Fetch k8s token from k8s username/password

author: Shinya Maeda <shinya@gitlab.com> 2017-09-27 21:53:50 +0900
committer: Shinya Maeda <shinya@gitlab.com> 2017-09-27 21:53:50 +0900
commit: 5fbf4069f6bc17dcc1ceeb81c28498b872882a6a (patch)
tree: 969082bb8f6a40b1de1c2c6c99c2a603e05c2612
parent: e9d05a2cdc24b4dc771344f26e6ffdcf0240e46c (diff)
download: gitlab-ce-5fbf4069f6bc17dcc1ceeb81c28498b872882a6a.tar.gz
4 files changed, 39 insertions, 6 deletions
diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb
index 567c54ea2e2..b6e2b2a723b 100644
--- a/app/controllers/projects/clusters_controller.rb
+++ b/app/controllers/projects/clusters_controller.rb
@@ -40,20 +40,37 @@ class Projects::ClustersController < Projects::ApplicationController
       params['gcp_project_id'], params['cluster_zone'], params['cluster_name']
     )
 
+    # Get k8s token
+    token = ''
+    KubernetesService.new.tap do |ks|
+      ks.api_url = 'https://' + gke_cluster.endpoint
+      ks.ca_pem = Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate)
+      ks.username = gke_cluster.master_auth.username
+      ks.password = gke_cluster.master_auth.password
+      secrets = ks.read_secrets
+      secrets.each do |secret|
+        name = secret.dig('metadata', 'name')
+        if /default-token/ =~ name
+          token_base64 = secret.dig('data', 'token')
+          token = Base64.decode64(token_base64)
+          break
+        end
+      end
+    end
+
     # Update service
     kubernetes_service.attributes = service_params(
         active: true,
-        api_url: gke_cluster.endpoint,
+        api_url: 'https://' + gke_cluster.endpoint,
         ca_pem: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
         namespace: params['project_namespace'],
-        token: 'aaa' # TODO: username/password
+        token: token
       )
 
     kubernetes_service.save!
 
     # Save info
     project.clusters.create(
-      creation_type: params['creation_type'],
       gcp_project_id: params['gcp_project_id'],
       cluster_zone: params['cluster_zone'],
       cluster_name: params['cluster_name'],
diff --git a/app/models/project_services/kubernetes_service.rb b/app/models/project_services/kubernetes_service.rb
index 8ba07173c74..0f5f9aae93c 100644
--- a/app/models/project_services/kubernetes_service.rb
+++ b/app/models/project_services/kubernetes_service.rb
@@ -15,6 +15,7 @@ class KubernetesService < DeploymentService
   # Bearer authentication
   # TODO:  user/password auth, client certificates
   prop_accessor :token
+  attr_accessor :username, :password
 
   # Provide a custom CA bundle for self-signed deployments
   prop_accessor :ca_pem
@@ -138,6 +139,15 @@ class KubernetesService < DeploymentService
 
   TEMPLATE_PLACEHOLDER = 'Kubernetes namespace'.freeze
 
+  def read_secrets
+    kubeclient = build_kubeclient!
+
+    kubeclient.get_secrets.as_json
+  rescue KubeException => err
+    raise err unless err.error_code == 404
+    []
+  end
+
   private
 
   def kubeconfig
@@ -157,7 +167,7 @@ class KubernetesService < DeploymentService
   end
 
   def build_kubeclient!(api_path: 'api', api_version: 'v1')
-    raise "Incomplete settings" unless api_url && actual_namespace && token
+    raise "Incomplete settings" unless api_url && (token || (username && password))
 
     ::Kubeclient::Client.new(
       join_api_url(api_path),
@@ -190,7 +200,11 @@ class KubernetesService < DeploymentService
   end
 
   def kubeclient_auth_options
-    { bearer_token: token }
+    if token
+      { bearer_token: token }
+    else
+      { username: username, password: password }
+    end
   end
 
   def join_api_url(api_path)
diff --git a/app/views/projects/clusters/_form.html.haml b/app/views/projects/clusters/_form.html.haml
index 8b3c23d5d28..8e664687fc1 100644
--- a/app/views/projects/clusters/_form.html.haml
+++ b/app/views/projects/clusters/_form.html.haml
@@ -1,3 +1,4 @@
 Create a new cluster
 %br
-= link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, cluster_name: "gke-test-creation#{Random.rand(100)}", gcp_project_id: 'gitlab-internal-153318', cluster_zone: 'us-central1-a', cluster_size: '1', project_namespace: 'aaa', machine_type: '???'), method: :post
+= link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, cluster_name: "gke-test-creation42", gcp_project_id: 'gitlab-internal-153318', cluster_zone: 'us-central1-a', cluster_size: '1', project_namespace: 'aaa', machine_type: '???'), method: :post
+-# gke-test-creation#{Random.rand(100)}
diff --git a/app/views/projects/clusters/edit.html.haml b/app/views/projects/clusters/edit.html.haml
index 518fcf2530a..79d5ff4b59b 100644
--- a/app/views/projects/clusters/edit.html.haml
+++ b/app/views/projects/clusters/edit.html.haml
@@ -1,3 +1,4 @@
 edit/show cluster
 %br
 = @cluster.inspect
+= @cluster.service.inspect
author	Shinya Maeda <shinya@gitlab.com>	2017-09-27 21:53:50 +0900
committer	Shinya Maeda <shinya@gitlab.com>	2017-09-27 21:53:50 +0900
commit	5fbf4069f6bc17dcc1ceeb81c28498b872882a6a (patch)
tree	969082bb8f6a40b1de1c2c6c99c2a603e05c2612
parent	e9d05a2cdc24b4dc771344f26e6ffdcf0240e46c (diff)
download	gitlab-ce-5fbf4069f6bc17dcc1ceeb81c28498b872882a6a.tar.gz