2 files changed, 27 insertions, 3 deletions

diff --git a/app/services/clusters/gcp/finalize_creation_service.rb b/app/services/clusters/gcp/finalize_creation_service.rb
index e0e8a9a372a..e5bc80f6697 100644
--- a/app/services/clusters/gcp/finalize_creation_service.rb
+++ b/app/services/clusters/gcp/finalize_creation_service.rb
@@ -48,9 +48,8 @@ module Clusters
         Clusters::Gcp::Kubernetes::FetchKubernetesTokenService.new(kube_client).execute
       end
 
-      # GKE Clusters have RBAC enabled on Kubernetes >= 1.6
       def authorization_type
-        'rbac'
+        Feature.enabled?(:rbac_clusters) ? 'rbac' : 'abac'
       end
 
       def kube_client
diff --git a/spec/services/clusters/gcp/finalize_creation_service_spec.rb b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
index aec865872a0..9283df0b492 100644
--- a/spec/services/clusters/gcp/finalize_creation_service_spec.rb
+++ b/spec/services/clusters/gcp/finalize_creation_service_spec.rb
@@ -59,6 +59,8 @@ describe Clusters::Gcp::FinalizeCreationService do
               metadata_name: 'gitlab-token-Y1a',
               token: Base64.encode64(token)
             } )
+
+          stub_feature_flags(rbac_clusters: false)
         end
 
         it_behaves_like 'success'
@@ -74,9 +76,32 @@ describe Clusters::Gcp::FinalizeCreationService do
           expect(platform.ca_cert).to eq(Base64.decode64(load_sample_cert))
           expect(platform.username).to eq(username)
           expect(platform.password).to eq(password)
-          expect(platform.authorization_type).to eq('rbac')
+          expect(platform.authorization_type).to eq('abac')
           expect(platform.token).to eq(token)
         end
+
+        context 'rbac_clusters feature enabled' do
+          before do
+            stub_feature_flags(rbac_clusters: true)
+          end
+
+          it_behaves_like 'success'
+
+          it 'has corresponded data' do
+            described_class.new.execute(provider)
+            cluster.reload
+            provider.reload
+            platform.reload
+
+            expect(provider.endpoint).to eq(endpoint)
+            expect(platform.api_url).to eq(api_url)
+            expect(platform.ca_cert).to eq(Base64.decode64(load_sample_cert))
+            expect(platform.username).to eq(username)
+            expect(platform.password).to eq(password)
+            expect(platform.authorization_type).to eq('rbac')
+            expect(platform.token).to eq(token)
+          end
+        end
       end
 
       context 'when default-token is not found' do