unless err.error_code == 404
[]
end
def build_kubeclient!(api_path: 'api', api_version: 'v1')
raise "Incomplete settings" unless api_url && username && password
::Kubeclient::Client.new(
join_api_url(api_path),
api_version,
auth_options: { username: username, password: password },
ssl_options: kubeclient_ssl_options,
http_proxy_uri: ENV['http_proxy']
)
end
def join_api_url(api_path)
url = URI.parse(api_url)
prefix = url.path.sub(%r{/+\z}, '')
url.path = [prefix, api_path].join("/")
url.to_s
end
def kubeclient_ssl_options
opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
if ca_pem.present?
opts[:cert_store] = OpenSSL::X509::Store.new
opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
end
opts
end
end
end
end
......
spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
View file @ 3eec327d
......@@ -5,15 +5,21 @@ require 'spec_helper'
describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
include KubernetesHelpers
let(:service) { described_class.new(api_url, ca_pem, username, password) }
let(:service) { described_class.new(kubeclient) }
describe '#execute' do
subject { service.execute }
let(:api_url) { 'http://111.111.111.111' }
let(:ca_pem) { '' }
let(:username) { 'admin' }
let(:password) { 'xxx' }
let(:kubeclient) do
Gitlab::Kubernetes::KubeClient.new(
api_url,
['api', 'apis/rbac.authorization.k8s.io'],
auth_options: { username: username, password: password }
)
end
context 'when params are correct' do
before do
......@@ -44,23 +50,5 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
)
end
end
context 'when api_url is nil' do
let(:api_url) { nil }
it { expect { subject }.to raise_error("Incomplete settings") }
end
context 'when username is nil' do
let(:username) { nil }
it { expect { subject }.to raise_error("Incomplete settings") }
end
context 'when password is nil' do
let(:password) { nil }
it { expect { subject }.to raise_error("Incomplete settings") }
end
end
end
spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
View file @ 3eec327d
......@@ -2,12 +2,18 @@ require 'spec_helper'
describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
describe '#execute' do
subject { described_class.new(api_url, ca_pem, username, password).execute }
subject { described_class.new(kubeclient).execute }
let(:api_url) { 'http://111.111.111.111' }
let(:ca_pem) { '' }
let(:username) { 'admin' }
let(:password) { 'xxx' }
let(:kubeclient) do
Gitlab::Kubernetes::KubeClient.new(
api_url,
['api', 'apis/rbac.authorization.k8s.io'],
auth_options: { username: username, password: password }
)
end
context 'when params correct' do
let(:token) { 'xxx.token.xxx' }
......@@ -50,23 +56,5 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
it { is_expected.to be_nil }
end
end
context 'when api_url is nil' do
let(:api_url) { nil }
it { expect { subject }.to raise_error("Incomplete settings") }
end
context 'when username is nil' do
let(:username) { nil }
it { expect { subject }.to raise_error("Incomplete settings") }
end
context 'when password is nil' do
let(:password) { nil }
it { expect { subject }.to raise_error("Incomplete settings") }
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7