[Federation] Use service accounts instead of the user's credentials when accessing joined clusters' API servers.

pkg/kubectl/cluster_test.go

@@ -106,6 +106,62 @@ func TestClusterGenerate(t *testing.T) {
 			},
 			expectErr: false,
 		},
+		{
+			params: map[string]interface{}{
+				"name":           "bar-cluster",
+				"client-cidr":    "10.20.30.40/16",
+				"server-address": "http://10.20.30.40",
+				"secret":         "credentials",
+			},
+			expected: &federationapi.Cluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "bar-cluster",
+				},
+				Spec: federationapi.ClusterSpec{
+					ServerAddressByClientCIDRs: []federationapi.ServerAddressByClientCIDR{
+						{
+							ClientCIDR:    "10.20.30.40/16",
+							ServerAddress: "http://10.20.30.40",
+						},
+					},
+					SecretRef: &v1.LocalObjectReference{
+						Name: "credentials",
+					},
+				},
+			},
+			expectErr: false,
+		},
+		{
+			params: map[string]interface{}{
+				"name":                 "bar-cluster",
+				"client-cidr":          "10.20.30.40/16",
+				"server-address":       "http://10.20.30.40",
+				"secret":               "credentials",
+				"service-account-name": "service-account",
+				"cluster-role-name":    "cluster-role",
+			},
+			expected: &federationapi.Cluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "bar-cluster",
+					Annotations: map[string]string{
+						ServiceAccountNameAnnotation: "service-account",
+						ClusterRoleNameAnnotation:    "cluster-role",
+					},
+				},
+				Spec: federationapi.ClusterSpec{
+					ServerAddressByClientCIDRs: []federationapi.ServerAddressByClientCIDR{
+						{
+							ClientCIDR:    "10.20.30.40/16",
+							ServerAddress: "http://10.20.30.40",
+						},
+					},
+					SecretRef: &v1.LocalObjectReference{
+						Name: "credentials",
+					},
+				},
+			},
+			expectErr: false,
+		},
 		{
 			params: map[string]interface{}{
 				"server-address": "https://10.20.30.40",
@@ -144,6 +200,28 @@ func TestClusterGenerate(t *testing.T) {
 			expected:  nil,
 			expectErr: true,
 		},
+		{
+			params: map[string]interface{}{
+				"name":              "bar-cluster",
+				"client-cidr":       "10.20.30.40/16",
+				"server-address":    "http://10.20.30.40",
+				"secret":            "credentials",
+				"cluster-role-name": "cluster-role",
+			},
+			expected:  nil,
+			expectErr: true,
+		},
+		{
+			params: map[string]interface{}{
+				"name":                 "bar-cluster",
+				"client-cidr":          "10.20.30.40/16",
+				"server-address":       "http://10.20.30.40",
+				"secret":               "credentials",
+				"service-account-name": "service-account",
+			},
+			expected:  nil,
+			expectErr: true,
+		},
 	}
 	generator := ClusterGeneratorV1Beta1{}
 	for i, test := range tests {