Example 11 with Binding
use of io.fabric8.kubernetes.api.model.Binding in project intellij-tekton by redhat-developer.
the class AddTriggerAction method getTriggerBindings.
private Map<String, String> getTriggerBindings(String namespace, Tkn tkncli) {
Map<String, String> triggerBindingsOnCluster = new HashMap<>();
GenericKubernetesResourceList allTriggerBindings = tkncli.getCustomResources(namespace, CRDHelper.getCRDContext("triggers.tekton.dev/v1beta1", "triggerbindings"));
if (allTriggerBindings == null) {
return triggerBindingsOnCluster;
}
allTriggerBindings.getItems().forEach(binding -> {
try {
String bindingAsYAML = YAMLBuilder.writeValueAsString(binding);
triggerBindingsOnCluster.put(binding.getMetadata().getName(), bindingAsYAML);
} catch (IOException e) {
logger.warn(e.getLocalizedMessage(), e);
}
});
return triggerBindingsOnCluster;
}
Also used :
HashMap(java.util.HashMap)
GenericKubernetesResourceList(io.fabric8.kubernetes.api.model.GenericKubernetesResourceList)
IOException(java.io.IOException)
Example 12 with Binding
use of io.fabric8.kubernetes.api.model.Binding in project quarkus-operator-sdk by quarkiverse.
the class CsvManifestsBuilder method handlePermissions.
private void handlePermissions(List<ClusterRole> clusterRoles, List<RoleBinding> roleBindings, List<Role> roles, String defaultServiceAccountName, NamedInstallStrategyFluent.SpecNested<ClusterServiceVersionSpecFluent.InstallNested<ClusterServiceVersionFluent.SpecNested<ClusterServiceVersionBuilder>>> installSpec) {
Map<String, List<PolicyRule>> customPermissionRules = new HashMap<>();
if (metadata.permissionRules != null) {
for (CSVMetadataHolder.PermissionRule permissionRule : metadata.permissionRules) {
String serviceAccountName = StringUtils.defaultIfEmpty(permissionRule.serviceAccountName, defaultServiceAccountName);
List<PolicyRule> customRulesByServiceAccount = customPermissionRules.get(serviceAccountName);
if (customRulesByServiceAccount == null) {
customRulesByServiceAccount = new LinkedList<>();
customPermissionRules.put(serviceAccountName, customRulesByServiceAccount);
}
customRulesByServiceAccount.add(new PolicyRuleBuilder().addAllToApiGroups(Arrays.asList(permissionRule.apiGroups)).addAllToResources(Arrays.asList(permissionRule.resources)).addAllToVerbs(Arrays.asList(permissionRule.verbs)).build());
}
}
for (RoleBinding binding : roleBindings) {
String serviceAccountName = findServiceAccountFromSubjects(binding.getSubjects(), defaultServiceAccountName);
if (NO_SERVICE_ACCOUNT.equals(serviceAccountName)) {
LOGGER.warnf("Role '%s' was not added because the service account is missing", binding.getRoleRef().getName());
continue;
}
List<PolicyRule> rules = new LinkedList<>();
rules.addAll(findRules(binding.getRoleRef(), clusterRoles, roles));
Optional.ofNullable(customPermissionRules.remove(serviceAccountName)).ifPresent(rules::addAll);
handlerPermission(rules, serviceAccountName, installSpec);
}
}
Also used :
PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule)
HashMap(java.util.HashMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
PolicyRuleBuilder(io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder)
LinkedList(java.util.LinkedList)
CSVMetadataHolder(io.quarkiverse.operatorsdk.csv.runtime.CSVMetadataHolder)
LinkedList(java.util.LinkedList)
List(java.util.List)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding)
Example 13 with Binding
use of io.fabric8.kubernetes.api.model.Binding in project kie-wb-common by kiegroup.
the class OpenShiftClient method addServiceAccountRole.
private void addServiceAccountRole(String prjName, String name, String role) {
Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
DoneablePolicyBinding binding;
if (bindingResource.get() == null) {
binding = bindingResource.createNew();
} else {
binding = bindingResource.edit();
}
binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToUserNames("system:serviceaccount:" + prjName + ":" + name).addNewSubject().withName("default").withNamespace(prjName).withKind("ServiceAccount").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used :
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)
Example 14 with Binding
use of io.fabric8.kubernetes.api.model.Binding in project kie-wb-common by kiegroup.
the class OpenShiftClient method addSystemGroupRole.
private void addSystemGroupRole(String prjName, String name, String role) {
Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
DoneablePolicyBinding binding;
if (bindingResource.get() == null) {
binding = bindingResource.createNew();
} else {
binding = bindingResource.edit();
}
binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToGroupNames("system:serviceaccounts:" + prjName).addNewSubject().withName("default").withNamespace(prjName).withKind("SystemGroup").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used :
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)
Example 15 with Binding
use of io.fabric8.kubernetes.api.model.Binding in project docker-maven-plugin by fabric8io.
the class VolumeBindingUtilTest method testResolveRelativeVolumePathWithAccessSpecifications.
/**
* Insures that a host volume binding string that contains a path relative to the current working directory <em>and
* </em> specifies access controls resolves to the supplied base directory <em>and</em> that the access controls are
* preserved through the operation.
*/
@Test
public void testResolveRelativeVolumePathWithAccessSpecifications() {
String volumeString = format(BIND_STRING_WITH_ACCESS_FMT, RELATIVE_PATH, CONTAINER_PATH, RO_ACCESS);
// './rel:/path/to/container/dir:ro' to '/absolute/basedir/rel:/path/to/container/dir:ro'
String relativizedVolumeString = resolveRelativeVolumeBinding(ABS_BASEDIR, volumeString);
String expectedBindingString = format(BIND_STRING_WITH_ACCESS_FMT, new File(ABS_BASEDIR, stripLeadingPeriod(RELATIVE_PATH)), CONTAINER_PATH, RO_ACCESS);
assertEquals(expectedBindingString, relativizedVolumeString);
}
Also used :
PathTestUtil.createTmpFile(io.fabric8.maven.docker.util.PathTestUtil.createTmpFile)
File(java.io.File)
Test(org.junit.Test)
Aggregations
IOException (java.io.IOException)11
List (java.util.List)11
Test (org.junit.jupiter.api.Test)11
RoleBinding (io.fabric8.kubernetes.api.model.rbac.RoleBinding)10
HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)8
ClusterRoleBinding (io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)8
Subject (io.fabric8.kubernetes.api.model.rbac.Subject)8
ParallelTest (io.strimzi.test.annotations.ParallelTest)8
Arrays (java.util.Arrays)8
HashMap (java.util.HashMap)8
ServiceBinding (io.dekorate.servicebinding.model.ServiceBinding)7
File (java.io.File)7
Path (java.nio.file.Path)7
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)7
RoleRefBuilder (io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)6
SubjectBuilder (io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)6
AppArtifact (io.quarkus.bootstrap.model.AppArtifact)6
Version (io.quarkus.builder.Version)6
ProdBuildResults (io.quarkus.test.ProdBuildResults)6
ProdModeTestResults (io.quarkus.test.ProdModeTestResults)6
