Refactor to DRY out building of kube_client into originator service

author: Thong Kuah <tkuah@gitlab.com> 2018-08-29 22:33:56 +1200
committer: Thong Kuah <tkuah@gitlab.com> 2018-09-14 16:26:50 +1200
commit: 3eec327d503dc5601d53ee060521500d41d2ca24 (patch)
tree: 99d4471fcdceacfd73ad4cc7fa8abb1064e2dd1f
parent: 7ebc18d1b3d398e3635feec1939ee3dac6c4a2a0 (diff)
download: gitlab-ce-3eec327d503dc5601d53ee060521500d41d2ca24.tar.gz
5 files changed, 58 insertions, 122 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index 29948b32192..e0e8a9a372a 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -25,11 +25,7 @@ module Clusters
       private
 
       def create_gitlab_service_account!
-        Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(
-          'https://' + gke_cluster.endpoint,
-          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
-          gke_cluster.master_auth.username,
-          gke_cluster.master_auth.password).execute
+        Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute
       end
 
       def configure_provider
@@ -49,11 +45,7 @@ module Clusters
       end
 
       def request_kubernetes_token
-        Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(
-          'https://' + gke_cluster.endpoint,
-          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
-          gke_cluster.master_auth.username,
-          gke_cluster.master_auth.password).execute
+        Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute
       end
 
       # GKE Clusters have RBAC enabled on Kubernetes >= 1.6
@@ -61,6 +53,40 @@ module Clusters
         'rbac'
       end
 
+      def kube_client
+        @kube_client ||= build_kube_client!(
+          'https://' + gke_cluster.endpoint,
+          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
+          gke_cluster.master_auth.username,
+          gke_cluster.master_auth.password,
+          api_groups: ['api', 'apis/rbac.authorization.k8s.io']
+        )
+      end
+
+      def build_kube_client!(api_url, ca_pem, username, password, api_groups: ['api'], api_version: 'v1')
+        raise "Incomplete settings" unless api_url && username && password
+
+        Gitlab::Kubernetes::KubeClient.new(
+          api_url,
+          api_groups,
+          api_version,
+          auth_options: { username: username, password: password },
+          ssl_options: kubeclient_ssl_options(ca_pem),
+          http_proxy_uri: ENV['http_proxy']
+        )
+      end
+
+      def kubeclient_ssl_options(ca_pem)
+        opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
+
+        if ca_pem.present?
+          opts[:cert_store] = OpenSSL::X509::Store.new
+          opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
+        end
+
+        opts
+      end
+
       def gke_cluster
         @gke_cluster ||= provider.api_client.projects_zones_clusters_get(
           provider.gcp_project_id,
diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
index a9088578c81..8d87bd7b5c8 100644
--- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
+++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
@@ -4,18 +4,13 @@ module Clusters
   module Gcp
     module Kubernetes
       class CreateServiceAccountService
-        attr_reader :api_url, :ca_pem, :username, :password
+        attr_reader :kubeclient
 
-        def initialize(api_url, ca_pem, username, password)
-          @api_url = api_url
-          @ca_pem = ca_pem
-          @username = username
-          @password = password
+        def initialize(kubeclient)
+          @kubeclient = kubeclient
         end
 
         def execute
-          kubeclient = build_kube_client!(api_groups: ['api', 'apis/rbac.authorization.k8s.io'])
-
           kubeclient.create_service_account(service_account_resource)
           kubeclient.create_cluster_role_binding(cluster_role_binding_resource)
         end
@@ -35,30 +30,6 @@ module Clusters
             subjects
           ).generate
         end
-
-        def build_kube_client!(api_groups: ['api'], api_version: 'v1')
-          raise "Incomplete settings" unless api_url && username && password
-
-          Gitlab::Kubernetes::KubeClient.new(
-            api_url,
-            api_groups,
-            api_version,
-            auth_options: { username: username, password: password },
-            ssl_options: kubeclient_ssl_options,
-            http_proxy_uri: ENV['http_proxy']
-          )
-        end
-
-        def kubeclient_ssl_options
-          opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
-
-          if ca_pem.present?
-            opts[:cert_store] = OpenSSL::X509::Store.new
-            opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
-          end
-
-          opts
-        end
       end
     end
   end
diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
index ba5e0ed9881..5b47c0883cb 100644
--- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -4,13 +4,10 @@ module Clusters
   module Gcp
     module Kubernetes
       class FetchKubernetesTokenService
-        attr_reader :api_url, :ca_pem, :username, :password
+        attr_reader :kubeclient
 
-        def initialize(api_url, ca_pem, username, password)
-          @api_url = api_url
-          @ca_pem = ca_pem
-          @username = username
-          @password = password
+        def initialize(kubeclient)
+          @kubeclient = kubeclient
         end
 
         def execute
@@ -32,46 +29,12 @@ module Clusters
         end
 
         def read_secrets
-          kubeclient = build_kubeclient!
-
           kubeclient.get_secrets.as_json
         rescue Kubeclient::HttpError => err
           raise err unless err.error_code == 404
 
           []
         end
-
-        def build_kubeclient!(api_path: 'api', api_version: 'v1')
-          raise "Incomplete settings" unless api_url && username && password
-
-          ::Kubeclient::Client.new(
-            join_api_url(api_path),
-            api_version,
-            auth_options: { username: username, password: password },
-            ssl_options: kubeclient_ssl_options,
-            http_proxy_uri: ENV['http_proxy']
-          )
-        end
-
-        def join_api_url(api_path)
-          url = URI.parse(api_url)
-          prefix = url.path.sub(%r{/+\z}, '')
-
-          url.path = [prefix, api_path].join("/")
-
-          url.to_s
-        end
-
-        def kubeclient_ssl_options
-          opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
-
-          if ca_pem.present?
-            opts[:cert_store] = OpenSSL::X509::Store.new
-            opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
-          end
-
-          opts
-        end
       end
     end
   end
diff --git a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
index 190f8395ff7..2dd4eedaf56 100644
--- a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
@@ -5,15 +5,21 @@ require 'spec_helper'
 describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
   include KubernetesHelpers
 
-  let(:service) { described_class.new(api_url, ca_pem, username, password) }
+  let(:service) { described_class.new(kubeclient) }
 
   describe '#execute' do
     subject { service.execute }
 
     let(:api_url) { 'http://111.111.111.111' }
-    let(:ca_pem) { '' }
     let(:username) { 'admin' }
     let(:password) { 'xxx' }
+    let(:kubeclient) do
+      Gitlab::Kubernetes::KubeClient.new(
+        api_url,
+        ['api', 'apis/rbac.authorization.k8s.io'],
+        auth_options: { username: username, password: password }
+      )
+    end
 
     context 'when params are correct' do
       before do
@@ -44,23 +50,5 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
         )
       end
     end
-
-    context 'when api_url is nil' do
-      let(:api_url) { nil }
-
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-
-    context 'when username is nil' do
-      let(:username) { nil }
-
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-
-    context 'when password is nil' do
-      let(:password) { nil }
-
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
   end
 end
diff --git a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
index 30431557046..bd6662d7566 100644
--- a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
@@ -2,12 +2,18 @@ require 'spec_helper'
 
 describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
   describe '#execute' do
-    subject { described_class.new(api_url, ca_pem, username, password).execute }
+    subject { described_class.new(kubeclient).execute }
 
     let(:api_url) { 'http://111.111.111.111' }
-    let(:ca_pem) { '' }
     let(:username) { 'admin' }
     let(:password) { 'xxx' }
+    let(:kubeclient) do
+      Gitlab::Kubernetes::KubeClient.new(
+        api_url,
+        ['api', 'apis/rbac.authorization.k8s.io'],
+        auth_options: { username: username, password: password }
+      )
+    end
 
     context 'when params correct' do
       let(:token) { 'xxx.token.xxx' }
@@ -50,23 +56,5 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
         it { is_expected.to be_nil }
       end
     end
-
-    context 'when api_url is nil' do
-      let(:api_url) { nil }
-
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-
-    context 'when username is nil' do
-      let(:username) { nil }
-
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-
-    context 'when password is nil' do
-      let(:password) { nil }
-
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
   end
 end
author	Thong Kuah <tkuah@gitlab.com>	2018-08-29 22:33:56 +1200
committer	Thong Kuah <tkuah@gitlab.com>	2018-09-14 16:26:50 +1200
commit	3eec327d503dc5601d53ee060521500d41d2ca24 (patch)
tree	99d4471fcdceacfd73ad4cc7fa8abb1064e2dd1f
parent	7ebc18d1b3d398e3635feec1939ee3dac6c4a2a0 (diff)
download	gitlab-ce-3eec327d503dc5601d53ee060521500d41d2ca24.tar.gz