summaryrefslogtreecommitdiff
path: root/app/models/clusters/providers/aws.rb
blob: 86869361ed8bac698b7a83ea3d647d266229827b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# frozen_string_literal: true

module Clusters
  module Providers
    class Aws < ApplicationRecord
      include Gitlab::Utils::StrongMemoize
      include Clusters::Concerns::ProviderStatus
      include IgnorableColumns

      ignore_column :created_by_user_id, remove_with: '13.4', remove_after: '2020-08-22'

      self.table_name = 'cluster_providers_aws'

      DEFAULT_REGION = 'us-east-1'

      belongs_to :cluster, inverse_of: :provider_aws, class_name: 'Clusters::Cluster'

      default_value_for :region, DEFAULT_REGION
      default_value_for :num_nodes, 3
      default_value_for :instance_type, 'm5.large'

      attr_encrypted :secret_access_key,
        mode: :per_attribute_iv,
        key: Settings.attr_encrypted_db_key_base_truncated,
        algorithm: 'aes-256-gcm'

      validates :role_arn,
        length: 1..2048,
        format: {
          with: Gitlab::Regex.aws_arn_regex,
          message: Gitlab::Regex.aws_arn_regex_message
        }

      validates :num_nodes,
        numericality: {
          only_integer: true,
          greater_than: 0
        }

      validates :key_name, :region, :instance_type, :security_group_id, length: { in: 1..255 }
      validates :subnet_ids, presence: true

      def nullify_credentials
        assign_attributes(
          access_key_id: nil,
          secret_access_key: nil,
          session_token: nil
        )
      end

      def api_client
        strong_memoize(:api_client) do
          ::Aws::CloudFormation::Client.new(credentials: credentials, region: region)
        end
      end

      def credentials
        strong_memoize(:credentials) do
          ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
        end
      end

      def has_rbac_enabled?
        true
      end

      def knative_pre_installed?
        false
      end

      def created_by_user
        cluster.user
      end
    end
  end
end