Teach GitLab how to create Secret of type ServiceAccountToken

Add create_secret to KubeClient

Teach GitLab how to create Secret of type ServiceAccountToken
Add create_secret to KubeClient
8c8ccd31 · Thong Kuah · 9c5050b1 · 8c8ccd31 · 8c8ccd31 · 8c8ccd31
Commit 8c8ccd31 authored Sep 07, 2018 by Thong Kuah
4 changed files
--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -31,6 +31,7 @@ module Gitlab
        :create_config_map,
        :create_namespace,
        :create_pod,
+        :create_secret,
        :create_service_account,
        :update_config_map,
        :update_service_account,

--- a/lib/gitlab/kubernetes/service_account_token.rb
+++ b/lib/gitlab/kubernetes/service_account_token.rb
+# frozen_string_literal: true
+module Gitlab
+  module Kubernetes
+    class ServiceAccountToken
+      attr_reader :name, :service_account_name, :namespace_name
+      def initialize(name, service_account_name, namespace_name)
+        @name = name
+        @service_account_name = service_account_name
+        @namespace_name = namespace_name
+      end
+      def generate
+        ::Kubeclient::Resource.new(metadata: metadata, type: service_acount_token_type)
+      end
+      private
+      # as per https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#to-create-additional-api-tokens
+      def service_acount_token_type
+        'kubernetes.io/service-account-token'
+      end
+      def metadata
+        {
+          name: name,
+          namespace: namespace_name,
+          annotations: {
+            "kubernetes.io/service-account.name": service_account_name
+          }
+        }
+      end
+    end
+  end
+end
--- a/spec/lib/gitlab/kubernetes/kube_client_spec.rb
+++ b/spec/lib/gitlab/kubernetes/kube_client_spec.rb
@@ -122,6 +122,7 @@ describe Gitlab::Kubernetes::KubeClient do
      :create_config_map,
      :create_namespace,
      :create_pod,
+      :create_secret,
      :create_service_account,
      :update_config_map,
      :update_service_account

--- a/spec/lib/gitlab/kubernetes/service_account_token_spec.rb
+++ b/spec/lib/gitlab/kubernetes/service_account_token_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe Gitlab::Kubernetes::ServiceAccountToken do
+  let(:name) { 'token-name' }
+  let(:service_account_name) { 'a_service_account' }
+  let(:namespace_name) { 'a_namespace' }
+  let(:service_account_token) { described_class.new(name, service_account_name, namespace_name) }
+  it { expect(service_account_token.name).to eq(name) }
+  it { expect(service_account_token.service_account_name).to eq(service_account_name) }
+  it { expect(service_account_token.namespace_name).to eq(namespace_name) }
+  describe '#generate' do
+    let(:resource) do
+      ::Kubeclient::Resource.new(
+        metadata: {
+          name: name,
+          namespace: namespace_name,
+          annotations: {
+            'kubernetes.io/service-account.name': service_account_name
+          }
+        },
+        type: 'kubernetes.io/service-account-token'
+      )
+    end
+    subject { service_account_token.generate }
+    it 'should build a Kubeclient Resource' do
+      is_expected.to eq(resource)
+    end
+  end
+end