Refactor to DRY out building of kube_client into originator service

3eec327d · Thong Kuah · 7ebc18d1 · 3eec327d · 3eec327d · 3eec327d
Commit 3eec327d authored Aug 29, 2018 by Thong Kuah
5 changed files
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -25,11 +25,7 @@ module Clusters
      private
      def create_gitlab_service_account!
-        Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(
+        Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute
-          'https://' + gke_cluster.endpoint,
-          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
-          gke_cluster.master_auth.username,
-          gke_cluster.master_auth.password).execute
      end
      def configure_provider
@@ -49,11 +45,7 @@ module Clusters
      end
      def request_kubernetes_token
-        Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(
+        Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute
-          'https://' + gke_cluster.endpoint,
-          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
-          gke_cluster.master_auth.username,
-          gke_cluster.master_auth.password).execute
      end
      # GKE Clusters have RBAC enabled on Kubernetes >= 1.6
@@ -61,6 +53,40 @@ module Clusters
        'rbac'
      end
+      def kube_client
+        @kube_client ||= build_kube_client!(
+          'https://' + gke_cluster.endpoint,
+          Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
+          gke_cluster.master_auth.username,
+          gke_cluster.master_auth.password,
+          api_groups: ['api', 'apis/rbac.authorization.k8s.io']
+        )
+      end
+      def build_kube_client!(api_url, ca_pem, username, password, api_groups: ['api'], api_version: 'v1')
+        raise "Incomplete settings" unless api_url && username && password
+        Gitlab::Kubernetes::KubeClient.new(
+          api_url,
+          api_groups,
+          api_version,
+          auth_options: { username: username, password: password },
+          ssl_options: kubeclient_ssl_options(ca_pem),
+          http_proxy_uri: ENV['http_proxy']
+        )
+      end
+      def kubeclient_ssl_options(ca_pem)
+        opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
+        if ca_pem.present?
+          opts[:cert_store] = OpenSSL::X509::Store.new
+          opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
+        end
+        opts
+      end
      def gke_cluster
        @gke_cluster ||= provider.api_client.projects_zones_clusters_get(
          provider.gcp_project_id,

--- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
+++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
@@ -4,18 +4,13 @@ module Clusters
  module Gcp
    module Kubernetes
      class CreateServiceAccountService
-        attr_reader :api_url, :ca_pem, :username, :password
+        attr_reader :kubeclient
-        def initialize(api_url, ca_pem, username, password)
+        def initialize(kubeclient)
-          @api_url = api_url
+          @kubeclient = kubeclient
-          @ca_pem = ca_pem
-          @username = username
-          @password = password
        end
        def execute
-          kubeclient = build_kube_client!(api_groups: ['api', 'apis/rbac.authorization.k8s.io'])
          kubeclient.create_service_account(service_account_resource)
          kubeclient.create_cluster_role_binding(cluster_role_binding_resource)
        end
@@ -35,30 +30,6 @@ module Clusters
            subjects
          ).generate
        end
-        def build_kube_client!(api_groups: ['api'], api_version: 'v1')
-          raise "Incomplete settings" unless api_url && username && password
-          Gitlab::Kubernetes::KubeClient.new(
-            api_url,
-            api_groups,
-            api_version,
-            auth_options: { username: username, password: password },
-            ssl_options: kubeclient_ssl_options,
-            http_proxy_uri: ENV['http_proxy']
-          )
-        end
-        def kubeclient_ssl_options
-          opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
-          if ca_pem.present?
-            opts[:cert_store] = OpenSSL::X509::Store.new
-            opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
-          end
-          opts
-        end
      end
    end
  end

--- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -4,13 +4,10 @@ module Clusters
  module Gcp
    module Kubernetes
      class FetchKubernetesTokenService
-        attr_reader :api_url, :ca_pem, :username, :password
+        attr_reader :kubeclient
-        def initialize(api_url, ca_pem, username, password)
+        def initialize(kubeclient)
-          @api_url = api_url
+          @kubeclient = kubeclient
-          @ca_pem = ca_pem
-          @username = username
-          @password = password
        end
        def execute
@@ -32,46 +29,12 @@ module Clusters
        end
        def read_secrets
-          kubeclient = build_kubeclient!
          kubeclient.get_secrets.as_json
        rescue Kubeclient::HttpError => err
          raise err unless err.error_code == 404
          []
        end
-        def build_kubeclient!(api_path: 'api', api_version: 'v1')
-          raise "Incomplete settings" unless api_url && username && password
-          ::Kubeclient::Client.new(
-            join_api_url(api_path),
-            api_version,
-            auth_options: { username: username, password: password },
-            ssl_options: kubeclient_ssl_options,
-            http_proxy_uri: ENV['http_proxy']
-          )
-        end
-        def join_api_url(api_path)
-          url = URI.parse(api_url)
-          prefix = url.path.sub(%r{/+\z}, '')
-          url.path = [prefix, api_path].join("/")
-          url.to_s
-        end
-        def kubeclient_ssl_options
-          opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
-          if ca_pem.present?
-            opts[:cert_store] = OpenSSL::X509::Store.new
-            opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
-          end
-          opts
-        end
      end
    end
  end

--- a/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/create_service_account_service_spec.rb
@@ -5,15 +5,21 @@ require 'spec_helper'
 describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
  include KubernetesHelpers
-  let(:service) { described_class.new(api_url, ca_pem, username, password) }
+  let(:service) { described_class.new(kubeclient) }
  describe '#execute' do
    subject { service.execute }
    let(:api_url) { 'http://111.111.111.111' }
-    let(:ca_pem) { '' }
    let(:username) { 'admin' }
    let(:password) { 'xxx' }
+    let(:kubeclient) do
+      Gitlab::Kubernetes::KubeClient.new(
+        api_url,
+        ['api', 'apis/rbac.authorization.k8s.io'],
+        auth_options: { username: username, password: password }
+      )
+    end
    context 'when params are correct' do
      before do
@@ -44,23 +50,5 @@ describe Clusters::Gcp::Kubernetes::CreateServiceAccountService do
        )
      end
    end
-    context 'when api_url is nil' do
-      let(:api_url) { nil }
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-    context 'when username is nil' do
-      let(:username) { nil }
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-    context 'when password is nil' do
-      let(:password) { nil }
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
  end
 end
--- a/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
+++ b/spec/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service_spec.rb
@@ -2,12 +2,18 @@ require 'spec_helper'
 describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
  describe '#execute' do
-    subject { described_class.new(api_url, ca_pem, username, password).execute }
+    subject { described_class.new(kubeclient).execute }
    let(:api_url) { 'http://111.111.111.111' }
-    let(:ca_pem) { '' }
    let(:username) { 'admin' }
    let(:password) { 'xxx' }
+    let(:kubeclient) do
+      Gitlab::Kubernetes::KubeClient.new(
+        api_url,
+        ['api', 'apis/rbac.authorization.k8s.io'],
+        auth_options: { username: username, password: password }
+      )
+    end
    context 'when params correct' do
      let(:token) { 'xxx.token.xxx' }
@@ -50,23 +56,5 @@ describe Clusters::Gcp::Kubernetes::FetchKubernetesTokenService do
        it { is_expected.to be_nil }
      end
    end
-    context 'when api_url is nil' do
-      let(:api_url) { nil }
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-    context 'when username is nil' do
-      let(:username) { nil }
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
-    context 'when password is nil' do
-      let(:password) { nil }
-      it { expect { subject }.to raise_error("Incomplete settings") }
-    end
  end
 end