diff options
| -rw-r--r-- | app/controllers/projects/clusters_controller.rb | 156 | ||||
| -rw-r--r-- | app/models/ci/cluster.rb | 5 | ||||
| -rw-r--r-- | app/views/projects/clusters/_form.html.haml | 8 | ||||
| -rw-r--r-- | app/views/projects/clusters/_login.html.haml | 2 | ||||
| -rw-r--r-- | app/views/projects/clusters/edit.html.haml | 7 | ||||
| -rw-r--r-- | app/views/projects/clusters/login.html.haml | 6 | ||||
| -rw-r--r-- | app/views/projects/clusters/new.html.haml | 7 | ||||
| -rw-r--r-- | changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml | 5 | ||||
| -rw-r--r-- | config/routes/project.rb | 3 | ||||
| -rw-r--r-- | db/migrate/20170924094327_create_ci_clusters.rb | 9 | ||||
| -rw-r--r-- | db/schema.rb | 1 | ||||
| -rw-r--r-- | lib/google_api/authentication.rb | 34 |
12 files changed, 80 insertions, 163 deletions
diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index b625ff16b54..567c54ea2e2 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -1,9 +1,15 @@ class Projects::ClustersController < Projects::ApplicationController - # before_action :authenticate_google_api before_action :cluster - + before_action :authorize_google_api, except: [:login] # before_action :authorize_admin_clusters! # TODO: Authentication + def login + begin + @authorize_url = api_client.authorize_url + rescue GoogleApi::Authentication::ConfigMissingError + end + end + def index if cluster redirect_to action: 'edit' @@ -12,97 +18,54 @@ class Projects::ClustersController < Projects::ApplicationController end end - ## - # TODO: - # - Show form for "Create on Google Container Engine" - # - Show form for "Use existing kubernets cluster" - # - If user has not authroized yet, Show "Sign in with Google" button - # - If user has already authroized, Skip "Sign in with Google" button - # - user.is_authenticated_for_gcp? - # - user.authenticate_for_gcp! - # - Create this module which can be used from view def new - unless session[GoogleApi::CloudPlatform::Client.token_in_session] - @authorize_url = api_client.authorize_url - end end - ## - # TODO: - # - If create on GKE, Use Google::Apis::ContainerV1::ContainerService - # - If create manually, save in db (Prob, Project > Setting) - # - Dry up with Service - # - Transaction - # - Sidekiq def create - if params['creation_type'] == 'on_gke' - # Create a cluster on GKE - operation = api_client.projects_zones_clusters_create( - params['gcp_project_id'], params['cluster_zone'], params['cluster_name'], - cluster_size: params['cluster_size'], machine_type: params['machine_type'] - ) - - # wait_operation_done - if operation&.operation_type == 'CREATE_CLUSTER' - api_client.wait_operation_done(operation.self_link) - else - raise "TODO: ERROR" - end + # Create a cluster on GKE + operation = api_client.projects_zones_clusters_create( + params['gcp_project_id'], params['cluster_zone'], params['cluster_name'], + cluster_size: params['cluster_size'], machine_type: params['machine_type'] + ) + + # wait_operation_done + if operation&.operation_type == 'CREATE_CLUSTER' + api_client.wait_operation_done(operation.self_link) + else + raise "TODO: ERROR" + end - # Get cluster details (end point, etc) - gke_cluster = api_client.projects_zones_clusters_get( - params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] + # Get cluster details (end point, etc) + gke_cluster = api_client.projects_zones_clusters_get( + params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] + ) + + # Update service + kubernetes_service.attributes = service_params( + active: true, + api_url: gke_cluster.endpoint, + ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), + namespace: params['project_namespace'], + token: 'aaa' # TODO: username/password ) - # Update service - kubernetes_service.attributes = service_params( - active: true, - api_url: gke_cluster.endpoint, - ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - namespace: params['project_namespace'], - token: 'aaa' # TODO: username/password - ) - - kubernetes_service.save! - - # Save info - project.clusters.create( - creation_type: params['creation_type'], - gcp_project_id: params['gcp_project_id'], - cluster_zone: params['cluster_zone'], - cluster_name: params['cluster_name'], - service: kubernetes_service - ) - elsif params['creation_type'] == 'manual' - # TODO: Transaction - project.kubernetes_service.save( - end_point: params['end_point'], - ca_cert: params['ca_cert'], - token: params['token'], - username: params['username'], - password: params['password'], - project_namespace: params['project_namespace'] - ) + kubernetes_service.save! - project.clusters.create( - creation_type: params['creation_type'], - kubernetes_service: project.kubernetes_service - ) - end + # Save info + project.clusters.create( + creation_type: params['creation_type'], + gcp_project_id: params['gcp_project_id'], + cluster_zone: params['cluster_zone'], + cluster_name: params['cluster_name'], + service: kubernetes_service + ) redirect_to action: 'index' end - # TODO: Show results/status. Edits Swtich for enable/disable. - # If created with GKE, non-editable form. enable/disable switch. - # If created manually, editable form. enable/disable switch. - # GKE params are on-off swtich - # Manul params are on-off swtich, Endpoint, CACert, k8s Token, Proj namespace. def edit - unless session[GoogleApi::CloudPlatform::Client.token_in_session] - @authorize_url = api_client.authorize_url - render :edit - end + # TODO: If on, do we override parameter? + # TODO: If off, do we override parameter? end def update @@ -110,40 +73,13 @@ class Projects::ClustersController < Projects::ApplicationController render :edit end - # In presenter - # TODO: Generate a link to the cluster on GKE - - def gcp_projects - # api_client.blah - # TODO: Return all avaiable GCP Projects. - # TODO: Return json - # TODO: Dry with concern - end - - def gke_zones - # api_client.blah - # TODO: Return all avaiable zones on GKE. - # TODO: Return json - # TODO: Dry with concern - end - private - # def authenticate_google_api - # if cluster&.on_gke? && session[access_token_key].blank? - # redirect_to api_client.authorize_url(callback_import_url) - # end - # end - def cluster # Each project has only one cluster, for now. In the future iteraiton, we'll support multiple clusters @cluster ||= project.clusters.last end - # def cluster_params - # params.require(:cluster).permit(:aaa) - # end - def api_client @api_client ||= GoogleApi::CloudPlatform::Client.new( @@ -166,4 +102,10 @@ class Projects::ClustersController < Projects::ApplicationController token: token } end + + def authorize_google_api + unless session[GoogleApi::CloudPlatform::Client.token_in_session] + redirect_to action: 'login' + end + end end diff --git a/app/models/ci/cluster.rb b/app/models/ci/cluster.rb index 85dcd3c4f58..855280ef024 100644 --- a/app/models/ci/cluster.rb +++ b/app/models/ci/cluster.rb @@ -6,10 +6,5 @@ module Ci belongs_to :owner, class_name: 'User' belongs_to :service - enum creation_type: { - unknown: nil, - on_gke: 1, - manual: 2 - } end end diff --git a/app/views/projects/clusters/_form.html.haml b/app/views/projects/clusters/_form.html.haml index f58e4334abe..8b3c23d5d28 100644 --- a/app/views/projects/clusters/_form.html.haml +++ b/app/views/projects/clusters/_form.html.haml @@ -1,9 +1,3 @@ Create a new cluster %br -Avaiable GCP project lists -%br -Avaiable zones -%br -= link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, creation_type: 'on_gke', cluster_name: "gke-test-creation#{Random.rand(100)}", gcp_project_id: 'xxx', cluster_zone: 'us-central1-a', cluster_size: '1', project_namespace: 'aaa', machine_type: '???'), method: :post -%br -= link_to "Use existing kubernets cluster", namespace_project_clusters_path(@project.namespace, @project, creation_type: 'manual', end_point: 'xxx.xxx.xxx.xxx', ca_cert: 'xxx...xxx', token: 'xxx', project_namespace: 'aaa'), method: :post += link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, cluster_name: "gke-test-creation#{Random.rand(100)}", gcp_project_id: 'gitlab-internal-153318', cluster_zone: 'us-central1-a', cluster_size: '1', project_namespace: 'aaa', machine_type: '???'), method: :post diff --git a/app/views/projects/clusters/_login.html.haml b/app/views/projects/clusters/_login.html.haml deleted file mode 100644 index ccb5d68ac4c..00000000000 --- a/app/views/projects/clusters/_login.html.haml +++ /dev/null @@ -1,2 +0,0 @@ -Login -%p= link_to("authenticate from here", @authorize_url) diff --git a/app/views/projects/clusters/edit.html.haml b/app/views/projects/clusters/edit.html.haml index 83c6ad7dae6..518fcf2530a 100644 --- a/app/views/projects/clusters/edit.html.haml +++ b/app/views/projects/clusters/edit.html.haml @@ -1,6 +1,3 @@ edit/show cluster - -- if @authorize_url - = render "login" -- else - = @cluster.inspect
\ No newline at end of file +%br += @cluster.inspect diff --git a/app/views/projects/clusters/login.html.haml b/app/views/projects/clusters/login.html.haml new file mode 100644 index 00000000000..ddc909d12ca --- /dev/null +++ b/app/views/projects/clusters/login.html.haml @@ -0,0 +1,6 @@ +Login +%br +- if @authorize_url + = link_to("authenticate from here", @authorize_url) +- else + You have not configrued GitLab properly. So we can not proceed authentication. Please check if you have set up omniauth->providers->google_oauth2 in gitlab.yml diff --git a/app/views/projects/clusters/new.html.haml b/app/views/projects/clusters/new.html.haml index 6ab22a5d351..7433f6759a0 100644 --- a/app/views/projects/clusters/new.html.haml +++ b/app/views/projects/clusters/new.html.haml @@ -1,4 +1,3 @@ -- if @authorize_url - = render "login" -- else - = render "form" +Create a cluster +%br += render "form" diff --git a/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml b/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml deleted file mode 100644 index 13ec113167f..00000000000 --- a/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Bump google-api-client Gem from 0.8.6 to 0.13.6 -merge_request: -author: -type: other diff --git a/config/routes/project.rb b/config/routes/project.rb index 27160d8c364..23c3f87df81 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -185,8 +185,7 @@ constraints(ProjectUrlConstrainer.new) do resources :clusters, except: [:edit, :show, :destroy] do collection do - get :gcp_projects # TODO: This doesn't belong here. Grape or under user. Hint. Serilizer - get :gke_zones + get :login get :edit end end diff --git a/db/migrate/20170924094327_create_ci_clusters.rb b/db/migrate/20170924094327_create_ci_clusters.rb index 7a35fe35605..dce3298cde2 100644 --- a/db/migrate/20170924094327_create_ci_clusters.rb +++ b/db/migrate/20170924094327_create_ci_clusters.rb @@ -9,7 +9,6 @@ class CreateCiClusters < ActiveRecord::Migration # General t.boolean :enabled, default: true - t.integer :creation_type # manual or on_gke # k8s integration specific t.string :project_namespace @@ -30,14 +29,6 @@ class CreateCiClusters < ActiveRecord::Migration t.datetime_with_timezone :updated_at, null: false end - # create_table :ci_gke_clusters do |t| - # t.integer :ci_cluster_id - # t.string :gcp_project_id - # t.string :cluster_zone - # t.string :cluster_name - # end - # add_foreign_key :ci_gke_clusters, :ci_clusters - # TODO: fk, index, encypt add_foreign_key :ci_clusters, :projects diff --git a/db/schema.rb b/db/schema.rb index 8000229d5fa..3908f06821e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -272,7 +272,6 @@ ActiveRecord::Schema.define(version: 20170924094327) do t.integer "owner_id" t.integer "service_id" t.boolean "enabled", default: true - t.integer "creation_type" t.string "project_namespace" t.string "end_point" t.text "ca_cert" diff --git a/lib/google_api/authentication.rb b/lib/google_api/authentication.rb index d7b473525fb..4c9016e1085 100644 --- a/lib/google_api/authentication.rb +++ b/lib/google_api/authentication.rb @@ -2,28 +2,14 @@ module GoogleApi class Authentication attr_reader :access_token, :redirect_uri, :state + ConfigMissingError = Class.new(StandardError) + def initialize(access_token, redirect_uri, state: nil) @access_token = access_token @redirect_uri = redirect_uri @state = state end - def client - return @client if defined?(@client) - - unless config - raise 'OAuth configuration for google_oauth2 missing.' - end - - @client = ::OAuth2::Client.new( - config.app_id, - config.app_secret, - site: 'https://accounts.google.com', - token_url: '/o/oauth2/token', - authorize_url: '/o/oauth2/auth' - ) - end - def authorize_url client.auth_code.authorize_url( redirect_uri: redirect_uri, @@ -47,5 +33,21 @@ module GoogleApi def config Gitlab.config.omniauth.providers.find { |provider| provider.name == "google_oauth2" } end + + def client + return @client if defined?(@client) + + unless config + raise ConfigMissingError + end + + @client = ::OAuth2::Client.new( + config.app_id, + config.app_secret, + site: 'https://accounts.google.com', + token_url: '/o/oauth2/token', + authorize_url: '/o/oauth2/auth' + ) + end end end |