Class: GoogleApi::CloudPlatform::Client

Inherits:

Auth

• Object
• Auth
• GoogleApi::CloudPlatform::Client

Defined in:

lib/google_api/cloud_platform/client.rb

Constant Summary

SCOPE =

'https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/service.management'

LEAST_TOKEN_LIFE_TIME =

10.minutes

ROLES_LIST =

%w[roles/iam.serviceAccountUser roles/artifactregistry.admin roles/cloudbuild.builds.builder roles/run.admin roles/storage.admin roles/cloudsql.client roles/browser].freeze

REVOKE_URL =

'https://oauth2.googleapis.com/revoke'

Constants inherited from Auth

Auth::ConfigMissingError

Instance Attribute Summary

Attributes inherited from Auth

#access_token, #redirect_uri, #state

Class Method Summary

• .new_session_key_for_redirect_uri ⇒ Object
• .session_key_for_expires_at ⇒ Object
• .session_key_for_redirect_uri(state) ⇒ Object
• .session_key_for_token ⇒ Object

Instance Method Summary

• #create_cloudsql_database(gcp_project_id, instance_name, database_name) ⇒ Object
• #create_cloudsql_instance(gcp_project_id, instance_name, root_password, database_version, region, tier) ⇒ Object
• #create_cloudsql_user(gcp_project_id, instance_name, username, password) ⇒ Object
• #create_service_account(gcp_project_id, display_name, description) ⇒ Object
• #create_service_account_key(gcp_project_id, service_account_id) ⇒ Object
• #enable_artifacts_registry(gcp_project_id) ⇒ Object
• #enable_cloud_build(gcp_project_id) ⇒ Object
• #enable_cloud_run(gcp_project_id) ⇒ Object
• #enable_cloud_sql_admin(gcp_project_id) ⇒ Object
• #enable_compute(gcp_project_id) ⇒ Object
• #enable_service_networking(gcp_project_id) ⇒ Object
• #enable_vision_api(gcp_project_id) ⇒ Object
• #get_cloudsql_instance(gcp_project_id, instance_name) ⇒ Object
• #grant_service_account_roles(gcp_project_id, email) ⇒ Object
• #list_cloudsql_databases(gcp_project_id, instance_name) ⇒ Object
• #list_cloudsql_users(gcp_project_id, instance_name) ⇒ Object
• #list_projects ⇒ Object
• #revoke_authorizations ⇒ Object
• #scope ⇒ Object
• #validate_token(expires_at) ⇒ Object

Methods inherited from Auth

#authorize_url, #get_token, #initialize

Constructor Details

This class inherits a constructor from GoogleApi::Auth

Class Method Details

.new_session_key_for_redirect_uri ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 30

def new_session_key_for_redirect_uri
  SecureRandom.hex.tap do |state|
    yield session_key_for_redirect_uri(state)
  end
end

.session_key_for_expires_at ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 26

def session_key_for_expires_at
  :cloud_platform_expires_at
end

.session_key_for_redirect_uri(state) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 36

def session_key_for_redirect_uri(state)
  "cloud_platform_second_redirect_uri_#{state}"
end

.session_key_for_token ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 22

def session_key_for_token
  :cloud_platform_access_token
end

Instance Method Details

#create_cloudsql_database(gcp_project_id, instance_name, database_name) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 139

def create_cloudsql_database(gcp_project_id, instance_name, database_name)
  database = Google::Apis::SqladminV1beta4::Database.new(name: database_name)
  sql_admin_service.insert_database(gcp_project_id, instance_name, database)
end

#create_cloudsql_instance(gcp_project_id, instance_name, root_password, database_version, region, tier) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 159

def create_cloudsql_instance(gcp_project_id, instance_name, root_password, database_version, region, tier)
  database_instance = Google::Apis::SqladminV1beta4::DatabaseInstance.new(
    name: instance_name,
    root_password: root_password,
    database_version: database_version,
    region: region,
    settings: Google::Apis::SqladminV1beta4::Settings.new(tier: tier)
  )

  sql_admin_service.insert_instance(gcp_project_id, database_instance)
end

#create_cloudsql_user(gcp_project_id, instance_name, username, password) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 148

def create_cloudsql_user(gcp_project_id, instance_name, username, password)
  user = Google::Apis::SqladminV1beta4::User.new
  user.name = username
  user.password = password
  sql_admin_service.insert_user(gcp_project_id, instance_name, user)
end

#create_service_account(gcp_project_id, display_name, description) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 70

def create_service_account(gcp_project_id, display_name, description)
  name = "projects/#{gcp_project_id}"

  # initialize google iam service
  service = Google::Apis::IamV1::IamService.new
  service.authorization = access_token

  # generate account id
  random_account_id = "gitlab-" + SecureRandom.hex(11)

  body_params = { account_id: random_account_id,
                  service_account: { display_name: display_name,
                                     description: description } }

  request_body = Google::Apis::IamV1::CreateServiceAccountRequest.new(**body_params)
  service.create_service_account(name, request_body)
end

#create_service_account_key(gcp_project_id, service_account_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 88

def create_service_account_key(gcp_project_id, service_account_id)
  service = Google::Apis::IamV1::IamService.new
  service.authorization = access_token

  name = "projects/#{gcp_project_id}/serviceAccounts/#{service_account_id}"
  request_body = Google::Apis::IamV1::CreateServiceAccountKeyRequest.new
  service.create_service_account_key(name, request_body)
end

#enable_artifacts_registry(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 106

def enable_artifacts_registry(gcp_project_id)
  enable_service(gcp_project_id, 'artifactregistry.googleapis.com')
end

#enable_cloud_build(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 110

def enable_cloud_build(gcp_project_id)
  enable_service(gcp_project_id, 'cloudbuild.googleapis.com')
end

#enable_cloud_run(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 102

def enable_cloud_run(gcp_project_id)
  enable_service(gcp_project_id, 'run.googleapis.com')
end

#enable_cloud_sql_admin(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 114

def enable_cloud_sql_admin(gcp_project_id)
  enable_service(gcp_project_id, 'sqladmin.googleapis.com')
end

#enable_compute(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 118

def enable_compute(gcp_project_id)
  enable_service(gcp_project_id, 'compute.googleapis.com')
end

#enable_service_networking(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 122

def enable_service_networking(gcp_project_id)
  enable_service(gcp_project_id, 'servicenetworking.googleapis.com')
end

#enable_vision_api(gcp_project_id) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 126

def enable_vision_api(gcp_project_id)
  enable_service(gcp_project_id, 'vision.googleapis.com')
end

#get_cloudsql_instance(gcp_project_id, instance_name) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 155

def get_cloudsql_instance(gcp_project_id, instance_name)
  sql_admin_service.get_instance(gcp_project_id, instance_name)
end

#grant_service_account_roles(gcp_project_id, email) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 97

def grant_service_account_roles(gcp_project_id, email)
  body = policy_request_body(gcp_project_id, email)
  cloud_resource_manager_service.set_project_iam_policy(gcp_project_id, body)
end

#list_cloudsql_databases(gcp_project_id, instance_name) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 135

def list_cloudsql_databases(gcp_project_id, instance_name)
  sql_admin_service.list_databases(gcp_project_id, instance_name, options: user_agent_header)
end

#list_cloudsql_users(gcp_project_id, instance_name) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 144

def list_cloudsql_users(gcp_project_id, instance_name)
  sql_admin_service.list_users(gcp_project_id, instance_name, options: user_agent_header)
end

#list_projects ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 55

def list_projects
  result = []

  response = cloud_resource_manager_service.fetch_all(items: :projects) do |token|
    cloud_resource_manager_service.list_projects
  end

  # Google API results are paged by default, so we need to iterate through
  response.each do |project|
    result.append(project)
  end

  result.sort_by(&:project_id)
end

#revoke_authorizations ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 130

def revoke_authorizations
  uri = URI(REVOKE_URL)
  Gitlab::HTTP.post(uri, body: { 'token' => access_token })
end

#scope ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 41

def scope
  SCOPE
end

#validate_token(expires_at) ⇒ Object

# File 'lib/google_api/cloud_platform/client.rb', line 45

def validate_token(expires_at)
  return false unless access_token
  return false unless expires_at

  # Making sure that the token will have been still alive during the cluster creation.
  return false if token_life_time(expires_at) < LEAST_TOKEN_LIFE_TIME

  true
end