Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
409c3cb0
Commit
409c3cb0
authored
Nov 16, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add latest changes from gitlab-org/gitlab@master
parent
2860167b
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
81 additions
and
0 deletions
+81
-0
app/services/clusters/kubernetes/create_or_update_service_account_service.rb
...rs/kubernetes/create_or_update_service_account_service.rb
+32
-0
app/services/clusters/kubernetes/kubernetes.rb
app/services/clusters/kubernetes/kubernetes.rb
+2
-0
spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb
...ers/kubernetes/create_or_update_namespace_service_spec.rb
+2
-0
spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb
...bernetes/create_or_update_service_account_service_spec.rb
+45
-0
No files found.
app/services/clusters/kubernetes/create_or_update_service_account_service.rb
View file @
409c3cb0
...
@@ -49,6 +49,8 @@ module Clusters
...
@@ -49,6 +49,8 @@ module Clusters
create_or_update_knative_serving_role
create_or_update_knative_serving_role
create_or_update_knative_serving_role_binding
create_or_update_knative_serving_role_binding
create_or_update_crossplane_database_role
create_or_update_crossplane_database_role_binding
end
end
private
private
...
@@ -78,6 +80,14 @@ module Clusters
...
@@ -78,6 +80,14 @@ module Clusters
kubeclient
.
update_role_binding
(
knative_serving_role_binding_resource
)
kubeclient
.
update_role_binding
(
knative_serving_role_binding_resource
)
end
end
def
create_or_update_crossplane_database_role
kubeclient
.
update_role
(
crossplane_database_role_resource
)
end
def
create_or_update_crossplane_database_role_binding
kubeclient
.
update_role_binding
(
crossplane_database_role_binding_resource
)
end
def
service_account_resource
def
service_account_resource
Gitlab
::
Kubernetes
::
ServiceAccount
.
new
(
Gitlab
::
Kubernetes
::
ServiceAccount
.
new
(
service_account_name
,
service_account_name
,
...
@@ -134,6 +144,28 @@ module Clusters
...
@@ -134,6 +144,28 @@ module Clusters
service_account_name:
service_account_name
service_account_name:
service_account_name
).
generate
).
generate
end
end
def
crossplane_database_role_resource
Gitlab
::
Kubernetes
::
Role
.
new
(
name:
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
,
namespace:
service_account_namespace
,
rules:
[{
apiGroups:
%w(database.crossplane.io)
,
resources:
%w(postgresqlinstances)
,
verbs:
%w(get list create watch)
}]
).
generate
end
def
crossplane_database_role_binding_resource
Gitlab
::
Kubernetes
::
RoleBinding
.
new
(
name:
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME
,
role_name:
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
,
role_kind: :Role
,
namespace:
service_account_namespace
,
service_account_name:
service_account_name
).
generate
end
end
end
end
end
end
end
app/services/clusters/kubernetes/kubernetes.rb
View file @
409c3cb0
...
@@ -10,5 +10,7 @@ module Clusters
...
@@ -10,5 +10,7 @@ module Clusters
PROJECT_CLUSTER_ROLE_NAME
=
'edit'
PROJECT_CLUSTER_ROLE_NAME
=
'edit'
GITLAB_KNATIVE_SERVING_ROLE_NAME
=
'gitlab-knative-serving-role'
GITLAB_KNATIVE_SERVING_ROLE_NAME
=
'gitlab-knative-serving-role'
GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME
=
'gitlab-knative-serving-rolebinding'
GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME
=
'gitlab-knative-serving-rolebinding'
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
=
'gitlab-crossplane-database-role'
GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME
=
'gitlab-crossplane-database-rolebinding'
end
end
end
end
spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb
View file @
409c3cb0
...
@@ -37,6 +37,8 @@ describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do
...
@@ -37,6 +37,8 @@ describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do
stub_kubeclient_put_secret
(
api_url
,
"
#{
namespace
}
-token"
,
namespace:
namespace
)
stub_kubeclient_put_secret
(
api_url
,
"
#{
namespace
}
-token"
,
namespace:
namespace
)
stub_kubeclient_put_role
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role_binding
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role_binding
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role_binding
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME
,
namespace:
namespace
)
stub_kubeclient_get_secret
(
stub_kubeclient_get_secret
(
api_url
,
api_url
,
...
...
spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb
View file @
409c3cb0
...
@@ -145,6 +145,8 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do
...
@@ -145,6 +145,8 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do
stub_kubeclient_create_role_binding
(
api_url
,
namespace:
namespace
)
stub_kubeclient_create_role_binding
(
api_url
,
namespace:
namespace
)
stub_kubeclient_put_role
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role_binding
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role_binding
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
,
namespace:
namespace
)
stub_kubeclient_put_role_binding
(
api_url
,
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME
,
namespace:
namespace
)
end
end
it_behaves_like
'creates service account and token'
it_behaves_like
'creates service account and token'
...
@@ -172,6 +174,31 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do
...
@@ -172,6 +174,31 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do
)
)
end
end
it
'creates a role binding granting crossplane database permissions to the service account'
do
subject
expect
(
WebMock
).
to
have_requested
(
:put
,
api_url
+
"/apis/rbac.authorization.k8s.io/v1/namespaces/
#{
namespace
}
/rolebindings/
#{
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME
}
"
).
with
(
body:
hash_including
(
metadata:
{
name:
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME
,
namespace:
namespace
},
roleRef:
{
apiGroup:
'rbac.authorization.k8s.io'
,
kind:
'Role'
,
name:
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
},
subjects:
[
{
kind:
'ServiceAccount'
,
name:
service_account_name
,
namespace:
namespace
}
]
)
)
end
it
'creates a role and role binding granting knative serving permissions to the service account'
do
it
'creates a role and role binding granting knative serving permissions to the service account'
do
subject
subject
...
@@ -189,6 +216,24 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do
...
@@ -189,6 +216,24 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do
)
)
)
)
end
end
it
'creates a role and role binding granting crossplane database permissions to the service account'
do
subject
expect
(
WebMock
).
to
have_requested
(
:put
,
api_url
+
"/apis/rbac.authorization.k8s.io/v1/namespaces/
#{
namespace
}
/roles/
#{
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
}
"
).
with
(
body:
hash_including
(
metadata:
{
name:
Clusters
::
Kubernetes
::
GITLAB_CROSSPLANE_DATABASE_ROLE_NAME
,
namespace:
namespace
},
rules:
[{
apiGroups:
%w(database.crossplane.io)
,
resources:
%w(postgresqlinstances)
,
verbs:
%w(get list create watch)
}]
)
)
end
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment