Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-22 03:09:39 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-22 03:09:39 +0000
commit: f8edcff7e9aff93f8ac605c19e542204b0ed9ba2 (patch)
tree: fe45e8bc69f5c68c6d4ee7505a4d61c4fdb70299 /app/services/clusters/aws/fetch_credentials_service.rb
parent: d61d19da54b0fb8fd54df4007fa95cd39db17e57 (diff)
download: gitlab-ce-f8edcff7e9aff93f8ac605c19e542204b0ed9ba2.tar.gz
1 files changed, 0 insertions, 80 deletions
diff --git a/app/services/clusters/aws/fetch_credentials_service.rb b/app/services/clusters/aws/fetch_credentials_service.rb
deleted file mode 100644
index e38852c7ec7..00000000000
--- a/app/services/clusters/aws/fetch_credentials_service.rb
+++ /dev/null
@@ -1,80 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Aws
-    class FetchCredentialsService
-      attr_reader :provision_role
-
-      MissingRoleError = Class.new(StandardError)
-
-      def initialize(provision_role, provider: nil)
-        @provision_role = provision_role
-        @provider = provider
-        @region = provider&.region || provision_role&.region || Clusters::Providers::Aws::DEFAULT_REGION
-      end
-
-      def execute
-        raise MissingRoleError, 'AWS provisioning role not configured' unless provision_role.present?
-
-        ::Aws::AssumeRoleCredentials.new(
-          client: client,
-          role_arn: provision_role.role_arn,
-          role_session_name: session_name,
-          external_id: provision_role.role_external_id,
-          policy: session_policy
-        ).credentials
-      end
-
-      private
-
-      attr_reader :provider, :region
-
-      def client
-        ::Aws::STS::Client.new(**client_args)
-      end
-
-      def client_args
-        { region: region, credentials: gitlab_credentials }.compact
-      end
-
-      def gitlab_credentials
-        # These are not needed for IAM instance profiles
-        return unless access_key_id.present? && secret_access_key.present?
-
-        ::Aws::Credentials.new(access_key_id, secret_access_key)
-      end
-
-      def access_key_id
-        Gitlab::CurrentSettings.eks_access_key_id
-      end
-
-      def secret_access_key
-        Gitlab::CurrentSettings.eks_secret_access_key
-      end
-
-      ##
-      # If we haven't created a provider record yet,
-      # we restrict ourselves to read-only access so
-      # that we can safely expose credentials to the
-      # frontend (to be used when populating the
-      # creation form).
-      def session_policy
-        if provider.nil?
-          File.read(read_only_policy)
-        end
-      end
-
-      def read_only_policy
-        Rails.root.join('vendor', 'aws', 'iam', "eks_cluster_read_only_policy.json")
-      end
-
-      def session_name
-        if provider.present?
-          "gitlab-eks-cluster-#{provider.cluster_id}-user-#{provision_role.user_id}"
-        else
-          "gitlab-eks-autofill-user-#{provision_role.user_id}"
-        end
-      end
-    end
-  end
-end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-22 03:09:39 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-22 03:09:39 +0000
commit	f8edcff7e9aff93f8ac605c19e542204b0ed9ba2 (patch)
tree	fe45e8bc69f5c68c6d4ee7505a4d61c4fdb70299 /app/services/clusters/aws/fetch_credentials_service.rb
parent	d61d19da54b0fb8fd54df4007fa95cd39db17e57 (diff)
download	gitlab-ce-f8edcff7e9aff93f8ac605c19e542204b0ed9ba2.tar.gz