Move FetchKubernetesTokenService to under the Clusters::Gcp::Kubernetes namespace

This is in preparation to share some common code with another service which will also need a kubeclient utilizing master username and password
author: Thong Kuah <tkuah@gitlab.com> 2018-08-29 21:11:30 +1200
committer: Thong Kuah <tkuah@gitlab.com> 2018-09-14 16:26:50 +1200
commit: fe450ebf51abd9fa96a0eff01ad074fc4cfbedab (patch)
tree: 9b15841aaea73e76a266bcc95f08cc0b6dfc7502 /app/services/clusters/gcp
parent: 32b96bfd81ff254142dbd9c73e1a494308213cb3 (diff)
download: gitlab-ce-fe450ebf51abd9fa96a0eff01ad074fc4cfbedab.tar.gz
2 files changed, 75 insertions, 1 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index 264419501dc..76b1f439569 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -36,7 +36,7 @@ module Clusters
       end
 
       def request_kubernetes_token
-        Ci::FetchKubernetesTokenService.new(
+        Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(
           'https://' + gke_cluster.endpoint,
           Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
           gke_cluster.master_auth.username,
diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
new file mode 100644
index 00000000000..07c8eaae5d3
--- /dev/null
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Gcp
+    module Kubernetes
+      class FetchKubernetesTokenService
+        attr_reader :api_url, :ca_pem, :username, :password
+
+        def initialize(api_url, ca_pem, username, password)
+          @api_url = api_url
+          @ca_pem = ca_pem
+          @username = username
+          @password = password
+        end
+
+        def execute
+          read_secrets.each do |secret|
+            name = secret.dig('metadata', 'name')
+            if /default-token/ =~ name
+              token_base64 = secret.dig('data', 'token')
+              return Base64.decode64(token_base64) if token_base64
+            end
+          end
+
+          nil
+        end
+
+        private
+
+        def read_secrets
+          kubeclient = build_kubeclient!
+
+          kubeclient.get_secrets.as_json
+        rescue Kubeclient::HttpError => err
+          raise err unless err.error_code == 404
+
+          []
+        end
+
+        def build_kubeclient!(api_path: 'api', api_version: 'v1')
+          raise "Incomplete settings" unless api_url && username && password
+
+          ::Kubeclient::Client.new(
+            join_api_url(api_path),
+            api_version,
+            auth_options: { username: username, password: password },
+            ssl_options: kubeclient_ssl_options,
+            http_proxy_uri: ENV['http_proxy']
+          )
+        end
+
+        def join_api_url(api_path)
+          url = URI.parse(api_url)
+          prefix = url.path.sub(%r{/+\z}, '')
+
+          url.path = [prefix, api_path].join("/")
+
+          url.to_s
+        end
+
+        def kubeclient_ssl_options
+          opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
+
+          if ca_pem.present?
+            opts[:cert_store] = OpenSSL::X509::Store.new
+            opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
+          end
+
+          opts
+        end
+      end
+    end
+  end
+end
author	Thong Kuah <tkuah@gitlab.com>	2018-08-29 21:11:30 +1200
committer	Thong Kuah <tkuah@gitlab.com>	2018-09-14 16:26:50 +1200
commit	fe450ebf51abd9fa96a0eff01ad074fc4cfbedab (patch)
tree	9b15841aaea73e76a266bcc95f08cc0b6dfc7502 /app/services/clusters/gcp
parent	32b96bfd81ff254142dbd9c73e1a494308213cb3 (diff)
download	gitlab-ce-fe450ebf51abd9fa96a0eff01ad074fc4cfbedab.tar.gz