# frozen_string_literal: true module Gitlab module Ci module Build module Prerequisite class KubernetesNamespace < Base def unmet? deployment_cluster.present? && deployment_cluster.managed? && missing_namespace? end def complete! return unless unmet? create_namespace end private def missing_namespace? kubernetes_namespace.nil? || kubernetes_namespace.service_account_token.blank? end def deployment_cluster build.deployment&.cluster end def environment build.deployment.environment end def kubernetes_namespace strong_memoize(:kubernetes_namespace) do ::Clusters::KubernetesNamespaceFinder.new( deployment_cluster, project: environment.project, environment_name: environment.name, allow_blank_token: true ).execute end end def create_namespace namespace = kubernetes_namespace || build_namespace_record return if conflicting_ci_namespace_requested?(namespace) ::Clusters::Kubernetes::CreateOrUpdateNamespaceService.new( cluster: deployment_cluster, kubernetes_namespace: namespace ).execute end ## # A namespace can only be specified via gitlab-ci.yml # for unmanaged clusters, as we currently have no way # of preventing a job requesting a namespace it # shouldn't have access to. # # To make this clear, we fail the build instead of # silently using a namespace other than the one # explicitly specified. # # Support for managed clusters will be added in # https://gitlab.com/gitlab-org/gitlab/issues/38054 def conflicting_ci_namespace_requested?(namespace_record) build.expanded_kubernetes_namespace.present? && namespace_record.namespace != build.expanded_kubernetes_namespace end def build_namespace_record ::Clusters::BuildKubernetesNamespaceService.new( deployment_cluster, environment: environment ).execute end end end end end end