1 files changed, 88 insertions, 12 deletions

diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb
index 993aba661f3..9a539cf7c24 100644
--- a/app/controllers/clusters/clusters_controller.rb
+++ b/app/controllers/clusters/clusters_controller.rb
@@ -3,18 +3,22 @@
 class Clusters::ClustersController < Clusters::BaseController
   include RoutableActions
 
-  before_action :cluster, except: [:index, :new, :create_gcp, :create_user]
+  before_action :cluster, only: [:cluster_status, :show, :update, :destroy]
   before_action :generate_gcp_authorize_url, only: [:new]
   before_action :validate_gcp_token, only: [:new]
   before_action :gcp_cluster, only: [:new]
   before_action :user_cluster, only: [:new]
-  before_action :authorize_create_cluster!, only: [:new]
+  before_action :authorize_create_cluster!, only: [:new, :authorize_aws_role, :revoke_aws_role, :aws_proxy]
   before_action :authorize_update_cluster!, only: [:update]
   before_action :authorize_admin_cluster!, only: [:destroy]
   before_action :update_applications_status, only: [:cluster_status]
   before_action only: [:new, :create_gcp] do
     push_frontend_feature_flag(:create_eks_clusters)
   end
+  before_action only: [:show] do
+    push_frontend_feature_flag(:enable_cluster_application_elastic_stack)
+    push_frontend_feature_flag(:enable_cluster_application_crossplane)
+  end
 
   helper_method :token_in_session
 
@@ -40,10 +44,13 @@ class Clusters::ClustersController < Clusters::BaseController
   def new
     return unless Feature.enabled?(:create_eks_clusters)
 
-    @gke_selected = params[:provider] == 'gke'
-    @eks_selected = params[:provider] == 'eks'
+    if params[:provider] == 'aws'
+      @aws_role = current_user.aws_role || Aws::Role.new
+      @aws_role.ensure_role_external_id!
 
-    return redirect_to @authorize_url if @gke_selected && @authorize_url && !@valid_gcp_token
+    elsif params[:provider] == 'gcp'
+      redirect_to @authorize_url if @authorize_url && !@valid_gcp_token
+    end
   end
 
   # Overridding ActionController::Metal#status is NOT a good idea
@@ -86,13 +93,12 @@ class Clusters::ClustersController < Clusters::BaseController
   end
 
   def destroy
-    if cluster.destroy
-      flash[:notice] = _('Kubernetes cluster integration was successfully removed.')
-      redirect_to clusterable.index_path, status: :found
-    else
-      flash[:notice] = _('Kubernetes cluster integration was not removed.')
-      render :show
-    end
+    response = Clusters::DestroyService
+      .new(current_user, destroy_params)
+      .execute(cluster)
+
+    flash[:notice] = response[:message]
+    redirect_to clusterable.index_path, status: :found
   end
 
   def create_gcp
@@ -112,6 +118,19 @@ class Clusters::ClustersController < Clusters::BaseController
     end
   end
 
+  def create_aws
+    @aws_cluster = ::Clusters::CreateService
+      .new(current_user, create_aws_cluster_params)
+      .execute
+      .present(current_user: current_user)
+
+    if @aws_cluster.persisted?
+      head :created, location: @aws_cluster.show_path
+    else
+      render status: :unprocessable_entity, json: @aws_cluster.errors
+    end
+  end
+
   def create_user
     @user_cluster = ::Clusters::CreateService
       .new(current_user, create_user_cluster_params)
@@ -129,8 +148,37 @@ class Clusters::ClustersController < Clusters::BaseController
     end
   end
 
+  def authorize_aws_role
+    role = current_user.build_aws_role(create_role_params)
+
+    role.save ? respond_201 : respond_422
+  end
+
+  def revoke_aws_role
+    current_user.aws_role&.destroy
+
+    head :no_content
+  end
+
+  def aws_proxy
+    response = Clusters::Aws::ProxyService.new(
+      current_user.aws_role,
+      params: params
+    ).execute
+
+    render json: response.body, status: response.status
+  end
+
   private
 
+  def destroy_params
+    # To be uncomented on https://gitlab.com/gitlab-org/gitlab/merge_requests/16954
+    # This MR got split into other since it was too big.
+    #
+    # params.permit(:cleanup)
+    {}
+  end
+
   def update_params
     if cluster.provided_by_user?
       params.require(:cluster).permit(
@@ -139,6 +187,7 @@ class Clusters::ClustersController < Clusters::BaseController
         :environment_scope,
         :managed,
         :base_domain,
+        :management_project_id,
         platform_kubernetes_attributes: [
           :api_url,
           :token,
@@ -152,6 +201,7 @@ class Clusters::ClustersController < Clusters::BaseController
         :environment_scope,
         :managed,
         :base_domain,
+        :management_project_id,
         platform_kubernetes_attributes: [
           :namespace
         ]
@@ -179,6 +229,28 @@ class Clusters::ClustersController < Clusters::BaseController
       )
   end
 
+  def create_aws_cluster_params
+    params.require(:cluster).permit(
+      :enabled,
+      :name,
+      :environment_scope,
+      :managed,
+      provider_aws_attributes: [
+        :key_name,
+        :role_arn,
+        :region,
+        :vpc_id,
+        :instance_type,
+        :num_nodes,
+        :security_group_id,
+        subnet_ids: []
+      ]).merge(
+        provider_type: :aws,
+        platform_type: :kubernetes,
+        clusterable: clusterable.subject
+      )
+  end
+
   def create_user_cluster_params
     params.require(:cluster).permit(
       :enabled,
@@ -198,6 +270,10 @@ class Clusters::ClustersController < Clusters::BaseController
       )
   end
 
+  def create_role_params
+    params.require(:cluster).permit(:role_arn, :role_external_id)
+  end
+
   def generate_gcp_authorize_url
     params = Feature.enabled?(:create_eks_clusters) ? { provider: :gke } : {}
     state = generate_session_key_redirect(clusterable.new_path(params).to_s)