From 577c79bb58ae80f4d7aef55e76bfeff67a1cfc45 Mon Sep 17 00:00:00 2001 From: Thong Kuah Date: Fri, 7 Sep 2018 18:06:02 +1200 Subject: ABAC: fetch default service account token; RBAC: fetch gitlab service acount token Keeps existing behaviour for ABAC cluster --- app/services/clusters/gcp/finalize_creation_service.rb | 4 +++- .../clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'app/services/clusters/gcp') diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 91e49b8394a..40103d8e213 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -47,7 +47,9 @@ module Clusters end def request_kubernetes_token - Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute + service_account_name = rbac_clusters_feature_enabled? ? Clusters::Gcp::Kubernetes::SERVICE_ACCOUNT_NAME : 'default' + + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client, service_account_name).execute end def authorization_type diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb index 5b47c0883cb..c16ce451aaf 100644 --- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb +++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb @@ -4,10 +4,11 @@ module Clusters module Gcp module Kubernetes class FetchKubernetesTokenService - attr_reader :kubeclient + attr_reader :kubeclient, :service_account_name - def initialize(kubeclient) + def initialize(kubeclient, service_account_name) @kubeclient = kubeclient + @service_account_name = service_account_name end def execute @@ -25,7 +26,7 @@ module Clusters private def token_regex - /#{SERVICE_ACCOUNT_NAME}-token/ + /#{service_account_name}-token/ end def read_secrets -- cgit v1.2.1