Commit 1e4d6150 authored by Mayra Cabrera's avatar Mayra Cabrera

Add RoleBinding methods

Includes RoleBinding methods to Kubeclient and introduce a new lib class
to generate RoleBinding resources.

This MR is part of
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22011
parent 4cf1845e
---
title: Allow kubeclient to call RoleBinding methods
merge_request: 22524
author:
type: other
...@@ -45,6 +45,13 @@ module Gitlab ...@@ -45,6 +45,13 @@ module Gitlab
:update_cluster_role_binding, :update_cluster_role_binding,
to: :rbac_client to: :rbac_client
# RBAC methods delegates to the apis/rbac.authorization.k8s.io api
# group client
delegate :create_role_binding,
:get_role_binding,
:update_role_binding,
to: :rbac_client
# Deployments resource is currently on the apis/extensions api group # Deployments resource is currently on the apis/extensions api group
delegate :get_deployments, delegate :get_deployments,
to: :extensions_client to: :extensions_client
......
# frozen_string_literal: true
module Gitlab
module Kubernetes
class RoleBinding
attr_reader :role_name, :namespace, :service_account_name
def initialize(role_name:, namespace:, service_account_name:)
@role_name = role_name
@namespace = namespace
@service_account_name = service_account_name
end
def generate
::Kubeclient::Resource.new.tap do |resource|
resource.metadata = metadata
resource.roleRef = role_ref
resource.subjects = subjects
end
end
private
def metadata
{ name: "gitlab-#{namespace}", namespace: namespace }
end
def role_ref
{
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: role_name
}
end
def subjects
[
{
kind: 'ServiceAccount',
name: service_account_name,
namespace: namespace
}
]
end
end
end
end
# frozen_string_literal: true
require 'spec_helper'
describe Gitlab::Kubernetes::RoleBinding, '#generate' do
let(:role_name) { 'edit' }
let(:namespace) { 'my-namespace' }
let(:service_account_name) { 'my-service-account' }
let(:subjects) do
[
{
kind: 'ServiceAccount',
name: service_account_name,
namespace: namespace
}
]
end
let(:role_ref) do
{
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: role_name
}
end
let(:resource) do
::Kubeclient::Resource.new(
metadata: { name: "gitlab-#{namespace}", namespace: namespace },
roleRef: role_ref,
subjects: subjects
)
end
subject do
described_class.new(
role_name: role_name,
namespace: namespace,
service_account_name: service_account_name
).generate
end
it 'should build a Kubeclient Resource' do
is_expected.to eq(resource)
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment