diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-09-07 14:48:06 +0300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 07:26:51 +0300 |
commit | a02e35308b97d43964ebcf7fda040da418c04ddc (patch) | |
tree | 5e7738b00b41248720298edf48e73b4c2aa9579c /app/services/clusters/gcp/finalize_creation_service.rb | |
parent | 8c8ccd3167ddb63485aa9e71affc737832d3846a (diff) |
Always create `gitlab` service account and service account token regardless of ABAC/RBAC
This also solves the async nature of the automatic creation of default
service tokens for service accounts. It also makes explicit which
service account token we always use.
create cluster role binding only if the provider has legacy_abac
disabled.
Diffstat (limited to 'app/services/clusters/gcp/finalize_creation_service.rb')
-rw-r--r-- | app/services/clusters/gcp/finalize_creation_service.rb | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb index 8170e732d48..3ae0a4a19d0 100644 --- a/app/services/clusters/gcp/finalize_creation_service.rb +++ b/app/services/clusters/gcp/finalize_creation_service.rb @@ -8,9 +8,8 @@ module Clusters def execute(provider) @provider = provider - create_gitlab_service_account! - configure_provider + create_gitlab_service_account! configure_kubernetes cluster.save! @@ -25,9 +24,7 @@ module Clusters private def create_gitlab_service_account! - if create_rbac_cluster? - Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute - end + Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client, rbac: create_rbac_cluster?).execute end def configure_provider @@ -47,9 +44,7 @@ module Clusters end def request_kubernetes_token - service_account_name = create_rbac_cluster? ? Clusters::Gcp::Kubernetes::SERVICE_ACCOUNT_NAME : 'default' - - Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client, service_account_name).execute + Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute end def authorization_type |