Commit 873de89b authored by Kamil Trzciński (OoO till 3th)'s avatar Kamil Trzciński (OoO till 3th)

Merge branch 'ee-43446-new-cluster-page-tabs' into 'master'

port 43446-new-cluster-page-tabs to EE

See merge request gitlab-org/gitlab-ee!5944
parents 514b7c10 ea79aab7
import gcpSignupOffer from '~/clusters/components/gcp_signup_offer';
gcpSignupOffer();
import gcpSignupOffer from '~/clusters/components/gcp_signup_offer';
gcpSignupOffer();
import gcpSignupOffer from '~/clusters/components/gcp_signup_offer';
import initGkeDropdowns from '~/projects/gke_cluster_dropdowns';
import Project from './project'; import Project from './project';
import ShortcutsNavigation from '../../shortcuts_navigation'; import ShortcutsNavigation from '../../shortcuts_navigation';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
const { page } = document.body.dataset;
const newClusterViews = [
'projects:clusters:new',
'projects:clusters:create_gcp',
'projects:clusters:create_user',
];
if (newClusterViews.indexOf(page) > -1) {
gcpSignupOffer();
initGkeDropdowns();
}
new Project(); // eslint-disable-line no-new new Project(); // eslint-disable-line no-new
new ShortcutsNavigation(); // eslint-disable-line no-new new ShortcutsNavigation(); // eslint-disable-line no-new
}); });
class Projects::Clusters::GcpController < Projects::ApplicationController
before_action :authorize_read_cluster!
before_action :authorize_create_cluster!, only: [:new, :create]
before_action :authorize_google_api, except: :login
helper_method :token_in_session
def login
begin
state = generate_session_key_redirect(gcp_new_namespace_project_clusters_path.to_s)
@authorize_url = GoogleApi::CloudPlatform::Client.new(
nil, callback_google_api_auth_url,
state: state).authorize_url
rescue GoogleApi::Auth::ConfigMissingError
# no-op
end
end
def new
@cluster = ::Clusters::Cluster.new.tap do |cluster|
cluster.build_provider_gcp
end
end
def create
@cluster = ::Clusters::CreateService
.new(project, current_user, create_params)
.execute(token_in_session)
if @cluster.persisted?
redirect_to project_cluster_path(project, @cluster)
else
render :new
end
end
private
def create_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
provider_gcp_attributes: [
:gcp_project_id,
:zone,
:num_nodes,
:machine_type
]).merge(
provider_type: :gcp,
platform_type: :kubernetes
)
end
def authorize_google_api
unless GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
.validate_token(expires_at_in_session)
redirect_to action: 'login'
end
end
def token_in_session
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
end
def expires_at_in_session
@expires_at_in_session ||=
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
end
def generate_session_key_redirect(uri)
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
session[key] = uri
end
end
end
class Projects::Clusters::UserController < Projects::ApplicationController
before_action :authorize_read_cluster!
before_action :authorize_create_cluster!, only: [:new, :create]
def new
@cluster = ::Clusters::Cluster.new.tap do |cluster|
cluster.build_platform_kubernetes
end
end
def create
@cluster = ::Clusters::CreateService
.new(project, current_user, create_params)
.execute
if @cluster.persisted?
redirect_to project_cluster_path(project, @cluster)
else
render :new
end
end
private
def create_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
platform_kubernetes_attributes: [
:namespace,
:api_url,
:token,
:ca_cert
]).merge(
provider_type: :user,
platform_type: :kubernetes
)
end
end
class Projects::ClustersController < Projects::ApplicationController class Projects::ClustersController < Projects::ApplicationController
prepend EE::Projects::ClustersController prepend EE::Projects::ClustersController
before_action :cluster, except: [:index, :new] before_action :cluster, except: [:index, :new, :create_gcp, :create_user]
before_action :authorize_read_cluster! before_action :authorize_read_cluster!
before_action :generate_gcp_authorize_url, only: [:new]
before_action :validate_gcp_token, only: [:new]
before_action :gcp_cluster, only: [:new]
before_action :user_cluster, only: [:new]
before_action :authorize_create_cluster!, only: [:new] before_action :authorize_create_cluster!, only: [:new]
before_action :authorize_update_cluster!, only: [:update] before_action :authorize_update_cluster!, only: [:update]
before_action :authorize_admin_cluster!, only: [:destroy] before_action :authorize_admin_cluster!, only: [:destroy]
before_action :update_applications_status, only: [:status] before_action :update_applications_status, only: [:status]
helper_method :token_in_session
STATUS_POLLING_INTERVAL = 10_000 STATUS_POLLING_INTERVAL = 10_000
...@@ -66,6 +71,38 @@ class Projects::ClustersController < Projects::ApplicationController ...@@ -66,6 +71,38 @@ class Projects::ClustersController < Projects::ApplicationController
end end
end end
def create_gcp
@gcp_cluster = ::Clusters::CreateService
.new(project, current_user, create_gcp_cluster_params)
.execute(token_in_session)
if @gcp_cluster.persisted?
redirect_to project_cluster_path(project, @gcp_cluster)
else
generate_gcp_authorize_url
validate_gcp_token
user_cluster
render :new, locals: { active_tab: 'gcp' }
end
end
def create_user
@user_cluster = ::Clusters::CreateService
.new(project, current_user, create_user_cluster_params)
.execute(token_in_session)
if @user_cluster.persisted?
redirect_to project_cluster_path(project, @user_cluster)
else
generate_gcp_authorize_url
validate_gcp_token
gcp_cluster
render :new, locals: { active_tab: 'user' }
end
end
private private
def cluster def cluster
...@@ -97,6 +134,80 @@ class Projects::ClustersController < Projects::ApplicationController ...@@ -97,6 +134,80 @@ class Projects::ClustersController < Projects::ApplicationController
end end
end end
def create_gcp_cluster_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
provider_gcp_attributes: [
:gcp_project_id,
:zone,
:num_nodes,
:machine_type
]).merge(
provider_type: :gcp,
platform_type: :kubernetes
)
end
def create_user_cluster_params
params.require(:cluster).permit(
:enabled,
:name,
:environment_scope,
platform_kubernetes_attributes: [
:namespace,
:api_url,
:token,
:ca_cert
]).merge(
provider_type: :user,
platform_type: :kubernetes
)
end
def generate_gcp_authorize_url
state = generate_session_key_redirect(new_project_cluster_path(@project).to_s)
@authorize_url = GoogleApi::CloudPlatform::Client.new(
nil, callback_google_api_auth_url,
state: state).authorize_url
rescue GoogleApi::Auth::ConfigMissingError
# no-op
end
def gcp_cluster
@gcp_cluster = ::Clusters::Cluster.new.tap do |cluster|
cluster.build_provider_gcp
end
end
def user_cluster
@user_cluster = ::Clusters::Cluster.new.tap do |cluster|
cluster.build_platform_kubernetes
end
end
def validate_gcp_token
@valid_gcp_token = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
.validate_token(expires_at_in_session)
end
def token_in_session
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
end
def expires_at_in_session
@expires_at_in_session ||=
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
end
def generate_session_key_redirect(uri)
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
session[key] = uri
end
end
def authorize_update_cluster! def authorize_update_cluster!
access_denied! unless can?(current_user, :update_cluster, cluster) access_denied! unless can?(current_user, :update_cluster, cluster)
end end
......
%h4.prepend-top-0= s_('ClusterIntegration|Choose how to set up Kubernetes cluster integration')
.dropdown.clusters-dropdown
%button.dropdown-menu-toggle.dropdown-menu-full-width{ type: 'button', data: { toggle: 'dropdown' }, 'aria-haspopup': true, 'aria-expanded': false }
%span.dropdown-toggle-text
= dropdown_text
= icon('chevron-down')
%ul.dropdown-menu.clusters-dropdown-menu.dropdown-menu-full-width
%li
= link_to(s_('ClusterIntegration|Create Kubernetes cluster on Google Kubernetes Engine'), gcp_new_namespace_project_clusters_path(@project.namespace, @project))
%li
= link_to(s_('ClusterIntegration|Add an existing Kubernetes cluster'), user_new_namespace_project_clusters_path(@project.namespace, @project))
...@@ -10,8 +10,10 @@ ...@@ -10,8 +10,10 @@
- link_to_help_page = link_to(s_('ClusterIntegration|help page'), help_page_path('user/project/clusters/index'), target: '_blank', rel: 'noopener noreferrer') - link_to_help_page = link_to(s_('ClusterIntegration|help page'), help_page_path('user/project/clusters/index'), target: '_blank', rel: 'noopener noreferrer')
= s_('ClusterIntegration|Read our %{link_to_help_page} on Kubernetes cluster integration.').html_safe % { link_to_help_page: link_to_help_page} = s_('ClusterIntegration|Read our %{link_to_help_page} on Kubernetes cluster integration.').html_safe % { link_to_help_page: link_to_help_page}
= form_for @cluster, html: { class: 'js-gke-cluster-creation prepend-top-20', data: { token: token_in_session } }, url: gcp_namespace_project_clusters_path(@project.namespace, @project), as: :cluster do |field| %p= link_to('Select a different Google account', @authorize_url)
= form_errors(@cluster)
= form_for @gcp_cluster, html: { class: 'js-gke-cluster-creation prepend-top-20', data: { token: token_in_session } }, url: create_gcp_namespace_project_clusters_path(@project.namespace, @project), as: :cluster do |field|
= form_errors(@gcp_cluster)
.form-group .form-group
= field.label :name, s_('ClusterIntegration|Kubernetes cluster name'), class: 'label-light' = field.label :name, s_('ClusterIntegration|Kubernetes cluster name'), class: 'label-light'
= field.text_field :name, class: 'form-control', placeholder: s_('ClusterIntegration|Kubernetes cluster name') = field.text_field :name, class: 'form-control', placeholder: s_('ClusterIntegration|Kubernetes cluster name')
...@@ -19,7 +21,7 @@ ...@@ -19,7 +21,7 @@
= field.label :environment_scope, s_('ClusterIntegration|Environment scope'), class: 'label-light' = field.label :environment_scope, s_('ClusterIntegration|Environment scope'), class: 'label-light'
= field.text_field :environment_scope, class: 'form-control', readonly: !has_multiple_clusters?(@project), placeholder: s_('ClusterIntegration|Environment scope') = field.text_field :environment_scope, class: 'form-control', readonly: !has_multiple_clusters?(@project), placeholder: s_('ClusterIntegration|Environment scope')
= field.fields_for :provider_gcp, @cluster.provider_gcp do |provider_gcp_field| = field.fields_for :provider_gcp, @gcp_cluster.provider_gcp do |provider_gcp_field|
.form-group .form-group
= provider_gcp_field.label :gcp_project_id, s_('ClusterIntegration|Google Cloud Platform project'), class: 'label-light' = provider_gcp_field.label :gcp_project_id, s_('ClusterIntegration|Google Cloud Platform project'), class: 'label-light'
.js-gcp-project-id-dropdown-entry-point{ data: { docsUrl: 'https://console.cloud.google.com/home/dashboard' } } .js-gcp-project-id-dropdown-entry-point{ data: { docsUrl: 'https://console.cloud.google.com/home/dashboard' } }
......
%h4.prepend-top-20 %h4
= s_('ClusterIntegration|Enter the details for your Kubernetes cluster') = s_('ClusterIntegration|Enter the details for your Kubernetes cluster')
%p %p
= s_('ClusterIntegration|Please make sure that your Google account meets the following requirements:') = s_('ClusterIntegration|Please make sure that your Google account meets the following requirements:')
......
- breadcrumb_title 'Kubernetes'
- page_title _("Login")
= render_gcp_signup_offer
.row.prepend-top-default
.col-sm-4
= render 'projects/clusters/sidebar'
.col-sm-8
= render 'projects/clusters/dropdown', dropdown_text: s_('ClusterIntegration|Create Kubernetes cluster on Google Kubernetes Engine')
= render 'header'
.row
.col-sm-8.offset-sm-4.signin-with-google
- if @authorize_url
= link_to(image_tag('auth_buttons/signin_with_google.png', width: '191px'), @authorize_url)
= _('or')
= link_to('create a new Google account', 'https://accounts.google.com/SignUpWithoutGmail?service=cloudconsole&continue=https%3A%2F%2Fconsole.cloud.google.com%2Ffreetrial%3Futm_campaign%3D2018_cpanel%26utm_source%3Dgitlab%26utm_medium%3Dreferral', target: '_blank', rel: 'noopener noreferrer')
- else
.settings-message.text-center
- link = link_to(s_('ClusterIntegration|properly configured'), help_page_path("integration/google"), target: '_blank', rel: 'noopener noreferrer')
= s_('Google authentication is not %{link_to_documentation}. Ask your GitLab administrator if you want to use this service.').html_safe % { link_to_documentation: link }
- breadcrumb_title 'Kubernetes'
- page_title _("New Kubernetes Cluster")
.row.prepend-top-default
.col-sm-4
= render 'projects/clusters/sidebar'
.col-sm-8
= render 'projects/clusters/dropdown', dropdown_text: s_('ClusterIntegration|Create Kubernetes cluster on Google Kubernetes Engine')
= render 'header'
= render 'form'
- breadcrumb_title 'Kubernetes' - breadcrumb_title 'Kubernetes'
- page_title _("Kubernetes Cluster") - page_title _("Kubernetes Cluster")
- active_tab = local_assigns.fetch(:active_tab, 'gcp')
= javascript_include_tag 'https://apis.google.com/js/api.js'
= render_gcp_signup_offer = render_gcp_signup_offer
.row.prepend-top-default .row.prepend-top-default
.col-sm-4 .col-md-3
= render 'sidebar' = render 'sidebar'
.col-sm-8 .col-md-9.js-toggle-container
%h4.prepend-top-0= s_('ClusterIntegration|Choose how to set up Kubernetes cluster integration') %ul.nav-links.nav-tabs.gitlab-tabs.nav{ role: 'tablist' }
%li.nav-item{ role: 'presentation' }
%a.nav-link{ href: '#create-gcp-cluster-pane', id: 'create-gcp-cluster-tab', class: active_when(active_tab == 'gcp'), data: { toggle: 'tab' }, role: 'tab' }
%span Create new Cluster on GKE
%li.nav-item{ role: 'presentation' }
%a.nav-link{ href: '#add-user-cluster-pane', id: 'add-user-cluster-tab', class: active_when(active_tab == 'user'), data: { toggle: 'tab' }, role: 'tab' }
%span Add existing cluster
%p= s_('ClusterIntegration|Create a new Kubernetes cluster on Google Kubernetes Engine right from GitLab') .tab-content.gitlab-tab-content
= link_to s_('ClusterIntegration|Create on Google Kubernetes Engine'), gcp_new_namespace_project_clusters_path(@project.namespace, @project), class: 'btn append-bottom-20' .tab-pane{ id: 'create-gcp-cluster-pane', class: active_when(active_tab == 'gcp'), role: 'tabpanel' }
%p= s_('ClusterIntegration|Enter the details for an existing Kubernetes cluster') = render 'projects/clusters/gcp/header'
= link_to s_('ClusterIntegration|Add an existing Kubernetes cluster'), user_new_namespace_project_clusters_path(@project.namespace, @project), class: 'btn append-bottom-20' - if @valid_gcp_token
= render 'projects/clusters/gcp/form'
- elsif @authorize_url
.signin-with-google
= link_to(image_tag('auth_buttons/signin_with_google.png', width: '191px'), @authorize_url)
= _('or')
= link_to('create a new Google account', 'https://accounts.google.com/SignUpWithoutGmail?service=cloudconsole&continue=https%3A%2F%2Fconsole.cloud.google.com%2Ffreetrial%3Futm_campaign%3D2018_cpanel%26utm_source%3Dgitlab%26utm_medium%3Dreferral', target: '_blank', rel: 'noopener noreferrer')
- else
- link = link_to(s_('ClusterIntegration|properly configured'), help_page_path("integration/google"), target: '_blank', rel: 'noopener noreferrer')
= s_('Google authentication is not %{link_to_documentation}. Ask your GitLab administrator if you want to use this service.').html_safe % { link_to_documentation: link }
.tab-pane{ id: 'add-user-cluster-pane', class: active_when(active_tab == 'user'), role: 'tabpanel' }
= render 'projects/clusters/user/header'
= render 'projects/clusters/user/form'
= form_for @cluster, url: user_namespace_project_clusters_path(@project.namespace, @project), as: :cluster do |field| = form_for @user_cluster, url: create_user_namespace_project_clusters_path(@project.namespace, @project), as: :cluster do |field|
= form_errors(@cluster) = form_errors(@user_cluster)
.form-group .form-group
= field.label :name, s_('ClusterIntegration|Kubernetes cluster name'), class: 'label-light' = field.label :name, s_('ClusterIntegration|Kubernetes cluster name'), class: 'label-light'
= field.text_field :name, class: 'form-control', placeholder: s_('ClusterIntegration|Kubernetes cluster name') = field.text_field :name, class: 'form-control', placeholder: s_('ClusterIntegration|Kubernetes cluster name')
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
= field.label :environment_scope, s_('ClusterIntegration|Environment scope'), class: 'label-light' = field.label :environment_scope, s_('ClusterIntegration|Environment scope'), class: 'label-light'
= field.text_field :environment_scope, class: 'form-control', placeholder: s_('ClusterIntegration|Environment scope') = field.text_field :environment_scope, class: 'form-control', placeholder: s_('ClusterIntegration|Environment scope')
= field.fields_for :platform_kubernetes, @cluster.platform_kubernetes do |platform_kubernetes_field| = field.fields_for :platform_kubernetes, @user_cluster.platform_kubernetes do |platform_kubernetes_field|
.form-group .form-group
= platform_kubernetes_field.label :api_url, s_('ClusterIntegration|API URL'), class: 'label-light' = platform_kubernetes_field.label :api_url, s_('ClusterIntegration|API URL'), class: 'label-light'
= platform_kubernetes_field.text_field :api_url, class: 'form-control', placeholder: s_('ClusterIntegration|API URL') = platform_kubernetes_field.text_field :api_url, class: 'form-control', placeholder: s_('ClusterIntegration|API URL')
......
%h4.prepend-top-20 %h4
= s_('ClusterIntegration|Enter the details for your Kubernetes cluster') = s_('ClusterIntegration|Enter the details for your Kubernetes cluster')
%p %p
- link_to_help_page = link_to(s_('ClusterIntegration|documentation'), help_page_path('user/project/clusters/index', anchor: 'adding-an-existing-kubernetes-cluster'), target: '_blank', rel: 'noopener noreferrer') - link_to_help_page = link_to(s_('ClusterIntegration|documentation'), help_page_path('user/project/clusters/index', anchor: 'adding-an-existing-kubernetes-cluster'), target: '_blank', rel: 'noopener noreferrer')
......
- breadcrumb_title 'Kubernetes'
- page_title _("New Kubernetes cluster")
.row.prepend-top-default
.col-sm-4
= render 'projects/clusters/sidebar'
.col-sm-8
= render 'projects/clusters/dropdown', dropdown_text: s_('ClusterIntegration|Add an existing Kubernetes cluster')
= render 'header'
.prepend-top-20
= render 'form'
---
title: Create new or add existing Kubernetes cluster from a single page
merge_request: 18963
author:
type: changed
...@@ -238,14 +238,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do ...@@ -238,14 +238,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources :clusters, except: [:edit, :create] do resources :clusters, except: [:edit, :create] do
collection do collection do
scope :providers do post :create_gcp
get '/user/new', to: 'clusters/user#new' post :create_user
post '/user', to: 'clusters/user#create'
get '/gcp/new', to: 'clusters/gcp#new'
get '/gcp/login', to: 'clusters/gcp#login'
post '/gcp', to: 'clusters/gcp#create'
end
end end
member do member do
......
...@@ -83,14 +83,14 @@ To add an existing Kubernetes cluster to your project: ...@@ -83,14 +83,14 @@ To add an existing Kubernetes cluster to your project:
- **Kubernetes cluster name** (required) - The name you wish to give the cluster. - **Kubernetes cluster name** (required) - The name you wish to give the cluster.
- **Environment scope** (required)- The - **Environment scope** (required)- The
[associated environment](#setting-the-environment-scope) to this cluster. [associated environment](#setting-the-environment-scope) to this cluster.
- **API URL** (required) - * **API URL** (required) -
It's the URL that GitLab uses to access the Kubernetes API. Kubernetes It's the URL that GitLab uses to access the Kubernetes API. Kubernetes
exposes several APIs, we want the "base" URL that is common to all of them, exposes several APIs, we want the "base" URL that is common to all of them,
e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`. e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
- **CA certificate** (optional) - * **CA certificate** (optional) -
If the API is using a self-signed TLS certificate, you'll also need to include If the API is using a self-signed TLS certificate, you'll also need to include
the `ca.crt` contents here. the `ca.crt` contents here.
- **Token** - * **Token** -
GitLab authenticates against Kubernetes using service tokens, which are GitLab authenticates against Kubernetes using service tokens, which are
scoped to a particular `namespace`. If you don't have a service token yet, scoped to a particular `namespace`. If you don't have a service token yet,
you can follow the you can follow the
...@@ -103,8 +103,8 @@ To add an existing Kubernetes cluster to your project: ...@@ -103,8 +103,8 @@ To add an existing Kubernetes cluster to your project:
- Each project should have a unique namespace. - Each project should have a unique namespace.
- The project namespace is not necessarily the namespace of the secret, if - The project namespace is not necessarily the namespace of the secret, if
you're using a secret with broader permissions, like the secret from `default`. you're using a secret with broader permissions, like the secret from `default`.
- You should **not** use `default` as the project namespace. * You should **not** use `default` as the project namespace.
- If you or someone created a secret specifically for the project, usually * If you or someone created a secret specifically for the project, usually
with limited permissions, the secret's namespace and project namespace may with limited permissions, the secret's namespace and project namespace may
be the same. be the same.
1. Finally, click the **Create Kubernetes cluster** button. 1. Finally, click the **Create Kubernetes cluster** button.
...@@ -205,6 +205,7 @@ kubectl get svc --all-namespaces -o jsonpath='{range.items[?(@.status.loadBalanc ...@@ -205,6 +205,7 @@ kubectl get svc --all-namespaces -o jsonpath='{range.items[?(@.status.loadBalanc
``` ```
> **Note**: Some Kubernetes clusters return a hostname instead, like [Amazon EKS](https://aws.amazon.com/eks/). For these platforms, run: > **Note**: Some Kubernetes clusters return a hostname instead, like [Amazon EKS](https://aws.amazon.com/eks/). For these platforms, run:
>
> ```bash > ```bash
> kubectl get service ingress-nginx-ingress-controller -n gitlab-managed-apps -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"`. > kubectl get service ingress-nginx-ingress-controller -n gitlab-managed-apps -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"`.
> ``` > ```
...@@ -266,8 +267,8 @@ Also, jobs that don't have an environment keyword set will not be able to access ...@@ -266,8 +267,8 @@ Also, jobs that don't have an environment keyword set will not be able to access
For example, let's say the following Kubernetes clusters exist in a project: For example, let's say the following Kubernetes clusters exist in a project:
| Cluster | Environment scope | | Cluster | Environment scope |
| ---------- | ------------------| | ----------- | ----------------- |
| Development| `*` | | Development | `*` |
| Staging | `staging` | | Staging | `staging` |
| Production | `production` | | Production | `production` |
...@@ -299,9 +300,9 @@ deploy to production: ...@@ -299,9 +300,9 @@ deploy to production:
The result will then be: The result will then be:
- The development cluster will be used for the "test" job. * The development cluster will be used for the "test" job.
- The staging cluster will be used for the "deploy to staging" job. * The staging cluster will be used for the "deploy to staging" job.
- The production cluster will be used for the "deploy to production" job. * The production cluster will be used for the "deploy to production" job.
## Deployment variables ## Deployment variables
...@@ -310,7 +311,7 @@ The Kubernetes cluster integration exposes the following ...@@ -310,7 +311,7 @@ The Kubernetes cluster integration exposes the following
GitLab CI/CD build environment. GitLab CI/CD build environment.
| Variable | Description | | Variable | Description |
| -------- | ----------- | | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `KUBE_URL` | Equal to the API URL. | | `KUBE_URL` | Equal to the API URL. |
| `KUBE_TOKEN` | The Kubernetes token. | | `KUBE_TOKEN` | The Kubernetes token. |
| `KUBE_NAMESPACE` | The Kubernetes namespace is auto-generated if not specified. The default value is `<project_name>-<project_id>`. You can overwrite it to use different one if needed, otherwise the `KUBE_NAMESPACE` variable will receive the default value. | | `KUBE_NAMESPACE` | The Kubernetes namespace is auto-generated if not specified. The default value is `<project_name>-<project_id>`. You can overwrite it to use different one if needed, otherwise the `KUBE_NAMESPACE` variable will receive the default value. |
......
...@@ -18,7 +18,7 @@ feature 'Gcp Cluster', :js do ...@@ -18,7 +18,7 @@ feature 'Gcp Cluster', :js do
visit project_clusters_path(project) visit project_clusters_path(project)
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Add an existing Kubernetes cluster' click_link 'Add existing cluster'
end end
it 'user sees the "Environment scope" field' do it 'user sees the "Environment scope" field' do
......
...@@ -32,7 +32,7 @@ feature 'EE Clusters', :js do ...@@ -32,7 +32,7 @@ feature 'EE Clusters', :js do
context 'when user filled form with environment scope' do context 'when user filled form with environment scope' do
before do before do
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Add an existing Kubernetes cluster' click_link 'Add existing cluster'
fill_in 'cluster_name', with: 'staging-cluster' fill_in 'cluster_name', with: 'staging-cluster'
fill_in 'cluster_environment_scope', with: 'staging/*' fill_in 'cluster_environment_scope', with: 'staging/*'
click_button 'Add Kubernetes cluster' click_button 'Add Kubernetes cluster'
...@@ -61,7 +61,7 @@ feature 'EE Clusters', :js do ...@@ -61,7 +61,7 @@ feature 'EE Clusters', :js do
context 'when user updates duplicated environment scope' do context 'when user updates duplicated environment scope' do
before do before do
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Add an existing Kubernetes cluster' click_link 'Add existing cluster'
fill_in 'cluster_name', with: 'staging-cluster' fill_in 'cluster_name', with: 'staging-cluster'
fill_in 'cluster_environment_scope', with: '*' fill_in 'cluster_environment_scope', with: '*'
click_button 'Add Kubernetes cluster' click_button 'Add Kubernetes cluster'
...@@ -75,13 +75,13 @@ feature 'EE Clusters', :js do ...@@ -75,13 +75,13 @@ feature 'EE Clusters', :js do
context 'when user adds an Google Kubernetes Engine cluster' do context 'when user adds an Google Kubernetes Engine cluster' do
before do before do
allow_any_instance_of(Projects::Clusters::GcpController) allow_any_instance_of(Projects::ClustersController)
.to receive(:token_in_session).and_return('token') .to receive(:token_in_session).and_return('token')
allow_any_instance_of(Projects::Clusters::GcpController) allow_any_instance_of(Projects::ClustersController)
.to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s) .to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s)
allow_any_instance_of(Projects::Clusters::GcpController).to receive(:authorize_google_project_billing) allow_any_instance_of(Projects::ClustersController).to receive(:authorize_google_project_billing)
allow_any_instance_of(Projects::Clusters::GcpController).to receive(:google_project_billing_status).and_return(true) allow_any_instance_of(Projects::ClustersController).to receive(:google_project_billing_status).and_return(true)
allow_any_instance_of(GoogleApi::CloudPlatform::Client) allow_any_instance_of(GoogleApi::CloudPlatform::Client)
.to receive(:projects_zones_clusters_create) do .to receive(:projects_zones_clusters_create) do
...@@ -105,7 +105,7 @@ feature 'EE Clusters', :js do ...@@ -105,7 +105,7 @@ feature 'EE Clusters', :js do
context 'when user filled form with environment scope' do context 'when user filled form with environment scope' do
before do before do
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Create on Google Kubernetes Engine' click_link 'Create new Cluster on GKE'
sleep 2 # wait for ajax sleep 2 # wait for ajax
execute_script('document.querySelector(".js-gcp-project-id-dropdown input").setAttribute("type", "text")') execute_script('document.querySelector(".js-gcp-project-id-dropdown input").setAttribute("type", "text")')
...@@ -144,7 +144,7 @@ feature 'EE Clusters', :js do ...@@ -144,7 +144,7 @@ feature 'EE Clusters', :js do
context 'when user updates duplicated environment scope' do context 'when user updates duplicated environment scope' do
before do before do
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Create on Google Kubernetes Engine' click_link 'Create new Cluster on GKE'
sleep 2 # wait for ajax sleep 2 # wait for ajax
execute_script('document.querySelector(".js-gcp-project-id-dropdown input").setAttribute("type", "text")') execute_script('document.querySelector(".js-gcp-project-id-dropdown input").setAttribute("type", "text")')
......
...@@ -5,11 +5,11 @@ module QA ...@@ -5,11 +5,11 @@ module QA
module Kubernetes module Kubernetes
class Add < Page::Base class Add < Page::Base
view 'app/views/projects/clusters/new.html.haml' do view 'app/views/projects/clusters/new.html.haml' do
element :add_kubernetes_cluster_button, "link_to s_('ClusterIntegration|Add an existing Kubernetes cluster')" element :add_existing_cluster_button, "Add existing cluster"
end end
def add_existing_cluster def add_existing_cluster
click_on 'Add an existing Kubernetes cluster' click_on 'Add existing cluster'
end end
end end
end end
......
require 'spec_helper'
describe Projects::Clusters::GcpController do
include AccessMatchersForController
include GoogleApi::CloudPlatformHelpers
set(:project) { create(:project) }
describe 'GET login' do
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when omniauth has been configured' do
let(:key) { 'secret-key' }
let(:session_key_for_redirect_uri) do
GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(key)
end
before do
allow(SecureRandom).to receive(:hex).and_return(key)
end
it 'has authorize_url' do
go
expect(assigns(:authorize_url)).to include(key)
expect(session[session_key_for_redirect_uri]).to eq(gcp_new_project_clusters_path(project))
end
end
context 'when omniauth has not configured' do
before do
stub_omniauth_setting(providers: [])
end
it 'does not have authorize_url' do
go
expect(assigns(:authorize_url)).to be_nil
end
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
get :login, namespace_id: project.namespace, project_id: project
end
end
describe 'GET new' do
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when access token is valid' do
before do
stub_google_api_validate_token
end
it 'has new object' do
go
expect(assigns(:cluster)).to be_an_instance_of(Clusters::Cluster)
end
end
context 'when access token is expired' do
before do
stub_google_api_expired_token
end
it { expect(go).to redirect_to(gcp_login_project_clusters_path(project)) }
end
context 'when access token is not stored in session' do
it { expect(go).to redirect_to(gcp_login_project_clusters_path(project)) }
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
get :new, namespace_id: project.namespace, project_id: project
end
end
describe 'POST create' do
let(:params) do
{
cluster: {
name: 'new-cluster',
provider_gcp_attributes: {
gcp_project_id: '111'
}
}
}
end
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when access token is valid' do
before do
stub_google_api_validate_token
end
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Providers::Gcp.count }
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
expect(project.clusters.first).to be_gcp
expect(project.clusters.first).to be_kubernetes
end
end
context 'when access token is expired' do
before do
stub_google_api_expired_token
end
it 'redirects to login page' do
expect(go).to redirect_to(gcp_login_project_clusters_path(project))
end
end
context 'when access token is not stored in session' do
it 'redirects to login page' do
expect(go).to redirect_to(gcp_login_project_clusters_path(project))
end
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
post :create, params.merge(namespace_id: project.namespace, project_id: project)
end
end
end
require 'spec_helper'
describe Projects::Clusters::UserController do
include AccessMatchersForController
set(:project) { create(:project) }
describe 'GET new' do
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
it 'has new object' do
go
expect(assigns(:cluster)).to be_an_instance_of(Clusters::Cluster)
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
get :new, namespace_id: project.namespace, project_id: project
end
end
describe 'POST create' do
let(:params) do
{
cluster: {
name: 'new-cluster',
platform_kubernetes_attributes: {
api_url: 'http://my-url',
token: 'test',
namespace: 'aaa'
}
}
}
end
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when creates a cluster' do
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Platforms::Kubernetes.count }
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
expect(project.clusters.first).to be_user
expect(project.clusters.first).to be_kubernetes
end
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
post :create, params.merge(namespace_id: project.namespace, project_id: project)
end
end
end
...@@ -2,6 +2,7 @@ require 'spec_helper' ...@@ -2,6 +2,7 @@ require 'spec_helper'
describe Projects::ClustersController do describe Projects::ClustersController do
include AccessMatchersForController include AccessMatchersForController
include GoogleApi::CloudPlatformHelpers
set(:project) { create(:project) } set(:project) { create(:project) }
...@@ -73,6 +74,231 @@ describe Projects::ClustersController do ...@@ -73,6 +74,231 @@ describe Projects::ClustersController do
end end
end end
describe 'GET new' do
describe 'functionality for new cluster' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when omniauth has been configured' do
let(:key) { 'secret-key' }
let(:session_key_for_redirect_uri) do
GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(key)
end
before do
allow(SecureRandom).to receive(:hex).and_return(key)
end
it 'has authorize_url' do
go
expect(assigns(:authorize_url)).to include(key)
expect(session[session_key_for_redirect_uri]).to eq(new_project_cluster_path(project))
end
end
context 'when omniauth has not configured' do
before do
stub_omniauth_setting(providers: [])
end
it 'does not have authorize_url' do
go
expect(assigns(:authorize_url)).to be_nil
end
end
context 'when access token is valid' do
before do
stub_google_api_validate_token
end
it 'has new object' do
go
expect(assigns(:gcp_cluster)).to be_an_instance_of(Clusters::Cluster)
end
end
context 'when access token is expired' do
before do
stub_google_api_expired_token
end
it { expect(@valid_gcp_token).to be_falsey }
end
context 'when access token is not stored in session' do
it { expect(@valid_gcp_token).to be_falsey }
end
end
describe 'functionality for existing cluster' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
it 'has new object' do
go
expect(assigns(:user_cluster)).to be_an_instance_of(Clusters::Cluster)
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
get :new, namespace_id: project.namespace, project_id: project
end
end
describe 'POST create for new cluster' do
let(:params) do
{
cluster: {
name: 'new-cluster',
provider_gcp_attributes: {
gcp_project_id: 'gcp-project-12345'
}
}
}
end
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when access token is valid' do
before do
stub_google_api_validate_token
end
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Providers::Gcp.count }
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
expect(project.clusters.first).to be_gcp
expect(project.clusters.first).to be_kubernetes
end
end
context 'when access token is expired' do
before do
stub_google_api_expired_token
end
it { expect(@valid_gcp_token).to be_falsey }
end
context 'when access token is not stored in session' do
it { expect(@valid_gcp_token).to be_falsey }
end
end
describe 'security' do
before do
allow_any_instance_of(described_class)
.to receive(:token_in_session).and_return('token')
allow_any_instance_of(described_class)
.to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s)
allow_any_instance_of(GoogleApi::CloudPlatform::Client)
.to receive(:projects_zones_clusters_create) do
OpenStruct.new(
self_link: 'projects/gcp-project-12345/zones/us-central1-a/operations/ope-123',
status: 'RUNNING'
)
end
allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil)
end
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
post :create_gcp, params.merge(namespace_id: project.namespace, project_id: project)
end
end
describe 'POST create for existing cluster' do
let(:params) do
{
cluster: {
name: 'new-cluster',
platform_kubernetes_attributes: {
api_url: 'http://my-url',
token: 'test',
namespace: 'aaa'
}
}
}
end
describe 'functionality' do
let(:user) { create(:user) }
before do
project.add_master(user)
sign_in(user)
end
context 'when creates a cluster' do
it 'creates a new cluster' do
expect(ClusterProvisionWorker).to receive(:perform_async)
expect { go }.to change { Clusters::Cluster.count }
.and change { Clusters::Platforms::Kubernetes.count }
expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
expect(project.clusters.first).to be_user
expect(project.clusters.first).to be_kubernetes
end
end
end
describe 'security' do
it { expect { go }.to be_allowed_for(:admin) }
it { expect { go }.to be_allowed_for(:owner).of(project) }
it { expect { go }.to be_allowed_for(:master).of(project) }
it { expect { go }.to be_denied_for(:developer).of(project) }
it { expect { go }.to be_denied_for(:reporter).of(project) }
it { expect { go }.to be_denied_for(:guest).of(project) }
it { expect { go }.to be_denied_for(:user) }
it { expect { go }.to be_denied_for(:external) }
end
def go
post :create_user, params.merge(namespace_id: project.namespace, project_id: project)
end
end
describe 'GET status' do describe 'GET status' do
let(:cluster) { create(:cluster, :providing_by_gcp, projects: [project]) } let(:cluster) { create(:cluster, :providing_by_gcp, projects: [project]) }
......
...@@ -16,9 +16,9 @@ feature 'Gcp Cluster', :js do ...@@ -16,9 +16,9 @@ feature 'Gcp Cluster', :js do
let(:project_id) { 'test-project-1234' } let(:project_id) { 'test-project-1234' }
before do before do
allow_any_instance_of(Projects::Clusters::GcpController) allow_any_instance_of(Projects::ClustersController)
.to receive(:token_in_session).and_return('token') .to receive(:token_in_session).and_return('token')
allow_any_instance_of(Projects::Clusters::GcpController) allow_any_instance_of(Projects::ClustersController)
.to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s) .to receive(:expires_at_in_session).and_return(1.hour.since.to_i.to_s)
end end
...@@ -27,7 +27,7 @@ feature 'Gcp Cluster', :js do ...@@ -27,7 +27,7 @@ feature 'Gcp Cluster', :js do
visit project_clusters_path(project) visit project_clusters_path(project)
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Create on Google Kubernetes Engine' click_link 'Create new Cluster on GKE'
end end
context 'when user filled form with valid parameters' do context 'when user filled form with valid parameters' do
...@@ -148,7 +148,7 @@ feature 'Gcp Cluster', :js do ...@@ -148,7 +148,7 @@ feature 'Gcp Cluster', :js do
visit project_clusters_path(project) visit project_clusters_path(project)
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Create on Google Kubernetes Engine' click_link 'Create new Cluster on GKE'
end end
it 'user sees a login page' do it 'user sees a login page' do
...@@ -162,7 +162,7 @@ feature 'Gcp Cluster', :js do ...@@ -162,7 +162,7 @@ feature 'Gcp Cluster', :js do
visit project_clusters_path(project) visit project_clusters_path(project)
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Add an existing Kubernetes cluster' click_link 'Add existing cluster'
end end
it 'user does not see the "Environment scope" field' do it 'user does not see the "Environment scope" field' do
...@@ -187,7 +187,7 @@ feature 'Gcp Cluster', :js do ...@@ -187,7 +187,7 @@ feature 'Gcp Cluster', :js do
it 'user sees offer on cluster GCP login page' do it 'user sees offer on cluster GCP login page' do
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Create on Google Kubernetes Engine' click_link 'Create new Cluster on GKE'
expect(page).to have_css('.gcp-signup-offer') expect(page).to have_css('.gcp-signup-offer')
end end
......
...@@ -17,7 +17,7 @@ feature 'User Cluster', :js do ...@@ -17,7 +17,7 @@ feature 'User Cluster', :js do
visit project_clusters_path(project) visit project_clusters_path(project)
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Add an existing Kubernetes cluster' click_link 'Add existing cluster'
end end
context 'when user filled form with valid parameters' do context 'when user filled form with valid parameters' do
......
...@@ -83,7 +83,7 @@ feature 'Clusters', :js do ...@@ -83,7 +83,7 @@ feature 'Clusters', :js do
visit project_clusters_path(project) visit project_clusters_path(project)
click_link 'Add Kubernetes cluster' click_link 'Add Kubernetes cluster'
click_link 'Create on Google Kubernetes Engine' click_link 'Create new Cluster on GKE'
end end
it 'user sees a login page' do it 'user sees a login page' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment