diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-08-29 22:33:56 +1200 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 16:26:50 +1200 |
commit | 3eec327d503dc5601d53ee060521500d41d2ca24 (patch) | |
tree | 99d4471fcdceacfd73ad4cc7fa8abb1064e2dd1f | |
parent | 7ebc18d1b3d398e3635feec1939ee3dac6c4a2a0 (diff) | |
download | gitlab-ce-3eec327d503dc5601d53ee060521500d41d2ca24.tar.gz |
Refactor to DRY out building of kube_client into originator service
5 files changed, 58 insertions, 122 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 29948b32192..e0e8a9a372a 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -25,11 +25,7 @@ module Clusters private def create_gitlab_service_account! - Clusters::Gcp::Kubernetes::CreateServiceAccountService.new( - 'https://' + gke_cluster.endpoint, - Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - gke_cluster.master_auth.username, - gke_cluster.master_auth.password).execute + Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute end def configure_provider @@ -49,11 +45,7 @@ module Clusters end def request_kubernetes_token - Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new( - 'https://' + gke_cluster.endpoint, - Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - gke_cluster.master_auth.username, - gke_cluster.master_auth.password).execute + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute end # GKE Clusters have RBAC enabled on Kubernetes >= 1.6 @@ -61,6 +53,40 @@ module Clusters 'rbac' end + def kube_client + @kube_client ||= build_kube_client!( + 'https://' + gke_cluster.endpoint, + Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), + gke_cluster.master_auth.username, + gke_cluster.master_auth.password, + api_groups: ['api', 'apis/rbac.authorization.k8s.io'] + ) + end + + def build_kube_client!(api_url, ca_pem, username, password, api_groups: ['api'], api_version: 'v1') + raise "Incomplete settings" unless api_url && username && password + + Gitlab::Kubernetes::KubeClient.new( + api_url, + api_groups, + api_version, + auth_options: { username: username, password: password }, + ssl_options: kubeclient_ssl_options(ca_pem), + http_proxy_uri: ENV['http_proxy'] + ) + end + + def kubeclient_ssl_options(ca_pem) + opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER } + + if ca_pem.present? + opts[:cert_store] = OpenSSL::X509::Store.new + opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) + end + + opts + end + def gke_cluster @gke_cluster ||= provider.api_client.projects_zones_clusters_get( provider.gcp_project_id, diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb index a9088578c81..8d87bd7b5c8 100644 --- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb +++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb @@ -4,18 +4,13 @@ module Clusters module Gcp module Kubernetes class CreateServiceAccountService - attr_reader :api_url, :ca_pem, :username, :password + attr_reader :kubeclient - def initialize(api_url, ca_pem, username, password) - @api_url = api_url - @ca_pem = ca_pem - @username = username - @password = password + def initialize(kubeclient) + @kubeclient = kubeclient end def execute - kubeclient = build_kube_client!(api_groups: ['api', 'apis/rbac.authorization.k8s.io']) - kubeclient.create_service_account(service_account_resource) kubeclient.create_cluster_role_binding(cluster_role_binding_resource) end @@ -35,30 +30,6 @@ module Clusters subjects ).generate end - - def build_kube_client!(api_groups: ['api'], api_version: 'v1') - raise "Incomplete settings" unless api_url && username && password - - Gitlab::Kubernetes::KubeClient.new( - api_url, - api_groups, - api_version, - auth_options: { username: username, password: password }, - ssl_options: kubeclient_ssl_options, - http_proxy_uri: ENV['http_proxy'] - ) - end - - def kubeclient_ssl_options - opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER } - - if ca_pem.present? - opts[:cert_store] = OpenSSL::X509::Store.new - opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) - end - - opts - end end end end diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb index ba5e0ed9881..5b47c0883cb 100644 --- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb +++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb @@ -4,13 +4,10 @@ module Clusters module Gcp module Kubernetes class FetchKubernetesTokenService - attr_reader :api_url, :ca_pem, :username, :password + attr_reader :kubeclient - def initialize(api_url, ca_pem, username, password) - @api_url = api_url - @ca_pem = ca_pem - @username = username - @password = password + def initialize(kubeclient) + @kubeclient = kubeclient end def execute @@ -32,46 +29,12 @@ module Clusters end def read_secrets - kubeclient = build_kubeclient! - kubeclient.get_secrets.as_json rescue Kubeclient::HttpError => err raise err unless err.error_code == 404 [] end - - def build_kubeclient!(api_path: 'api', api_version: 'v1') - raise "Incomplete settings" unless api_url && username && password - - ::Kubeclient::Client.new( - join_api_url(api_path), - api_version, - auth_options: { username: username, password: password }, - ssl_options: kubeclient_ssl_options, - http_proxy_uri: ENV['http_proxy'] - ) - end - - def join_api_url(api_path) - url = URI.parse(api_url) - prefix = url.path.sub(%r{/+\z}, '') - - url.path = [prefix, api_path].join("/") - - url.to_s - end - - def kubeclient_ssl_options - opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER } - - if ca_pem.present? - opts[:cert_store] = OpenSSL::X509::Store.new - opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) - end - - opts - end end end end diff --git a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb index 190f8395ff7..2dd4eedaf56 100644 --- a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb +++ b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb @@ -5,15 +5,21 @@ require 'spec_helper' describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do include KubernetesHelpers - let(:service) { described_class.new(api_url, ca_pem, username, password) } + let(:service) { described_class.new(kubeclient) } describe '#execute' do subject { service.execute } let(:api_url) { 'http://111.111.111.111' } - let(:ca_pem) { '' } let(:username) { 'admin' } let(:password) { 'xxx' } + let(:kubeclient) do + Gitlab::Kubernetes::KubeClient.new( + api_url, + ['api', 'apis/rbac.authorization.k8s.io'], + auth_options: { username: username, password: password } + ) + end context 'when params are correct' do before do @@ -44,23 +50,5 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do ) end end - - context 'when api_url is nil' do - let(:api_url) { nil } - - it { expect { subject }.to raise_error("Incomplete settings") } - end - - context 'when username is nil' do - let(:username) { nil } - - it { expect { subject }.to raise_error("Incomplete settings") } - end - - context 'when password is nil' do - let(:password) { nil } - - it { expect { subject }.to raise_error("Incomplete settings") } - end end end diff --git a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb index 30431557046..bd6662d7566 100644 --- a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb +++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb @@ -2,12 +2,18 @@ require 'spec_helper' describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do describe '#execute' do - subject { described_class.new(api_url, ca_pem, username, password).execute } + subject { described_class.new(kubeclient).execute } let(:api_url) { 'http://111.111.111.111' } - let(:ca_pem) { '' } let(:username) { 'admin' } let(:password) { 'xxx' } + let(:kubeclient) do + Gitlab::Kubernetes::KubeClient.new( + api_url, + ['api', 'apis/rbac.authorization.k8s.io'], + auth_options: { username: username, password: password } + ) + end context 'when params correct' do let(:token) { 'xxx.token.xxx' } @@ -50,23 +56,5 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do it { is_expected.to be_nil } end end - - context 'when api_url is nil' do - let(:api_url) { nil } - - it { expect { subject }.to raise_error("Incomplete settings") } - end - - context 'when username is nil' do - let(:username) { nil } - - it { expect { subject }.to raise_error("Incomplete settings") } - end - - context 'when password is nil' do - let(:password) { nil } - - it { expect { subject }.to raise_error("Incomplete settings") } - end end end |