Merge branch 'develop'

UffizziCloud · Oct 30, 2023 · 6b718c5 · 6b718c5
2 parents a57b521 + 0c012e7
commit 6b718c5
Show file tree

Hide file tree

Showing 15 changed files with 481 additions and 10 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: core
   specs:
-    uffizzi_core (2.2.25)
+    uffizzi_core (2.3.0)
       aasm
       actionpack (~> 6.1.0)
       active_model_serializers
@@ -111,7 +111,7 @@ GEM
     ast (2.4.2)
     awesome_print (1.9.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.838.0)
+    aws-partitions (1.843.0)
     aws-sdk-core (3.185.1)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
@@ -123,10 +123,10 @@ GEM
     aws-sdk-eventbridge (1.51.0)
       aws-sdk-core (~> 3, >= 3.184.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.87.0)
+    aws-sdk-iam (1.89.0)
       aws-sdk-core (~> 3, >= 3.184.0)
       aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.6.0)
+    aws-sigv4 (1.6.1)
       aws-eventstream (~> 1, >= 1.0.2)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)

diff --git a/core/Gemfile.lock b/core/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    uffizzi_core (2.2.25)
+    uffizzi_core (2.3.0)
       aasm
       actionpack (~> 6.1.0)
       active_model_serializers
@@ -110,7 +110,7 @@ GEM
       activerecord (>= 5.2.6)
     awesome_print (1.9.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.838.0)
+    aws-partitions (1.843.0)
     aws-sdk-core (3.185.1)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
@@ -122,10 +122,10 @@ GEM
     aws-sdk-eventbridge (1.51.0)
       aws-sdk-core (~> 3, >= 3.184.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.87.0)
+    aws-sdk-iam (1.89.0)
       aws-sdk-core (~> 3, >= 3.184.0)
       aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.6.0)
+    aws-sigv4 (1.6.1)
       aws-eventstream (~> 1, >= 1.0.2)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
@@ -271,7 +271,7 @@ GEM
       power_assert (>= 1.1)
     mocha (1.13.0)
     multipart-post (2.3.0)
-    net-imap (0.4.1)
+    net-imap (0.4.2)
       date
       net-protocol
     net-pop (0.1.2)

diff --git a/core/app/clients/uffizzi_core/controller_client.rb b/core/app/clients/uffizzi_core/controller_client.rb
@@ -82,6 +82,10 @@ def patch_cluster(name:, namespace:, body:)
     patch("/namespaces/#{namespace}/cluster/#{name}", body)
   end
 
+  def ingresses(namespace:)
+    get("/namespaces/#{namespace}/ingresses")
+  end
+
   private
 
   def get(url, params = {})

diff --git a/core/app/contexts/uffizzi_core/project/cluster_context.rb b/core/app/contexts/uffizzi_core/project/cluster_context.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class UffizziCore::Project::ClusterContext
+  attr_reader :user, :user_access_module, :project, :cluster, :params
+
+  def initialize(user, project, user_access_module, cluster, params)
+    @user = user
+    @user_access_module = user_access_module
+    @project = project
+    @cluster = cluster
+    @params = params
+  end
+end
diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/projects/clusters/application_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/projects/clusters/application_controller.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class UffizziCore::Api::Cli::V1::Projects::Clusters::ApplicationController < UffizziCore::Api::Cli::V1::Projects::ApplicationController
+  def resource_cluster
+    @resource_cluster ||= if request_by_admin? || valid_request_from_ci_workflow?
+      active_project_clusters.find_by!(name: params[:cluster_name])
+    else
+      active_project_clusters.deployed_by_user(current_user).find_by!(name: params[:cluster_name])
+    end
+  end
+
+  private
+
+  def active_project_clusters
+    @active_project_clusters ||= resource_project.clusters.enabled
+  end
+
+  def request_by_admin?
+    current_user.admin_access_to_project?(resource_project)
+  end
+
+  def valid_request_from_ci_workflow?
+    ci_module.valid_request_from_ci_workflow?(params)
+  end
+
+  def policy_context
+    UffizziCore::Project::ClusterContext.new(current_user, resource_project, user_access_module, resource_cluster, params)
+  end
+end
diff --git a/core/app/controllers/uffizzi_core/api/cli/v1/projects/clusters/ingresses_controller.rb b/core/app/controllers/uffizzi_core/api/cli/v1/projects/clusters/ingresses_controller.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class UffizziCore::Api::Cli::V1::Projects::Clusters::IngressesController <
+  UffizziCore::Api::Cli::V1::Projects::Clusters::ApplicationController
+  before_action :authorize_uffizzi_core_api_cli_v1_projects_clusters_ingresses
+
+  def index
+    hosts = UffizziCore::ControllerService.ingress_hosts(resource_cluster)
+    user_hosts = UffizziCore::ClusterService.filter_user_ingress_host(resource_cluster, hosts)
+
+    data = {
+      ingresses: user_hosts,
+    }
+
+    respond_with data
+  end
+end
diff --git a/core/app/lib/uffizzi_core/rbac/user_access_service.rb b/core/app/lib/uffizzi_core/rbac/user_access_service.rb
@@ -21,5 +21,9 @@ def admin_or_developer_access_to_project?(_user, _project)
     def any_access_to_project?(_user, _project)
       true
     end
+
+    def admin_access_to_project?(_user, _project)
+      true
+    end
   end
 end
diff --git a/core/app/policies/uffizzi_core/api/cli/v1/projects/clusters/ingresses_policy.rb b/core/app/policies/uffizzi_core/api/cli/v1/projects/clusters/ingresses_policy.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class UffizziCore::Api::Cli::V1::Projects::Clusters::IngressesPolicy < UffizziCore::ApplicationPolicy
+  def index?
+    return true if context.user_access_module.admin_access_to_project?(context.user, context.project)
+
+    context.cluster.deployed_by_id == context.user.id
+  end
+end
diff --git a/core/app/services/uffizzi_core/cluster_service.rb b/core/app/services/uffizzi_core/cluster_service.rb
@@ -68,6 +68,10 @@ def manage_deploying(cluster, try)
       UffizziCore::Cluster::ManageDeployingJob.perform_in(5.seconds, cluster.id, ++try)
     end
 
+    def filter_user_ingress_host(cluster, ingress_hosts)
+      ingress_hosts.reject { |h| h == cluster.host }
+    end
+
     private
 
     def awake?(cluster)

diff --git a/core/app/services/uffizzi_core/controller_service.rb b/core/app/services/uffizzi_core/controller_service.rb
@@ -117,6 +117,16 @@ def patch_cluster(cluster, sleep:)
       controller_client(cluster).patch_cluster(name: cluster.name, namespace: cluster.namespace, body: body)
     end
 
+    def ingress_hosts(cluster)
+      namespace = cluster.namespace
+
+      ingresses = controller_client(cluster).ingresses(namespace: namespace).result.items
+
+      ingresses.map do |ingress|
+        ingress.spec.rules.map(&:host)
+      end.flatten
+    end
+
     private
 
     def check_any_container_has_public_port(containers)

diff --git a/core/config/routes.rb b/core/config/routes.rb
@@ -15,6 +15,9 @@
                 put :scale_down
                 put :scale_up
               end
+              scope module: :clusters do
+                resources :ingresses, only: ['index']
+              end
             end
             resources :deployments, only: ['index', 'show', 'create', 'destroy', 'update'] do
               post :deploy_containers, on: :member

diff --git a/core/lib/uffizzi_core/version.rb b/core/lib/uffizzi_core/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module UffizziCore
-  VERSION = '2.2.25'
+  VERSION = '2.3.0'
 end
diff --git a/core/test/controllers/uffizzi_core/api/cli/v1/projects/clusters/ingresses_controller_test.rb b/core/test/controllers/uffizzi_core/api/cli/v1/projects/clusters/ingresses_controller_test.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class UffizziCore::Api::Cli::V1::Projects::Clusters::IngressesControllerTest < ActionController::TestCase
+  setup do
+    @user = create(:user, :with_personal_account)
+    @project = create(:project, :with_members, account: @user.personal_account, members: [@user])
+    @cluster = create(:cluster, project: @project, deployed_by: @user)
+
+    sign_in @user
+  end
+
+  test '#index' do
+    data = json_fixture('files/controller/ingresses.json')
+    stubbed_get_ingresses_request = stub_get_ingresses(data)
+
+    params = { project_slug: @project.slug, cluster_name: @cluster.name }
+
+    get :index, params: params, format: :json
+
+    assert_response(:success)
+    assert_requested(stubbed_get_ingresses_request)
+  end
+end