diff options
Diffstat (limited to 'app/services/clusters/gcp/kubernetes/create_service_account_service.rb')
-rw-r--r-- | app/services/clusters/gcp/kubernetes/create_service_account_service.rb | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb index d17744591e6..be2740d0c4e 100644 --- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb +++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb @@ -4,46 +4,46 @@ module Clusters module Gcp module Kubernetes class CreateServiceAccountService - attr_reader :kubeclient, :rbac + attr_reader :kubeclient, :name, :namespace, :rbac - def initialize(kubeclient, rbac:) + def initialize(kubeclient, name:, namespace:, rbac:) @kubeclient = kubeclient + @name = name + @namespace = namespace @rbac = rbac end def execute kubeclient.create_service_account(service_account_resource) kubeclient.create_secret(service_account_token_resource) - kubeclient.create_cluster_role_binding(cluster_role_binding_resource) if rbac + kubeclient.create_role_binding(role_binding_resource) if rbac end private def service_account_resource - Gitlab::Kubernetes::ServiceAccount.new(service_account_name, service_account_namespace).generate + Gitlab::Kubernetes::ServiceAccount.new(name, namespace).generate end def service_account_token_resource Gitlab::Kubernetes::ServiceAccountToken.new( - SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, service_account_namespace).generate + service_account_token_name, name, namespace).generate end - def cluster_role_binding_resource - subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }] - - Gitlab::Kubernetes::ClusterRoleBinding.new( - CLUSTER_ROLE_BINDING_NAME, - CLUSTER_ROLE_NAME, - subjects - ).generate + def service_account_token_name + SERVICE_ACCOUNT_TOKEN_NAME end - def service_account_name - SERVICE_ACCOUNT_NAME + def edit_role_name + EDIT_ROLE_NAME end - def service_account_namespace - SERVICE_ACCOUNT_NAMESPACE + def role_binding_resource + Gitlab::Kubernetes::RoleBinding.new( + role_name: edit_role_name, + namespace: namespace, + service_account_name: name + ).generate end end end |