diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-09-07 23:48:06 +1200 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 16:26:51 +1200 |
commit | a02e35308b97d43964ebcf7fda040da418c04ddc (patch) | |
tree | 5e7738b00b41248720298edf48e73b4c2aa9579c /spec/support/helpers/kubernetes_helpers.rb | |
parent | 8c8ccd3167ddb63485aa9e71affc737832d3846a (diff) | |
download | gitlab-ce-a02e35308b97d43964ebcf7fda040da418c04ddc.tar.gz |
Always create `gitlab` service account and service account token regardless of ABAC/RBAC
This also solves the async nature of the automatic creation of default
service tokens for service accounts. It also makes explicit which
service account token we always use.
create cluster role binding only if the provider has legacy_abac
disabled.
Diffstat (limited to 'spec/support/helpers/kubernetes_helpers.rb')
-rw-r--r-- | spec/support/helpers/kubernetes_helpers.rb | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/spec/support/helpers/kubernetes_helpers.rb b/spec/support/helpers/kubernetes_helpers.rb index 30af1e7928c..2fde5c8fde4 100644 --- a/spec/support/helpers/kubernetes_helpers.rb +++ b/spec/support/helpers/kubernetes_helpers.rb @@ -33,13 +33,15 @@ module KubernetesHelpers WebMock.stub_request(:get, deployments_url).to_return(response || kube_deployments_response) end - def stub_kubeclient_get_secrets(api_url, **options) - WebMock.stub_request(:get, api_url + '/api/v1/secrets') - .to_return(kube_response(kube_v1_secrets_body(options))) + def stub_kubeclient_get_secret(api_url, **options) + options[:metadata_name] ||= "default-token-1" + + WebMock.stub_request(:get, api_url + "/api/v1/secrets/#{options[:metadata_name]}") + .to_return(kube_response(kube_v1_secret_body(options))) end - def stub_kubeclient_get_secrets_error(api_url) - WebMock.stub_request(:get, api_url + '/api/v1/secrets') + def stub_kubeclient_get_secret_error(api_url, name) + WebMock.stub_request(:get, api_url + "/api/v1/secrets/#{name}") .to_return(status: [404, "Internal Server Error"]) end @@ -48,26 +50,32 @@ module KubernetesHelpers .to_return(kube_response({})) end + def stub_kubeclient_create_service_account_error(api_url, namespace: 'default') + WebMock.stub_request(:post, api_url + "/api/v1/namespaces/#{namespace}/serviceaccounts") + .to_return(status: [500, "Internal Server Error"]) + end + + def stub_kubeclient_create_secret(api_url, namespace: 'default') + WebMock.stub_request(:post, api_url + "/api/v1/namespaces/#{namespace}/secrets") + .to_return(kube_response({})) + end + def stub_kubeclient_create_cluster_role_binding(api_url) WebMock.stub_request(:post, api_url + '/apis/rbac.authorization.k8s.io/v1/clusterrolebindings') .to_return(kube_response({})) end - def kube_v1_secrets_body(**options) + def kube_v1_secret_body(**options) { "kind" => "SecretList", "apiVersion": "v1", - "items" => [ - { - "metadata": { - "name": options[:metadata_name] || "default-token-1", - "namespace": "kube-system" - }, - "data": { - "token": options[:token] || Base64.encode64('token-sample-123') - } - } - ] + "metadata": { + "name": options[:metadata_name] || "default-token-1", + "namespace": "kube-system" + }, + "data": { + "token": options[:token] || Base64.encode64('token-sample-123') + } } end |