diff options
Diffstat (limited to 'app/controllers/clusters/clusters_controller.rb')
-rw-r--r-- | app/controllers/clusters/clusters_controller.rb | 106 |
1 files changed, 1 insertions, 105 deletions
diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb index ae3b6125bde..a04fd09aa22 100644 --- a/app/controllers/clusters/clusters_controller.rb +++ b/app/controllers/clusters/clusters_controller.rb @@ -8,7 +8,7 @@ class Clusters::ClustersController < Clusters::BaseController before_action :cluster, only: [:cluster_status, :show, :update, :destroy, :clear_cache] before_action :user_cluster, only: [:connect] before_action :authorize_read_cluster!, only: [:show, :index] - before_action :authorize_create_cluster!, only: [:connect, :authorize_aws_role] + before_action :authorize_create_cluster!, only: [:connect] before_action :authorize_update_cluster!, only: [:update] before_action :update_applications_status, only: [:cluster_status] before_action :ensure_feature_enabled!, except: [:index, :new_cluster_docs] @@ -16,15 +16,6 @@ class Clusters::ClustersController < Clusters::BaseController helper_method :token_in_session STATUS_POLLING_INTERVAL = 10_000 - AWS_CSP_DOMAINS = %w[https://ec2.ap-east-1.amazonaws.com https://ec2.ap-northeast-1.amazonaws.com https://ec2.ap-northeast-2.amazonaws.com https://ec2.ap-northeast-3.amazonaws.com https://ec2.ap-south-1.amazonaws.com https://ec2.ap-southeast-1.amazonaws.com https://ec2.ap-southeast-2.amazonaws.com https://ec2.ca-central-1.amazonaws.com https://ec2.eu-central-1.amazonaws.com https://ec2.eu-north-1.amazonaws.com https://ec2.eu-west-1.amazonaws.com https://ec2.eu-west-2.amazonaws.com https://ec2.eu-west-3.amazonaws.com https://ec2.me-south-1.amazonaws.com https://ec2.sa-east-1.amazonaws.com https://ec2.us-east-1.amazonaws.com https://ec2.us-east-2.amazonaws.com https://ec2.us-west-1.amazonaws.com https://ec2.us-west-2.amazonaws.com https://ec2.af-south-1.amazonaws.com https://iam.amazonaws.com].freeze - - content_security_policy do |p| - next if p.directives.blank? - - default_connect_src = p.directives['connect-src'] || p.directives['default-src'] - connect_src_values = Array.wrap(default_connect_src) | AWS_CSP_DOMAINS - p.connect_src(*connect_src_values) - end def index @clusters = cluster_list @@ -95,19 +86,6 @@ class Clusters::ClustersController < Clusters::BaseController redirect_to clusterable.index_path, status: :found end - def create_aws - @aws_cluster = ::Clusters::CreateService - .new(current_user, create_aws_cluster_params) - .execute - .present(current_user: current_user) - - if @aws_cluster.persisted? - head :created, location: @aws_cluster.show_path - else - render status: :unprocessable_entity, json: @aws_cluster.errors - end - end - def create_user @user_cluster = ::Clusters::CreateService .new(current_user, create_user_cluster_params) @@ -117,23 +95,10 @@ class Clusters::ClustersController < Clusters::BaseController if @user_cluster.persisted? redirect_to @user_cluster.show_path else - generate_gcp_authorize_url - validate_gcp_token - gcp_cluster - render :connect end end - def authorize_aws_role - response = Clusters::Aws::AuthorizeRoleService.new( - current_user, - params: aws_role_params - ).execute - - render json: response.body, status: response.status - end - def clear_cache cluster.delete_cached_resources! @@ -204,27 +169,6 @@ class Clusters::ClustersController < Clusters::BaseController end end - def create_aws_cluster_params - params.require(:cluster).permit( - *base_permitted_cluster_params, - :name, - provider_aws_attributes: [ - :kubernetes_version, - :key_name, - :role_arn, - :region, - :vpc_id, - :instance_type, - :num_nodes, - :security_group_id, - subnet_ids: [] - ]).merge( - provider_type: :aws, - platform_type: :kubernetes, - clusterable: clusterable.__subject__ - ) - end - def create_user_cluster_params params.require(:cluster).permit( *base_permitted_cluster_params, @@ -242,29 +186,6 @@ class Clusters::ClustersController < Clusters::BaseController ) end - def aws_role_params - params.require(:cluster).permit(:role_arn, :region) - end - - def generate_gcp_authorize_url - connect_path = clusterable.connect_path().to_s - error_path = @project ? project_clusters_path(@project) : connect_path - - state = generate_session_key_redirect(connect_path, error_path) - - @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, callback_google_api_auth_url, - state: state).authorize_url - rescue GoogleApi::Auth::ConfigMissingError - # no-op - end - - def gcp_cluster - cluster = Clusters::BuildService.new(clusterable.__subject__).execute - cluster.build_provider_gcp - @gcp_cluster = cluster.present(current_user: current_user) - end - def proxyable cluster.cluster end @@ -295,11 +216,6 @@ class Clusters::ClustersController < Clusters::BaseController @user_cluster = cluster.present(current_user: current_user) end - def validate_gcp_token - @valid_gcp_token = GoogleApi::CloudPlatform::Client.new(token_in_session, nil) - .validate_token(expires_at_in_session) - end - def token_in_session session[GoogleApi::CloudPlatform::Client.session_key_for_token] end @@ -309,26 +225,6 @@ class Clusters::ClustersController < Clusters::BaseController session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] end - def generate_session_key_redirect(uri, error_uri) - GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key| - session[key] = uri - session[:error_uri] = error_uri - end - end - - ## - # Unfortunately the EC2 API doesn't provide a list of - # possible instance types. There is a workaround, using - # the Pricing API, but instead of requiring the - # user to grant extra permissions for this we use the - # values that validate the CloudFormation template. - def load_instance_types - stack_template = File.read(Rails.root.join('vendor', 'aws', 'cloudformation', 'eks_cluster.yaml')) - instance_types = YAML.safe_load(stack_template).dig('Parameters', 'NodeInstanceType', 'AllowedValues') - - instance_types.map { |type| Hash(name: type, value: type) } - end - def update_applications_status @cluster.applications.each(&:schedule_status_update) end |