debian-mirror-gitlab/app/controllers/clusters/clusters_controller.rb

338 lines
8.9 KiB
Ruby
Raw Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
class Clusters::ClustersController < Clusters::BaseController
include RoutableActions
2020-01-01 13:55:28 +05:30
before_action :cluster, only: [:cluster_status, :show, :update, :destroy, :clear_cache]
2018-12-13 13:39:08 +05:30
before_action :generate_gcp_authorize_url, only: [:new]
before_action :validate_gcp_token, only: [:new]
before_action :gcp_cluster, only: [:new]
before_action :user_cluster, only: [:new]
2020-01-01 13:55:28 +05:30
before_action :authorize_create_cluster!, only: [:new, :authorize_aws_role]
2018-12-13 13:39:08 +05:30
before_action :authorize_update_cluster!, only: [:update]
2020-01-01 13:55:28 +05:30
before_action :authorize_admin_cluster!, only: [:destroy, :clear_cache]
2018-12-13 13:39:08 +05:30
before_action :update_applications_status, only: [:cluster_status]
helper_method :token_in_session
STATUS_POLLING_INTERVAL = 10_000
def index
2020-05-24 23:13:21 +05:30
@clusters = cluster_list
2019-02-15 15:39:39 +05:30
2020-05-24 23:13:21 +05:30
respond_to do |format|
format.html
format.json do
2020-06-23 00:09:42 +05:30
Gitlab::PollingInterval.set_header(response, interval: STATUS_POLLING_INTERVAL)
2020-05-24 23:13:21 +05:30
serializer = ClusterSerializer.new(current_user: current_user)
2019-02-15 15:39:39 +05:30
2020-05-24 23:13:21 +05:30
render json: {
clusters: serializer.with_pagination(request, response).represent_list(@clusters),
has_ancestor_clusters: @has_ancestor_clusters
}
end
end
2018-12-13 13:39:08 +05:30
end
def new
2019-12-26 22:10:19 +05:30
if params[:provider] == 'aws'
@aws_role = current_user.aws_role || Aws::Role.new
@aws_role.ensure_role_external_id!
2020-01-01 13:55:28 +05:30
@instance_types = load_instance_types.to_json
2019-12-04 20:38:33 +05:30
2019-12-26 22:10:19 +05:30
elsif params[:provider] == 'gcp'
redirect_to @authorize_url if @authorize_url && !@valid_gcp_token
end
2018-12-13 13:39:08 +05:30
end
# Overridding ActionController::Metal#status is NOT a good idea
def cluster_status
respond_to do |format|
format.json do
Gitlab::PollingInterval.set_header(response, interval: STATUS_POLLING_INTERVAL)
render json: ClusterSerializer
.new(current_user: @current_user)
.represent_status(@cluster)
end
end
end
def show
end
def update
Clusters::UpdateService
.new(current_user, update_params)
.execute(cluster)
if cluster.valid?
respond_to do |format|
format.json do
head :no_content
end
format.html do
flash[:notice] = _('Kubernetes cluster was successfully updated.')
redirect_to cluster.show_path
end
end
else
respond_to do |format|
format.json { head :bad_request }
format.html { render :show }
end
end
end
def destroy
2019-12-26 22:10:19 +05:30
response = Clusters::DestroyService
.new(current_user, destroy_params)
.execute(cluster)
flash[:notice] = response[:message]
redirect_to clusterable.index_path, status: :found
2018-12-13 13:39:08 +05:30
end
def create_gcp
@gcp_cluster = ::Clusters::CreateService
.new(current_user, create_gcp_cluster_params)
.execute(access_token: token_in_session)
.present(current_user: current_user)
if @gcp_cluster.persisted?
redirect_to @gcp_cluster.show_path
else
generate_gcp_authorize_url
validate_gcp_token
user_cluster
2020-01-01 13:55:28 +05:30
params[:provider] = 'gcp'
2018-12-13 13:39:08 +05:30
2019-12-04 20:38:33 +05:30
render :new, locals: { active_tab: 'create' }
2018-12-13 13:39:08 +05:30
end
end
2019-12-26 22:10:19 +05:30
def create_aws
@aws_cluster = ::Clusters::CreateService
.new(current_user, create_aws_cluster_params)
.execute
.present(current_user: current_user)
if @aws_cluster.persisted?
head :created, location: @aws_cluster.show_path
else
render status: :unprocessable_entity, json: @aws_cluster.errors
end
end
2018-12-13 13:39:08 +05:30
def create_user
@user_cluster = ::Clusters::CreateService
.new(current_user, create_user_cluster_params)
.execute(access_token: token_in_session)
.present(current_user: current_user)
if @user_cluster.persisted?
redirect_to @user_cluster.show_path
else
generate_gcp_authorize_url
validate_gcp_token
gcp_cluster
2019-12-04 20:38:33 +05:30
render :new, locals: { active_tab: 'add' }
2018-12-13 13:39:08 +05:30
end
end
2019-12-26 22:10:19 +05:30
def authorize_aws_role
2020-01-01 13:55:28 +05:30
response = Clusters::Aws::AuthorizeRoleService.new(
current_user,
params: aws_role_params
).execute
2019-12-26 22:10:19 +05:30
2020-01-01 13:55:28 +05:30
render json: response.body, status: response.status
2019-12-26 22:10:19 +05:30
end
2020-01-01 13:55:28 +05:30
def clear_cache
cluster.delete_cached_resources!
2019-12-26 22:10:19 +05:30
2020-01-01 13:55:28 +05:30
redirect_to cluster.show_path, notice: _('Cluster cache cleared.')
2019-12-26 22:10:19 +05:30
end
2018-12-13 13:39:08 +05:30
private
2020-05-24 23:13:21 +05:30
def cluster_list
finder = ClusterAncestorsFinder.new(clusterable.subject, current_user)
clusters = finder.execute
@has_ancestor_clusters = finder.has_ancestor_clusters?
# Note: We are paginating through an array here but this should OK as:
#
# In CE, we can have a maximum group nesting depth of 21, so including
# project cluster, we can have max 22 clusters for a group hierarchy.
# In EE (Premium) we can have any number, as multiple clusters are
# supported, but the number of clusters are fairly low currently.
#
# See https://gitlab.com/gitlab-org/gitlab-foss/issues/55260 also.
Kaminari.paginate_array(clusters).page(params[:page]).per(20)
end
2019-12-26 22:10:19 +05:30
def destroy_params
2020-01-01 13:55:28 +05:30
params.permit(:cleanup)
2019-12-26 22:10:19 +05:30
end
2018-12-13 13:39:08 +05:30
def update_params
2019-07-07 11:18:12 +05:30
if cluster.provided_by_user?
2018-12-13 13:39:08 +05:30
params.require(:cluster).permit(
:enabled,
2019-07-07 11:18:12 +05:30
:name,
2018-12-13 13:39:08 +05:30
:environment_scope,
2019-09-04 21:01:54 +05:30
:managed,
2019-03-02 22:35:43 +05:30
:base_domain,
2019-12-26 22:10:19 +05:30
:management_project_id,
2018-12-13 13:39:08 +05:30
platform_kubernetes_attributes: [
2019-07-07 11:18:12 +05:30
:api_url,
:token,
:ca_cert,
2018-12-13 13:39:08 +05:30
:namespace
]
)
else
params.require(:cluster).permit(
:enabled,
:environment_scope,
2019-09-04 21:01:54 +05:30
:managed,
2019-03-02 22:35:43 +05:30
:base_domain,
2019-12-26 22:10:19 +05:30
:management_project_id,
2018-12-13 13:39:08 +05:30
platform_kubernetes_attributes: [
:namespace
]
)
end
end
def create_gcp_cluster_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
2019-07-31 22:56:46 +05:30
:managed,
2018-12-13 13:39:08 +05:30
provider_gcp_attributes: [
:gcp_project_id,
:zone,
:num_nodes,
:machine_type,
2019-12-21 20:55:43 +05:30
:cloud_run,
2018-12-13 13:39:08 +05:30
:legacy_abac
]).merge(
provider_type: :gcp,
platform_type: :kubernetes,
clusterable: clusterable.subject
)
end
2019-12-26 22:10:19 +05:30
def create_aws_cluster_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
:managed,
provider_aws_attributes: [
:key_name,
:role_arn,
:region,
:vpc_id,
:instance_type,
:num_nodes,
:security_group_id,
subnet_ids: []
]).merge(
provider_type: :aws,
platform_type: :kubernetes,
clusterable: clusterable.subject
)
end
2018-12-13 13:39:08 +05:30
def create_user_cluster_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
2019-07-31 22:56:46 +05:30
:managed,
2018-12-13 13:39:08 +05:30
platform_kubernetes_attributes: [
:namespace,
:api_url,
:token,
:ca_cert,
:authorization_type
]).merge(
provider_type: :user,
platform_type: :kubernetes,
clusterable: clusterable.subject
)
end
2020-01-01 13:55:28 +05:30
def aws_role_params
2019-12-26 22:10:19 +05:30
params.require(:cluster).permit(:role_arn, :role_external_id)
end
2018-12-13 13:39:08 +05:30
def generate_gcp_authorize_url
2020-01-01 13:55:28 +05:30
state = generate_session_key_redirect(clusterable.new_path(provider: :gcp).to_s)
2018-12-13 13:39:08 +05:30
@authorize_url = GoogleApi::CloudPlatform::Client.new(
nil, callback_google_api_auth_url,
state: state).authorize_url
rescue GoogleApi::Auth::ConfigMissingError
# no-op
end
def gcp_cluster
2019-02-15 15:39:39 +05:30
cluster = Clusters::BuildService.new(clusterable.subject).execute
cluster.build_provider_gcp
@gcp_cluster = cluster.present(current_user: current_user)
2018-12-13 13:39:08 +05:30
end
def user_cluster
2019-02-15 15:39:39 +05:30
cluster = Clusters::BuildService.new(clusterable.subject).execute
cluster.build_platform_kubernetes
@user_cluster = cluster.present(current_user: current_user)
2018-12-13 13:39:08 +05:30
end
def validate_gcp_token
@valid_gcp_token = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
.validate_token(expires_at_in_session)
end
def token_in_session
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
end
def expires_at_in_session
@expires_at_in_session ||=
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
end
def generate_session_key_redirect(uri)
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
session[key] = uri
end
end
2020-01-01 13:55:28 +05:30
##
# Unfortunately the EC2 API doesn't provide a list of
# possible instance types. There is a workaround, using
# the Pricing API, but instead of requiring the
# user to grant extra permissions for this we use the
# values that validate the CloudFormation template.
def load_instance_types
stack_template = File.read(Rails.root.join('vendor', 'aws', 'cloudformation', 'eks_cluster.yaml'))
instance_types = YAML.safe_load(stack_template).dig('Parameters', 'NodeInstanceType', 'AllowedValues')
instance_types.map { |type| Hash(name: type, value: type) }
end
2018-12-13 13:39:08 +05:30
def update_applications_status
@cluster.applications.each(&:schedule_status_update)
end
end
2019-12-04 20:38:33 +05:30
Clusters::ClustersController.prepend_if_ee('EE::Clusters::ClustersController')