gitlab-org--gitlab-foss/lib/gitlab/kubernetes/role_binding.rb

# frozen_string_literal: true

module Gitlab
  module Kubernetes
    class RoleBinding
      def initialize(name:, role_name:, role_kind:, namespace:, service_account_name:)
        @name = name
        @role_name = role_name
        @role_kind = role_kind
        @namespace = namespace
        @service_account_name = service_account_name
      end

      def generate
        ::Kubeclient::Resource.new.tap do |resource|
          resource.metadata = metadata
          resource.roleRef  = role_ref
          resource.subjects = subjects
        end
      end

      private

      attr_reader :name, :role_name, :role_kind, :namespace, :service_account_name

      def metadata
        { name: name, namespace: namespace }
      end

      def role_ref
        {
          apiGroup: 'rbac.authorization.k8s.io',
          kind: role_kind,
          name: role_name
        }
      end

      def subjects
        [
          {
            kind: 'ServiceAccount',
            name: service_account_name,
            namespace: namespace
          }
        ]
      end
    end
  end
end
Add RoleBinding methods Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011 2018-10-22 17:47:54 -04:00			`# frozen_string_literal: true`

			`module Gitlab`
			`module Kubernetes`
			`class RoleBinding`
Give Knative serving permissions to service account GitLab uses a kubernetes service account to perform deployments. For serverless deployments to work as expected with externally created clusters with their own knative installations (e.g. via Cloud Run), this account requires additional permissions in the serving.knative.dev API group. 2019-07-11 07:26:15 -04:00			`def initialize(name:, role_name:, role_kind:, namespace:, service_account_name:)`
Incorporates Kubernetes Namespace into Cluster's flow 2018-11-02 11:46:15 -04:00			`@name = name`
Add RoleBinding methods Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011 2018-10-22 17:47:54 -04:00			`@role_name = role_name`
Give Knative serving permissions to service account GitLab uses a kubernetes service account to perform deployments. For serverless deployments to work as expected with externally created clusters with their own knative installations (e.g. via Cloud Run), this account requires additional permissions in the serving.knative.dev API group. 2019-07-11 07:26:15 -04:00			`@role_kind = role_kind`
Add RoleBinding methods Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011 2018-10-22 17:47:54 -04:00			`@namespace = namespace`
			`@service_account_name = service_account_name`
			`end`

			`def generate`
			`::Kubeclient::Resource.new.tap do \|resource\|`
			`resource.metadata = metadata`
			`resource.roleRef = role_ref`
			`resource.subjects = subjects`
			`end`
			`end`

			`private`

Give Knative serving permissions to service account GitLab uses a kubernetes service account to perform deployments. For serverless deployments to work as expected with externally created clusters with their own knative installations (e.g. via Cloud Run), this account requires additional permissions in the serving.knative.dev API group. 2019-07-11 07:26:15 -04:00			`attr_reader :name, :role_name, :role_kind, :namespace, :service_account_name`
Incorporates Kubernetes Namespace into Cluster's flow 2018-11-02 11:46:15 -04:00
Add RoleBinding methods Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011 2018-10-22 17:47:54 -04:00			`def metadata`
Incorporates Kubernetes Namespace into Cluster's flow 2018-11-02 11:46:15 -04:00			`{ name: name, namespace: namespace }`
Add RoleBinding methods Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011 2018-10-22 17:47:54 -04:00			`end`

			`def role_ref`
			`{`
			`apiGroup: 'rbac.authorization.k8s.io',`
Give Knative serving permissions to service account GitLab uses a kubernetes service account to perform deployments. For serverless deployments to work as expected with externally created clusters with their own knative installations (e.g. via Cloud Run), this account requires additional permissions in the serving.knative.dev API group. 2019-07-11 07:26:15 -04:00			`kind: role_kind,`
Add RoleBinding methods Includes RoleBinding methods to Kubeclient and introduce a new lib class to generate RoleBinding resources. This MR is part of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011 2018-10-22 17:47:54 -04:00			`name: role_name`
			`}`
			`end`

			`def subjects`
			`[`
			`{`
			`kind: 'ServiceAccount',`
			`name: service_account_name,`
			`namespace: namespace`
			`}`
			`]`
			`end`
			`end`
			`end`
			`end`