summaryrefslogtreecommitdiff
path: root/app/controllers/clusters/clusters_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/clusters/clusters_controller.rb')
-rw-r--r--app/controllers/clusters/clusters_controller.rb106
1 files changed, 1 insertions, 105 deletions
diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb
index ae3b6125bde..a04fd09aa22 100644
--- a/app/controllers/clusters/clusters_controller.rb
+++ b/app/controllers/clusters/clusters_controller.rb
@@ -8,7 +8,7 @@ class Clusters::ClustersController < Clusters::BaseController
before_action :cluster, only: [:cluster_status, :show, :update, :destroy, :clear_cache]
before_action :user_cluster, only: [:connect]
before_action :authorize_read_cluster!, only: [:show, :index]
- before_action :authorize_create_cluster!, only: [:connect, :authorize_aws_role]
+ before_action :authorize_create_cluster!, only: [:connect]
before_action :authorize_update_cluster!, only: [:update]
before_action :update_applications_status, only: [:cluster_status]
before_action :ensure_feature_enabled!, except: [:index, :new_cluster_docs]
@@ -16,15 +16,6 @@ class Clusters::ClustersController < Clusters::BaseController
helper_method :token_in_session
STATUS_POLLING_INTERVAL = 10_000
- AWS_CSP_DOMAINS = %w[https://ec2.ap-east-1.amazonaws.com https://ec2.ap-northeast-1.amazonaws.com https://ec2.ap-northeast-2.amazonaws.com https://ec2.ap-northeast-3.amazonaws.com https://ec2.ap-south-1.amazonaws.com https://ec2.ap-southeast-1.amazonaws.com https://ec2.ap-southeast-2.amazonaws.com https://ec2.ca-central-1.amazonaws.com https://ec2.eu-central-1.amazonaws.com https://ec2.eu-north-1.amazonaws.com https://ec2.eu-west-1.amazonaws.com https://ec2.eu-west-2.amazonaws.com https://ec2.eu-west-3.amazonaws.com https://ec2.me-south-1.amazonaws.com https://ec2.sa-east-1.amazonaws.com https://ec2.us-east-1.amazonaws.com https://ec2.us-east-2.amazonaws.com https://ec2.us-west-1.amazonaws.com https://ec2.us-west-2.amazonaws.com https://ec2.af-south-1.amazonaws.com https://iam.amazonaws.com].freeze
-
- content_security_policy do |p|
- next if p.directives.blank?
-
- default_connect_src = p.directives['connect-src'] || p.directives['default-src']
- connect_src_values = Array.wrap(default_connect_src) | AWS_CSP_DOMAINS
- p.connect_src(*connect_src_values)
- end
def index
@clusters = cluster_list
@@ -95,19 +86,6 @@ class Clusters::ClustersController < Clusters::BaseController
redirect_to clusterable.index_path, status: :found
end
- def create_aws
- @aws_cluster = ::Clusters::CreateService
- .new(current_user, create_aws_cluster_params)
- .execute
- .present(current_user: current_user)
-
- if @aws_cluster.persisted?
- head :created, location: @aws_cluster.show_path
- else
- render status: :unprocessable_entity, json: @aws_cluster.errors
- end
- end
-
def create_user
@user_cluster = ::Clusters::CreateService
.new(current_user, create_user_cluster_params)
@@ -117,23 +95,10 @@ class Clusters::ClustersController < Clusters::BaseController
if @user_cluster.persisted?
redirect_to @user_cluster.show_path
else
- generate_gcp_authorize_url
- validate_gcp_token
- gcp_cluster
-
render :connect
end
end
- def authorize_aws_role
- response = Clusters::Aws::AuthorizeRoleService.new(
- current_user,
- params: aws_role_params
- ).execute
-
- render json: response.body, status: response.status
- end
-
def clear_cache
cluster.delete_cached_resources!
@@ -204,27 +169,6 @@ class Clusters::ClustersController < Clusters::BaseController
end
end
- def create_aws_cluster_params
- params.require(:cluster).permit(
- *base_permitted_cluster_params,
- :name,
- provider_aws_attributes: [
- :kubernetes_version,
- :key_name,
- :role_arn,
- :region,
- :vpc_id,
- :instance_type,
- :num_nodes,
- :security_group_id,
- subnet_ids: []
- ]).merge(
- provider_type: :aws,
- platform_type: :kubernetes,
- clusterable: clusterable.__subject__
- )
- end
-
def create_user_cluster_params
params.require(:cluster).permit(
*base_permitted_cluster_params,
@@ -242,29 +186,6 @@ class Clusters::ClustersController < Clusters::BaseController
)
end
- def aws_role_params
- params.require(:cluster).permit(:role_arn, :region)
- end
-
- def generate_gcp_authorize_url
- connect_path = clusterable.connect_path().to_s
- error_path = @project ? project_clusters_path(@project) : connect_path
-
- state = generate_session_key_redirect(connect_path, error_path)
-
- @authorize_url = GoogleApi::CloudPlatform::Client.new(
- nil, callback_google_api_auth_url,
- state: state).authorize_url
- rescue GoogleApi::Auth::ConfigMissingError
- # no-op
- end
-
- def gcp_cluster
- cluster = Clusters::BuildService.new(clusterable.__subject__).execute
- cluster.build_provider_gcp
- @gcp_cluster = cluster.present(current_user: current_user)
- end
-
def proxyable
cluster.cluster
end
@@ -295,11 +216,6 @@ class Clusters::ClustersController < Clusters::BaseController
@user_cluster = cluster.present(current_user: current_user)
end
- def validate_gcp_token
- @valid_gcp_token = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
- .validate_token(expires_at_in_session)
- end
-
def token_in_session
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
end
@@ -309,26 +225,6 @@ class Clusters::ClustersController < Clusters::BaseController
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
end
- def generate_session_key_redirect(uri, error_uri)
- GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
- session[key] = uri
- session[:error_uri] = error_uri
- end
- end
-
- ##
- # Unfortunately the EC2 API doesn't provide a list of
- # possible instance types. There is a workaround, using
- # the Pricing API, but instead of requiring the
- # user to grant extra permissions for this we use the
- # values that validate the CloudFormation template.
- def load_instance_types
- stack_template = File.read(Rails.root.join('vendor', 'aws', 'cloudformation', 'eks_cluster.yaml'))
- instance_types = YAML.safe_load(stack_template).dig('Parameters', 'NodeInstanceType', 'AllowedValues')
-
- instance_types.map { |type| Hash(name: type, value: type) }
- end
-
def update_applications_status
@cluster.applications.each(&:schedule_status_update)
end
View Lorry Controller Status