Teach GitLab how to create Secret of type ServiceAccountToken
Add create_secret to KubeClient
This commit is contained in:
parent
9c5050b122
commit
8c8ccd3167
|
@ -31,6 +31,7 @@ module Gitlab
|
|||
:create_config_map,
|
||||
:create_namespace,
|
||||
:create_pod,
|
||||
:create_secret,
|
||||
:create_service_account,
|
||||
:update_config_map,
|
||||
:update_service_account,
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab
|
||||
module Kubernetes
|
||||
class ServiceAccountToken
|
||||
attr_reader :name, :service_account_name, :namespace_name
|
||||
|
||||
def initialize(name, service_account_name, namespace_name)
|
||||
@name = name
|
||||
@service_account_name = service_account_name
|
||||
@namespace_name = namespace_name
|
||||
end
|
||||
|
||||
def generate
|
||||
::Kubeclient::Resource.new(metadata: metadata, type: service_acount_token_type)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
# as per https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#to-create-additional-api-tokens
|
||||
def service_acount_token_type
|
||||
'kubernetes.io/service-account-token'
|
||||
end
|
||||
|
||||
def metadata
|
||||
{
|
||||
name: name,
|
||||
namespace: namespace_name,
|
||||
annotations: {
|
||||
"kubernetes.io/service-account.name": service_account_name
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -122,6 +122,7 @@ describe Gitlab::Kubernetes::KubeClient do
|
|||
:create_config_map,
|
||||
:create_namespace,
|
||||
:create_pod,
|
||||
:create_secret,
|
||||
:create_service_account,
|
||||
:update_config_map,
|
||||
:update_service_account
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::Kubernetes::ServiceAccountToken do
|
||||
let(:name) { 'token-name' }
|
||||
let(:service_account_name) { 'a_service_account' }
|
||||
let(:namespace_name) { 'a_namespace' }
|
||||
let(:service_account_token) { described_class.new(name, service_account_name, namespace_name) }
|
||||
|
||||
it { expect(service_account_token.name).to eq(name) }
|
||||
it { expect(service_account_token.service_account_name).to eq(service_account_name) }
|
||||
it { expect(service_account_token.namespace_name).to eq(namespace_name) }
|
||||
|
||||
describe '#generate' do
|
||||
let(:resource) do
|
||||
::Kubeclient::Resource.new(
|
||||
metadata: {
|
||||
name: name,
|
||||
namespace: namespace_name,
|
||||
annotations: {
|
||||
'kubernetes.io/service-account.name': service_account_name
|
||||
}
|
||||
},
|
||||
type: 'kubernetes.io/service-account-token'
|
||||
)
|
||||
end
|
||||
|
||||
subject { service_account_token.generate }
|
||||
|
||||
it 'should build a Kubeclient Resource' do
|
||||
is_expected.to eq(resource)
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue