uffizzi_core 2.0.8 → 2.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/clients/uffizzi_core/controller_client.rb +2 -2
- data/app/controllers/uffizzi_core/api/cli/v1/projects/deployments/containers/logs_controller.rb +1 -1
- data/app/controllers/uffizzi_core/application_controller.rb +5 -3
- data/app/errors/uffizzi_core/registry_not_supported_error.rb +4 -0
- data/app/forms/uffizzi_core/api/cli/v1/account/credential/create_form.rb +1 -1
- data/app/forms/uffizzi_core/api/cli/v1/account/credential/update_form.rb +1 -1
- data/app/forms/uffizzi_core/api/cli/v1/compose_file/check_credentials_form.rb +8 -1
- data/app/forms/uffizzi_core/api/cli/v1/compose_file/template_form.rb +2 -0
- data/app/forms/uffizzi_core/api/cli/v1/template/create_form.rb +2 -55
- data/app/lib/uffizzi_core/concerns/models/credential.rb +13 -17
- data/app/lib/uffizzi_core/concerns/models/template.rb +16 -0
- data/app/serializers/uffizzi_core/controller/create_credential/credential_serializer.rb +1 -1
- data/app/services/uffizzi_core/activity_item_service.rb +2 -11
- data/app/services/uffizzi_core/compose_file/builders/container_builder_service.rb +33 -82
- data/app/services/uffizzi_core/compose_file/container_service.rb +0 -72
- data/app/services/uffizzi_core/compose_file_service.rb +6 -28
- data/app/services/uffizzi_core/{amazon/credential_service.rb → container_registry/amazon_service.rb} +20 -2
- data/app/services/uffizzi_core/container_registry/azure_service.rb +21 -0
- data/app/services/uffizzi_core/{docker_hub_service.rb → container_registry/docker_hub_service.rb} +7 -3
- data/app/services/uffizzi_core/{docker_registry_service.rb → container_registry/docker_registry_service.rb} +15 -1
- data/app/services/uffizzi_core/{github_container_registry/credential_service.rb → container_registry/github_container_registry_service.rb} +7 -4
- data/app/services/uffizzi_core/container_registry/google_service.rb +27 -0
- data/app/services/uffizzi_core/container_registry_service.rb +91 -0
- data/app/services/uffizzi_core/logs_service.rb +10 -1
- data/app/services/uffizzi_core/repo_service.rb +2 -15
- data/lib/uffizzi_core/version.rb +1 -1
- metadata +10 -14
- data/app/services/uffizzi_core/amazon_service.rb +0 -31
- data/app/services/uffizzi_core/azure/credential_service.rb +0 -18
- data/app/services/uffizzi_core/credential_service.rb +0 -45
- data/app/services/uffizzi_core/docker_hub/credential_service.rb +0 -15
- data/app/services/uffizzi_core/docker_registry/credential_service.rb +0 -21
- data/app/services/uffizzi_core/google/credential_service.rb +0 -18
- data/app/services/uffizzi_core/google_service.rb +0 -21
- data/app/services/uffizzi_core/template_service.rb +0 -21
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5adcb84a6cf63bdf3be955bc45bfe6a48ec598fc3a85b7e41e077edc84e76714
|
4
|
+
data.tar.gz: a506f8f518dab7d0988c3ee60030122c6edd38f6967fbe35aeeadb8522c097d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1a755bd0bf09c427bebcdf63ed0a3a07f11a679ddfa62f04fedb86c9513b5c4d0eef4ed6ded616c17c105d8047f21161d9bfe7237996a9c496e122fbb2b23988
|
7
|
+
data.tar.gz: d99c280ca1bd18b82ea7705716d528ce82e8529e27c60dee9ed8dfddc7b95a0482165b4bd479ca0194005275ff8c33f14a71fd6a435cad73d894caaa6bcb0878
|
@@ -39,8 +39,8 @@ class UffizziCore::ControllerClient
|
|
39
39
|
get("/deployments/#{deployment_id}/containers/metrics")
|
40
40
|
end
|
41
41
|
|
42
|
-
def deployment_container_logs(deployment_id:, container_name:, limit:)
|
43
|
-
get("/deployments/#{deployment_id}/containers/#{container_name}/logs?limit=#{limit}")
|
42
|
+
def deployment_container_logs(deployment_id:, container_name:, limit:, previous:)
|
43
|
+
get("/deployments/#{deployment_id}/containers/#{container_name}/logs?limit=#{limit}&previous=#{previous}")
|
44
44
|
end
|
45
45
|
|
46
46
|
def deployment_containers_events(deployment_id:)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
class UffizziCore::ApplicationController < ActionController::Base
|
4
|
-
include Pundit
|
4
|
+
include Pundit::Authorization
|
5
5
|
include UffizziCore::ResponseService
|
6
6
|
include UffizziCore::AuthManagement
|
7
7
|
include UffizziCore::AuthorizationConcern
|
@@ -12,8 +12,10 @@ class UffizziCore::ApplicationController < ActionController::Base
|
|
12
12
|
|
13
13
|
protect_from_forgery with: :exception
|
14
14
|
RESCUABLE_EXCEPTIONS = [RuntimeError, TypeError, NameError, ArgumentError, SyntaxError].freeze
|
15
|
-
|
16
|
-
|
15
|
+
unless Rails.env.test?
|
16
|
+
rescue_from *RESCUABLE_EXCEPTIONS do |exception|
|
17
|
+
render_server_error(exception)
|
18
|
+
end
|
17
19
|
end
|
18
20
|
rescue_from ActiveRecord::RecordNotFound do |exception|
|
19
21
|
render_not_found(exception)
|
@@ -17,7 +17,7 @@ class UffizziCore::Api::Cli::V1::Account::Credential::CreateForm < UffizziCore::
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def check_credential_correctness
|
20
|
-
errors.add(:username, :incorrect, type: type.text) unless
|
20
|
+
errors.add(:username, :incorrect, type: type.text) unless correct?
|
21
21
|
end
|
22
22
|
|
23
23
|
def credential_exists?
|
@@ -16,6 +16,6 @@ class UffizziCore::Api::Cli::V1::Account::Credential::UpdateForm < UffizziCore::
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def check_credential_correctness
|
19
|
-
errors.add(:username, :incorrect) unless
|
19
|
+
errors.add(:username, :incorrect) unless correct?
|
20
20
|
end
|
21
21
|
end
|
@@ -15,7 +15,14 @@ class UffizziCore::Api::Cli::V1::ComposeFile::CheckCredentialsForm
|
|
15
15
|
compose_payload = { compose_file: compose_file }
|
16
16
|
compose_data = UffizziCore::ComposeFileService.parse(compose_content, compose_payload)
|
17
17
|
|
18
|
-
|
18
|
+
containers = compose_data[:containers]
|
19
|
+
containers.map do |container|
|
20
|
+
container_registry_service = UffizziCore::ContainerRegistryService.init_by_container(container)
|
21
|
+
credential = container_registry_service.credential(credentials)
|
22
|
+
next credential if container_registry_service.image_available?(credentials)
|
23
|
+
|
24
|
+
raise UffizziCore::ComposeFile::CredentialError.new(I18n.t('compose.unprocessable_image', value: container_registry_service.type))
|
25
|
+
end
|
19
26
|
rescue UffizziCore::ComposeFile::CredentialError => e
|
20
27
|
errors.add(:credentials, e.message)
|
21
28
|
end
|
@@ -39,6 +39,8 @@ class UffizziCore::Api::Cli::V1::ComposeFile::TemplateForm
|
|
39
39
|
errors.add(SECRETS_ERROR_KEY, template_build_error.message)
|
40
40
|
when UffizziCore::ComposeFile::BuildError
|
41
41
|
errors.add(TEMPLATE_BUILD_ERROR_KEY, template_build_error.message)
|
42
|
+
when StandardError
|
43
|
+
raise template_build_error
|
42
44
|
end
|
43
45
|
end
|
44
46
|
end
|
@@ -1,72 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
class UffizziCore::Api::Cli::V1::Template::CreateForm < UffizziCore::Template
|
4
|
-
include UffizziCore::ApplicationForm
|
5
|
-
|
6
|
-
permit :name,
|
7
|
-
payload: {
|
8
|
-
containers_attributes: [
|
9
|
-
:image,
|
10
|
-
:tag,
|
11
|
-
:port,
|
12
|
-
:public,
|
13
|
-
:memory_limit,
|
14
|
-
:memory_request,
|
15
|
-
:entrypoint,
|
16
|
-
:command,
|
17
|
-
:receive_incoming_requests,
|
18
|
-
:continuously_deploy,
|
19
|
-
:service_name,
|
20
|
-
:name,
|
21
|
-
{ variables: [:name, :value],
|
22
|
-
additional_subdomains: [],
|
23
|
-
secret_variables: [:name, :value],
|
24
|
-
volumes: [:source, :target, :type, :read_only],
|
25
|
-
healthcheck: [:test, :interval, :timeout, :retries, :start_period, :disable, { test: [] }],
|
26
|
-
repo_attributes: [
|
27
|
-
:namespace,
|
28
|
-
:name,
|
29
|
-
:slug,
|
30
|
-
:type,
|
31
|
-
:description,
|
32
|
-
:repository_id,
|
33
|
-
:is_private,
|
34
|
-
:branch,
|
35
|
-
:kind,
|
36
|
-
:dockerfile_path,
|
37
|
-
:dockerfile_context_path,
|
38
|
-
:deploy_preview_when_pull_request_is_opened,
|
39
|
-
:delete_preview_when_pull_request_is_closed,
|
40
|
-
:deploy_preview_when_image_tag_is_created,
|
41
|
-
:delete_preview_when_image_tag_is_updated,
|
42
|
-
:share_to_github,
|
43
|
-
:delete_preview_after,
|
44
|
-
{ args: [:name, :value] },
|
45
|
-
],
|
46
|
-
container_config_files_attributes: [
|
47
|
-
:config_file_id,
|
48
|
-
:mount_path,
|
49
|
-
],
|
50
|
-
container_host_volume_files_attributes: [
|
51
|
-
:host_volume_file_id,
|
52
|
-
:source_path,
|
53
|
-
] },
|
54
|
-
],
|
55
|
-
}
|
56
|
-
|
57
4
|
validate :check_max_memory_limit
|
58
5
|
validate :check_max_memory_request
|
59
6
|
|
60
7
|
private
|
61
8
|
|
62
9
|
def check_max_memory_limit
|
63
|
-
return if
|
10
|
+
return if valid_containers_memory_limit?
|
64
11
|
|
65
12
|
errors.add(:payload, :max_memory_limit_error, max: project.account.container_memory_limit)
|
66
13
|
end
|
67
14
|
|
68
15
|
def check_max_memory_request
|
69
|
-
return if
|
16
|
+
return if valid_containers_memory_request?
|
70
17
|
|
71
18
|
errors.add(:payload, :max_memory_request_error, max: project.account.container_memory_limit)
|
72
19
|
end
|
@@ -44,28 +44,24 @@ module UffizziCore::Concerns::Models::Credential
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
|
47
|
-
|
48
|
-
|
47
|
+
UffizziCore::ContainerRegistryService.sources.each do |t|
|
48
|
+
define_method :"#{t}?" do
|
49
|
+
type == "UffizziCore::Credential::#{t.to_s.camelize}"
|
50
|
+
end
|
49
51
|
end
|
50
52
|
|
51
|
-
def
|
52
|
-
|
53
|
-
|
53
|
+
def correct?
|
54
|
+
credential = self
|
55
|
+
return false unless credential
|
54
56
|
|
55
|
-
|
56
|
-
|
57
|
-
end
|
57
|
+
container_registry_service = UffizziCore::ContainerRegistryService.init_by_subclass(credential.type)
|
58
|
+
status = container_registry_service.credential_correct?(credential)
|
58
59
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
def google?
|
64
|
-
type == UffizziCore::Credential::Google.name
|
65
|
-
end
|
60
|
+
if credential.persisted? && credential.active? && !status
|
61
|
+
Rails.logger.warn("Wrong credential: credential_correct? credential_id=#{credential.id}")
|
62
|
+
end
|
66
63
|
|
67
|
-
|
68
|
-
type == UffizziCore::Credential::Amazon.name
|
64
|
+
status
|
69
65
|
end
|
70
66
|
|
71
67
|
private
|
@@ -19,5 +19,21 @@ module UffizziCore::Concerns::Models::Template
|
|
19
19
|
|
20
20
|
validates :name, presence: true
|
21
21
|
validates :name, uniqueness: { scope: :project }, if: -> { compose_file.blank? || compose_file.kind.main? }
|
22
|
+
|
23
|
+
def valid_containers_memory_limit?
|
24
|
+
containers_attributes = payload['containers_attributes']
|
25
|
+
container_memory_limit = project.account.container_memory_limit
|
26
|
+
return true if container_memory_limit.nil?
|
27
|
+
|
28
|
+
containers_attributes.all? { |container| container['memory_limit'].to_i <= container_memory_limit }
|
29
|
+
end
|
30
|
+
|
31
|
+
def valid_containers_memory_request?
|
32
|
+
containers_attributes = payload['containers_attributes']
|
33
|
+
container_memory_limit = project.account.container_memory_limit
|
34
|
+
return true if container_memory_limit.nil?
|
35
|
+
|
36
|
+
containers_attributes.all? { |container| container['memory_request'].to_i <= container_memory_limit }
|
37
|
+
end
|
22
38
|
end
|
23
39
|
end
|
@@ -11,7 +11,7 @@ class UffizziCore::Controller::CreateCredential::CredentialSerializer < UffizziC
|
|
11
11
|
|
12
12
|
def password
|
13
13
|
if object.amazon?
|
14
|
-
UffizziCore::
|
14
|
+
UffizziCore::ContainerRegistry::AmazonService.access_token(object)
|
15
15
|
else
|
16
16
|
object.password
|
17
17
|
end
|
@@ -37,17 +37,8 @@ class UffizziCore::ActivityItemService
|
|
37
37
|
container = activity_item.container
|
38
38
|
repo = container.repo
|
39
39
|
credential = UffizziCore::RepoService.credential(repo)
|
40
|
-
|
41
|
-
digest =
|
42
|
-
when UffizziCore::Repo::DockerHub.name
|
43
|
-
UffizziCore::DockerHubService.digest(credential, activity_item.image, activity_item.tag)
|
44
|
-
when UffizziCore::Repo::Azure.name
|
45
|
-
UffizziCore::AzureService.digest(credential, activity_item.image, activity_item.tag)
|
46
|
-
when UffizziCore::Repo::Google.name
|
47
|
-
UffizziCore::GoogleService.digest(credential, activity_item.image, activity_item.tag)
|
48
|
-
when UffizziCore::Repo::Amazon.name
|
49
|
-
UffizziCore::AmazonService.digest(credential, activity_item.image, activity_item.tag)
|
50
|
-
end
|
40
|
+
container_registry_service = UffizziCore::ContainerRegistryService.init_by_subclass(repo.type)
|
41
|
+
digest = container_registry_service.digest(credential, activity_item.image, activity_item.tag)
|
51
42
|
|
52
43
|
activity_item.update!(digest: digest)
|
53
44
|
|
@@ -21,13 +21,11 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
21
21
|
healthcheck_data = container_data[:healthcheck] || {}
|
22
22
|
volumes_data = container_data[:volumes] || []
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
host_volumes_dependencies =
|
29
|
-
compose_dependencies, container_name
|
30
|
-
)
|
24
|
+
github_deps_service = UffizziCore::ComposeFile::GithubDependenciesService
|
25
|
+
|
26
|
+
env_file_dependencies = github_deps_service.env_file_dependencies_for_container(compose_dependencies, container_name)
|
27
|
+
configs_dependencies = github_deps_service.configs_dependencies_for_container(compose_dependencies, container_name)
|
28
|
+
host_volumes_dependencies = github_deps_service.host_volumes_dependencies_for_container(compose_dependencies, container_name)
|
31
29
|
is_ingress = ingress_container?(container_name, ingress_data)
|
32
30
|
repo_attributes = repo_attributes(container_data, continuous_preview_global_data)
|
33
31
|
additional_subdomains = is_ingress ? ingress_data.fetch(:additional_subdomains, []) : []
|
@@ -59,6 +57,10 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
59
57
|
|
60
58
|
private
|
61
59
|
|
60
|
+
def container_registry(container_data)
|
61
|
+
@container_registry ||= UffizziCore::ContainerRegistryService.init_by_container(container_data)
|
62
|
+
end
|
63
|
+
|
62
64
|
def repo_attributes(container_data, continuous_preview_global_data)
|
63
65
|
repo_attributes = build_repo_attributes(container_data)
|
64
66
|
continuous_preview_container_data = container_data[:'x-uffizzi-continuous-preview'] || container_data[:'x-uffizzi-continuous-previews']
|
@@ -66,6 +68,20 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
66
68
|
set_continuous_preview_attributes_to_repo(repo_attributes, continuous_preview_global_data.to_h, continuous_preview_container_data.to_h)
|
67
69
|
end
|
68
70
|
|
71
|
+
def build_repo_attributes(container_data)
|
72
|
+
container_registry = container_registry(container_data)
|
73
|
+
repo_type = container_registry.repo_type.name
|
74
|
+
raise UffizziCore::ComposeFile::BuildError, I18n.t('compose.invalid_repo_type') if repo_type.blank?
|
75
|
+
|
76
|
+
image_data = container_registry.image_data
|
77
|
+
if container_registry.image_available?(credentials)
|
78
|
+
docker_repo_builder = UffizziCore::ComposeFile::Builders::DockerRepoBuilderService.new(repo_type)
|
79
|
+
return docker_repo_builder.build_attributes(image_data)
|
80
|
+
end
|
81
|
+
|
82
|
+
raise UffizziCore::ComposeFile::BuildError, I18n.t('compose.unprocessable_image', value: container_registry.type)
|
83
|
+
end
|
84
|
+
|
69
85
|
def set_continuous_preview_attributes_to_repo(repo_attributes, global_data, container_data)
|
70
86
|
condition_attributes = [
|
71
87
|
:deploy_preview_when_pull_request_is_opened,
|
@@ -78,16 +94,17 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
78
94
|
condition_attributes.each do |attribute|
|
79
95
|
repo_attributes[attribute] = select_continuous_preview_attribute(global_data[attribute], container_data[attribute], false)
|
80
96
|
end
|
81
|
-
|
82
|
-
|
83
|
-
|
97
|
+
|
98
|
+
global = global_data.dig(:delete_preview_after, :value)
|
99
|
+
local = container_data.dig(:delete_preview_after, :value)
|
100
|
+
repo_attributes[:delete_preview_after] = select_continuous_preview_attribute(global, local, nil)
|
84
101
|
|
85
102
|
repo_attributes
|
86
103
|
end
|
87
104
|
|
88
105
|
def select_continuous_preview_attribute(global_attribute, local_attribute, default_attribute)
|
89
|
-
return local_attribute if
|
90
|
-
return global_attribute if
|
106
|
+
return local_attribute if local_attribute.present?
|
107
|
+
return global_attribute if global_attribute.present?
|
91
108
|
|
92
109
|
default_attribute
|
93
110
|
end
|
@@ -104,24 +121,15 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
104
121
|
|
105
122
|
def image(container_data, image_data, build_data, credentials)
|
106
123
|
if image_data.present?
|
107
|
-
image_name(
|
124
|
+
container_registry(container_data).image_name(credentials)
|
108
125
|
else
|
109
126
|
"#{build_data[:account_name]}/#{build_data[:repository_name]}"
|
110
127
|
end
|
111
128
|
end
|
112
129
|
|
113
|
-
def image_name(container_data
|
114
|
-
|
115
|
-
|
116
|
-
!UffizziCore::ComposeFile::ContainerService.github_container_registry?(container_data) &&
|
117
|
-
!UffizziCore::ComposeFile::ContainerService.docker_registry?(container_data)
|
118
|
-
image_data[:name]
|
119
|
-
elsif UffizziCore::ComposeFile::ContainerService.docker_registry?(container_data) &&
|
120
|
-
credential_by_scope(credentials, :docker_registry).nil?
|
121
|
-
[image_data[:registry_url], image_data[:namespace], image_data[:name]].compact.join('/')
|
122
|
-
else
|
123
|
-
"#{image_data[:namespace]}/#{image_data[:name]}"
|
124
|
-
end
|
130
|
+
def image_name(container_data)
|
131
|
+
container_registry = container_registry(container_data)
|
132
|
+
container_registry.image_name(credentials)
|
125
133
|
end
|
126
134
|
|
127
135
|
def ingress_container?(container_name, ingress)
|
@@ -130,13 +138,11 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
130
138
|
|
131
139
|
def entrypoint(container_data)
|
132
140
|
entrypoint = container_data[:entrypoint]
|
133
|
-
|
134
141
|
entrypoint.present? ? entrypoint.to_s : nil
|
135
142
|
end
|
136
143
|
|
137
144
|
def command(container_data)
|
138
145
|
command = container_data[:command]
|
139
|
-
|
140
146
|
command.present? ? command.to_s : nil
|
141
147
|
end
|
142
148
|
|
@@ -169,59 +175,12 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
169
175
|
memory_value
|
170
176
|
end
|
171
177
|
|
172
|
-
def build_repo_attributes(container_data)
|
173
|
-
repo_type = repo_type(container_data)
|
174
|
-
image_data = container_data[:image]
|
175
|
-
|
176
|
-
case repo_type
|
177
|
-
when UffizziCore::Repo::DockerHub.name
|
178
|
-
build_docker_repo_attributes(image_data, credentials, :docker_hub, UffizziCore::Repo::DockerHub.name)
|
179
|
-
when UffizziCore::Repo::DockerRegistry.name
|
180
|
-
build_docker_repo_attributes(image_data, credentials, :docker_registry, UffizziCore::Repo::DockerRegistry.name)
|
181
|
-
when UffizziCore::Repo::Azure.name
|
182
|
-
build_docker_repo_attributes(image_data, credentials, :azure, UffizziCore::Repo::Azure.name)
|
183
|
-
when UffizziCore::Repo::Google.name
|
184
|
-
build_docker_repo_attributes(image_data, credentials, :google, UffizziCore::Repo::Google.name)
|
185
|
-
when UffizziCore::Repo::GithubContainerRegistry.name
|
186
|
-
build_docker_repo_attributes(image_data, credentials, :github_container_registry, UffizziCore::Repo::GithubContainerRegistry.name)
|
187
|
-
when UffizziCore::Repo::Amazon.name
|
188
|
-
build_docker_repo_attributes(image_data, credentials, :amazon, UffizziCore::Repo::Amazon.name)
|
189
|
-
else
|
190
|
-
raise UffizziCore::ComposeFile::BuildError, I18n.t('compose.invalid_repo_type')
|
191
|
-
end
|
192
|
-
end
|
193
|
-
|
194
|
-
def repo_type(container_data)
|
195
|
-
if UffizziCore::ComposeFile::ContainerService.azure?(container_data)
|
196
|
-
UffizziCore::Repo::Azure.name
|
197
|
-
elsif UffizziCore::ComposeFile::ContainerService.docker_hub?(container_data)
|
198
|
-
UffizziCore::Repo::DockerHub.name
|
199
|
-
elsif UffizziCore::ComposeFile::ContainerService.docker_registry?(container_data)
|
200
|
-
UffizziCore::Repo::DockerRegistry.name
|
201
|
-
elsif UffizziCore::ComposeFile::ContainerService.google?(container_data)
|
202
|
-
UffizziCore::Repo::Google.name
|
203
|
-
elsif UffizziCore::ComposeFile::ContainerService.github_container_registry?(container_data)
|
204
|
-
UffizziCore::Repo::GithubContainerRegistry.name
|
205
|
-
elsif UffizziCore::ComposeFile::ContainerService.amazon?(container_data)
|
206
|
-
UffizziCore::Repo::Amazon.name
|
207
|
-
end
|
208
|
-
end
|
209
|
-
|
210
178
|
def continuously_deploy(deploy_data)
|
211
179
|
return :disabled if deploy_data[:auto] == false
|
212
180
|
|
213
181
|
:enabled
|
214
182
|
end
|
215
183
|
|
216
|
-
def build_docker_repo_attributes(image_data, credentials, scope, repo_type)
|
217
|
-
credential = credential_by_scope(credentials, scope)
|
218
|
-
if UffizziCore::ComposeFile::ContainerService.image_available?(credential, image_data, scope)
|
219
|
-
return docker_builder(repo_type).build_attributes(image_data)
|
220
|
-
end
|
221
|
-
|
222
|
-
raise UffizziCore::ComposeFile::BuildError, I18n.t('compose.unprocessable_image', value: scope)
|
223
|
-
end
|
224
|
-
|
225
184
|
def variables(variables_data, dependencies)
|
226
185
|
variables_builder.build_attributes(variables_data, dependencies)
|
227
186
|
end
|
@@ -243,15 +202,7 @@ class UffizziCore::ComposeFile::Builders::ContainerBuilderService
|
|
243
202
|
.build_attributes(host_volumes_data, host_volumes_dependencies, project)
|
244
203
|
end
|
245
204
|
|
246
|
-
def docker_builder(type)
|
247
|
-
@docker_builder ||= UffizziCore::ComposeFile::Builders::DockerRepoBuilderService.new(type)
|
248
|
-
end
|
249
|
-
|
250
205
|
def variables_builder
|
251
206
|
@variables_builder ||= UffizziCore::ComposeFile::Builders::VariablesBuilderService.new(project)
|
252
207
|
end
|
253
|
-
|
254
|
-
def credential_by_scope(credentials, scope)
|
255
|
-
credentials.send(scope).first
|
256
|
-
end
|
257
208
|
end
|
@@ -2,48 +2,6 @@
|
|
2
2
|
|
3
3
|
class UffizziCore::ComposeFile::ContainerService
|
4
4
|
class << self
|
5
|
-
def azure?(container)
|
6
|
-
registry_url = container.dig(:image, :registry_url)
|
7
|
-
|
8
|
-
registry_url.present? && registry_url.include?('azurecr.io')
|
9
|
-
end
|
10
|
-
|
11
|
-
def google?(container)
|
12
|
-
registry_url = container.dig(:image, :registry_url)
|
13
|
-
|
14
|
-
registry_url.present? && registry_url.include?('gcr.io')
|
15
|
-
end
|
16
|
-
|
17
|
-
def amazon?(container)
|
18
|
-
registry_url = container.dig(:image, :registry_url)
|
19
|
-
|
20
|
-
registry_url.present? && registry_url.include?('amazonaws.com')
|
21
|
-
end
|
22
|
-
|
23
|
-
def docker_hub?(container)
|
24
|
-
registry_url = container.dig(:image, :registry_url)
|
25
|
-
repository_url = container.dig(:build, :repository_url)
|
26
|
-
|
27
|
-
registry_url.nil? && repository_url.nil?
|
28
|
-
end
|
29
|
-
|
30
|
-
def docker_registry?(container)
|
31
|
-
registry_url = container.dig(:image, :registry_url)
|
32
|
-
return false if registry_url.nil?
|
33
|
-
|
34
|
-
registry_domain_regexp = /(\w+\.\w{2,})(?::\d+)?\z/
|
35
|
-
registry_domain = registry_url.match(registry_domain_regexp)&.to_a&.last
|
36
|
-
return false if registry_domain.nil?
|
37
|
-
|
38
|
-
['amazonaws.com', 'azurecr.io', 'gcr.io', 'ghcr.io'].exclude?(registry_domain)
|
39
|
-
end
|
40
|
-
|
41
|
-
def github_container_registry?(container)
|
42
|
-
registry_url = container.dig(:image, :registry_url)
|
43
|
-
|
44
|
-
registry_url.present? && registry_url.include?('ghcr.io')
|
45
|
-
end
|
46
|
-
|
47
5
|
def has_secret?(container, secret)
|
48
6
|
container['secret_variables'].any? { |container_secret| container_secret['name'] == secret['name'] }
|
49
7
|
end
|
@@ -54,35 +12,5 @@ class UffizziCore::ComposeFile::ContainerService
|
|
54
12
|
|
55
13
|
container
|
56
14
|
end
|
57
|
-
|
58
|
-
def credential_for_container(container, credentials)
|
59
|
-
if UffizziCore::ComposeFile::ContainerService.azure?(container)
|
60
|
-
detect_credential(container, credentials, :azure)
|
61
|
-
elsif UffizziCore::ComposeFile::ContainerService.docker_hub?(container)
|
62
|
-
detect_credential(container, credentials, :docker_hub)
|
63
|
-
elsif UffizziCore::ComposeFile::ContainerService.google?(container)
|
64
|
-
detect_credential(container, credentials, :google)
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
def detect_credential(container, credentials, type)
|
69
|
-
credential = credentials.detect { |item| item.send("#{type}?") }
|
70
|
-
|
71
|
-
return credential if image_available?(credential, container[:image], type)
|
72
|
-
|
73
|
-
raise UffizziCore::ComposeFile::CredentialError.new(I18n.t('compose.unprocessable_image', value: type))
|
74
|
-
end
|
75
|
-
|
76
|
-
def image_available?(credential, image_data, type)
|
77
|
-
case type
|
78
|
-
when :docker_hub
|
79
|
-
UffizziCore::DockerHubService.image_available?(credential, image_data)
|
80
|
-
when :docker_registry
|
81
|
-
UffizziCore::DockerRegistryService.image_available?(credential, image_data)
|
82
|
-
else
|
83
|
-
# TODO check image availability in other registry types
|
84
|
-
credential.present?
|
85
|
-
end
|
86
|
-
end
|
87
15
|
end
|
88
16
|
end
|
@@ -59,19 +59,6 @@ class UffizziCore::ComposeFileService
|
|
59
59
|
builder.build_attributes(compose_data, compose_dependencies, source)
|
60
60
|
end
|
61
61
|
|
62
|
-
def containers_credentials(compose_data, credentials)
|
63
|
-
containers = compose_data[:containers]
|
64
|
-
detected_credentials = containers.map do |container|
|
65
|
-
UffizziCore::ComposeFile::ContainerService.credential_for_container(container, credentials)
|
66
|
-
end
|
67
|
-
|
68
|
-
result = []
|
69
|
-
detected_credentials.compact
|
70
|
-
.group_by { |credential| credential[:id] }
|
71
|
-
.each_pair { |_id, value| result << value.first }
|
72
|
-
result
|
73
|
-
end
|
74
|
-
|
75
62
|
def has_secret?(compose_file, secret)
|
76
63
|
containers = compose_file.template.payload['containers_attributes']
|
77
64
|
|
@@ -91,8 +78,7 @@ class UffizziCore::ComposeFileService
|
|
91
78
|
|
92
79
|
if new_secrets_errors.present?
|
93
80
|
new_errors = { UffizziCore::ComposeFile::ErrorsService::SECRETS_ERROR_KEY => new_secrets_errors }
|
94
|
-
UffizziCore::ComposeFile::ErrorsService.update_compose_errors!(compose_file,
|
95
|
-
compose_file_errors.merge(new_errors),
|
81
|
+
UffizziCore::ComposeFile::ErrorsService.update_compose_errors!(compose_file, compose_file_errors.merge(new_errors),
|
96
82
|
compose_file.content)
|
97
83
|
next
|
98
84
|
end
|
@@ -117,12 +103,8 @@ class UffizziCore::ComposeFileService
|
|
117
103
|
end
|
118
104
|
|
119
105
|
def create_temporary_compose(resource_project, current_user, compose_file_params, dependencies)
|
120
|
-
create_params = {
|
121
|
-
|
122
|
-
user: current_user,
|
123
|
-
compose_file_params: compose_file_params,
|
124
|
-
dependencies: dependencies || [],
|
125
|
-
}
|
106
|
+
create_params = { project: resource_project, user: current_user, compose_file_params: compose_file_params,
|
107
|
+
dependencies: dependencies || [] }
|
126
108
|
kind = UffizziCore::ComposeFile.kind.temporary
|
127
109
|
UffizziCore::ComposeFileService.create(create_params, kind)
|
128
110
|
end
|
@@ -173,11 +155,7 @@ class UffizziCore::ComposeFileService
|
|
173
155
|
end
|
174
156
|
|
175
157
|
def prepare_compose_file_dependencies(compose_dependencies)
|
176
|
-
compose_dependencies.map
|
177
|
-
{
|
178
|
-
path: dependency[:path],
|
179
|
-
}
|
180
|
-
end
|
158
|
+
compose_dependencies.map { |dependency| { path: dependency[:path] } }
|
181
159
|
end
|
182
160
|
|
183
161
|
def persist!(compose_file_form, cli_form)
|
@@ -201,6 +179,7 @@ class UffizziCore::ComposeFileService
|
|
201
179
|
|
202
180
|
raise ActiveRecord::Rollback if errors.present?
|
203
181
|
end
|
182
|
+
|
204
183
|
[compose_file_form, errors]
|
205
184
|
end
|
206
185
|
|
@@ -208,9 +187,8 @@ class UffizziCore::ComposeFileService
|
|
208
187
|
begin
|
209
188
|
compose_data = YAML.safe_load(compose_content, aliases: true)
|
210
189
|
rescue Psych::SyntaxError
|
211
|
-
raise UffizziCore::ComposeFile::ParseError, '
|
190
|
+
raise UffizziCore::ComposeFile::ParseError, I18n.t('compose.invalid_file')
|
212
191
|
end
|
213
|
-
|
214
192
|
raise UffizziCore::ComposeFile::ParseError, I18n.t('compose.unsupported_file') if compose_data.nil?
|
215
193
|
|
216
194
|
compose_data
|
data/app/services/uffizzi_core/{amazon/credential_service.rb → container_registry/amazon_service.rb}
RENAMED
@@ -1,7 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
class UffizziCore::
|
3
|
+
class UffizziCore::ContainerRegistry::AmazonService
|
4
4
|
class << self
|
5
|
+
def digest(credential, image, tag)
|
6
|
+
response = client(credential).batch_get_image(image: image, tag: tag)
|
7
|
+
response.images[0].image_id.image_digest
|
8
|
+
rescue StandardError
|
9
|
+
nil
|
10
|
+
end
|
11
|
+
|
12
|
+
def get_region_from_registry_url(url)
|
13
|
+
parsed_url = URI.parse(url)
|
14
|
+
host = parsed_url.host
|
15
|
+
parsed_host = host.split('.')
|
16
|
+
parsed_host[3]
|
17
|
+
end
|
18
|
+
|
19
|
+
def image_available?(credential, _image_data)
|
20
|
+
credential.present?
|
21
|
+
end
|
22
|
+
|
5
23
|
def credential_correct?(credential)
|
6
24
|
access_token(credential).present?
|
7
25
|
end
|
@@ -19,7 +37,7 @@ class UffizziCore::Amazon::CredentialService
|
|
19
37
|
private
|
20
38
|
|
21
39
|
def client(credential)
|
22
|
-
region =
|
40
|
+
region = get_region_from_registry_url(credential.registry_url)
|
23
41
|
|
24
42
|
UffizziCore::AmazonRegistryClient.new(
|
25
43
|
region: region,
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class UffizziCore::ContainerRegistry::AzureService
|
4
|
+
class << self
|
5
|
+
def image_available?(credential, _image_data)
|
6
|
+
credential.present?
|
7
|
+
end
|
8
|
+
|
9
|
+
def credential_correct?(credential)
|
10
|
+
client(credential).authentificated?
|
11
|
+
rescue URI::InvalidURIError, Faraday::ConnectionFailed
|
12
|
+
false
|
13
|
+
end
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def client(c)
|
18
|
+
UffizziCore::AzureRegistryClient.new(registry_url: c.registry_url, username: c.username, password: c.password)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
data/app/services/uffizzi_core/{docker_hub_service.rb → container_registry/docker_hub_service.rb}
RENAMED
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
class UffizziCore::DockerHubService
|
3
|
+
class UffizziCore::ContainerRegistry::DockerHubService
|
4
4
|
class << self
|
5
5
|
def accounts(credential)
|
6
6
|
client = user_client(credential)
|
@@ -41,10 +41,14 @@ class UffizziCore::DockerHubService
|
|
41
41
|
response.headers['docker-content-digest']
|
42
42
|
end
|
43
43
|
|
44
|
+
def credential_correct?(credential)
|
45
|
+
client(credential).authentificated?
|
46
|
+
end
|
47
|
+
|
44
48
|
private
|
45
49
|
|
46
|
-
def
|
47
|
-
|
50
|
+
def client(credential)
|
51
|
+
UffizziCore::DockerHubClient.new(credential)
|
48
52
|
end
|
49
53
|
|
50
54
|
def not_found?(response)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
class UffizziCore::DockerRegistryService
|
3
|
+
class UffizziCore::ContainerRegistry::DockerRegistryService
|
4
4
|
class << self
|
5
5
|
def image_available?(credential, image_data)
|
6
6
|
client_params = build_client_params(credential, image_data)
|
@@ -10,8 +10,22 @@ class UffizziCore::DockerRegistryService
|
|
10
10
|
response.status < 400
|
11
11
|
end
|
12
12
|
|
13
|
+
def credential_correct?(credential)
|
14
|
+
client(credential).authenticated?
|
15
|
+
end
|
16
|
+
|
13
17
|
private
|
14
18
|
|
19
|
+
def client(credential)
|
20
|
+
params = {
|
21
|
+
registry_url: credential.registry_url,
|
22
|
+
username: credential.username,
|
23
|
+
password: credential.password,
|
24
|
+
}
|
25
|
+
|
26
|
+
UffizziCore::DockerRegistryClient.new(params)
|
27
|
+
end
|
28
|
+
|
15
29
|
def build_client_params(credential, image_data)
|
16
30
|
registry_url = credential&.registry_url || image_data[:registry_url]
|
17
31
|
new_registry_url = registry_url.start_with?('https://', 'http://') ? registry_url : "https://#{registry_url}"
|
@@ -1,7 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
class UffizziCore::
|
3
|
+
class UffizziCore::ContainerRegistry::GithubContainerRegistryService
|
4
4
|
class << self
|
5
|
+
def image_available?(credential, _image_data)
|
6
|
+
credential.present?
|
7
|
+
end
|
8
|
+
|
5
9
|
def credential_correct?(credential)
|
6
10
|
client(credential).authentificated?
|
7
11
|
rescue URI::InvalidURIError, Faraday::ConnectionFailed
|
@@ -16,9 +20,8 @@ class UffizziCore::GithubContainerRegistry::CredentialService
|
|
16
20
|
|
17
21
|
private
|
18
22
|
|
19
|
-
def client(
|
20
|
-
UffizziCore::GithubContainerRegistryClient.new(registry_url:
|
21
|
-
password: credential.password)
|
23
|
+
def client(c)
|
24
|
+
UffizziCore::GithubContainerRegistryClient.new(registry_url: c.registry_url, username: c.username, password: c.password)
|
22
25
|
end
|
23
26
|
end
|
24
27
|
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class UffizziCore::ContainerRegistry::GoogleService
|
4
|
+
class << self
|
5
|
+
def digest(credential, image, tag)
|
6
|
+
response = client(credential).manifests(image: image, tag: tag)
|
7
|
+
|
8
|
+
response.headers['docker-content-digest']
|
9
|
+
end
|
10
|
+
|
11
|
+
def image_available?(credential, _image_data)
|
12
|
+
credential.present?
|
13
|
+
end
|
14
|
+
|
15
|
+
def credential_correct?(credential)
|
16
|
+
client(credential).authentificated?
|
17
|
+
rescue URI::InvalidURIError, Faraday::ConnectionFailed
|
18
|
+
false
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def client(c)
|
24
|
+
UffizziCore::GoogleRegistryClient.new(registry_url: c.registry_url, username: c.username, password: c.password)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class UffizziCore::ContainerRegistryService
|
4
|
+
attr_accessor :type, :container_data
|
5
|
+
|
6
|
+
class << self
|
7
|
+
def init_by_subclass(credential_type)
|
8
|
+
type = credential_type.demodulize.underscore
|
9
|
+
new(type.to_sym)
|
10
|
+
end
|
11
|
+
|
12
|
+
def init_by_container(container)
|
13
|
+
registry_url = container.dig(:image, :registry_url)
|
14
|
+
repository_url = container.dig(:build, :repository_url)
|
15
|
+
|
16
|
+
return new(:docker_hub, container) if registry_url.blank? && repository_url.blank?
|
17
|
+
return new(:azure, container) if registry_url.include?('azurecr.io')
|
18
|
+
return new(:google, container) if registry_url.include?('gcr.io')
|
19
|
+
return new(:amazon, container) if registry_url.include?('amazonaws.com')
|
20
|
+
return new(:github_container_registry, container) if registry_url.include?('ghcr.io')
|
21
|
+
return new(:docker_registry, container) if docker_registry?(container)
|
22
|
+
end
|
23
|
+
|
24
|
+
def docker_registry?(container)
|
25
|
+
registry_url = container.dig(:image, :registry_url)
|
26
|
+
return false if registry_url.nil?
|
27
|
+
|
28
|
+
registry_domain_regexp = /(\w+\.\w{2,})(?::\d+)?\z/
|
29
|
+
registry_domain = registry_url.match(registry_domain_regexp)&.to_a&.last
|
30
|
+
return false if registry_domain.nil?
|
31
|
+
|
32
|
+
['amazonaws.com', 'azurecr.io', 'gcr.io', 'ghcr.io'].exclude?(registry_domain)
|
33
|
+
end
|
34
|
+
|
35
|
+
def sources
|
36
|
+
[:azure, :google, :amazon, :github_container_registry, :docker_registry, :docker_hub, *additional_sources]
|
37
|
+
end
|
38
|
+
|
39
|
+
def additional_sources
|
40
|
+
[]
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def initialize(type, container_data = {})
|
45
|
+
@type = type
|
46
|
+
@container_data = container_data
|
47
|
+
|
48
|
+
raise ::UffizziCore::RegistryNotSupportedError unless self.class.sources.include?(type)
|
49
|
+
end
|
50
|
+
|
51
|
+
def digest(credential, image, tag)
|
52
|
+
service.digest(credential, image, tag)
|
53
|
+
end
|
54
|
+
|
55
|
+
def service
|
56
|
+
@service ||= "UffizziCore::ContainerRegistry::#{type.to_s.camelize}Service".safe_constantize
|
57
|
+
end
|
58
|
+
|
59
|
+
def repo_type
|
60
|
+
@repo_type ||= "UffizziCore::Repo::#{type.to_s.camelize}".safe_constantize
|
61
|
+
end
|
62
|
+
|
63
|
+
def credential_correct?(credential)
|
64
|
+
service.credential_correct?(credential)
|
65
|
+
end
|
66
|
+
|
67
|
+
def image_data
|
68
|
+
@image_data ||= container_data[:image]
|
69
|
+
end
|
70
|
+
|
71
|
+
def image_name(credentials)
|
72
|
+
if image_data[:registry_url].present? && [:google, :github_container_registry, :docker_registry].exclude?(type)
|
73
|
+
return image_data[:name]
|
74
|
+
end
|
75
|
+
|
76
|
+
if type == :docker_registry && credential(credentials).nil?
|
77
|
+
return [image_data[:registry_url], image_data[:namespace], image_data[:name]].compact.join('/')
|
78
|
+
end
|
79
|
+
|
80
|
+
"#{image_data[:namespace]}/#{image_data[:name]}"
|
81
|
+
end
|
82
|
+
|
83
|
+
def credential(credentials_scope)
|
84
|
+
credentials_scope.send(type).first
|
85
|
+
end
|
86
|
+
|
87
|
+
def image_available?(credentials_scope)
|
88
|
+
credential = credential(credentials_scope)
|
89
|
+
service.image_available?(credential, image_data)
|
90
|
+
end
|
91
|
+
end
|
@@ -10,7 +10,7 @@ class UffizziCore::LogsService
|
|
10
10
|
logs = response.logs || []
|
11
11
|
|
12
12
|
{
|
13
|
-
logs: logs,
|
13
|
+
logs: format_logs(logs),
|
14
14
|
}
|
15
15
|
end
|
16
16
|
|
@@ -23,9 +23,18 @@ class UffizziCore::LogsService
|
|
23
23
|
deployment_id: deployment.id,
|
24
24
|
container_name: UffizziCore::ContainerService.pod_name(container),
|
25
25
|
limit: query[:limit],
|
26
|
+
previous: query[:previous] || false,
|
26
27
|
)
|
27
28
|
end
|
28
29
|
|
30
|
+
def format_logs(logs)
|
31
|
+
logs.map do |item|
|
32
|
+
timestamp, *payload = item.split
|
33
|
+
formatted_timestamp = timestamp.present? ? timestamp.to_time(:utc).strftime('%Y-%m-%d %H:%M:%S.%L %Z') : nil
|
34
|
+
{ timestamp: formatted_timestamp, payload: payload.join(' ') }
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
29
38
|
def controller_client
|
30
39
|
UffizziCore::ControllerClient.new
|
31
40
|
end
|
@@ -9,22 +9,9 @@ class UffizziCore::RepoService
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def credential(repo)
|
12
|
+
container_registry_service = UffizziCore::ContainerRegistryService.init_by_subclass(repo.type)
|
12
13
|
credentials = repo.project.account.credentials
|
13
|
-
|
14
|
-
case repo.type
|
15
|
-
when UffizziCore::Repo::GithubContainerRegistry.name
|
16
|
-
credentials.github_container_registry.first
|
17
|
-
when UffizziCore::Repo::DockerHub.name
|
18
|
-
credentials.docker_hub.first
|
19
|
-
when UffizziCore::Repo::DockerRegistry.name
|
20
|
-
credentials.docker_registry.first
|
21
|
-
when UffizziCore::Repo::Azure.name
|
22
|
-
credentials.azure.first
|
23
|
-
when UffizziCore::Repo::Google.name
|
24
|
-
credentials.google.first
|
25
|
-
when UffizziCore::Repo::Amazon.name
|
26
|
-
credentials.amazon.first
|
27
|
-
end
|
14
|
+
container_registry_service.credential(credentials)
|
28
15
|
end
|
29
16
|
|
30
17
|
def image_name(repo)
|
data/lib/uffizzi_core/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: uffizzi_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Thurman
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-11-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: aasm
|
@@ -776,6 +776,7 @@ files:
|
|
776
776
|
- app/errors/uffizzi_core/deployment/image_pull_error.rb
|
777
777
|
- app/errors/uffizzi_core/deployment/labels_not_found_error.rb
|
778
778
|
- app/errors/uffizzi_core/deployment_not_found_error.rb
|
779
|
+
- app/errors/uffizzi_core/registry_not_supported_error.rb
|
779
780
|
- app/forms/uffizzi_core/api/cli/v1/account/credential/check_credential_form.rb
|
780
781
|
- app/forms/uffizzi_core/api/cli/v1/account/credential/create_form.rb
|
781
782
|
- app/forms/uffizzi_core/api/cli/v1/account/credential/update_form.rb
|
@@ -946,9 +947,6 @@ files:
|
|
946
947
|
- app/serializers/uffizzi_core/controller/deploy_containers/host_volume_file_serializer.rb
|
947
948
|
- app/services/uffizzi_core/account_service.rb
|
948
949
|
- app/services/uffizzi_core/activity_item_service.rb
|
949
|
-
- app/services/uffizzi_core/amazon/credential_service.rb
|
950
|
-
- app/services/uffizzi_core/amazon_service.rb
|
951
|
-
- app/services/uffizzi_core/azure/credential_service.rb
|
952
950
|
- app/services/uffizzi_core/compose_file/builders/container_builder_service.rb
|
953
951
|
- app/services/uffizzi_core/compose_file/builders/container_config_files_builder_service.rb
|
954
952
|
- app/services/uffizzi_core/compose_file/builders/container_host_volume_files_builder_service.rb
|
@@ -981,23 +979,21 @@ files:
|
|
981
979
|
- app/services/uffizzi_core/compose_file/parsers/variables_parser_service.rb
|
982
980
|
- app/services/uffizzi_core/compose_file/template_service.rb
|
983
981
|
- app/services/uffizzi_core/compose_file_service.rb
|
982
|
+
- app/services/uffizzi_core/container_registry/amazon_service.rb
|
983
|
+
- app/services/uffizzi_core/container_registry/azure_service.rb
|
984
|
+
- app/services/uffizzi_core/container_registry/docker_hub_service.rb
|
985
|
+
- app/services/uffizzi_core/container_registry/docker_registry_service.rb
|
986
|
+
- app/services/uffizzi_core/container_registry/github_container_registry_service.rb
|
987
|
+
- app/services/uffizzi_core/container_registry/google_service.rb
|
988
|
+
- app/services/uffizzi_core/container_registry_service.rb
|
984
989
|
- app/services/uffizzi_core/container_service.rb
|
985
990
|
- app/services/uffizzi_core/controller_service.rb
|
986
|
-
- app/services/uffizzi_core/credential_service.rb
|
987
991
|
- app/services/uffizzi_core/deployment_service.rb
|
988
|
-
- app/services/uffizzi_core/docker_hub/credential_service.rb
|
989
|
-
- app/services/uffizzi_core/docker_hub_service.rb
|
990
|
-
- app/services/uffizzi_core/docker_registry/credential_service.rb
|
991
|
-
- app/services/uffizzi_core/docker_registry_service.rb
|
992
|
-
- app/services/uffizzi_core/github_container_registry/credential_service.rb
|
993
|
-
- app/services/uffizzi_core/google/credential_service.rb
|
994
|
-
- app/services/uffizzi_core/google_service.rb
|
995
992
|
- app/services/uffizzi_core/logs_service.rb
|
996
993
|
- app/services/uffizzi_core/manage_activity_items_service.rb
|
997
994
|
- app/services/uffizzi_core/project_service.rb
|
998
995
|
- app/services/uffizzi_core/repo_service.rb
|
999
996
|
- app/services/uffizzi_core/response_service.rb
|
1000
|
-
- app/services/uffizzi_core/template_service.rb
|
1001
997
|
- app/services/uffizzi_core/token_service.rb
|
1002
998
|
- app/services/uffizzi_core/user_access_service.rb
|
1003
999
|
- app/services/uffizzi_core/user_generator_service.rb
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::AmazonService
|
4
|
-
class << self
|
5
|
-
def digest(credential, image, tag)
|
6
|
-
response = client(credential).batch_get_image(image: image, tag: tag)
|
7
|
-
response.images[0].image_id.image_digest
|
8
|
-
rescue StandardError
|
9
|
-
nil
|
10
|
-
end
|
11
|
-
|
12
|
-
def get_region_from_registry_url(url)
|
13
|
-
parsed_url = URI.parse(url)
|
14
|
-
host = parsed_url.host
|
15
|
-
parsed_host = host.split('.')
|
16
|
-
parsed_host[3]
|
17
|
-
end
|
18
|
-
|
19
|
-
private
|
20
|
-
|
21
|
-
def client(credential)
|
22
|
-
region = get_region_from_registry_url(credential.registry_url)
|
23
|
-
|
24
|
-
UffizziCore::AmazonRegistryClient.new(
|
25
|
-
region: region,
|
26
|
-
access_key_id: credential.username,
|
27
|
-
secret_access_key: credential.password,
|
28
|
-
)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::Azure::CredentialService
|
4
|
-
class << self
|
5
|
-
def credential_correct?(credential)
|
6
|
-
client(credential).authentificated?
|
7
|
-
rescue URI::InvalidURIError, Faraday::ConnectionFailed
|
8
|
-
false
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
|
13
|
-
def client(credential)
|
14
|
-
UffizziCore::AzureRegistryClient.new(registry_url: credential.registry_url, username: credential.username,
|
15
|
-
password: credential.password)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::CredentialService
|
4
|
-
class << self
|
5
|
-
def correct_credentials?(credential)
|
6
|
-
status = case credential.type
|
7
|
-
when UffizziCore::Credential::DockerHub.name
|
8
|
-
UffizziCore::DockerHub::CredentialService.credential_correct?(credential)
|
9
|
-
when UffizziCore::Credential::DockerRegistry.name
|
10
|
-
UffizziCore::DockerRegistry::CredentialService.credential_correct?(credential)
|
11
|
-
when UffizziCore::Credential::GithubContainerRegistry.name
|
12
|
-
UffizziCore::GithubContainerRegistry::CredentialService.credential_correct?(credential)
|
13
|
-
when UffizziCore::Credential::Azure.name
|
14
|
-
UffizziCore::Azure::CredentialService.credential_correct?(credential)
|
15
|
-
when UffizziCore::Credential::Google.name
|
16
|
-
UffizziCore::Google::CredentialService.credential_correct?(credential)
|
17
|
-
when UffizziCore::Credential::Amazon.name
|
18
|
-
UffizziCore::Amazon::CredentialService.credential_correct?(credential)
|
19
|
-
else
|
20
|
-
false
|
21
|
-
end
|
22
|
-
|
23
|
-
if credential.persisted? && credential.active? && !status
|
24
|
-
Rails.logger.warn("Wrong credential: credential_correct? credential_id=#{credential.id}")
|
25
|
-
end
|
26
|
-
|
27
|
-
status
|
28
|
-
end
|
29
|
-
|
30
|
-
def update_expired_credentials
|
31
|
-
currect_date = DateTime.now
|
32
|
-
credentials = UffizziCore::Credential::Amazon.active.where('updated_at < ?', currect_date - 10.hours)
|
33
|
-
|
34
|
-
credentials.each do |credential|
|
35
|
-
deployments = UffizziCore::Deployment.where(project_id: credential.account.projects.select(:id)).with_amazon_repos
|
36
|
-
|
37
|
-
deployments.each do |deployment|
|
38
|
-
UffizziCore::Deployment::CreateCredentialJob.perform_async(deployment.id, credential.id)
|
39
|
-
end
|
40
|
-
|
41
|
-
credential.update(updated_at: currect_date)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::DockerHub::CredentialService
|
4
|
-
class << self
|
5
|
-
def credential_correct?(credential)
|
6
|
-
client(credential).authentificated?
|
7
|
-
end
|
8
|
-
|
9
|
-
private
|
10
|
-
|
11
|
-
def client(credential)
|
12
|
-
UffizziCore::DockerHubClient.new(credential)
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::DockerRegistry::CredentialService
|
4
|
-
class << self
|
5
|
-
def credential_correct?(credential)
|
6
|
-
client(credential).authenticated?
|
7
|
-
end
|
8
|
-
|
9
|
-
private
|
10
|
-
|
11
|
-
def client(credential)
|
12
|
-
params = {
|
13
|
-
registry_url: credential.registry_url,
|
14
|
-
username: credential.username,
|
15
|
-
password: credential.password,
|
16
|
-
}
|
17
|
-
|
18
|
-
UffizziCore::DockerRegistryClient.new(params)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::Google::CredentialService
|
4
|
-
class << self
|
5
|
-
def credential_correct?(credential)
|
6
|
-
client(credential).authentificated?
|
7
|
-
rescue URI::InvalidURIError, Faraday::ConnectionFailed
|
8
|
-
false
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
|
13
|
-
def client(credential)
|
14
|
-
UffizziCore::GoogleRegistryClient.new(registry_url: credential.registry_url, username: credential.username,
|
15
|
-
password: credential.password)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::GoogleService
|
4
|
-
class << self
|
5
|
-
def digest(credential, image, tag)
|
6
|
-
response = registry_client(credential).manifests(image: image, tag: tag)
|
7
|
-
|
8
|
-
response.headers['docker-content-digest']
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
|
13
|
-
def registry_client(credential)
|
14
|
-
UffizziCore::GoogleRegistryClient.new(
|
15
|
-
registry_url: credential.registry_url,
|
16
|
-
username: credential.username,
|
17
|
-
password: credential.password,
|
18
|
-
)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class UffizziCore::TemplateService
|
4
|
-
class << self
|
5
|
-
def valid_containers_memory_limit?(template)
|
6
|
-
containers_attributes = template.payload['containers_attributes']
|
7
|
-
container_memory_limit = template.project.account.container_memory_limit
|
8
|
-
return true if container_memory_limit.nil?
|
9
|
-
|
10
|
-
containers_attributes.all? { |container| container['memory_limit'].to_i <= container_memory_limit }
|
11
|
-
end
|
12
|
-
|
13
|
-
def valid_containers_memory_request?(template)
|
14
|
-
containers_attributes = template.payload['containers_attributes']
|
15
|
-
container_memory_limit = template.project.account.container_memory_limit
|
16
|
-
return true if container_memory_limit.nil?
|
17
|
-
|
18
|
-
containers_attributes.all? { |container| container['memory_request'].to_i <= container_memory_limit }
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|