diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2018-08-29 12:07:01 +0300 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 07:26:50 +0300 |
| commit | 7ebc18d1b3d398e3635feec1939ee3dac6c4a2a0 (patch) | |
| tree | 860e8425064c1b20e889555f1d4c05e117e93242 /spec/support | |
| parent | fe450ebf51abd9fa96a0eff01ad074fc4cfbedab (diff) | |
When provisioning a new cluster, create gitlab service account so that GitLab can perform operations in a RBAC-enabled cluster.
Correspondingly, use the token of the gitlab service account, vs the
default service account token which will have no privs.
Diffstat (limited to 'spec/support')
| -rw-r--r-- | spec/support/helpers/kubernetes_helpers.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/support/helpers/kubernetes_helpers.rb b/spec/support/helpers/kubernetes_helpers.rb index 994a2aaef90..30af1e7928c 100644 --- a/spec/support/helpers/kubernetes_helpers.rb +++ b/spec/support/helpers/kubernetes_helpers.rb @@ -43,6 +43,16 @@ module KubernetesHelpers .to_return(status: [404, "Internal Server Error"]) end + def stub_kubeclient_create_service_account(api_url, namespace: 'default') + WebMock.stub_request(:post, api_url + "/api/v1/namespaces/#{namespace}/serviceaccounts") + .to_return(kube_response({})) + end + + def stub_kubeclient_create_cluster_role_binding(api_url) + WebMock.stub_request(:post, api_url + '/apis/rbac.authorization.k8s.io/v1/clusterrolebindings') + .to_return(kube_response({})) + end + def kube_v1_secrets_body(**options) { "kind" => "SecretList", @@ -68,6 +78,7 @@ module KubernetesHelpers { "name" => "pods", "namespaced" => true, "kind" => "Pod" }, { "name" => "deployments", "namespaced" => true, "kind" => "Deployment" }, { "name" => "secrets", "namespaced" => true, "kind" => "Secret" }, + { "name" => "serviceaccounts", "namespaced" => true, "kind" => "ServiceAccount" }, { "name" => "services", "namespaced" => true, "kind" => "Service" } ] } @@ -80,6 +91,7 @@ module KubernetesHelpers { "name" => "pods", "namespaced" => true, "kind" => "Pod" }, { "name" => "deployments", "namespaced" => true, "kind" => "Deployment" }, { "name" => "secrets", "namespaced" => true, "kind" => "Secret" }, + { "name" => "serviceaccounts", "namespaced" => true, "kind" => "ServiceAccount" }, { "name" => "services", "namespaced" => true, "kind" => "Service" } ] } |