diff options
Diffstat (limited to 'spec/services/clusters')
-rw-r--r-- | spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb | 70 |
1 files changed, 18 insertions, 52 deletions
diff --git a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb index 3020ec2bf6f..a4f018aec0c 100644 --- a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb @@ -161,60 +161,26 @@ RSpec.describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do it_behaves_like 'creates service account and token' - context 'kubernetes_cluster_namespace_role_admin FF is enabled' do - before do - stub_feature_flags(kubernetes_cluster_namespace_role_admin: true) - end - - it 'creates a namespaced role binding with admin access' do - subject - - expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( - body: hash_including( - metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'admin' - }, - subjects: [ - { - kind: 'ServiceAccount', - name: service_account_name, - namespace: namespace - } - ] - ) - ) - end - end + it 'creates a namespaced role binding with admin access' do + subject - context 'kubernetes_cluster_namespace_role_admin FF is disabled' do - before do - stub_feature_flags(kubernetes_cluster_namespace_role_admin: false) - end - - it 'creates a namespaced role binding with edit access' do - subject - - expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( - body: hash_including( - metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'edit' - }, - subjects: [ - { - kind: 'ServiceAccount', - name: service_account_name, - namespace: namespace - } - ] - ) + expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{role_binding_name}").with( + body: hash_including( + metadata: { name: "gitlab-#{namespace}", namespace: "#{namespace}" }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'admin' + }, + subjects: [ + { + kind: 'ServiceAccount', + name: service_account_name, + namespace: namespace + } + ] ) - end + ) end it 'creates a role binding granting crossplane database permissions to the service account' do |