debian-mirror-gitlab/app/models/clusters/applications/helm.rb

# frozen_string_literal: true

require 'openssl'

module Clusters
  module Applications
    class Helm < ApplicationRecord
      self.table_name = 'clusters_applications_helm'

      attr_encrypted :ca_key,
        mode: :per_attribute_iv,
        key: Settings.attr_encrypted_db_key_base_truncated,
        algorithm: 'aes-256-cbc'

      include ::Clusters::Concerns::ApplicationCore
      include ::Clusters::Concerns::ApplicationStatus

      default_value_for :version, Gitlab::Kubernetes::Helm::HELM_VERSION

      before_create :create_keys_and_certs

      def issue_client_cert
        ca_cert_obj.issue
      end

      def set_initial_status
        return unless not_installable?

        self.status = 'installable' if cluster&.platform_kubernetes_active?
      end

      # We will implement this in future MRs.
      # Basically we need to check all other applications are not installed
      # first.
      def allowed_to_uninstall?
        false
      end

      def install_command
        Gitlab::Kubernetes::Helm::InitCommand.new(
          name: name,
          files: files,
          rbac: cluster.platform_kubernetes_rbac?
        )
      end

      def has_ssl?
        ca_key.present? && ca_cert.present?
      end

      private

      def files
        {
          'ca.pem': ca_cert,
          'cert.pem': tiller_cert.cert_string,
          'key.pem': tiller_cert.key_string
        }
      end

      def create_keys_and_certs
        ca_cert = Gitlab::Kubernetes::Helm::Certificate.generate_root
        self.ca_key = ca_cert.key_string
        self.ca_cert = ca_cert.cert_string
      end

      def tiller_cert
        @tiller_cert ||= ca_cert_obj.issue(expires_in: Gitlab::Kubernetes::Helm::Certificate::INFINITE_EXPIRY)
      end

      def ca_cert_obj
        return unless has_ssl?

        Gitlab::Kubernetes::Helm::Certificate
          .from_strings(ca_key, ca_cert)
      end
    end
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

			`require 'openssl'`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`module Clusters`
			`module Applications`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`class Helm < ApplicationRecord`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`self.table_name = 'clusters_applications_helm'`

New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`attr_encrypted :ca_key,`
			`mode: :per_attribute_iv,`
			`key: Settings.attr_encrypted_db_key_base_truncated,`
			`algorithm: 'aes-256-cbc'`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`include ::Clusters::Concerns::ApplicationCore`
			`include ::Clusters::Concerns::ApplicationStatus`

			`default_value_for :version, Gitlab::Kubernetes::Helm::HELM_VERSION`

New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`before_create :create_keys_and_certs`

			`def issue_client_cert`
			`ca_cert_obj.issue`
			`end`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`def set_initial_status`
			`return unless not_installable?`

			`self.status = 'installable' if cluster&.platform_kubernetes_active?`
			`end`

New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`# We will implement this in future MRs.`
			`# Basically we need to check all other applications are not installed`
			`# first.`
			`def allowed_to_uninstall?`
			`false`
			`end`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`def install_command`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`Gitlab::Kubernetes::Helm::InitCommand.new(`
			`name: name,`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`files: files,`
			`rbac: cluster.platform_kubernetes_rbac?`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`)`
			`end`

			`def has_ssl?`
			`ca_key.present? && ca_cert.present?`
			`end`

			`private`

			`def files`
			`{`
			`'ca.pem': ca_cert,`
			`'cert.pem': tiller_cert.cert_string,`
			`'key.pem': tiller_cert.key_string`
			`}`
			`end`

			`def create_keys_and_certs`
			`ca_cert = Gitlab::Kubernetes::Helm::Certificate.generate_root`
			`self.ca_key = ca_cert.key_string`
			`self.ca_cert = ca_cert.cert_string`
			`end`

			`def tiller_cert`
			`@tiller_cert \|\|= ca_cert_obj.issue(expires_in: Gitlab::Kubernetes::Helm::Certificate::INFINITE_EXPIRY)`
			`end`

			`def ca_cert_obj`
			`return unless has_ssl?`

			`Gitlab::Kubernetes::Helm::Certificate`
			`.from_strings(ca_key, ca_cert)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`end`
			`end`
			`end`
			`end`