app/services/clusters/gcp/kubernetes/create_service_account_service.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

# frozen_string_literal: true

module Clusters
  module Gcp
    module Kubernetes
      class CreateServiceAccountService
        attr_reader :kubeclient, :rbac

        def initialize(kubeclient, rbac:)
          @kubeclient = kubeclient
          @rbac = rbac
        end

        def execute
          kubeclient.create_service_account(service_account_resource)
          kubeclient.create_secret(service_account_token_resource)
          kubeclient.create_cluster_role_binding(cluster_role_binding_resource) if rbac
        end

        private

        def service_account_resource
          Gitlab::Kubernetes::ServiceAccount.new(service_account_name, service_account_namespace).generate
        end

        def service_account_token_resource
          Gitlab::Kubernetes::ServiceAccountToken.new(
            SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, service_account_namespace).generate
        end

        def cluster_role_binding_resource
          subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }]

          Gitlab::Kubernetes::ClusterRoleBinding.new(
            CLUSTER_ROLE_BINDING_NAME,
            CLUSTER_ROLE_NAME,
            subjects
          ).generate
        end

        def service_account_name
          SERVICE_ACCOUNT_NAME
        end

        def service_account_namespace
          SERVICE_ACCOUNT_NAMESPACE
        end
      end
    end
  end
end