diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-08-29 21:11:30 +1200 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 16:26:50 +1200 |
commit | fe450ebf51abd9fa96a0eff01ad074fc4cfbedab (patch) | |
tree | 9b15841aaea73e76a266bcc95f08cc0b6dfc7502 | |
parent | 32b96bfd81ff254142dbd9c73e1a494308213cb3 (diff) | |
download | gitlab-ce-fe450ebf51abd9fa96a0eff01ad074fc4cfbedab.tar.gz |
Move FetchKubernetesTokenService to under the Clusters::Gcp::Kubernetes namespace
This is in preparation to share some common code with another service
which will also need a kubeclient utilizing master username and password
-rw-r--r-- | app/services/ci/fetch_kubernetes_token_service.rb | 75 | ||||
-rw-r--r-- | app/services/clusters/gcp/finalize_creation_service.rb | 2 | ||||
-rw-r--r-- | app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb | 74 | ||||
-rw-r--r-- | spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb (renamed from spec/services/ci/fetch_kubernetes_token_service_spec.rb) | 2 |
4 files changed, 76 insertions, 77 deletions
diff --git a/app/services/ci/fetch_kubernetes_token_service.rb b/app/services/ci/fetch_kubernetes_token_service.rb deleted file mode 100644 index 15eda56cac6..00000000000 --- a/app/services/ci/fetch_kubernetes_token_service.rb +++ /dev/null @@ -1,75 +0,0 @@ -# frozen_string_literal: true - -## -# TODO: -# Almost components in this class were copied from app/models/project_services/kubernetes_service.rb -# We should dry up those classes not to repeat the same code. -# Maybe we should have a special facility (e.g. lib/kubernetes_api) to maintain all Kubernetes API caller. -module Ci - class FetchKubernetesTokenService - attr_reader :api_url, :ca_pem, :username, :password - - def initialize(api_url, ca_pem, username, password) - @api_url = api_url - @ca_pem = ca_pem - @username = username - @password = password - end - - def execute - read_secrets.each do |secret| - name = secret.dig('metadata', 'name') - if /default-token/ =~ name - token_base64 = secret.dig('data', 'token') - return Base64.decode64(token_base64) if token_base64 - end - end - - nil - end - - private - - def read_secrets - kubeclient = build_kubeclient! - - kubeclient.get_secrets.as_json - rescue Kubeclient::HttpError => err - raise err unless err.error_code == 404 - - [] - end - - def build_kubeclient!(api_path: 'api', api_version: 'v1') - raise "Incomplete settings" unless api_url && username && password - - ::Kubeclient::Client.new( - join_api_url(api_path), - api_version, - auth_options: { username: username, password: password }, - ssl_options: kubeclient_ssl_options, - http_proxy_uri: ENV['http_proxy'] - ) - end - - def join_api_url(api_path) - url = URI.parse(api_url) - prefix = url.path.sub(%r{/+\z}, '') - - url.path = [prefix, api_path].join("/") - - url.to_s - end - - def kubeclient_ssl_options - opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER } - - if ca_pem.present? - opts[:cert_store] = OpenSSL::X509::Store.new - opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) - end - - opts - end - end -end diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 264419501dc..76b1f439569 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -36,7 +36,7 @@ module Clusters end def request_kubernetes_token - Ci::FetchKubernetesTokenService.new( + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new( 'https://' + gke_cluster.endpoint, Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), gke_cluster.master_auth.username, diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb new file mode 100644 index 00000000000..07c8eaae5d3 --- /dev/null +++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb @@ -0,0 +1,74 @@ +# frozen_string_literal: true + +module Clusters + module Gcp + module Kubernetes + class FetchKubernetesTokenService + attr_reader :api_url, :ca_pem, :username, :password + + def initialize(api_url, ca_pem, username, password) + @api_url = api_url + @ca_pem = ca_pem + @username = username + @password = password + end + + def execute + read_secrets.each do |secret| + name = secret.dig('metadata', 'name') + if /default-token/ =~ name + token_base64 = secret.dig('data', 'token') + return Base64.decode64(token_base64) if token_base64 + end + end + + nil + end + + private + + def read_secrets + kubeclient = build_kubeclient! + + kubeclient.get_secrets.as_json + rescue Kubeclient::HttpError => err + raise err unless err.error_code == 404 + + [] + end + + def build_kubeclient!(api_path: 'api', api_version: 'v1') + raise "Incomplete settings" unless api_url && username && password + + ::Kubeclient::Client.new( + join_api_url(api_path), + api_version, + auth_options: { username: username, password: password }, + ssl_options: kubeclient_ssl_options, + http_proxy_uri: ENV['http_proxy'] + ) + end + + def join_api_url(api_path) + url = URI.parse(api_url) + prefix = url.path.sub(%r{/+\z}, '') + + url.path = [prefix, api_path].join("/") + + url.to_s + end + + def kubeclient_ssl_options + opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER } + + if ca_pem.present? + opts[:cert_store] = OpenSSL::X509::Store.new + opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) + end + + opts + end + end + end + end +end diff --git a/spec/services/ci/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb index 1d05c9671a9..80fde84d299 100644 --- a/spec/services/ci/fetch_kubernetes_token_service_spec.rb +++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe Ci::FetchKubernetesTokenService do +describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do describe '#execute' do subject { described_class.new(api_url, ca_pem, username, password).execute } |