From d4fa672c20657a1c7d2fcfa25e9798e7ccdbf39d Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Mon, 25 Sep 2017 16:10:25 +0900 Subject: Create Kubernetes cluster on GKE from k8s service --- .../google_api/authorizations_controller.rb | 27 ++++++ app/controllers/projects/clusters_controller.rb | 102 +++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 app/controllers/google_api/authorizations_controller.rb create mode 100644 app/controllers/projects/clusters_controller.rb (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb new file mode 100644 index 00000000000..e99c38025b8 --- /dev/null +++ b/app/controllers/google_api/authorizations_controller.rb @@ -0,0 +1,27 @@ +module GoogleApi + class AuthorizationsController < ApplicationController + # callback_google_api_authorizations GET|POST /google_api/authorizations/callback(.:format) google_api/authorizations#callback + ## + # TODO: + # - Is it ok to use both "http://localhost:3000/google_api/authorizations/callback"(For login) and "http://localhost:3000/google_api/authorizations/callback"(For API token) + def callback + session[access_token_key] = api_client.get_token(params[:code]) + + if params[:state] + redirect_to params[:state] + else + redirect_to root_url + end + end + + def api_client + @api_client ||= + GoogleApi::Authentication.new(nil, callback_google_api_authorizations_url) + end + + def access_token_key + # :"#{api_client.scope}_access_token" + :"hoge_access_token" # TODO: + end + end +end diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb new file mode 100644 index 00000000000..5c9319f661a --- /dev/null +++ b/app/controllers/projects/clusters_controller.rb @@ -0,0 +1,102 @@ +class Projects::ClustersController < Projects::ApplicationController + # before_action :authenticate_google_api + before_action :cluster + + # before_action :authorize_admin_clusters! # TODO: Authentication + + def index + if cluster + redirect_to action: 'edit' + else + redirect_to action: 'new' + end + end + + ## + # TODO: + # - Show form for "Create on Google Container Engine" + # - Show form for "Use existing kubernets cluster" + # - If user has not authroized yet, Show "Sign in with Google" button + # - If user has already authroized, Skip "Sign in with Google" button + # - user.is_authenticated_for_gcp? + # - user.authenticate_for_gcp! + # - Create this module which can be used from view + def new + unless session[access_token_key] + @authorize_url = api_client.authorize_url + end + end + + ## + # TODO: + # - If create on GKE, Use Google::Apis::ContainerV1::ContainerService + # - If create manually, save in db (Prob, Project > Setting) + # - Dry up with Service + def create + redirect_to action: 'index' + end + + # TODO: Show results/status. Edits Swtich for enable/disable. + # If created with GKE, non-editable form. enable/disable switch. + # If created manually, editable form. enable/disable switch. + # GKE params are on-off swtich + # Manul params are on-off swtich, Endpoint, CACert, k8s Token, Proj namespace. + def edit + unless session[access_token_key] + @authorize_url = api_client.authorize_url + end + end + + def update + cluster.update(schedule_params) + render :edit + end + + # In presenter + # TODO: Generate a link to the cluster on GKE + + def gcp_projects + # api_client.blah + # TODO: Return all avaiable GCP Projects. + # TODO: Return json + # TODO: Dry with concern + end + + def gke_zones + # api_client.blah + # TODO: Return all avaiable zones on GKE. + # TODO: Return json + # TODO: Dry with concern + end + + private + + # def authenticate_google_api + # if cluster&.on_gke? && session[access_token_key].blank? + # redirect_to api_client.authorize_url(callback_import_url) + # end + # end + + def cluster + # Each project has only one cluster, for now. In the future iteraiton, we'll support multiple clusters + @cluster ||= project.clusters.first + end + + def cluster_params + params.require(:cluster).permit(:aaa) + end + + def api_client + @api_client ||= + GoogleApi::CloudPlatform::Client.new( + session[access_token_key], + callback_google_api_authorizations_url, + state: namespace_project_clusters_url.to_s + ) + end + + def access_token_key + # :"#{api_client.scope}_access_token" + :"hoge_access_token" # TODO: + end +end -- cgit v1.2.3 From bdc618c289b8c2b996a3ef92b7748966c311d28a Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Tue, 26 Sep 2017 02:11:26 +0900 Subject: ok --- .../google_api/authorizations_controller.rb | 20 ++------ app/controllers/projects/clusters_controller.rb | 59 ++++++++++++++++++---- 2 files changed, 53 insertions(+), 26 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index e99c38025b8..1fafd7e88be 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -1,11 +1,11 @@ module GoogleApi class AuthorizationsController < ApplicationController - # callback_google_api_authorizations GET|POST /google_api/authorizations/callback(.:format) google_api/authorizations#callback - ## - # TODO: - # - Is it ok to use both "http://localhost:3000/google_api/authorizations/callback"(For login) and "http://localhost:3000/google_api/authorizations/callback"(For API token) + # /google_api/authorizations/callback(.:format) def callback - session[access_token_key] = api_client.get_token(params[:code]) + # TODO: Error handling + session[GoogleApi::CloudPlatform::Client.token_in_session] = + GoogleApi::Authentication.new(nil, callback_google_api_authorizations_url) + .get_token(params[:code]) if params[:state] redirect_to params[:state] @@ -13,15 +13,5 @@ module GoogleApi redirect_to root_url end end - - def api_client - @api_client ||= - GoogleApi::Authentication.new(nil, callback_google_api_authorizations_url) - end - - def access_token_key - # :"#{api_client.scope}_access_token" - :"hoge_access_token" # TODO: - end end end diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 5c9319f661a..2aafc6364eb 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -22,7 +22,7 @@ class Projects::ClustersController < Projects::ApplicationController # - user.authenticate_for_gcp! # - Create this module which can be used from view def new - unless session[access_token_key] + unless session[GoogleApi::CloudPlatform::Client.token_in_session] @authorize_url = api_client.authorize_url end end @@ -33,6 +33,48 @@ class Projects::ClustersController < Projects::ApplicationController # - If create manually, save in db (Prob, Project > Setting) # - Dry up with Service def create + if params['creation_type'] == 'on_gke' + results = api_client.projects_zones_clusters_create( + params['gcp_project_id'], + params['cluster_zone'], + params['cluster_name'], + params['cluster_size'] + ) + + # TODO: How to create + project.kubernetes_service.save( + end_point: results['end_point'], + ca_cert: results['ca_cert'], + token: nil, + username: results['username'], + password: results['password'], + project_namespace: params['project_namespace'] + ) + + project.clusters.create( + creation_type: params['creation_type'], + gcp_project_id: params['gcp_project_id'], + cluster_zone: params['cluster_zone'], + cluster_name: params['cluster_name'], + kubernetes_service: project.kubernetes_service + ) + elsif params['creation_type'] == 'manual' + # TODO: Transaction + project.kubernetes_service.save( + end_point: params['end_point'], + ca_cert: params['ca_cert'], + token: params['token'], + username: params['username'], + password: params['password'], + project_namespace: params['project_namespace'] + ) + + project.clusters.create( + creation_type: params['creation_type'], + kubernetes_service: project.kubernetes_service + ) + end + redirect_to action: 'index' end @@ -42,7 +84,7 @@ class Projects::ClustersController < Projects::ApplicationController # GKE params are on-off swtich # Manul params are on-off swtich, Endpoint, CACert, k8s Token, Proj namespace. def edit - unless session[access_token_key] + unless session[GoogleApi::CloudPlatform::Client.token_in_session] @authorize_url = api_client.authorize_url end end @@ -82,21 +124,16 @@ class Projects::ClustersController < Projects::ApplicationController @cluster ||= project.clusters.first end - def cluster_params - params.require(:cluster).permit(:aaa) - end + # def cluster_params + # params.require(:cluster).permit(:aaa) + # end def api_client @api_client ||= GoogleApi::CloudPlatform::Client.new( - session[access_token_key], + session[GoogleApi::CloudPlatform::Client.token_in_session], callback_google_api_authorizations_url, state: namespace_project_clusters_url.to_s ) end - - def access_token_key - # :"#{api_client.scope}_access_token" - :"hoge_access_token" # TODO: - end end -- cgit v1.2.3 From d65cd0a68066c20250a3b7cbf5f6e3767f359c41 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Tue, 26 Sep 2017 17:46:09 +0900 Subject: Tie KubernetesService --- app/controllers/projects/clusters_controller.rb | 40 ++++++++++++++++++------- 1 file changed, 29 insertions(+), 11 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 2aafc6364eb..0d9707a8ff8 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -32,8 +32,10 @@ class Projects::ClustersController < Projects::ApplicationController # - If create on GKE, Use Google::Apis::ContainerV1::ContainerService # - If create manually, save in db (Prob, Project > Setting) # - Dry up with Service + # - Transaction def create if params['creation_type'] == 'on_gke' + # Create a cluster on GKE results = api_client.projects_zones_clusters_create( params['gcp_project_id'], params['cluster_zone'], @@ -41,22 +43,24 @@ class Projects::ClustersController < Projects::ApplicationController params['cluster_size'] ) - # TODO: How to create - project.kubernetes_service.save( - end_point: results['end_point'], - ca_cert: results['ca_cert'], - token: nil, - username: results['username'], - password: results['password'], - project_namespace: params['project_namespace'] - ) + # Update service + kubernetes_service.attributes = service_params( + active: true, + api_url: results['end_point'], + ca_pem: results['ca_cert'], # TODO: Decode Base64 + namespace: params['project_namespace'], + token: 'aaa' # TODO: username/password + ) + kubernetes_service.save! + + # Save info project.clusters.create( creation_type: params['creation_type'], gcp_project_id: params['gcp_project_id'], cluster_zone: params['cluster_zone'], cluster_name: params['cluster_name'], - kubernetes_service: project.kubernetes_service + service: kubernetes_service ) elsif params['creation_type'] == 'manual' # TODO: Transaction @@ -121,7 +125,7 @@ class Projects::ClustersController < Projects::ApplicationController def cluster # Each project has only one cluster, for now. In the future iteraiton, we'll support multiple clusters - @cluster ||= project.clusters.first + @cluster ||= project.clusters.last end # def cluster_params @@ -136,4 +140,18 @@ class Projects::ClustersController < Projects::ApplicationController state: namespace_project_clusters_url.to_s ) end + + def kubernetes_service + @kubernetes_service ||= project.find_or_initialize_service('kubernetes') + end + + def service_params(active:, api_url:, ca_pem:, namespace:, token:) + { + active: active, + api_url: api_url, + ca_pem: ca_pem, + namespace: namespace, + token: token + } + end end -- cgit v1.2.3 From 55ac72e56e0cdf6faf2fcd93939d0dd77048a8ee Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Tue, 26 Sep 2017 20:34:49 +0900 Subject: Create cluster --- app/controllers/projects/clusters_controller.rb | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 0d9707a8ff8..bc7e23bae59 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -37,10 +37,11 @@ class Projects::ClustersController < Projects::ApplicationController if params['creation_type'] == 'on_gke' # Create a cluster on GKE results = api_client.projects_zones_clusters_create( - params['gcp_project_id'], - params['cluster_zone'], - params['cluster_name'], - params['cluster_size'] + project_id: params['gcp_project_id'], + zone: params['cluster_zone'], + cluster_name: params['cluster_name'], + cluster_size: params['cluster_size'], + machine_type: params['machine_type'] ) # Update service @@ -90,7 +91,15 @@ class Projects::ClustersController < Projects::ApplicationController def edit unless session[GoogleApi::CloudPlatform::Client.token_in_session] @authorize_url = api_client.authorize_url + render :edit end + + # Get cluster information + api_client.projects_zones_clusters_get( + project_id: cluster.gcp_project_id, + zone: cluster.cluster_zone, + cluster_id: cluster.cluster_name + ) end def update -- cgit v1.2.3 From e7a8a05659f8c77ef6c1f83a25bae5629513cf96 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Tue, 26 Sep 2017 23:05:12 +0900 Subject: Improve ClustersController --- app/controllers/projects/clusters_controller.rb | 33 ++++++++++++++----------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index bc7e23bae59..b625ff16b54 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -33,22 +33,32 @@ class Projects::ClustersController < Projects::ApplicationController # - If create manually, save in db (Prob, Project > Setting) # - Dry up with Service # - Transaction + # - Sidekiq def create if params['creation_type'] == 'on_gke' # Create a cluster on GKE - results = api_client.projects_zones_clusters_create( - project_id: params['gcp_project_id'], - zone: params['cluster_zone'], - cluster_name: params['cluster_name'], - cluster_size: params['cluster_size'], - machine_type: params['machine_type'] + operation = api_client.projects_zones_clusters_create( + params['gcp_project_id'], params['cluster_zone'], params['cluster_name'], + cluster_size: params['cluster_size'], machine_type: params['machine_type'] + ) + + # wait_operation_done + if operation&.operation_type == 'CREATE_CLUSTER' + api_client.wait_operation_done(operation.self_link) + else + raise "TODO: ERROR" + end + + # Get cluster details (end point, etc) + gke_cluster = api_client.projects_zones_clusters_get( + params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] ) # Update service kubernetes_service.attributes = service_params( active: true, - api_url: results['end_point'], - ca_pem: results['ca_cert'], # TODO: Decode Base64 + api_url: gke_cluster.endpoint, + ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), namespace: params['project_namespace'], token: 'aaa' # TODO: username/password ) @@ -93,13 +103,6 @@ class Projects::ClustersController < Projects::ApplicationController @authorize_url = api_client.authorize_url render :edit end - - # Get cluster information - api_client.projects_zones_clusters_get( - project_id: cluster.gcp_project_id, - zone: cluster.cluster_zone, - cluster_id: cluster.cluster_name - ) end def update -- cgit v1.2.3 From e9d05a2cdc24b4dc771344f26e6ffdcf0240e46c Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Wed, 27 Sep 2017 21:01:08 +0900 Subject: Add login root. Remove ceration type. --- app/controllers/projects/clusters_controller.rb | 156 ++++++++---------------- 1 file changed, 49 insertions(+), 107 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index b625ff16b54..567c54ea2e2 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -1,9 +1,15 @@ class Projects::ClustersController < Projects::ApplicationController - # before_action :authenticate_google_api before_action :cluster - + before_action :authorize_google_api, except: [:login] # before_action :authorize_admin_clusters! # TODO: Authentication + def login + begin + @authorize_url = api_client.authorize_url + rescue GoogleApi::Authentication::ConfigMissingError + end + end + def index if cluster redirect_to action: 'edit' @@ -12,97 +18,54 @@ class Projects::ClustersController < Projects::ApplicationController end end - ## - # TODO: - # - Show form for "Create on Google Container Engine" - # - Show form for "Use existing kubernets cluster" - # - If user has not authroized yet, Show "Sign in with Google" button - # - If user has already authroized, Skip "Sign in with Google" button - # - user.is_authenticated_for_gcp? - # - user.authenticate_for_gcp! - # - Create this module which can be used from view def new - unless session[GoogleApi::CloudPlatform::Client.token_in_session] - @authorize_url = api_client.authorize_url - end end - ## - # TODO: - # - If create on GKE, Use Google::Apis::ContainerV1::ContainerService - # - If create manually, save in db (Prob, Project > Setting) - # - Dry up with Service - # - Transaction - # - Sidekiq def create - if params['creation_type'] == 'on_gke' - # Create a cluster on GKE - operation = api_client.projects_zones_clusters_create( - params['gcp_project_id'], params['cluster_zone'], params['cluster_name'], - cluster_size: params['cluster_size'], machine_type: params['machine_type'] - ) - - # wait_operation_done - if operation&.operation_type == 'CREATE_CLUSTER' - api_client.wait_operation_done(operation.self_link) - else - raise "TODO: ERROR" - end + # Create a cluster on GKE + operation = api_client.projects_zones_clusters_create( + params['gcp_project_id'], params['cluster_zone'], params['cluster_name'], + cluster_size: params['cluster_size'], machine_type: params['machine_type'] + ) + + # wait_operation_done + if operation&.operation_type == 'CREATE_CLUSTER' + api_client.wait_operation_done(operation.self_link) + else + raise "TODO: ERROR" + end - # Get cluster details (end point, etc) - gke_cluster = api_client.projects_zones_clusters_get( - params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] + # Get cluster details (end point, etc) + gke_cluster = api_client.projects_zones_clusters_get( + params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] + ) + + # Update service + kubernetes_service.attributes = service_params( + active: true, + api_url: gke_cluster.endpoint, + ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), + namespace: params['project_namespace'], + token: 'aaa' # TODO: username/password ) - # Update service - kubernetes_service.attributes = service_params( - active: true, - api_url: gke_cluster.endpoint, - ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - namespace: params['project_namespace'], - token: 'aaa' # TODO: username/password - ) - - kubernetes_service.save! - - # Save info - project.clusters.create( - creation_type: params['creation_type'], - gcp_project_id: params['gcp_project_id'], - cluster_zone: params['cluster_zone'], - cluster_name: params['cluster_name'], - service: kubernetes_service - ) - elsif params['creation_type'] == 'manual' - # TODO: Transaction - project.kubernetes_service.save( - end_point: params['end_point'], - ca_cert: params['ca_cert'], - token: params['token'], - username: params['username'], - password: params['password'], - project_namespace: params['project_namespace'] - ) + kubernetes_service.save! - project.clusters.create( - creation_type: params['creation_type'], - kubernetes_service: project.kubernetes_service - ) - end + # Save info + project.clusters.create( + creation_type: params['creation_type'], + gcp_project_id: params['gcp_project_id'], + cluster_zone: params['cluster_zone'], + cluster_name: params['cluster_name'], + service: kubernetes_service + ) redirect_to action: 'index' end - # TODO: Show results/status. Edits Swtich for enable/disable. - # If created with GKE, non-editable form. enable/disable switch. - # If created manually, editable form. enable/disable switch. - # GKE params are on-off swtich - # Manul params are on-off swtich, Endpoint, CACert, k8s Token, Proj namespace. def edit - unless session[GoogleApi::CloudPlatform::Client.token_in_session] - @authorize_url = api_client.authorize_url - render :edit - end + # TODO: If on, do we override parameter? + # TODO: If off, do we override parameter? end def update @@ -110,40 +73,13 @@ class Projects::ClustersController < Projects::ApplicationController render :edit end - # In presenter - # TODO: Generate a link to the cluster on GKE - - def gcp_projects - # api_client.blah - # TODO: Return all avaiable GCP Projects. - # TODO: Return json - # TODO: Dry with concern - end - - def gke_zones - # api_client.blah - # TODO: Return all avaiable zones on GKE. - # TODO: Return json - # TODO: Dry with concern - end - private - # def authenticate_google_api - # if cluster&.on_gke? && session[access_token_key].blank? - # redirect_to api_client.authorize_url(callback_import_url) - # end - # end - def cluster # Each project has only one cluster, for now. In the future iteraiton, we'll support multiple clusters @cluster ||= project.clusters.last end - # def cluster_params - # params.require(:cluster).permit(:aaa) - # end - def api_client @api_client ||= GoogleApi::CloudPlatform::Client.new( @@ -166,4 +102,10 @@ class Projects::ClustersController < Projects::ApplicationController token: token } end + + def authorize_google_api + unless session[GoogleApi::CloudPlatform::Client.token_in_session] + redirect_to action: 'login' + end + end end -- cgit v1.2.3 From 5fbf4069f6bc17dcc1ceeb81c28498b872882a6a Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Wed, 27 Sep 2017 21:53:50 +0900 Subject: Fetch k8s token from k8s username/password --- app/controllers/projects/clusters_controller.rb | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 567c54ea2e2..b6e2b2a723b 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -40,20 +40,37 @@ class Projects::ClustersController < Projects::ApplicationController params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] ) + # Get k8s token + token = '' + KubernetesService.new.tap do |ks| + ks.api_url = 'https://' + gke_cluster.endpoint + ks.ca_pem = Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate) + ks.username = gke_cluster.master_auth.username + ks.password = gke_cluster.master_auth.password + secrets = ks.read_secrets + secrets.each do |secret| + name = secret.dig('metadata', 'name') + if /default-token/ =~ name + token_base64 = secret.dig('data', 'token') + token = Base64.decode64(token_base64) + break + end + end + end + # Update service kubernetes_service.attributes = service_params( active: true, - api_url: gke_cluster.endpoint, + api_url: 'https://' + gke_cluster.endpoint, ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), namespace: params['project_namespace'], - token: 'aaa' # TODO: username/password + token: token ) kubernetes_service.save! # Save info project.clusters.create( - creation_type: params['creation_type'], gcp_project_id: params['gcp_project_id'], cluster_zone: params['cluster_zone'], cluster_name: params['cluster_name'], -- cgit v1.2.3 From 058e595788118fb129d3003989a3728de9ae7e39 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Wed, 27 Sep 2017 22:17:41 +0900 Subject: Delete/Update basic implementation --- app/controllers/projects/clusters_controller.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index b6e2b2a723b..cb753a8b098 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -12,7 +12,7 @@ class Projects::ClustersController < Projects::ApplicationController def index if cluster - redirect_to action: 'edit' + redirect_to edit_namespace_project_cluster_path(project.namespace, project, cluster.id) else redirect_to action: 'new' end @@ -86,10 +86,16 @@ class Projects::ClustersController < Projects::ApplicationController end def update - cluster.update(schedule_params) + cluster.update(enabled: params['enabled']) + cluster.service.update(active: params['enabled']) render :edit end + def destroy + cluster.destroy + redirect_to action: 'index' + end + private def cluster -- cgit v1.2.3 From fabc359e77c39aea86f0eaa9f19b17b2a609dd99 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Thu, 28 Sep 2017 18:11:17 +0900 Subject: Multithreading cluster creation is done with `reactive_cache` --- app/controllers/projects/clusters_controller.rb | 93 ++++++------------------- 1 file changed, 21 insertions(+), 72 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index cb753a8b098..f3dd55a6800 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -1,5 +1,5 @@ class Projects::ClustersController < Projects::ApplicationController - before_action :cluster + before_action :cluster, except: [:login, :index, :new, :create] before_action :authorize_google_api, except: [:login] # before_action :authorize_admin_clusters! # TODO: Authentication @@ -11,8 +11,8 @@ class Projects::ClustersController < Projects::ApplicationController end def index - if cluster - redirect_to edit_namespace_project_cluster_path(project.namespace, project, cluster.id) + if project.clusters.any? + redirect_to edit_namespace_project_cluster_path(project.namespace, project, project.clusters.last.id) else redirect_to action: 'new' end @@ -22,72 +22,36 @@ class Projects::ClustersController < Projects::ApplicationController end def create - # Create a cluster on GKE - operation = api_client.projects_zones_clusters_create( - params['gcp_project_id'], params['cluster_zone'], params['cluster_name'], - cluster_size: params['cluster_size'], machine_type: params['machine_type'] - ) - - # wait_operation_done - if operation&.operation_type == 'CREATE_CLUSTER' - api_client.wait_operation_done(operation.self_link) - else - raise "TODO: ERROR" + begin + Ci::CreateClusterService.new(project, current_user, params) + .create_cluster_on_gke(api_client) + rescue Ci::CreateClusterService::UnexpectedOperationError => e + puts "#{self.class.name} - #{__callee__}: e: #{e}" + # TODO: error end - # Get cluster details (end point, etc) - gke_cluster = api_client.projects_zones_clusters_get( - params['gcp_project_id'], params['cluster_zone'], params['cluster_name'] - ) + redirect_to action: 'index' + end - # Get k8s token - token = '' - KubernetesService.new.tap do |ks| - ks.api_url = 'https://' + gke_cluster.endpoint - ks.ca_pem = Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate) - ks.username = gke_cluster.master_auth.username - ks.password = gke_cluster.master_auth.password - secrets = ks.read_secrets - secrets.each do |secret| - name = secret.dig('metadata', 'name') - if /default-token/ =~ name - token_base64 = secret.dig('data', 'token') - token = Base64.decode64(token_base64) - break - end + ## + # Return + # @status: The current status of the operation. + # @status_message: If an error has occurred, a textual description of the error. + def creation_status + respond_to do |format| + format.json do + render json: cluster.creation_status(session[GoogleApi::CloudPlatform::Client.token_in_session]) end end - - # Update service - kubernetes_service.attributes = service_params( - active: true, - api_url: 'https://' + gke_cluster.endpoint, - ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate), - namespace: params['project_namespace'], - token: token - ) - - kubernetes_service.save! - - # Save info - project.clusters.create( - gcp_project_id: params['gcp_project_id'], - cluster_zone: params['cluster_zone'], - cluster_name: params['cluster_name'], - service: kubernetes_service - ) - - redirect_to action: 'index' end def edit - # TODO: If on, do we override parameter? - # TODO: If off, do we override parameter? end def update cluster.update(enabled: params['enabled']) cluster.service.update(active: params['enabled']) + # TODO: Do we overwrite KubernetesService parameter? render :edit end @@ -99,8 +63,7 @@ class Projects::ClustersController < Projects::ApplicationController private def cluster - # Each project has only one cluster, for now. In the future iteraiton, we'll support multiple clusters - @cluster ||= project.clusters.last + @cluster ||= project.clusters.find(params[:id]) end def api_client @@ -112,20 +75,6 @@ class Projects::ClustersController < Projects::ApplicationController ) end - def kubernetes_service - @kubernetes_service ||= project.find_or_initialize_service('kubernetes') - end - - def service_params(active:, api_url:, ca_pem:, namespace:, token:) - { - active: active, - api_url: api_url, - ca_pem: ca_pem, - namespace: namespace, - token: token - } - end - def authorize_google_api unless session[GoogleApi::CloudPlatform::Client.token_in_session] redirect_to action: 'login' -- cgit v1.2.3 From bda1b0a878205ac99bf10c0b4f0e63f2d4e3a25f Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Fri, 29 Sep 2017 00:08:11 +0900 Subject: Databse foreing key, index, encrypt password. Use short path. Improve error handling. Polish. --- .../google_api/authorizations_controller.rb | 2 -- app/controllers/projects/clusters_controller.rb | 40 +++++++++++++++++----- 2 files changed, 31 insertions(+), 11 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 1fafd7e88be..4b315181b7d 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -1,8 +1,6 @@ module GoogleApi class AuthorizationsController < ApplicationController - # /google_api/authorizations/callback(.:format) def callback - # TODO: Error handling session[GoogleApi::CloudPlatform::Client.token_in_session] = GoogleApi::Authentication.new(nil, callback_google_api_authorizations_url) .get_token(params[:code]) diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index f3dd55a6800..61bd28c65fe 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -7,14 +7,15 @@ class Projects::ClustersController < Projects::ApplicationController begin @authorize_url = api_client.authorize_url rescue GoogleApi::Authentication::ConfigMissingError + # Show an alert message that gitlab.yml is not configured properly end end def index if project.clusters.any? - redirect_to edit_namespace_project_cluster_path(project.namespace, project, project.clusters.last.id) + redirect_to edit_project_cluster_path(project, project.clusters.last.id) else - redirect_to action: 'new' + redirect_to new_project_cluster_path(project) end end @@ -26,11 +27,11 @@ class Projects::ClustersController < Projects::ApplicationController Ci::CreateClusterService.new(project, current_user, params) .create_cluster_on_gke(api_client) rescue Ci::CreateClusterService::UnexpectedOperationError => e - puts "#{self.class.name} - #{__callee__}: e: #{e}" # TODO: error + puts "#{self.class.name} - #{__callee__}: e: #{e}" end - redirect_to action: 'index' + redirect_to project_clusters_path(project) end ## @@ -49,15 +50,36 @@ class Projects::ClustersController < Projects::ApplicationController end def update - cluster.update(enabled: params['enabled']) - cluster.service.update(active: params['enabled']) - # TODO: Do we overwrite KubernetesService parameter? + Ci::Cluster.transaction do + if params['enabled'] == 'true' + + cluster.service.attributes = { + active: true, + api_url: cluster.endpoint, + ca_pem: cluster.ca_cert, + namespace: cluster.project_namespace, + token: cluster.token + } + + cluster.service.save! + else + cluster.service.update(active: false) + end + + cluster.update(enabled: params['enabled']) + end + render :edit end def destroy - cluster.destroy - redirect_to action: 'index' + if cluster.destroy + redirect_to project_clusters_path(project), status: 302 + else + redirect_to project_clusters_path(project), + status: :forbidden, + alert: _("Failed to remove the cluster") + end end private -- cgit v1.2.3 From e499c1c39dbea505858874ee47436641df3d93d4 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Sun, 1 Oct 2017 00:54:22 +0900 Subject: Replace reactive_cache by multipel sidekiq workers --- .../google_api/authorizations_controller.rb | 6 +- app/controllers/projects/clusters_controller.rb | 84 +++++++++++----------- 2 files changed, 45 insertions(+), 45 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 4b315181b7d..00b0c128711 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -1,9 +1,9 @@ module GoogleApi class AuthorizationsController < ApplicationController def callback - session[GoogleApi::CloudPlatform::Client.token_in_session] = - GoogleApi::Authentication.new(nil, callback_google_api_authorizations_url) - .get_token(params[:code]) + session[GoogleApi::CloudPlatform::Client.session_key_for_token] = + GoogleApi::CloudPlatform::Client.new(nil, callback_google_api_authorizations_url) + .get_token(params[:code]) if params[:state] redirect_to params[:state] diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 61bd28c65fe..840c623e778 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -1,12 +1,17 @@ class Projects::ClustersController < Projects::ApplicationController before_action :cluster, except: [:login, :index, :new, :create] before_action :authorize_google_api, except: [:login] + # before_action :cluster_creation_lock, only: [:update, :destroy] # before_action :authorize_admin_clusters! # TODO: Authentication def login begin - @authorize_url = api_client.authorize_url - rescue GoogleApi::Authentication::ConfigMissingError + @authorize_url = GoogleApi::CloudPlatform::Client.new( + nil, + callback_google_api_authorizations_url, + state: namespace_project_clusters_url.to_s + ).authorize_url + rescue GoogleApi::Auth::ConfigMissingError # Show an alert message that gitlab.yml is not configured properly end end @@ -20,28 +25,29 @@ class Projects::ClustersController < Projects::ApplicationController end def new + @cluster = project.clusters.new end def create - begin - Ci::CreateClusterService.new(project, current_user, params) - .create_cluster_on_gke(api_client) - rescue Ci::CreateClusterService::UnexpectedOperationError => e - # TODO: error - puts "#{self.class.name} - #{__callee__}: e: #{e}" - end + @cluster = Ci::CreateClusterService + .new(project, current_user, cluster_params) + .execute(token_in_session) - redirect_to project_clusters_path(project) + if @cluster.persisted? + ClusterCreationWorker.perform_async(@cluster.id) + redirect_to project_clusters_path(project) + else + render :new + end end - ## - # Return - # @status: The current status of the operation. - # @status_message: If an error has occurred, a textual description of the error. - def creation_status + def status respond_to do |format| format.json do - render json: cluster.creation_status(session[GoogleApi::CloudPlatform::Client.token_in_session]) + render json: { + status: cluster.status, # The current status of the operation. + status_reason: cluster.status_reason # If an error has occurred, a textual description of the error. + } end end end @@ -50,24 +56,9 @@ class Projects::ClustersController < Projects::ApplicationController end def update - Ci::Cluster.transaction do - if params['enabled'] == 'true' - - cluster.service.attributes = { - active: true, - api_url: cluster.endpoint, - ca_pem: cluster.ca_cert, - namespace: cluster.project_namespace, - token: cluster.token - } - - cluster.service.save! - else - cluster.service.update(active: false) - end - - cluster.update(enabled: params['enabled']) - end + Ci::UpdateClusterService + .new(project, current_user, cluster_params) + .execute(cluster) render :edit end @@ -88,18 +79,27 @@ class Projects::ClustersController < Projects::ApplicationController @cluster ||= project.clusters.find(params[:id]) end - def api_client - @api_client ||= - GoogleApi::CloudPlatform::Client.new( - session[GoogleApi::CloudPlatform::Client.token_in_session], - callback_google_api_authorizations_url, - state: namespace_project_clusters_url.to_s - ) + def cluster_params + params.require(:cluster) + .permit(:gcp_project_id, :cluster_zone, :cluster_name, :cluster_size, + :machine_type, :project_namespace, :enabled) end def authorize_google_api - unless session[GoogleApi::CloudPlatform::Client.token_in_session] + unless token_in_session redirect_to action: 'login' end end + + def token_in_session + @token_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_token] + end + + def cluster_creation_lock + if cluster.on_creation? + redirect_to edit_project_cluster_path(project, cluster), + status: :forbidden, + alert: _("You can not modify cluster during creation") + end + end end -- cgit v1.2.3 From 5663b4808df787b1bcbf32ba54eccbb4c7537e25 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Sun, 1 Oct 2017 20:30:32 +0900 Subject: authorize in controller. validation in model. --- app/controllers/projects/clusters_controller.rb | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 840c623e778..ebb17bca010 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -1,8 +1,7 @@ class Projects::ClustersController < Projects::ApplicationController before_action :cluster, except: [:login, :index, :new, :create] + before_action :authorize_admin_cluster! before_action :authorize_google_api, except: [:login] - # before_action :cluster_creation_lock, only: [:update, :destroy] - # before_action :authorize_admin_clusters! # TODO: Authentication def login begin @@ -67,9 +66,7 @@ class Projects::ClustersController < Projects::ApplicationController if cluster.destroy redirect_to project_clusters_path(project), status: 302 else - redirect_to project_clusters_path(project), - status: :forbidden, - alert: _("Failed to remove the cluster") + render :edit end end @@ -94,12 +91,4 @@ class Projects::ClustersController < Projects::ApplicationController def token_in_session @token_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_token] end - - def cluster_creation_lock - if cluster.on_creation? - redirect_to edit_project_cluster_path(project, cluster), - status: :forbidden, - alert: _("You can not modify cluster during creation") - end - end end -- cgit v1.2.3 From 2cb1d617d90b4a9311e3a35434bec958f266d22a Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Mon, 2 Oct 2017 17:13:46 +0900 Subject: Use expires_in for access_token validation --- app/controllers/google_api/authorizations_controller.rb | 10 +++++++--- app/controllers/projects/clusters_controller.rb | 16 +++++++++++----- 2 files changed, 18 insertions(+), 8 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 00b0c128711..890b4ce60c8 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -1,9 +1,13 @@ module GoogleApi class AuthorizationsController < ApplicationController def callback - session[GoogleApi::CloudPlatform::Client.session_key_for_token] = - GoogleApi::CloudPlatform::Client.new(nil, callback_google_api_authorizations_url) - .get_token(params[:code]) + token, expires_at = GoogleApi::CloudPlatform::Client + .new(nil, callback_google_api_authorizations_url) + .get_token(params[:code]) + + session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token + session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = + expires_at.to_s if params[:state] redirect_to params[:state] diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index ebb17bca010..552cc48d84a 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -6,12 +6,11 @@ class Projects::ClustersController < Projects::ApplicationController def login begin @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, - callback_google_api_authorizations_url, + nil, callback_google_api_authorizations_url, state: namespace_project_clusters_url.to_s ).authorize_url rescue GoogleApi::Auth::ConfigMissingError - # Show an alert message that gitlab.yml is not configured properly + # no-op end end @@ -83,12 +82,19 @@ class Projects::ClustersController < Projects::ApplicationController end def authorize_google_api - unless token_in_session + unless GoogleApi::CloudPlatform::Client.new(token_in_session, nil) + .validate_token(expires_at_in_session) redirect_to action: 'login' end end def token_in_session - @token_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_token] + @token_in_session ||= + session[GoogleApi::CloudPlatform::Client.session_key_for_token] + end + + def expires_at_in_session + @expires_at_in_session ||= + session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] end end -- cgit v1.2.3 From 34e66c427dde2070c2c09a07ce08f991e46de92f Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Mon, 2 Oct 2017 21:58:50 +0900 Subject: PollingInterval, rename to gke_clusters, has_one :cluster --- app/controllers/projects/clusters_controller.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 552cc48d84a..2c53e034428 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -15,15 +15,15 @@ class Projects::ClustersController < Projects::ApplicationController end def index - if project.clusters.any? - redirect_to edit_project_cluster_path(project, project.clusters.last.id) + if project.cluster + redirect_to edit_project_cluster_path(project, project.cluster) else redirect_to new_project_cluster_path(project) end end def new - @cluster = project.clusters.new + @cluster = project.build_cluster end def create @@ -42,6 +42,8 @@ class Projects::ClustersController < Projects::ApplicationController def status respond_to do |format| format.json do + Gitlab::PollingInterval.set_header(response, interval: 10_000) + render json: { status: cluster.status, # The current status of the operation. status_reason: cluster.status_reason # If an error has occurred, a textual description of the error. @@ -72,7 +74,7 @@ class Projects::ClustersController < Projects::ApplicationController private def cluster - @cluster ||= project.clusters.find(params[:id]) + @cluster ||= project.cluster end def cluster_params -- cgit v1.2.3 From 6b7889f750c56962c0674467c3fbfd7976b9b44f Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Tue, 3 Oct 2017 23:44:06 +0900 Subject: Implement Policy. Use show instead of edit. Chnage db column. fix comments. dry up workers --- app/controllers/projects/clusters_controller.rb | 28 +++++++++++++++++-------- 1 file changed, 19 insertions(+), 9 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 2c53e034428..1b6165def51 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -1,7 +1,10 @@ class Projects::ClustersController < Projects::ApplicationController before_action :cluster, except: [:login, :index, :new, :create] - before_action :authorize_admin_cluster! - before_action :authorize_google_api, except: [:login] + before_action :authorize_read_cluster! + before_action :authorize_create_cluster!, only: [:new, :create] + before_action :authorize_google_api, only: [:new, :create] + before_action :authorize_update_cluster!, only: [:update] + before_action :authorize_admin_cluster!, only: [:destroy] def login begin @@ -16,7 +19,7 @@ class Projects::ClustersController < Projects::ApplicationController def index if project.cluster - redirect_to edit_project_cluster_path(project, project.cluster) + redirect_to project_cluster_path(project, project.cluster) else redirect_to new_project_cluster_path(project) end @@ -32,7 +35,6 @@ class Projects::ClustersController < Projects::ApplicationController .execute(token_in_session) if @cluster.persisted? - ClusterCreationWorker.perform_async(@cluster.id) redirect_to project_clusters_path(project) else render :new @@ -52,7 +54,7 @@ class Projects::ClustersController < Projects::ApplicationController end end - def edit + def show end def update @@ -60,14 +62,14 @@ class Projects::ClustersController < Projects::ApplicationController .new(project, current_user, cluster_params) .execute(cluster) - render :edit + render :show end def destroy if cluster.destroy redirect_to project_clusters_path(project), status: 302 else - render :edit + render :show end end @@ -79,8 +81,8 @@ class Projects::ClustersController < Projects::ApplicationController def cluster_params params.require(:cluster) - .permit(:gcp_project_id, :cluster_zone, :cluster_name, :cluster_size, - :machine_type, :project_namespace, :enabled) + .permit(:gcp_project_id, :gcp_cluster_zone, :gcp_cluster_name, :gcp_cluster_size, + :gcp_machine_type, :project_namespace, :enabled) end def authorize_google_api @@ -99,4 +101,12 @@ class Projects::ClustersController < Projects::ApplicationController @expires_at_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] end + + def authorize_update_cluster! + return access_denied! unless can?(current_user, :update_cluster, cluster) + end + + def authorize_admin_cluster! + return access_denied! unless can?(current_user, :admin_cluster, cluster) + end end -- cgit v1.2.3 From 2507652084b7ca397574878538384edcbad68c73 Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 3 Oct 2017 23:21:54 +0200 Subject: Introduce serializer for ClusterEntity --- app/controllers/projects/clusters_controller.rb | 31 +++++++++++++++++-------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 1b6165def51..8d07f695e78 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -46,10 +46,9 @@ class Projects::ClustersController < Projects::ApplicationController format.json do Gitlab::PollingInterval.set_header(response, interval: 10_000) - render json: { - status: cluster.status, # The current status of the operation. - status_reason: cluster.status_reason # If an error has occurred, a textual description of the error. - } + render json: ClusterSerializer + .new(project: @project, current_user: @current_user) + .represent_status(@cluster) end end end @@ -62,7 +61,15 @@ class Projects::ClustersController < Projects::ApplicationController .new(project, current_user, cluster_params) .execute(cluster) - render :show + respond_to do |format| + format.html do + render :show + end + + format.json do + head :no_data + end + end end def destroy @@ -80,9 +87,13 @@ class Projects::ClustersController < Projects::ApplicationController end def cluster_params - params.require(:cluster) - .permit(:gcp_project_id, :gcp_cluster_zone, :gcp_cluster_name, :gcp_cluster_size, - :gcp_machine_type, :project_namespace, :enabled) + params.require(:cluster).permit(:gcp_project_id, + :gcp_cluster_zone, + :gcp_cluster_name, + :gcp_cluster_size, + :gcp_machine_type, + :project_namespace, + :enabled) end def authorize_google_api @@ -103,10 +114,10 @@ class Projects::ClustersController < Projects::ApplicationController end def authorize_update_cluster! - return access_denied! unless can?(current_user, :update_cluster, cluster) + access_denied! unless can?(current_user, :update_cluster, cluster) end def authorize_admin_cluster! - return access_denied! unless can?(current_user, :admin_cluster, cluster) + access_denied! unless can?(current_user, :admin_cluster, cluster) end end -- cgit v1.2.3 From 20abcbffae71f8177223f2b978c8ad56102da271 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Wed, 4 Oct 2017 16:04:45 +0900 Subject: Add google_api to TOP_LEVEL_ROUTES. Import/Export model failure fix. Fix static analysys. --- app/controllers/projects/clusters_controller.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 8d07f695e78..5dbabaf7813 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -9,9 +9,8 @@ class Projects::ClustersController < Projects::ApplicationController def login begin @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, callback_google_api_authorizations_url, - state: namespace_project_clusters_url.to_s - ).authorize_url + nil, callback_google_api_authorizations_url, + state: namespace_project_clusters_url.to_s).authorize_url rescue GoogleApi::Auth::ConfigMissingError # no-op end -- cgit v1.2.3 From 7329a0347f6093a15ffb0cf8f6a9ddc7f0495cb6 Mon Sep 17 00:00:00 2001 From: Filipa Lacerda Date: Wed, 4 Oct 2017 12:51:12 +0100 Subject: Add warning messages --- app/controllers/projects/clusters_controller.rb | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 5dbabaf7813..46118184993 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -60,21 +60,20 @@ class Projects::ClustersController < Projects::ApplicationController .new(project, current_user, cluster_params) .execute(cluster) - respond_to do |format| - format.html do + if cluster.valid? + flash[:notice] = "Cluster updated" + redirect_to project_cluster_path(project, project.cluster) + else render :show end - - format.json do - head :no_data - end - end end def destroy if cluster.destroy + flash[:notice] = "Cluster removed" redirect_to project_clusters_path(project), status: 302 else + flash[:notice] = "Cluster removed" render :show end end -- cgit v1.2.3 From 54831bd44bdf7f7b19ac3a129ebf6384549d9c63 Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Wed, 4 Oct 2017 21:10:08 +0200 Subject: Updated messages and notices --- app/controllers/projects/clusters_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 46118184993..051d3c00837 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -61,7 +61,7 @@ class Projects::ClustersController < Projects::ApplicationController .execute(cluster) if cluster.valid? - flash[:notice] = "Cluster updated" + flash[:notice] = "Cluster was successfully updated." redirect_to project_cluster_path(project, project.cluster) else render :show @@ -70,10 +70,10 @@ class Projects::ClustersController < Projects::ApplicationController def destroy if cluster.destroy - flash[:notice] = "Cluster removed" + flash[:notice] = "Cluster was successfully removed." redirect_to project_clusters_path(project), status: 302 else - flash[:notice] = "Cluster removed" + flash[:notice] = "Cluster was not removed." render :show end end -- cgit v1.2.3 From bee5c08094b4f2c125509f61e9e03a7a700bba5e Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Wed, 4 Oct 2017 21:13:01 +0200 Subject: Fix Rubocop failures --- app/controllers/projects/clusters_controller.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 051d3c00837..5ee30deee9d 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -60,12 +60,12 @@ class Projects::ClustersController < Projects::ApplicationController .new(project, current_user, cluster_params) .execute(cluster) - if cluster.valid? - flash[:notice] = "Cluster was successfully updated." - redirect_to project_cluster_path(project, project.cluster) - else - render :show - end + if cluster.valid? + flash[:notice] = "Cluster was successfully updated." + redirect_to project_cluster_path(project, project.cluster) + else + render :show + end end def destroy -- cgit v1.2.3 From fe135fac68fab5e2a15e7aaa250ae91cd7fa4851 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Thu, 5 Oct 2017 21:29:22 +0900 Subject: authorizations_controller_spec. cluster_policy_spec. --- app/controllers/google_api/authorizations_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 890b4ce60c8..79f49d598af 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -9,10 +9,10 @@ module GoogleApi session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = expires_at.to_s - if params[:state] + if params[:state].present? redirect_to params[:state] else - redirect_to root_url + redirect_to root_path end end end -- cgit v1.2.3 From 0ca9ea6e7f09ccaed1d6d55f83a1b81adbc4328a Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Thu, 5 Oct 2017 17:04:35 +0200 Subject: Split create_params and update_params and fix small redirect bug in controller --- app/controllers/projects/clusters_controller.rb | 33 +++++++++++++++---------- 1 file changed, 20 insertions(+), 13 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 5ee30deee9d..8c0fbf72aca 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -6,6 +6,14 @@ class Projects::ClustersController < Projects::ApplicationController before_action :authorize_update_cluster!, only: [:update] before_action :authorize_admin_cluster!, only: [:destroy] + def index + if project.cluster + redirect_to project_cluster_path(project, project.cluster) + else + redirect_to new_project_cluster_path(project) + end + end + def login begin @authorize_url = GoogleApi::CloudPlatform::Client.new( @@ -16,25 +24,17 @@ class Projects::ClustersController < Projects::ApplicationController end end - def index - if project.cluster - redirect_to project_cluster_path(project, project.cluster) - else - redirect_to new_project_cluster_path(project) - end - end - def new @cluster = project.build_cluster end def create @cluster = Ci::CreateClusterService - .new(project, current_user, cluster_params) + .new(project, current_user, create_params) .execute(token_in_session) if @cluster.persisted? - redirect_to project_clusters_path(project) + redirect_to project_cluster_path(project, @cluster) else render :new end @@ -57,7 +57,7 @@ class Projects::ClustersController < Projects::ApplicationController def update Ci::UpdateClusterService - .new(project, current_user, cluster_params) + .new(project, current_user, update_params) .execute(cluster) if cluster.valid? @@ -84,8 +84,9 @@ class Projects::ClustersController < Projects::ApplicationController @cluster ||= project.cluster end - def cluster_params - params.require(:cluster).permit(:gcp_project_id, + def create_params + params.require(:cluster).permit( + :gcp_project_id, :gcp_cluster_zone, :gcp_cluster_name, :gcp_cluster_size, @@ -94,6 +95,12 @@ class Projects::ClustersController < Projects::ApplicationController :enabled) end + def update_params + params.require(:cluster).permit( + :project_namespace, + :enabled) + end + def authorize_google_api unless GoogleApi::CloudPlatform::Client.new(token_in_session, nil) .validate_token(expires_at_in_session) -- cgit v1.2.3 From 0fbe0406fd7ced45939c79bcdd1fcbac08ddfa1b Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Thu, 5 Oct 2017 17:41:36 +0200 Subject: Change `/google_api/authorizations/` to `/google_api/auth/`. --- app/controllers/google_api/authorizations_controller.rb | 2 +- app/controllers/projects/clusters_controller.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 79f49d598af..e4f76fb493e 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -2,7 +2,7 @@ module GoogleApi class AuthorizationsController < ApplicationController def callback token, expires_at = GoogleApi::CloudPlatform::Client - .new(nil, callback_google_api_authorizations_url) + .new(nil, callback_google_api_auth_url) .get_token(params[:code]) session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 8c0fbf72aca..bd286b87a29 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -17,7 +17,7 @@ class Projects::ClustersController < Projects::ApplicationController def login begin @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, callback_google_api_authorizations_url, + nil, callback_google_api_auth_url, state: namespace_project_clusters_url.to_s).authorize_url rescue GoogleApi::Auth::ConfigMissingError # no-op -- cgit v1.2.3 From 6712762b9d6e0391b1a38ca17cc3d982a336bbf9 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Fri, 6 Oct 2017 02:45:15 +0900 Subject: Add ClusterPresenter. Fix Static Analysys. --- app/controllers/projects/clusters_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index bd286b87a29..77644602b72 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -81,7 +81,7 @@ class Projects::ClustersController < Projects::ApplicationController private def cluster - @cluster ||= project.cluster + @cluster ||= project.cluster.present(current_user: current_user) end def create_params -- cgit v1.2.3 From 4cda11585c75ce923d357b0dbb91fb393ed8e303 Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Thu, 5 Oct 2017 21:33:29 +0200 Subject: Fix almost all unresolved comments from Docs and UX review --- app/controllers/projects/clusters_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 77644602b72..ce8e73392b8 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -70,10 +70,10 @@ class Projects::ClustersController < Projects::ApplicationController def destroy if cluster.destroy - flash[:notice] = "Cluster was successfully removed." + flash[:notice] = "Cluster integration was successfully removed." redirect_to project_clusters_path(project), status: 302 else - flash[:notice] = "Cluster was not removed." + flash[:notice] = "Cluster integration was not removed." render :show end end -- cgit v1.2.3 From f293288589f24e1928b57dcd3428b762ae9ced79 Mon Sep 17 00:00:00 2001 From: Shinya Maeda Date: Fri, 6 Oct 2017 21:28:40 +0900 Subject: Security fix: redirection in google_api/authorizations_controller --- app/controllers/google_api/authorizations_controller.rb | 9 +++++++-- app/controllers/projects/clusters_controller.rb | 10 +++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index e4f76fb493e..709d1d34796 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -9,8 +9,13 @@ module GoogleApi session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = expires_at.to_s - if params[:state].present? - redirect_to params[:state] + key, _ = GoogleApi::CloudPlatform::Client + .session_key_for_second_redirect_uri(secure: params[:state]) + + second_redirect_uri = session[key] + + if second_redirect_uri.present? + redirect_to second_redirect_uri else redirect_to root_path end diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index ce8e73392b8..2f7364f4abf 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -16,9 +16,13 @@ class Projects::ClustersController < Projects::ApplicationController def login begin - @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, callback_google_api_auth_url, - state: namespace_project_clusters_url.to_s).authorize_url + GoogleApi::CloudPlatform::Client.session_key_for_second_redirect_uri.tap do |key, secure| + session[key] = namespace_project_clusters_url.to_s + + @authorize_url = GoogleApi::CloudPlatform::Client.new( + nil, callback_google_api_auth_url, + state: secure).authorize_url + end rescue GoogleApi::Auth::ConfigMissingError # no-op end -- cgit v1.2.3 From f9d490dbb910cdd05ca0a0fa38331708181e4b1e Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Fri, 6 Oct 2017 16:14:14 +0200 Subject: Improve redirect uri state and fix all remaining tests --- app/controllers/google_api/authorizations_controller.rb | 17 +++++++++++------ app/controllers/projects/clusters_controller.rb | 16 ++++++++++------ 2 files changed, 21 insertions(+), 12 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 709d1d34796..5551057ff55 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -9,16 +9,21 @@ module GoogleApi session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = expires_at.to_s - key, _ = GoogleApi::CloudPlatform::Client - .session_key_for_second_redirect_uri(secure: params[:state]) + state_redirect_uri = redirect_uri_from_session_key(params[:state]) - second_redirect_uri = session[key] - - if second_redirect_uri.present? - redirect_to second_redirect_uri + if state_redirect_uri + redirect_to state_redirect_uri else redirect_to root_path end end + + private + + def redirect_uri_from_session_key(state) + key = GoogleApi::CloudPlatform::Client + .session_key_for_redirect_uri(params[:state]) + session[key] if key + end end end diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index 2f7364f4abf..03019b0becc 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -16,13 +16,11 @@ class Projects::ClustersController < Projects::ApplicationController def login begin - GoogleApi::CloudPlatform::Client.session_key_for_second_redirect_uri.tap do |key, secure| - session[key] = namespace_project_clusters_url.to_s + state = generate_session_key_redirect(namespace_project_clusters_url.to_s) - @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, callback_google_api_auth_url, - state: secure).authorize_url - end + @authorize_url = GoogleApi::CloudPlatform::Client.new( + nil, callback_google_api_auth_url, + state: state).authorize_url rescue GoogleApi::Auth::ConfigMissingError # no-op end @@ -122,6 +120,12 @@ class Projects::ClustersController < Projects::ApplicationController session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] end + def generate_session_key_redirect(uri) + GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key| + session[key] = uri + end + end + def authorize_update_cluster! access_denied! unless can?(current_user, :update_cluster, cluster) end -- cgit v1.2.3