Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-11-19 11:27:35 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-11-19 11:27:35 +0300
commit: 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch)
tree: c8f718a08e110ad7e1894510980d2155a6549197 /app/services/clusters
parent: e852b0ae16db4052c1c567d9efa4facc81146e88 (diff)
4 files changed, 15 insertions, 13 deletions
diff --git a/app/services/clusters/aws/authorize_role_service.rb b/app/services/clusters/aws/authorize_role_service.rb
index 2712a4b05bb..188c4aebc5f 100644
--- a/app/services/clusters/aws/authorize_role_service.rb
+++ b/app/services/clusters/aws/authorize_role_service.rb
@@ -17,7 +17,8 @@ module Clusters
 
       def initialize(user, params:)
         @user = user
-        @params = params
+        @role_arn = params[:role_arn]
+        @region = params[:region]
       end
 
       def execute
@@ -33,14 +34,14 @@ module Clusters
 
       private
 
-      attr_reader :role, :params
+      attr_reader :role, :role_arn, :region
 
       def ensure_role_exists!
         @role = ::Aws::Role.find_by_user_id!(user.id)
       end
 
       def update_role_arn!
-        role.update!(params)
+        role.update!(role_arn: role_arn, region: region)
       end
 
       def credentials
diff --git a/app/services/clusters/aws/fetch_credentials_service.rb b/app/services/clusters/aws/fetch_credentials_service.rb
index 33efc4cc120..96abbb43969 100644
--- a/app/services/clusters/aws/fetch_credentials_service.rb
+++ b/app/services/clusters/aws/fetch_credentials_service.rb
@@ -10,6 +10,7 @@ module Clusters
       def initialize(provision_role, provider: nil)
         @provision_role = provision_role
         @provider = provider
+        @region = provider&.region || provision_role&.region || Clusters::Providers::Aws::DEFAULT_REGION
       end
 
       def execute
@@ -26,7 +27,7 @@ module Clusters
 
       private
 
-      attr_reader :provider
+      attr_reader :provider, :region
 
       def client
         ::Aws::STS::Client.new(credentials: gitlab_credentials, region: region)
@@ -44,10 +45,6 @@ module Clusters
         Gitlab::CurrentSettings.eks_secret_access_key
       end
 
-      def region
-        provider&.region || Clusters::Providers::Aws::DEFAULT_REGION
-      end
-
       ##
       # If we haven't created a provider record yet,
       # we restrict ourselves to read only access so
diff --git a/app/services/clusters/kubernetes.rb b/app/services/clusters/kubernetes.rb
index aafea64c820..819ac4c8464 100644
--- a/app/services/clusters/kubernetes.rb
+++ b/app/services/clusters/kubernetes.rb
@@ -7,7 +7,7 @@ module Clusters
     GITLAB_ADMIN_TOKEN_NAME = 'gitlab-token'
     GITLAB_CLUSTER_ROLE_BINDING_NAME = 'gitlab-admin'
     GITLAB_CLUSTER_ROLE_NAME = 'cluster-admin'
-    PROJECT_CLUSTER_ROLE_NAME = 'edit'
+    PROJECT_CLUSTER_ROLE_NAME = 'admin'
     GITLAB_KNATIVE_SERVING_ROLE_NAME = 'gitlab-knative-serving-role'
     GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME = 'gitlab-knative-serving-rolebinding'
     GITLAB_CROSSPLANE_DATABASE_ROLE_NAME = 'gitlab-crossplane-database-role'
diff --git a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
index 2725a3aeaa5..eabc428d0d2 100644
--- a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
+++ b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
@@ -69,7 +69,13 @@ module Clusters
 
       def create_role_or_cluster_role_binding
         if namespace_creator
-          kubeclient.create_or_update_role_binding(role_binding_resource)
+          begin
+            kubeclient.delete_role_binding(role_binding_name, service_account_namespace)
+          rescue Kubeclient::ResourceNotFoundError
+            # Do nothing as we will create new role binding below
+          end
+
+          kubeclient.update_role_binding(role_binding_resource)
         else
           kubeclient.create_or_update_cluster_role_binding(cluster_role_binding_resource)
         end
@@ -117,11 +123,9 @@ module Clusters
       end
 
       def role_binding_resource
-        role_name = Feature.enabled?(:kubernetes_cluster_namespace_role_admin) ? 'admin' : Clusters::Kubernetes::PROJECT_CLUSTER_ROLE_NAME
-
         Gitlab::Kubernetes::RoleBinding.new(
           name: role_binding_name,
-          role_name: role_name,
+          role_name: Clusters::Kubernetes::PROJECT_CLUSTER_ROLE_NAME,
           role_kind: :ClusterRole,
           namespace: service_account_namespace,
           service_account_name: service_account_name
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-11-19 11:27:35 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-11-19 11:27:35 +0300
commit	7e9c479f7de77702622631cff2628a9c8dcbc627 (patch)
tree	c8f718a08e110ad7e1894510980d2155a6549197 /app/services/clusters
parent	e852b0ae16db4052c1c567d9efa4facc81146e88 (diff)