6 files changed, 38 insertions, 18 deletions

diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb
index b4fd09c06e5..eb0fad6cbb2 100644
--- a/app/controllers/projects/clusters_controller.rb
+++ b/app/controllers/projects/clusters_controller.rb
@@ -141,7 +141,8 @@ class Projects::ClustersController < Projects::ApplicationController
         :gcp_project_id,
         :zone,
         :num_nodes,
-        :machine_type
+        :machine_type,
+        :legacy_abac
       ]).merge(
         provider_type: :gcp,
         platform_type: :kubernetes
diff --git a/app/services/clusters/create_service.rb b/app/services/clusters/create_service.rb
index eb171daa694..e3e0cfa462c 100644
--- a/app/services/clusters/create_service.rb
+++ b/app/services/clusters/create_service.rb
@@ -25,16 +25,11 @@ module Clusters
 
       params[:provider_gcp_attributes].try do |provider|
         provider[:access_token] = access_token
-        provider[:legacy_abac] = legacy_abac_value
       end
 
       @cluster_params = params.merge(user: current_user, projects: [project])
     end
 
-    def legacy_abac_value
-      !Feature.enabled?(:rbac_clusters)
-    end
-
     def can_create_cluster?
       project.clusters.empty?
     end
diff --git a/app/views/projects/clusters/gcp/_form.html.haml b/app/views/projects/clusters/gcp/_form.html.haml
index 9133de6559d..0222bbf7338 100644
--- a/app/views/projects/clusters/gcp/_form.html.haml
+++ b/app/views/projects/clusters/gcp/_form.html.haml
@@ -61,5 +61,15 @@
       %p.form-text.text-muted
         = s_('ClusterIntegration|Learn more about %{help_link_start_machine_type}machine types%{help_link_end} and %{help_link_start_pricing}pricing%{help_link_end}.').html_safe % { help_link_start_machine_type: help_link_start % { url: machine_type_link_url }, help_link_start_pricing: help_link_start % { url: pricing_link_url }, help_link_end: help_link_end }
 
+    - if rbac_clusters_feature_enabled?
+      .form-group
+        .form-check
+          = provider_gcp_field.check_box :legacy_abac, { class: 'form-check-input' }, false, true
+          = provider_gcp_field.label :legacy_abac, s_('ClusterIntegration|RBAC-enabled cluster (experimental)'), class: 'form-check-label label-bold'
+          .form-text.text-muted
+            = s_('ClusterIntegration|Enable this setting if using role-based access control (RBAC).')
+            = s_('ClusterIntegration|This option will allow you to install applications on RBAC clusters.')
+            = link_to _('More information'), help_page_path('user/project/clusters/index.md', anchor: 'role-based-access-control-rbac-experimental-support'), target: '_blank'
+
     .form-group
       = field.submit s_('ClusterIntegration|Create Kubernetes cluster'), class: 'js-gke-cluster-creation-submit btn btn-success', disabled: true
diff --git a/app/views/projects/clusters/gcp/_show.html.haml b/app/views/projects/clusters/gcp/_show.html.haml
index 877e0cc876c..be84f2ae67c 100644
--- a/app/views/projects/clusters/gcp/_show.html.haml
+++ b/app/views/projects/clusters/gcp/_show.html.haml
@@ -37,5 +37,14 @@
       = platform_kubernetes_field.label :namespace, s_('ClusterIntegration|Project namespace (optional, unique)')
       = platform_kubernetes_field.text_field :namespace, class: 'form-control', placeholder: s_('ClusterIntegration|Project namespace')
 
+    - if rbac_clusters_feature_enabled?
+      .form-group
+        .form-check
+          = platform_kubernetes_field.check_box :authorization_type, { class: 'form-check-input', disabled: true }, 'rbac', 'abac'
+          = platform_kubernetes_field.label :authorization_type, s_('ClusterIntegration|RBAC-enabled cluster (experimental)'), class: 'form-check-label label-bold'
+          .form-text.text-muted
+            = s_('ClusterIntegration|Enable this setting if using role-based access control (RBAC).')
+            = s_('ClusterIntegration|This option will allow you to install applications on RBAC clusters.')
+
     .form-group
       = field.submit s_('ClusterIntegration|Save changes'), class: 'btn btn-success'
diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb
index 26a532ee01d..97ac11fd171 100644
--- a/spec/controllers/projects/clusters_controller_spec.rb
+++ b/spec/controllers/projects/clusters_controller_spec.rb
@@ -170,12 +170,14 @@ describe Projects::ClustersController do
   end
 
   describe 'POST create for new cluster' do
+    let(:legacy_abac_param) { 'true' }
     let(:params) do
       {
         cluster: {
           name: 'new-cluster',
           provider_gcp_attributes: {
-            gcp_project_id: 'gcp-project-12345'
+            gcp_project_id: 'gcp-project-12345',
+            legacy_abac: legacy_abac_param
           }
         }
       }
@@ -201,6 +203,18 @@ describe Projects::ClustersController do
           expect(response).to redirect_to(project_cluster_path(project, project.clusters.first))
           expect(project.clusters.first).to be_gcp
           expect(project.clusters.first).to be_kubernetes
+          expect(project.clusters.first.provider_gcp).to be_legacy_abac
+        end
+
+        context 'when legacy_abac param is false' do
+          let(:legacy_abac_param) { 'false' }
+
+          it 'creates a new cluster with legacy_abac_disabled' do
+            expect(ClusterProvisionWorker).to receive(:perform_async)
+            expect { go }.to change { Clusters::Cluster.count }
+              .and change { Clusters::Providers::Gcp.count }
+            expect(project.clusters.first.provider_gcp).not_to be_legacy_abac
+          end
         end
       end
 
diff --git a/spec/support/services/clusters/create_service_shared.rb b/spec/support/services/clusters/create_service_shared.rb
index b45ad3f6b8c..e2b5920d794 100644
--- a/spec/support/services/clusters/create_service_shared.rb
+++ b/spec/support/services/clusters/create_service_shared.rb
@@ -7,7 +7,8 @@ shared_context 'valid cluster create params' do
         gcp_project_id: 'gcp-project',
         zone: 'us-central1-a',
         num_nodes: 1,
-        machine_type: 'machine_type-a'
+        machine_type: 'machine_type-a',
+        legacy_abac: 'true'
       }
     }
   end
@@ -50,16 +51,6 @@ shared_examples 'create cluster service success' do
     expect(subject.provider).to be_legacy_abac
     expect(subject.platform).to be_nil
   end
-
-  context 'rbac_clusters feature is enabled' do
-    before do
-      stub_feature_flags(rbac_clusters: true)
-    end
-
-    it 'has legacy_abac false' do
-      expect(subject.provider).not_to be_legacy_abac
-    end
-  end
 end
 
 shared_examples 'create cluster service error' do