Changes to create role and binding for crossplane database

17911b62 · Mahendra Bagul · 8c7844b4 · 17911b62 · 17911b62
Commit 17911b62 authored Nov 12, 2019 by Mahendra Bagul
2 changed files
--- a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
+++ b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
@@ -49,6 +49,8 @@ module Clusters

        create_or_update_knative_serving_role
        create_or_update_knative_serving_role_binding
+        create_or_update_crossplane_serving_role
+        create_or_update_crossplane_serving_role_binding
      end

      private
@@ -78,6 +80,14 @@ module Clusters
        kubeclient.update_role_binding(knative_serving_role_binding_resource)
      end

+      def create_or_update_crossplane_serving_role
+        kubeclient.update_role(crossplane_serving_role_resource)
+      end
+
+      def create_or_update_crossplane_serving_role_binding
+        kubeclient.update_role_binding(crossplane_serving_role_binding_resource)
+      end
+
      def service_account_resource
        Gitlab::Kubernetes::ServiceAccount.new(
          service_account_name,
@@ -134,6 +144,28 @@ module Clusters
          service_account_name: service_account_name
        ).generate
      end
+
+      def crossplane_serving_role_resource
+        Gitlab::Kubernetes::Role.new(
+            name: Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_NAME,
+            namespace: service_account_namespace,
+            rules: [{
+                        apiGroups: %w(database.crossplane.io),
+                        resources: %w(postgresqlinstances),
+                        verbs: %w(get list create watch)
+                    }]
+        ).generate
+      end
+
+      def crossplane_serving_role_binding_resource
+        Gitlab::Kubernetes::RoleBinding.new(
+            name: Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME,
+            role_name: Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_NAME,
+            role_kind: :Role,
+            namespace: service_account_namespace,
+            service_account_name: service_account_name
+        ).generate
+      end
    end
  end
 end
--- a/app/services/clusters/kubernetes/kubernetes.rb
+++ b/app/services/clusters/kubernetes/kubernetes.rb
@@ -10,5 +10,7 @@ module Clusters
    PROJECT_CLUSTER_ROLE_NAME = 'edit'
    GITLAB_KNATIVE_SERVING_ROLE_NAME = 'gitlab-knative-serving-role'
    GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME = 'gitlab-knative-serving-rolebinding'
+    GITLAB_CROSSPLANE_DATABASE_ROLE_NAME = 'gitlab-crossplane-database-role'
+    GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME = 'gitlab-crossplane-database-rolebinding'
  end
 end