Commit ab6d74da authored by Thong Kuah's avatar Thong Kuah

Only create new service account with cluster-admin clusterrolebinding for when...

Only create new service account with cluster-admin clusterrolebinding for when we have the rbac cluster FF enabled.

This syncs up with `authorization_type`.
parent 7a4d74ed
......@@ -25,8 +25,10 @@ module Clusters
private
def create_gitlab_service_account!
if rbac_clusters_feature_enabled?
Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute
end
end
def configure_provider
provider.endpoint = gke_cluster.endpoint
......@@ -49,7 +51,11 @@ module Clusters
end
def authorization_type
Feature.enabled?(:rbac_clusters) ? 'rbac' : 'abac'
rbac_clusters_feature_enabled? ? 'rbac' : 'abac'
end
def rbac_clusters_feature_enabled?
Feature.enabled?(:rbac_clusters)
end
def kube_client
......
......@@ -28,6 +28,10 @@ describe Clusters::Gcp::FinalizeCreationService do
end
end
before do
stub_feature_flags(rbac_clusters: false)
end
context 'when suceeded to fetch gke cluster info' do
let(:endpoint) { '111.111.111.111' }
let(:api_url) { 'https://' + endpoint }
......@@ -45,8 +49,6 @@ describe Clusters::Gcp::FinalizeCreationService do
)
stub_kubeclient_discover(api_url)
stub_kubeclient_create_service_account(api_url)
stub_kubeclient_create_cluster_role_binding(api_url)
end
context 'when suceeded to fetch kuberenetes token' do
......@@ -59,8 +61,6 @@ describe Clusters::Gcp::FinalizeCreationService do
metadata_name: 'gitlab-token-Y1a',
token: Base64.encode64(token)
} )
stub_feature_flags(rbac_clusters: false)
end
it_behaves_like 'success'
......@@ -83,6 +83,8 @@ describe Clusters::Gcp::FinalizeCreationService do
context 'rbac_clusters feature enabled' do
before do
stub_feature_flags(rbac_clusters: true)
stub_kubeclient_create_service_account(api_url)
stub_kubeclient_create_cluster_role_binding(api_url)
end
it_behaves_like 'success'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment