Merge branch 'add-role-binding-to-kubeclient' into 'master'
Add RoleBinding method and class See merge request gitlab-org/gitlab-ce!22524
This commit is contained in:
commit
f8f447b83e
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Allow kubeclient to call RoleBinding methods
|
||||
merge_request: 22524
|
||||
author:
|
||||
type: other
|
|
@ -45,6 +45,13 @@ module Gitlab
|
|||
:update_cluster_role_binding,
|
||||
to: :rbac_client
|
||||
|
||||
# RBAC methods delegates to the apis/rbac.authorization.k8s.io api
|
||||
# group client
|
||||
delegate :create_role_binding,
|
||||
:get_role_binding,
|
||||
:update_role_binding,
|
||||
to: :rbac_client
|
||||
|
||||
# Deployments resource is currently on the apis/extensions api group
|
||||
delegate :get_deployments,
|
||||
to: :extensions_client
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab
|
||||
module Kubernetes
|
||||
class RoleBinding
|
||||
attr_reader :role_name, :namespace, :service_account_name
|
||||
|
||||
def initialize(role_name:, namespace:, service_account_name:)
|
||||
@role_name = role_name
|
||||
@namespace = namespace
|
||||
@service_account_name = service_account_name
|
||||
end
|
||||
|
||||
def generate
|
||||
::Kubeclient::Resource.new.tap do |resource|
|
||||
resource.metadata = metadata
|
||||
resource.roleRef = role_ref
|
||||
resource.subjects = subjects
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def metadata
|
||||
{ name: "gitlab-#{namespace}", namespace: namespace }
|
||||
end
|
||||
|
||||
def role_ref
|
||||
{
|
||||
apiGroup: 'rbac.authorization.k8s.io',
|
||||
kind: 'Role',
|
||||
name: role_name
|
||||
}
|
||||
end
|
||||
|
||||
def subjects
|
||||
[
|
||||
{
|
||||
kind: 'ServiceAccount',
|
||||
name: service_account_name,
|
||||
namespace: namespace
|
||||
}
|
||||
]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,47 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::Kubernetes::RoleBinding, '#generate' do
|
||||
let(:role_name) { 'edit' }
|
||||
let(:namespace) { 'my-namespace' }
|
||||
let(:service_account_name) { 'my-service-account' }
|
||||
|
||||
let(:subjects) do
|
||||
[
|
||||
{
|
||||
kind: 'ServiceAccount',
|
||||
name: service_account_name,
|
||||
namespace: namespace
|
||||
}
|
||||
]
|
||||
end
|
||||
|
||||
let(:role_ref) do
|
||||
{
|
||||
apiGroup: 'rbac.authorization.k8s.io',
|
||||
kind: 'Role',
|
||||
name: role_name
|
||||
}
|
||||
end
|
||||
|
||||
let(:resource) do
|
||||
::Kubeclient::Resource.new(
|
||||
metadata: { name: "gitlab-#{namespace}", namespace: namespace },
|
||||
roleRef: role_ref,
|
||||
subjects: subjects
|
||||
)
|
||||
end
|
||||
|
||||
subject do
|
||||
described_class.new(
|
||||
role_name: role_name,
|
||||
namespace: namespace,
|
||||
service_account_name: service_account_name
|
||||
).generate
|
||||
end
|
||||
|
||||
it 'should build a Kubeclient Resource' do
|
||||
is_expected.to eq(resource)
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue