diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-09-07 18:06:02 +1200 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 16:26:51 +1200 |
commit | 577c79bb58ae80f4d7aef55e76bfeff67a1cfc45 (patch) | |
tree | 76524765c74f5a4477b7ce5378e3ff9faf14f627 /app/services/clusters/gcp | |
parent | c9af170d9aeeb39dbb41a99c00402beb384da0e9 (diff) | |
download | gitlab-ce-577c79bb58ae80f4d7aef55e76bfeff67a1cfc45.tar.gz |
ABAC: fetch default service account token; RBAC: fetch gitlab service acount token
Keeps existing behaviour for ABAC cluster
Diffstat (limited to 'app/services/clusters/gcp')
-rw-r--r-- | app/services/clusters/gcp/finalize_creation_service.rb | 4 | ||||
-rw-r--r-- | app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 91e49b8394a..40103d8e213 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -47,7 +47,9 @@ module Clusters end def request_kubernetes_token - Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute + service_account_name = rbac_clusters_feature_enabled? ? Clusters::Gcp::Kubernetes::SERVICE_ACCOUNT_NAME : 'default' + + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client, service_account_name).execute end def authorization_type diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb index 5b47c0883cb..c16ce451aaf 100644 --- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb +++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb @@ -4,10 +4,11 @@ module Clusters module Gcp module Kubernetes class FetchKubernetesTokenService - attr_reader :kubeclient + attr_reader :kubeclient, :service_account_name - def initialize(kubeclient) + def initialize(kubeclient, service_account_name) @kubeclient = kubeclient + @service_account_name = service_account_name end def execute @@ -25,7 +26,7 @@ module Clusters private def token_regex - /#{SERVICE_ACCOUNT_NAME}-token/ + /#{service_account_name}-token/ end def read_secrets |