Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42

7 files changed, 10 insertions, 158 deletions

diff --git a/app/services/clusters/applications/base_service.rb b/app/services/clusters/applications/base_service.rb
index 39a2d6bf758..c6f22cfa04c 100644
--- a/app/services/clusters/applications/base_service.rb
+++ b/app/services/clusters/applications/base_service.rb
@@ -5,8 +5,6 @@ module Clusters
     class BaseService
       InvalidApplicationError = Class.new(StandardError)
 
-      FLUENTD_KNOWN_ATTRS = %i[host protocol port waf_log_enabled cilium_log_enabled].freeze
-
       attr_reader :cluster, :current_user, :params
 
       def initialize(cluster, user, params = {})
@@ -29,16 +27,6 @@ module Clusters
             application.stack = params[:stack]
           end
 
-          if application.has_attribute?(:modsecurity_enabled)
-            application.modsecurity_enabled = params[:modsecurity_enabled] || false
-          end
-
-          if application.has_attribute?(:modsecurity_mode)
-            application.modsecurity_mode = params[:modsecurity_mode] || 0
-          end
-
-          apply_fluentd_related_attributes(application)
-
           if application.respond_to?(:oauth_application)
             application.oauth_application = create_oauth_application(application, request)
           end
@@ -103,12 +91,6 @@ module Clusters
 
         ::Applications::CreateService.new(current_user, oauth_application_params).execute(request)
       end
-
-      def apply_fluentd_related_attributes(application)
-        FLUENTD_KNOWN_ATTRS.each do |attr|
-          application[attr] = params[attr] if application.has_attribute?(attr)
-        end
-      end
     end
   end
 end
diff --git a/app/services/clusters/applications/schedule_update_service.rb b/app/services/clusters/applications/schedule_update_service.rb
index 4f130f76b87..4fabf1d809e 100644
--- a/app/services/clusters/applications/schedule_update_service.rb
+++ b/app/services/clusters/applications/schedule_update_service.rb
@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+# DEPRECATED: To be removed as part of https://gitlab.com/groups/gitlab-org/-/epics/5877
 module Clusters
   module Applications
     class ScheduleUpdateService
@@ -7,14 +8,14 @@ module Clusters
 
       attr_accessor :application, :project
 
-      def initialize(application, project)
-        @application = application
+      def initialize(cluster_prometheus_adapter, project)
+        @application = cluster_prometheus_adapter&.cluster&.application_prometheus
         @project = project
       end
 
       def execute
         return unless application
-        return unless application.managed_prometheus?
+        return if application.externally_installed?
 
         if recently_scheduled?
           worker_class.perform_in(BACKOFF_DELAY, application.name, application.id, project.id, Time.current)
diff --git a/app/services/clusters/cleanup/app_service.rb b/app/services/clusters/cleanup/app_service.rb
deleted file mode 100644
index a7e29c78ea0..00000000000
--- a/app/services/clusters/cleanup/app_service.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Cleanup
-    class AppService < Clusters::Cleanup::BaseService
-      def execute
-        persisted_applications = @cluster.persisted_applications
-
-        persisted_applications.each do |app|
-          next unless app.available?
-          next unless app.can_uninstall?
-
-          log_event(:uninstalling_app, application: app.class.application_name)
-          uninstall_app_async(app)
-        end
-
-        # Keep calling the worker untill all dependencies are uninstalled
-        return schedule_next_execution(Clusters::Cleanup::AppWorker) if persisted_applications.any?
-
-        log_event(:schedule_remove_project_namespaces)
-        cluster.continue_cleanup!
-      end
-
-      private
-
-      def uninstall_app_async(application)
-        application.make_scheduled!
-
-        Clusters::Applications::UninstallWorker.perform_async(application.name, application.id)
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/cleanup/project_namespace_service.rb b/app/services/clusters/cleanup/project_namespace_service.rb
index 7621be565ff..16254041306 100644
--- a/app/services/clusters/cleanup/project_namespace_service.rb
+++ b/app/services/clusters/cleanup/project_namespace_service.rb
@@ -2,7 +2,7 @@
 
 module Clusters
   module Cleanup
-    class ProjectNamespaceService < BaseService
+    class ProjectNamespaceService < ::Clusters::Cleanup::BaseService
       KUBERNETES_NAMESPACE_BATCH_SIZE = 100
 
       def execute
diff --git a/app/services/clusters/cleanup/service_account_service.rb b/app/services/clusters/cleanup/service_account_service.rb
index d60bd76d388..baac9e4a9e7 100644
--- a/app/services/clusters/cleanup/service_account_service.rb
+++ b/app/services/clusters/cleanup/service_account_service.rb
@@ -2,7 +2,7 @@
 
 module Clusters
   module Cleanup
-    class ServiceAccountService < BaseService
+    class ServiceAccountService < ::Clusters::Cleanup::BaseService
       def execute
         delete_gitlab_service_account
 
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index 0aff1bcc8b9..73d6fc4dc8f 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -43,8 +43,6 @@ module Clusters
         cluster.build_platform_kubernetes(
           api_url: 'https://' + gke_cluster.endpoint,
           ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
-          username: gke_cluster.master_auth.username,
-          password: gke_cluster.master_auth.password,
           authorization_type: authorization_type,
           token: request_kubernetes_token)
       end
@@ -75,18 +73,16 @@ module Clusters
       def kube_client
         @kube_client ||= build_kube_client!(
           'https://' + gke_cluster.endpoint,
-          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
-          gke_cluster.master_auth.username,
-          gke_cluster.master_auth.password
+          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate)
         )
       end
 
-      def build_kube_client!(api_url, ca_pem, username, password)
-        raise "Incomplete settings" unless api_url && username && password
+      def build_kube_client!(api_url, ca_pem)
+        raise "Incomplete settings" unless api_url
 
         Gitlab::Kubernetes::KubeClient.new(
           api_url,
-          auth_options: { username: username, password: password },
+          auth_options: { bearer_token: provider.access_token },
           ssl_options: kubeclient_ssl_options(ca_pem),
           http_proxy_uri: ENV['http_proxy']
         )
diff --git a/app/services/clusters/parse_cluster_applications_artifact_service.rb b/app/services/clusters/parse_cluster_applications_artifact_service.rb
deleted file mode 100644
index b9b2953b6bd..00000000000
--- a/app/services/clusters/parse_cluster_applications_artifact_service.rb
+++ /dev/null
@@ -1,94 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  class ParseClusterApplicationsArtifactService < ::BaseService
-    include Gitlab::Utils::StrongMemoize
-
-    MAX_ACCEPTABLE_ARTIFACT_SIZE = 5.kilobytes
-    RELEASE_NAMES = %w[cilium].freeze
-
-    def initialize(job, current_user)
-      @job = job
-
-      super(job.project, current_user)
-    end
-
-    def execute(artifact)
-      raise ArgumentError, 'Artifact is not cluster_applications file type' unless artifact&.cluster_applications?
-
-      return error(too_big_error_message, :bad_request) unless artifact.file.size < MAX_ACCEPTABLE_ARTIFACT_SIZE
-      return error(no_deployment_message, :bad_request) unless job.deployment
-      return error(no_deployment_cluster_message, :bad_request) unless cluster
-
-      parse!(artifact)
-
-      success
-    rescue Gitlab::Kubernetes::Helm::Parsers::ListV2::ParserError, ActiveRecord::RecordInvalid => error
-      Gitlab::ErrorTracking.track_exception(error, job_id: artifact.job_id)
-      error(error.message, :bad_request)
-    end
-
-    private
-
-    attr_reader :job
-
-    def cluster
-      strong_memoize(:cluster) do
-        deployment_cluster = job.deployment&.cluster
-
-        deployment_cluster if Ability.allowed?(current_user, :admin_cluster, deployment_cluster)
-      end
-    end
-
-    def parse!(artifact)
-      releases = []
-
-      artifact.each_blob do |blob|
-        next if blob.empty?
-
-        releases.concat(Gitlab::Kubernetes::Helm::Parsers::ListV2.new(blob).releases)
-      end
-
-      update_cluster_application_statuses!(releases)
-    end
-
-    def update_cluster_application_statuses!(releases)
-      release_by_name = releases.index_by { |release| release['Name'] }
-
-      Clusters::Cluster.transaction do
-        RELEASE_NAMES.each do |release_name|
-          application_class = Clusters::Cluster::APPLICATIONS[release_name]
-          application = cluster.find_or_build_application(application_class)
-
-          release = release_by_name[release_name]
-
-          if release
-            case release['Status']
-            when 'DEPLOYED'
-              application.make_externally_installed!
-            when 'FAILED'
-              application.make_errored!(s_('ClusterIntegration|Helm release failed to install'))
-            end
-          else
-            # missing, so by definition, we consider this uninstalled
-            application.make_externally_uninstalled! if application.persisted?
-          end
-        end
-      end
-    end
-
-    def too_big_error_message
-      human_size = ActiveSupport::NumberHelper.number_to_human_size(MAX_ACCEPTABLE_ARTIFACT_SIZE)
-
-      s_('ClusterIntegration|Cluster_applications artifact too big. Maximum allowable size: %{human_size}') % { human_size: human_size }
-    end
-
-    def no_deployment_message
-      s_('ClusterIntegration|No deployment found for this job')
-    end
-
-    def no_deployment_cluster_message
-      s_('ClusterIntegration|No deployment cluster found for this job')
-    end
-  end
-end