Move FetchKubernetesTokenService to under the Clusters::Gcp::Kubernetes namespace

This is in preparation to share some common code with another service
which will also need a kubeclient utilizing master username and password

4 files changed, 76 insertions, 77 deletions

diff --git a/app/services/ci/fetch_kubernetes_token_service.rb b/app/services/ci/fetch_kubernetes_token_service.rb
deleted file mode 100644
index 15eda56cac6..00000000000
--- a/app/services/ci/fetch_kubernetes_token_service.rb
+++ /dev/null
@@ -1,75 +0,0 @@
-# frozen_string_literal: true
-
-##
-# TODO:
-# Almost components in this class were copied from app/models/project_services/kubernetes_service.rb
-# We should dry up those classes not to repeat the same code.
-# Maybe we should have a special facility (e.g. lib/kubernetes_api) to maintain all Kubernetes API caller.
-module Ci
-  class FetchKubernetesTokenService
-    attr_reader :api_url, :ca_pem, :username, :password
-
-    def initialize(api_url, ca_pem, username, password)
-      @api_url = api_url
-      @ca_pem = ca_pem
-      @username = username
-      @password = password
-    end
-
-    def execute
-      read_secrets.each do |secret|
-        name = secret.dig('metadata', 'name')
-        if /default-token/ =~ name
-          token_base64 = secret.dig('data', 'token')
-          return Base64.decode64(token_base64) if token_base64
-        end
-      end
-
-      nil
-    end
-
-    private
-
-    def read_secrets
-      kubeclient = build_kubeclient!
-
-      kubeclient.get_secrets.as_json
-    rescue Kubeclient::HttpError => err
-      raise err unless err.error_code == 404
-
-      []
-    end
-
-    def build_kubeclient!(api_path: 'api', api_version: 'v1')
-      raise "Incomplete settings" unless api_url && username && password
-
-      ::Kubeclient::Client.new(
-        join_api_url(api_path),
-        api_version,
-        auth_options: { username: username, password: password },
-        ssl_options: kubeclient_ssl_options,
-        http_proxy_uri: ENV['http_proxy']
-      )
-    end
-
-    def join_api_url(api_path)
-      url = URI.parse(api_url)
-      prefix = url.path.sub(%r{/+\z}, '')
-
-      url.path = [prefix, api_path].join("/")
-
-      url.to_s
-    end
-
-    def kubeclient_ssl_options
-      opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
-
-      if ca_pem.present?
-        opts[:cert_store] = OpenSSL::X509::Store.new
-        opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
-      end
-
-      opts
-    end
-  end
-end
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index 264419501dc..76b1f439569 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -36,7 +36,7 @@ module Clusters
       end
 
       def request_kubernetes_token
-        Ci::FetchKubernetesTokenService.new(
+        Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(
           'https://' + gke_cluster.endpoint,
           Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
           gke_cluster.master_auth.username,
diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
new file mode 100644
index 00000000000..07c8eaae5d3
--- /dev/null
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Gcp
+    module Kubernetes
+      class FetchKubernetesTokenService
+        attr_reader :api_url, :ca_pem, :username, :password
+
+        def initialize(api_url, ca_pem, username, password)
+          @api_url = api_url
+          @ca_pem = ca_pem
+          @username = username
+          @password = password
+        end
+
+        def execute
+          read_secrets.each do |secret|
+            name = secret.dig('metadata', 'name')
+            if /default-token/ =~ name
+              token_base64 = secret.dig('data', 'token')
+              return Base64.decode64(token_base64) if token_base64
+            end
+          end
+
+          nil
+        end
+
+        private
+
+        def read_secrets
+          kubeclient = build_kubeclient!
+
+          kubeclient.get_secrets.as_json
+        rescue Kubeclient::HttpError => err
+          raise err unless err.error_code == 404
+
+          []
+        end
+
+        def build_kubeclient!(api_path: 'api', api_version: 'v1')
+          raise "Incomplete settings" unless api_url && username && password
+
+          ::Kubeclient::Client.new(
+            join_api_url(api_path),
+            api_version,
+            auth_options: { username: username, password: password },
+            ssl_options: kubeclient_ssl_options,
+            http_proxy_uri: ENV['http_proxy']
+          )
+        end
+
+        def join_api_url(api_path)
+          url = URI.parse(api_url)
+          prefix = url.path.sub(%r{/+\z}, '')
+
+          url.path = [prefix, api_path].join("/")
+
+          url.to_s
+        end
+
+        def kubeclient_ssl_options
+          opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
+
+          if ca_pem.present?
+            opts[:cert_store] = OpenSSL::X509::Store.new
+            opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
+          end
+
+          opts
+        end
+      end
+    end
+  end
+end
diff --git a/spec/services/ci/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
index 1d05c9671a9..80fde84d299 100644
--- a/spec/services/ci/fetch_kubernetes_token_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe Ci::FetchKubernetesTokenService do
+describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
   describe '#execute' do
     subject { described_class.new(api_url, ca_pem, username, password).execute }