diff options
| author | Shinya Maeda <shinya@gitlab.com> | 2017-09-25 16:10:25 +0900 | 
|---|---|---|
| committer | Shinya Maeda <shinya@gitlab.com> | 2017-09-25 16:10:25 +0900 | 
| commit | d4fa672c20657a1c7d2fcfa25e9798e7ccdbf39d (patch) | |
| tree | 416f477c9f574116d74cbf6687b7b18a09f550d5 | |
| parent | e2b195b2748c88e276163d44cdeff5b210f2522c (diff) | |
| download | gitlab-ce-d4fa672c20657a1c7d2fcfa25e9798e7ccdbf39d.tar.gz | |
Create Kubernetes cluster on GKE from k8s service
| -rw-r--r-- | app/controllers/google_api/authorizations_controller.rb | 27 | ||||
| -rw-r--r-- | app/controllers/projects/clusters_controller.rb | 102 | ||||
| -rw-r--r-- | app/models/ci/cluster.rb | 14 | ||||
| -rw-r--r-- | app/models/project.rb | 1 | ||||
| -rw-r--r-- | app/views/projects/clusters/edit.html.haml | 2 | ||||
| -rw-r--r-- | app/views/projects/clusters/new.html.haml | 17 | ||||
| -rw-r--r-- | config/routes.rb | 1 | ||||
| -rw-r--r-- | config/routes/google_api.rb | 5 | ||||
| -rw-r--r-- | config/routes/project.rb | 7 | ||||
| -rw-r--r-- | db/migrate/20170924094327_create_ci_clusters.rb | 29 | ||||
| -rw-r--r-- | db/schema.rb | 68 | ||||
| -rw-r--r-- | lib/google_api/authentication.rb | 51 | ||||
| -rw-r--r-- | lib/google_api/cloud_platform/client.rb | 24 | 
13 files changed, 323 insertions, 25 deletions
| diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb new file mode 100644 index 00000000000..e99c38025b8 --- /dev/null +++ b/app/controllers/google_api/authorizations_controller.rb @@ -0,0 +1,27 @@ +module GoogleApi +  class AuthorizationsController < ApplicationController +    # callback_google_api_authorizations GET|POST /google_api/authorizations/callback(.:format)                                                        google_api/authorizations#callback +    ## +    # TODO:  +    # - Is it ok to use both "http://localhost:3000/google_api/authorizations/callback"(For login) and "http://localhost:3000/google_api/authorizations/callback"(For API token) +    def callback +      session[access_token_key] = api_client.get_token(params[:code]) + +      if params[:state] +        redirect_to params[:state] +      else +        redirect_to root_url +      end +    end + +    def api_client +      @api_client ||= +        GoogleApi::Authentication.new(nil, callback_google_api_authorizations_url) +    end + +    def access_token_key +      # :"#{api_client.scope}_access_token" +      :"hoge_access_token" # TODO:  +    end +  end +end diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb new file mode 100644 index 00000000000..5c9319f661a --- /dev/null +++ b/app/controllers/projects/clusters_controller.rb @@ -0,0 +1,102 @@ +class Projects::ClustersController < Projects::ApplicationController +  # before_action :authenticate_google_api +  before_action :cluster + +  # before_action :authorize_admin_clusters! # TODO: Authentication + +  def index +    if cluster +      redirect_to action: 'edit' +    else +      redirect_to action: 'new' +    end +  end + +  ## +  # TODO:  +  # - Show form for "Create on Google Container Engine" +  # - Show form for "Use existing kubernets cluster" +  # - If user has not authroized yet, Show "Sign in with Google" button +  # - If user has already authroized, Skip "Sign in with Google" button +  # - user.is_authenticated_for_gcp? +  # - user.authenticate_for_gcp! +  # - Create this module which can be used from view +  def new +    unless session[access_token_key] +      @authorize_url = api_client.authorize_url +    end +  end + +  ## +  # TODO:  +  # - If create on GKE, Use Google::Apis::ContainerV1::ContainerService +  # - If create manually, save in db (Prob, Project > Setting) +  # - Dry up with Service +  def create +    redirect_to action: 'index' +  end + +  # TODO: Show results/status. Edits Swtich for enable/disable. +  # If created with GKE, non-editable form. enable/disable switch. +  # If created manually, editable form. enable/disable switch. +  # GKE params are   on-off swtich +  # Manul params are on-off swtich, Endpoint, CACert, k8s Token, Proj namespace. +  def edit +    unless session[access_token_key] +      @authorize_url = api_client.authorize_url +    end +  end + +  def update +    cluster.update(schedule_params) +    render :edit +  end + +  # In presenter +  # TODO: Generate a link to the cluster on GKE + +  def gcp_projects +    # api_client.blah +    # TODO: Return all avaiable GCP Projects. +    # TODO: Return json +    # TODO: Dry with concern +  end + +  def gke_zones +    # api_client.blah +    # TODO: Return all avaiable zones on GKE. +    # TODO: Return json +    # TODO: Dry with concern +  end + +  private + +  # def authenticate_google_api +  #   if cluster&.on_gke? && session[access_token_key].blank? +  #     redirect_to api_client.authorize_url(callback_import_url) +  #   end +  # end + +  def cluster +    # Each project has only one cluster, for now. In the future iteraiton, we'll support multiple clusters +    @cluster ||= project.clusters.first +  end + +  def cluster_params +    params.require(:cluster).permit(:aaa) +  end + +  def api_client +    @api_client ||= +      GoogleApi::CloudPlatform::Client.new( +        session[access_token_key], +        callback_google_api_authorizations_url, +        state: namespace_project_clusters_url.to_s +      ) +  end + +  def access_token_key +    # :"#{api_client.scope}_access_token" +    :"hoge_access_token" # TODO:  +  end +end diff --git a/app/models/ci/cluster.rb b/app/models/ci/cluster.rb new file mode 100644 index 00000000000..2e614a1a373 --- /dev/null +++ b/app/models/ci/cluster.rb @@ -0,0 +1,14 @@ +module Ci +  class Cluster < ActiveRecord::Base +    extend Gitlab::Ci::Model + +    belongs_to :project +    belongs_to :owner, class_name: 'User' + +    enum creation_type: { +      unknown: nil, +      on_gke: 1, +      manual: 2 +    }     +  end +end diff --git a/app/models/project.rb b/app/models/project.rb index f7221e4f3b2..6b896746864 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -171,6 +171,7 @@ class Project < ActiveRecord::Base    has_many :commit_statuses    has_many :pipelines, class_name: 'Ci::Pipeline' +  has_many :clusters, class_name: 'Ci::Cluster'    # Ci::Build objects store data on the file system such as artifact files and    # build traces. Currently there's no efficient way of removing this data in diff --git a/app/views/projects/clusters/edit.html.haml b/app/views/projects/clusters/edit.html.haml new file mode 100644 index 00000000000..6445b3ee75d --- /dev/null +++ b/app/views/projects/clusters/edit.html.haml @@ -0,0 +1,2 @@ +edit/show cluster += @cluster.inspect diff --git a/app/views/projects/clusters/new.html.haml b/app/views/projects/clusters/new.html.haml new file mode 100644 index 00000000000..5e291d07835 --- /dev/null +++ b/app/views/projects/clusters/new.html.haml @@ -0,0 +1,17 @@ +Create a new cluster + +%br + +- if @authorize_url +  I have not authenticated yet. I can authenticate from +  = link_to("authenticate from here", @authorize_url) +- else +  I have already authenticated. +  %br +  Avaiable GCP project lists +  %br +  Avaiable zones +  %br +  = link_to "Create on Google Container Engine", namespace_project_clusters_path(@project.namespace, @project, param1: 'value1', param2: 'value2'), method: :post +  = link_to "Use existing kubernets cluster", namespace_project_clusters_path(@project.namespace, @project, param1: 'value1', param2: 'value2'), method: :post + diff --git a/config/routes.rb b/config/routes.rb index 5683725c8a2..405bfcc2d8e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -87,6 +87,7 @@ Rails.application.routes.draw do      resources :issues, module: :boards, only: [:index, :update]    end +  draw :google_api    draw :import    draw :uploads    draw :explore diff --git a/config/routes/google_api.rb b/config/routes/google_api.rb new file mode 100644 index 00000000000..57e15d0d39c --- /dev/null +++ b/config/routes/google_api.rb @@ -0,0 +1,5 @@ +namespace :google_api do +  resource :authorizations, only: [], controller: :authorizations do +    match :callback, via: [:get, :post] +  end +end diff --git a/config/routes/project.rb b/config/routes/project.rb index b36d13888cd..5a43e2274a6 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -183,6 +183,13 @@ constraints(ProjectUrlConstrainer.new) do          end        end +      resources :clusters, except: [:show, :destroy] do +        collection do +          get :gcp_projects # TODO: This doesn't belong here. Grape or under user. Hint. Serilizer +          get :gke_zones +        end +      end +        resources :environments, except: [:destroy] do          member do            post :stop diff --git a/db/migrate/20170924094327_create_ci_clusters.rb b/db/migrate/20170924094327_create_ci_clusters.rb new file mode 100644 index 00000000000..86e75edf203 --- /dev/null +++ b/db/migrate/20170924094327_create_ci_clusters.rb @@ -0,0 +1,29 @@ +class CreateCiClusters < ActiveRecord::Migration +  DOWNTIME = false + +  def change +    create_table :ci_clusters do |t| +      t.integer :project_id +      t.integer :owner_id +      t.datetime_with_timezone :created_at, null: false +      t.datetime_with_timezone :updated_at, null: false +      t.boolean :enabled, default: true +      t.string :end_point +      t.text :ca_cert # Base64? +      t.string :token +      t.string :username +      t.string :password +      t.string :project_namespace +      t.integer :creation_type # manual or on_gke +    end + +    # TODO: fk, index, encypt + +    add_foreign_key :ci_clusters, :projects +    add_foreign_key :ci_clusters, :users, column: :owner_id +  end + +  def down +    drop_table :ci_clusters +  end +end diff --git a/db/schema.rb b/db/schema.rb index 80ef91ec95d..5258adcbcb7 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@  #  # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170921115009) do +ActiveRecord::Schema.define(version: 20170924094327) do    # These are extensions that must be enabled in order to support this database    enable_extension "plpgsql" @@ -32,8 +32,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.text "description", null: false      t.string "header_logo"      t.string "logo" -    t.datetime_with_timezone "created_at", null: false -    t.datetime_with_timezone "updated_at", null: false +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false      t.text "description_html"      t.integer "cached_markdown_version"    end @@ -101,10 +101,6 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.text "help_page_text_html"      t.text "shared_runners_text_html"      t.text "after_sign_up_text_html" -    t.integer "rsa_key_restriction", default: 0, null: false -    t.integer "dsa_key_restriction", default: 0, null: false -    t.integer "ecdsa_key_restriction", default: 0, null: false -    t.integer "ed25519_key_restriction", default: 0, null: false      t.boolean "housekeeping_enabled", default: true, null: false      t.boolean "housekeeping_bitmaps_enabled", default: true, null: false      t.integer "housekeeping_incremental_repack_period", default: 10, null: false @@ -132,6 +128,10 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.boolean "password_authentication_enabled"      t.integer "performance_bar_allowed_group_id"      t.boolean "hashed_storage_enabled", default: false, null: false +    t.integer "rsa_key_restriction", default: 0, null: false +    t.integer "dsa_key_restriction", default: 0, null: false +    t.integer "ecdsa_key_restriction", default: 0, null: false +    t.integer "ed25519_key_restriction", default: 0, null: false      t.boolean "project_export_enabled", default: true, null: false      t.boolean "auto_devops_enabled", default: false, null: false    end @@ -256,7 +256,6 @@ ActiveRecord::Schema.define(version: 20170921115009) do    add_index "ci_builds", ["commit_id", "status", "type"], name: "index_ci_builds_on_commit_id_and_status_and_type", using: :btree    add_index "ci_builds", ["commit_id", "type", "name", "ref"], name: "index_ci_builds_on_commit_id_and_type_and_name_and_ref", using: :btree    add_index "ci_builds", ["commit_id", "type", "ref"], name: "index_ci_builds_on_commit_id_and_type_and_ref", using: :btree -  add_index "ci_builds", ["id"], name: "index_for_ci_builds_retried_migration", where: "(retried IS NULL)", using: :btree    add_index "ci_builds", ["project_id"], name: "index_ci_builds_on_project_id", using: :btree    add_index "ci_builds", ["protected"], name: "index_ci_builds_on_protected", using: :btree    add_index "ci_builds", ["runner_id"], name: "index_ci_builds_on_runner_id", using: :btree @@ -267,6 +266,21 @@ ActiveRecord::Schema.define(version: 20170921115009) do    add_index "ci_builds", ["updated_at"], name: "index_ci_builds_on_updated_at", using: :btree    add_index "ci_builds", ["user_id"], name: "index_ci_builds_on_user_id", using: :btree +  create_table "ci_clusters", force: :cascade do |t| +    t.integer "project_id" +    t.integer "owner_id" +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false +    t.boolean "enabled", default: true +    t.string "end_point" +    t.text "ca_cert" +    t.string "token" +    t.string "username" +    t.string "password" +    t.string "project_namespace" +    t.integer "creation_type" +  end +    create_table "ci_group_variables", force: :cascade do |t|      t.string "key", null: false      t.text "value" @@ -275,8 +289,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.string "encrypted_value_iv"      t.integer "group_id", null: false      t.boolean "protected", default: false, null: false -    t.datetime_with_timezone "created_at", null: false -    t.datetime_with_timezone "updated_at", null: false +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false    end    add_index "ci_group_variables", ["group_id", "key"], name: "index_ci_group_variables_on_group_id_and_key", unique: true, using: :btree @@ -288,8 +302,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.string "encrypted_value_salt"      t.string "encrypted_value_iv"      t.integer "pipeline_schedule_id", null: false -    t.datetime_with_timezone "created_at" -    t.datetime_with_timezone "updated_at" +    t.datetime "created_at" +    t.datetime "updated_at"    end    add_index "ci_pipeline_schedule_variables", ["pipeline_schedule_id", "key"], name: "index_ci_pipeline_schedule_variables_on_schedule_id_and_key", unique: true, using: :btree @@ -341,12 +355,14 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.integer "auto_canceled_by_id"      t.integer "pipeline_schedule_id"      t.integer "source" -    t.integer "config_source"      t.boolean "protected" +    t.integer "iid" +    t.integer "config_source"    end    add_index "ci_pipelines", ["auto_canceled_by_id"], name: "index_ci_pipelines_on_auto_canceled_by_id", using: :btree    add_index "ci_pipelines", ["pipeline_schedule_id"], name: "index_ci_pipelines_on_pipeline_schedule_id", using: :btree +  add_index "ci_pipelines", ["project_id", "iid"], name: "index_ci_pipelines_on_project_id_and_iid", unique: true, using: :btree    add_index "ci_pipelines", ["project_id", "ref", "status"], name: "index_ci_pipelines_on_project_id_and_ref_and_status", using: :btree    add_index "ci_pipelines", ["project_id", "sha"], name: "index_ci_pipelines_on_project_id_and_sha", using: :btree    add_index "ci_pipelines", ["project_id"], name: "index_ci_pipelines_on_project_id", using: :btree @@ -538,8 +554,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.integer "project_id"      t.integer "author_id", null: false      t.integer "target_id" -    t.datetime_with_timezone "created_at", null: false -    t.datetime_with_timezone "updated_at", null: false +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false      t.integer "action", limit: 2, null: false      t.string "target_type"    end @@ -577,8 +593,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do    add_index "forked_project_links", ["forked_to_project_id"], name: "index_forked_project_links_on_forked_to_project_id", unique: true, using: :btree    create_table "gpg_keys", force: :cascade do |t| -    t.datetime_with_timezone "created_at", null: false -    t.datetime_with_timezone "updated_at", null: false +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false      t.integer "user_id"      t.binary "primary_keyid"      t.binary "fingerprint" @@ -590,8 +606,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do    add_index "gpg_keys", ["user_id"], name: "index_gpg_keys_on_user_id", using: :btree    create_table "gpg_signatures", force: :cascade do |t| -    t.datetime_with_timezone "created_at", null: false -    t.datetime_with_timezone "updated_at", null: false +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false      t.integer "project_id"      t.integer "gpg_key_id"      t.binary "commit_sha" @@ -789,8 +805,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do    add_index "members", ["user_id"], name: "index_members_on_user_id", using: :btree    create_table "merge_request_diff_commits", id: false, force: :cascade do |t| -    t.datetime_with_timezone "authored_date" -    t.datetime_with_timezone "committed_date" +    t.datetime "authored_date" +    t.datetime "committed_date"      t.integer "merge_request_diff_id", null: false      t.integer "relative_order", null: false      t.binary "sha", null: false @@ -1113,8 +1129,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do    create_table "project_auto_devops", force: :cascade do |t|      t.integer "project_id", null: false -    t.datetime_with_timezone "created_at", null: false -    t.datetime_with_timezone "updated_at", null: false +    t.datetime "created_at", null: false +    t.datetime "updated_at", null: false      t.boolean "enabled"      t.string "domain"    end @@ -1204,7 +1220,6 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.string "repository_storage", default: "default", null: false      t.boolean "request_access_enabled", default: false, null: false      t.boolean "has_external_wiki" -    t.string "ci_config_path"      t.boolean "lfs_enabled"      t.text "description_html"      t.boolean "only_allow_merge_if_all_discussions_are_resolved" @@ -1212,8 +1227,9 @@ ActiveRecord::Schema.define(version: 20170921115009) do      t.integer "auto_cancel_pending_pipelines", default: 1, null: false      t.string "import_jid"      t.integer "cached_markdown_version" -    t.text "delete_error"      t.datetime "last_repository_updated_at" +    t.string "ci_config_path" +    t.text "delete_error"      t.integer "storage_version", limit: 2      t.boolean "resolve_outdated_diff_discussions"    end @@ -1685,6 +1701,8 @@ ActiveRecord::Schema.define(version: 20170921115009) do    add_foreign_key "ci_builds", "ci_pipelines", column: "auto_canceled_by_id", name: "fk_a2141b1522", on_delete: :nullify    add_foreign_key "ci_builds", "ci_stages", column: "stage_id", name: "fk_3a9eaa254d", on_delete: :cascade    add_foreign_key "ci_builds", "projects", name: "fk_befce0568a", on_delete: :cascade +  add_foreign_key "ci_clusters", "projects" +  add_foreign_key "ci_clusters", "users", column: "owner_id"    add_foreign_key "ci_group_variables", "namespaces", column: "group_id", name: "fk_33ae4d58d8", on_delete: :cascade    add_foreign_key "ci_pipeline_schedule_variables", "ci_pipeline_schedules", column: "pipeline_schedule_id", name: "fk_41c35fda51", on_delete: :cascade    add_foreign_key "ci_pipeline_schedules", "projects", name: "fk_8ead60fcc4", on_delete: :cascade diff --git a/lib/google_api/authentication.rb b/lib/google_api/authentication.rb new file mode 100644 index 00000000000..d7b473525fb --- /dev/null +++ b/lib/google_api/authentication.rb @@ -0,0 +1,51 @@ +module GoogleApi +  class Authentication +    attr_reader :access_token, :redirect_uri, :state + +    def initialize(access_token, redirect_uri, state: nil) +      @access_token = access_token +      @redirect_uri = redirect_uri +      @state = state +    end + +    def client +      return @client if defined?(@client) + +      unless config +        raise 'OAuth configuration for google_oauth2 missing.' +      end + +      @client = ::OAuth2::Client.new( +        config.app_id, +        config.app_secret, +        site: 'https://accounts.google.com', +        token_url: '/o/oauth2/token',  +        authorize_url: '/o/oauth2/auth' +      ) +    end + +    def authorize_url +      client.auth_code.authorize_url( +        redirect_uri: redirect_uri, +        scope: scope, +        state: state # This is used for arbitary redirection +      ) +    end + +    def get_token(code) +      client.auth_code.get_token(code, redirect_uri: redirect_uri).token +    end + +    protected + +    def scope +      raise NotImplementedError +    end + +    private + +    def config +      Gitlab.config.omniauth.providers.find { |provider| provider.name == "google_oauth2" } +    end +  end +end diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb new file mode 100644 index 00000000000..2c2aefc542c --- /dev/null +++ b/lib/google_api/cloud_platform/client.rb @@ -0,0 +1,24 @@ +module GoogleApi +  module CloudPlatform +    class Client < GoogleApi::Authentication +      # Google::Apis::ContainerV1::ContainerService.new +      def scope +        'https://www.googleapis.com/auth/cloud-platform' +      end + +      def projects_zones_clusters_get +        # TODO:  +        # service = Google::Apis::ContainerV1::ContainerService.new +        # service.authorization = access_token +        # project_id = params['project_id'] +        # ... +        # response = service.list_zone_clusters(project_id, zone) +        response +      end + +      def projects_zones_clusters_create +        # TODO +      end +    end +  end +end | 
