Teach GitLab how to create Secret of type ServiceAccountToken
Add create_secret to KubeClient
This commit is contained in:
Thong Kuah
parent
9c5050b122
commit
8c8ccd3167
|
|
@ -31,6 +31,7 @@ module Gitlab
|
||||||
:create_config_map,
|
:create_config_map,
|
||||||
:create_namespace,
|
:create_namespace,
|
||||||
:create_pod,
|
:create_pod,
|
||||||
|
:create_secret,
|
||||||
:create_service_account,
|
:create_service_account,
|
||||||
:update_config_map,
|
:update_config_map,
|
||||||
:update_service_account,
|
:update_service_account,
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,36 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module Gitlab
|
||||||
|
module Kubernetes
|
||||||
|
class ServiceAccountToken
|
||||||
|
attr_reader :name, :service_account_name, :namespace_name
|
||||||
|
|
||||||
|
def initialize(name, service_account_name, namespace_name)
|
||||||
|
@name = name
|
||||||
|
@service_account_name = service_account_name
|
||||||
|
@namespace_name = namespace_name
|
||||||
|
end
|
||||||
|
|
||||||
|
def generate
|
||||||
|
::Kubeclient::Resource.new(metadata: metadata, type: service_acount_token_type)
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
# as per https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#to-create-additional-api-tokens
|
||||||
|
def service_acount_token_type
|
||||||
|
'kubernetes.io/service-account-token'
|
||||||
|
end
|
||||||
|
|
||||||
|
def metadata
|
||||||
|
{
|
||||||
|
name: name,
|
||||||
|
namespace: namespace_name,
|
||||||
|
annotations: {
|
||||||
|
"kubernetes.io/service-account.name": service_account_name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -122,6 +122,7 @@ describe Gitlab::Kubernetes::KubeClient do
|
||||||
:create_config_map,
|
:create_config_map,
|
||||||
:create_namespace,
|
:create_namespace,
|
||||||
:create_pod,
|
:create_pod,
|
||||||
|
:create_secret,
|
||||||
:create_service_account,
|
:create_service_account,
|
||||||
:update_config_map,
|
:update_config_map,
|
||||||
:update_service_account
|
:update_service_account
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,35 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe Gitlab::Kubernetes::ServiceAccountToken do
|
||||||
|
let(:name) { 'token-name' }
|
||||||
|
let(:service_account_name) { 'a_service_account' }
|
||||||
|
let(:namespace_name) { 'a_namespace' }
|
||||||
|
let(:service_account_token) { described_class.new(name, service_account_name, namespace_name) }
|
||||||
|
|
||||||
|
it { expect(service_account_token.name).to eq(name) }
|
||||||
|
it { expect(service_account_token.service_account_name).to eq(service_account_name) }
|
||||||
|
it { expect(service_account_token.namespace_name).to eq(namespace_name) }
|
||||||
|
|
||||||
|
describe '#generate' do
|
||||||
|
let(:resource) do
|
||||||
|
::Kubeclient::Resource.new(
|
||||||
|
metadata: {
|
||||||
|
name: name,
|
||||||
|
namespace: namespace_name,
|
||||||
|
annotations: {
|
||||||
|
'kubernetes.io/service-account.name': service_account_name
|
||||||
|
}
|
||||||
|
},
|
||||||
|
type: 'kubernetes.io/service-account-token'
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
subject { service_account_token.generate }
|
||||||
|
|
||||||
|
it 'should build a Kubeclient Resource' do
|
||||||
|
is_expected.to eq(resource)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Reference in New Issue