From 428ee4bc6017c2df2a1fa02a358c33b7b67480a8 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Tue, 12 Mar 2019 22:38:18 +1300
Subject: [PATCH] Explicitly set master_auth for new GKE clusters

From 1.12, GKE will disable basic auth and client certificate by
default. Explicitly enable those now (currently we use 1.10/1.11
clusters) so that GKE cluster configuration will continue to work.
---
 .../unreleased/58208-explicitly-set-masterauth.yml   |  6 ++++++
 lib/google_api/cloud_platform/client.rb              |  7 +++++++
 spec/lib/google_api/cloud_platform/client_spec.rb    | 12 ++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 changelogs/unreleased/58208-explicitly-set-masterauth.yml

diff --git a/changelogs/unreleased/58208-explicitly-set-masterauth.yml b/changelogs/unreleased/58208-explicitly-set-masterauth.yml
new file mode 100644
index 00000000000..e3512d11113
--- /dev/null
+++ b/changelogs/unreleased/58208-explicitly-set-masterauth.yml
@@ -0,0 +1,6 @@
+---
+title: Explicitly set master_auth setting to enable basic auth and client certificate
+  for new GKE clusters
+merge_request: 26018
+author:
+type: other
diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb
index e74ff6a9129..b5f99ea012b 100644
--- a/lib/google_api/cloud_platform/client.rb
+++ b/lib/google_api/cloud_platform/client.rb
@@ -10,6 +10,7 @@ module GoogleApi
     class Client < GoogleApi::Auth
       SCOPE = 'https://www.googleapis.com/auth/cloud-platform'.freeze
       LEAST_TOKEN_LIFE_TIME = 10.minutes
+      CLUSTER_MASTER_AUTH_USERNAME = 'admin'.freeze
 
       class << self
         def session_key_for_token
@@ -64,6 +65,12 @@ module GoogleApi
               "node_config": {
                 "machine_type": machine_type
               },
+              "master_auth": {
+                "username": CLUSTER_MASTER_AUTH_USERNAME,
+                "client_certificate_config": {
+                  issue_client_certificate: true
+                }
+              },
               "legacy_abac": {
                 "enabled": legacy_abac
               }
diff --git a/spec/lib/google_api/cloud_platform/client_spec.rb b/spec/lib/google_api/cloud_platform/client_spec.rb
index e2134dc279c..1fefc947636 100644
--- a/spec/lib/google_api/cloud_platform/client_spec.rb
+++ b/spec/lib/google_api/cloud_platform/client_spec.rb
@@ -97,6 +97,12 @@ describe GoogleApi::CloudPlatform::Client do
               "node_config": {
                 "machine_type": machine_type
               },
+              "master_auth": {
+                "username": "admin",
+                "client_certificate_config": {
+                  issue_client_certificate: true
+                }
+              },
               "legacy_abac": {
                 "enabled": true
               }
@@ -122,6 +128,12 @@ describe GoogleApi::CloudPlatform::Client do
                 "node_config": {
                   "machine_type": machine_type
                 },
+                "master_auth": {
+                  "username": "admin",
+                  "client_certificate_config": {
+                    issue_client_certificate: true
+                  }
+                },
                 "legacy_abac": {
                   "enabled": false
                 }