diff options
Diffstat (limited to 'app/services/clusters')
8 files changed, 52 insertions, 373 deletions
diff --git a/app/services/clusters/agents/filter_authorizations_service.rb b/app/services/clusters/agents/filter_authorizations_service.rb new file mode 100644 index 00000000000..68517ceec04 --- /dev/null +++ b/app/services/clusters/agents/filter_authorizations_service.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +module Clusters + module Agents + class FilterAuthorizationsService + def initialize(authorizations, filter_params) + @authorizations = authorizations + @filter_params = filter_params + + @environments_matcher = {} + end + + def execute + filter_by_environment(authorizations) + end + + private + + attr_reader :authorizations, :filter_params + + def filter_by_environment(auths) + return auths unless filter_by_environment? + + auths.select do |auth| + next true if auth.config['environments'].blank? + + auth.config['environments'].any? { |environment_pattern| matches_environment?(environment_pattern) } + end + end + + def filter_by_environment? + filter_params.has_key?(:environment) + end + + def environment_filter + @environment_filter ||= filter_params[:environment] + end + + def matches_environment?(environment_pattern) + return false if environment_filter.nil? + + environments_matcher(environment_pattern).match?(environment_filter) + end + + def environments_matcher(environment_pattern) + @environments_matcher[environment_pattern] ||= ::Gitlab::Ci::EnvironmentMatcher.new(environment_pattern) + end + end + end +end diff --git a/app/services/clusters/agents/refresh_authorization_service.rb b/app/services/clusters/agents/refresh_authorization_service.rb index 54b90a7304c..53b14ab54da 100644 --- a/app/services/clusters/agents/refresh_authorization_service.rb +++ b/app/services/clusters/agents/refresh_authorization_service.rb @@ -83,11 +83,7 @@ module Clusters end def allowed_projects - if group_root_ancestor? - root_ancestor.all_projects - else - ::Project.id_in(project.id) - end + root_ancestor.all_projects end def allowed_groups diff --git a/app/services/clusters/applications/base_service.rb b/app/services/clusters/applications/base_service.rb deleted file mode 100644 index c6f22cfa04c..00000000000 --- a/app/services/clusters/applications/base_service.rb +++ /dev/null @@ -1,96 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class BaseService - InvalidApplicationError = Class.new(StandardError) - - attr_reader :cluster, :current_user, :params - - def initialize(cluster, user, params = {}) - @cluster = cluster - @current_user = user - @params = params.dup - end - - def execute(request) - instantiate_application.tap do |application| - if application.has_attribute?(:hostname) - application.hostname = params[:hostname] - end - - if application.has_attribute?(:email) - application.email = params[:email] - end - - if application.has_attribute?(:stack) - application.stack = params[:stack] - end - - if application.respond_to?(:oauth_application) - application.oauth_application = create_oauth_application(application, request) - end - - if application.instance_of?(Knative) - Serverless::AssociateDomainService - .new(application, pages_domain_id: params[:pages_domain_id], creator: current_user) - .execute - end - - worker = worker_class(application) - - application.make_scheduled! - - worker.perform_async(application.name, application.id) - end - end - - protected - - def worker_class(application) - raise NotImplementedError - end - - def builder - raise NotImplementedError - end - - def project_builders - raise NotImplementedError - end - - def instantiate_application - raise_invalid_application_error if unknown_application? - - builder || raise(InvalidApplicationError, "invalid application: #{application_name}") - end - - def raise_invalid_application_error - raise(InvalidApplicationError, "invalid application: #{application_name}") - end - - def unknown_application? - Clusters::Cluster::APPLICATIONS.keys.exclude?(application_name) - end - - def application_name - params[:application] - end - - def application_class - Clusters::Cluster::APPLICATIONS[application_name] - end - - def create_oauth_application(application, request) - oauth_application_params = { - name: params[:application], - redirect_uri: application.callback_url, - scopes: application.oauth_scopes, - owner: current_user - } - - ::Applications::CreateService.new(current_user, oauth_application_params).execute(request) - end - end - end -end diff --git a/app/services/clusters/applications/check_progress_service.rb b/app/services/clusters/applications/check_progress_service.rb deleted file mode 100644 index 4a07b955f8e..00000000000 --- a/app/services/clusters/applications/check_progress_service.rb +++ /dev/null @@ -1,50 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class CheckProgressService < BaseHelmService - def execute - return unless operation_in_progress? - - case pod_phase - when Gitlab::Kubernetes::Pod::SUCCEEDED - on_success - when Gitlab::Kubernetes::Pod::FAILED - on_failed - else - check_timeout - end - rescue Kubeclient::HttpError => e - log_error(e) - - app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code }) - end - - private - - def operation_in_progress? - raise NotImplementedError - end - - def on_success - raise NotImplementedError - end - - def pod_name - raise NotImplementedError - end - - def on_failed - app.make_errored!(_('Operation failed. Check pod logs for %{pod_name} for more details.') % { pod_name: pod_name }) - end - - def timed_out? - raise NotImplementedError - end - - def pod_phase - helm_api.status(pod_name) - end - end - end -end diff --git a/app/services/clusters/applications/install_service.rb b/app/services/clusters/applications/install_service.rb deleted file mode 100644 index dffb4ce65ab..00000000000 --- a/app/services/clusters/applications/install_service.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class InstallService < BaseHelmService - def execute - return unless app.scheduled? - - app.make_installing! - - install - end - - private - - def install - log_event(:begin_install) - helm_api.install(install_command) - - log_event(:schedule_wait_for_installation) - ClusterWaitForAppInstallationWorker.perform_in( - ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id) - rescue Kubeclient::HttpError => e - log_error(e) - app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code }) - rescue StandardError => e - log_error(e) - app.make_errored!(_('Failed to install.')) - end - end - end -end diff --git a/app/services/clusters/applications/prometheus_config_service.rb b/app/services/clusters/applications/prometheus_config_service.rb deleted file mode 100644 index d39d63c874f..00000000000 --- a/app/services/clusters/applications/prometheus_config_service.rb +++ /dev/null @@ -1,155 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class PrometheusConfigService - def initialize(project, cluster, app) - @project = project - @cluster = cluster - @app = app - end - - def execute(config = {}) - if has_alerts? - generate_alert_manager(config) - else - reset_alert_manager(config) - end - end - - private - - attr_reader :project, :cluster, :app - - def reset_alert_manager(config) - config = set_alert_manager_enabled(config, false) - config.delete('alertmanagerFiles') - config['serverFiles'] ||= {} - config['serverFiles']['alerts'] = {} - - config - end - - def generate_alert_manager(config) - config = set_alert_manager_enabled(config, true) - config = set_alert_manager_files(config) - - set_alert_manager_groups(config) - end - - def set_alert_manager_enabled(config, enabled) - config['alertmanager'] ||= {} - config['alertmanager']['enabled'] = enabled - - config - end - - def set_alert_manager_files(config) - config['alertmanagerFiles'] = { - 'alertmanager.yml' => { - 'receivers' => alert_manager_receivers_params, - 'route' => alert_manager_route_params - } - } - - config - end - - def set_alert_manager_groups(config) - config['serverFiles'] ||= {} - config['serverFiles']['alerts'] ||= {} - config['serverFiles']['alerts']['groups'] ||= [] - - environments_with_alerts.each do |env_name, alerts| - index = config['serverFiles']['alerts']['groups'].find_index do |group| - group['name'] == env_name - end - - if index - config['serverFiles']['alerts']['groups'][index]['rules'] = alerts - else - config['serverFiles']['alerts']['groups'] << { - 'name' => env_name, - 'rules' => alerts - } - end - end - - config - end - - def alert_manager_receivers_params - [ - { - 'name' => 'gitlab', - 'webhook_configs' => [ - { - 'url' => notify_url, - 'send_resolved' => true, - 'http_config' => { - 'bearer_token' => alert_manager_token - } - } - ] - } - ] - end - - def alert_manager_token - app.alert_manager_token - end - - def alert_manager_route_params - { - 'receiver' => 'gitlab', - 'group_wait' => '30s', - 'group_interval' => '5m', - 'repeat_interval' => '4h' - } - end - - def notify_url - ::Gitlab::Routing.url_helpers - .notify_project_prometheus_alerts_url(project, format: :json) - end - - def has_alerts? - environments_with_alerts.values.flatten(1).any? - end - - def environments_with_alerts - @environments_with_alerts ||= - environments.each_with_object({}) do |environment, hash| - name = rule_name(environment) - hash[name] = alerts(environment) - end - end - - def rule_name(environment) - "#{environment.name}.rules" - end - - def alerts(environment) - alerts = Projects::Prometheus::AlertsFinder - .new(environment: environment) - .execute - - alerts.map do |alert| - hash = alert.to_param - hash['expr'] = substitute_query_variables(hash['expr'], environment) - hash - end - end - - def substitute_query_variables(query, environment) - result = ::Prometheus::ProxyVariableSubstitutionService.new(environment, query: query).execute - - result[:params][:query] - end - - def environments - project.environments_for_scope(cluster.environment_scope) - end - end - end -end diff --git a/app/services/clusters/applications/upgrade_service.rb b/app/services/clusters/applications/upgrade_service.rb deleted file mode 100644 index ac68e64af38..00000000000 --- a/app/services/clusters/applications/upgrade_service.rb +++ /dev/null @@ -1,34 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class UpgradeService < BaseHelmService - def execute - return unless app.scheduled? - - app.make_updating! - - upgrade - end - - private - - def upgrade - # install_command works with upgrades too - # as it basically does `helm upgrade --install` - log_event(:begin_upgrade) - helm_api.update(install_command) - - log_event(:schedule_wait_for_upgrade) - ClusterWaitForAppInstallationWorker.perform_in( - ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id) - rescue Kubeclient::HttpError => e - log_error(e) - app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code }) - rescue StandardError => e - log_error(e) - app.make_errored!(_('Failed to upgrade.')) - end - end - end -end diff --git a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb index eabc428d0d2..e87640f4c76 100644 --- a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb +++ b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb @@ -3,7 +3,7 @@ module Clusters module Kubernetes class CreateOrUpdateServiceAccountService - def initialize(kubeclient, service_account_name:, service_account_namespace:, service_account_namespace_labels: nil, token_name:, rbac:, namespace_creator: false, role_binding_name: nil) + def initialize(kubeclient, service_account_name:, service_account_namespace:, token_name:, rbac:, service_account_namespace_labels: nil, namespace_creator: false, role_binding_name: nil) @kubeclient = kubeclient @service_account_name = service_account_name @service_account_namespace = service_account_namespace |