Examples with PolicyRule io.fabric8.kubernetes.api.model.rbac.PolicyRule used on opensource projects

Search in sources :

Example 1 with PolicyRule

use of io.fabric8.kubernetes.api.model.rbac.PolicyRule in project strimzi by strimzi.

the class EntityOperator method generateRole.

/**
 * Read the entity operator ClusterRole, and use the rules to create a new Role.
 * This is done to avoid duplication of the rules set defined in source code.
 * If the namespace of the role is not the same as the namespace of the parent resource (Kafka CR), we do not set
 * the owner reference.
 *
 * @param ownerNamespace        The namespace of the parent resource (the Kafka CR)
 * @param namespace             The namespace this role will be located
 *
 * @return role for the entity operator
 */
public Role generateRole(String ownerNamespace, String namespace) {
    List<PolicyRule> rules;
    try (BufferedReader br = new BufferedReader(new InputStreamReader(Main.class.getResourceAsStream("/cluster-roles/031-ClusterRole-strimzi-entity-operator.yaml"), StandardCharsets.UTF_8))) {
        String yaml = br.lines().collect(Collectors.joining(System.lineSeparator()));
        ObjectMapper yamlReader = new ObjectMapper(new YAMLFactory());
        ClusterRole cr = yamlReader.readValue(yaml, ClusterRole.class);
        rules = cr.getRules();
    } catch (IOException e) {
        LOGGER.errorCr(reconciliation, "Failed to read entity-operator ClusterRole.", e);
        throw new RuntimeException(e);
    }
    Role role = super.generateRole(namespace, rules);
    // We set OwnerReference only within the same namespace since it does not work cross-namespace
    if (!namespace.equals(ownerNamespace)) {
        role.getMetadata().setOwnerReferences(Collections.emptyList());
    }
    return role;
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) InputStreamReader(java.io.InputStreamReader) BufferedReader(java.io.BufferedReader) YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory) IOException(java.io.IOException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole)

Example 2 with PolicyRule

use of io.fabric8.kubernetes.api.model.rbac.PolicyRule in project strimzi by strimzi.

the class EntityOperatorTest method testRole.

@ParallelTest
public void testRole() {
    Kafka resource = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout)).editSpec().editOrNewEntityOperator().endEntityOperator().endSpec().build();
    EntityOperator eo = EntityOperator.fromCrd(new Reconciliation("test", resource.getKind(), resource.getMetadata().getNamespace(), resource.getMetadata().getName()), resource, VERSIONS);
    Role role = eo.generateRole(namespace, namespace);
    assertThat(role.getMetadata().getName(), is("foo-entity-operator"));
    assertThat(role.getMetadata().getNamespace(), is(namespace));
    List<PolicyRule> rules = new ArrayList<>();
    rules.add(new PolicyRuleBuilder().addToResources("kafkatopics", "kafkatopics/status", "kafkausers", "kafkausers/status").addToVerbs("get", "list", "watch", "create", "patch", "update", "delete").addToApiGroups(Constants.RESOURCE_GROUP_NAME).build());
    rules.add(new PolicyRuleBuilder().addToResources("events").addToVerbs("create").addToApiGroups("").build());
    rules.add(new PolicyRuleBuilder().addToResources("secrets").addToVerbs("get", "list", "watch", "create", "delete", "patch", "update").addToApiGroups("").build());
    assertThat(role.getRules(), is(rules));
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) Reconciliation(io.strimzi.operator.common.Reconciliation) Kafka(io.strimzi.api.kafka.model.Kafka) ArrayList(java.util.ArrayList) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) PolicyRuleBuilder(io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 3 with PolicyRule

use of io.fabric8.kubernetes.api.model.rbac.PolicyRule in project strimzi-kafka-operator by strimzi.

the class EntityOperatorTest method testRole.

@ParallelTest
public void testRole() {
    Kafka resource = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout)).editSpec().editOrNewEntityOperator().endEntityOperator().endSpec().build();
    EntityOperator eo = EntityOperator.fromCrd(new Reconciliation("test", resource.getKind(), resource.getMetadata().getNamespace(), resource.getMetadata().getName()), resource, VERSIONS);
    Role role = eo.generateRole(namespace, namespace);
    assertThat(role.getMetadata().getName(), is("foo-entity-operator"));
    assertThat(role.getMetadata().getNamespace(), is(namespace));
    List<PolicyRule> rules = new ArrayList<>();
    rules.add(new PolicyRuleBuilder().addToResources("kafkatopics", "kafkatopics/status", "kafkausers", "kafkausers/status").addToVerbs("get", "list", "watch", "create", "patch", "update", "delete").addToApiGroups(Constants.RESOURCE_GROUP_NAME).build());
    rules.add(new PolicyRuleBuilder().addToResources("events").addToVerbs("create").addToApiGroups("").build());
    rules.add(new PolicyRuleBuilder().addToResources("secrets").addToVerbs("get", "list", "watch", "create", "delete", "patch", "update").addToApiGroups("").build());
    assertThat(role.getRules(), is(rules));
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) Reconciliation(io.strimzi.operator.common.Reconciliation) Kafka(io.strimzi.api.kafka.model.Kafka) ArrayList(java.util.ArrayList) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) PolicyRuleBuilder(io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 4 with PolicyRule

use of io.fabric8.kubernetes.api.model.rbac.PolicyRule in project strimzi-kafka-operator by strimzi.

the class EntityOperator method generateRole.

/**
 * Read the entity operator ClusterRole, and use the rules to create a new Role.
 * This is done to avoid duplication of the rules set defined in source code.
 * If the namespace of the role is not the same as the namespace of the parent resource (Kafka CR), we do not set
 * the owner reference.
 *
 * @param ownerNamespace        The namespace of the parent resource (the Kafka CR)
 * @param namespace             The namespace this role will be located
 *
 * @return role for the entity operator
 */
public Role generateRole(String ownerNamespace, String namespace) {
    List<PolicyRule> rules;
    try (BufferedReader br = new BufferedReader(new InputStreamReader(Main.class.getResourceAsStream("/cluster-roles/031-ClusterRole-strimzi-entity-operator.yaml"), StandardCharsets.UTF_8))) {
        String yaml = br.lines().collect(Collectors.joining(System.lineSeparator()));
        ObjectMapper yamlReader = new ObjectMapper(new YAMLFactory());
        ClusterRole cr = yamlReader.readValue(yaml, ClusterRole.class);
        rules = cr.getRules();
    } catch (IOException e) {
        LOGGER.errorCr(reconciliation, "Failed to read entity-operator ClusterRole.", e);
        throw new RuntimeException(e);
    }
    Role role = super.generateRole(namespace, rules);
    // We set OwnerReference only within the same namespace since it does not work cross-namespace
    if (!namespace.equals(ownerNamespace)) {
        role.getMetadata().setOwnerReferences(Collections.emptyList());
    }
    return role;
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) InputStreamReader(java.io.InputStreamReader) BufferedReader(java.io.BufferedReader) YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory) IOException(java.io.IOException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole)

Aggregations

PolicyRule (io.fabric8.kubernetes.api.model.rbac.PolicyRule)4 Role (io.fabric8.kubernetes.api.model.rbac.Role)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 YAMLFactory (com.fasterxml.jackson.dataformat.yaml.YAMLFactory)2 ClusterRole (io.fabric8.kubernetes.api.model.rbac.ClusterRole)2 PolicyRuleBuilder (io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder)2 Kafka (io.strimzi.api.kafka.model.Kafka)2 KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)2 Reconciliation (io.strimzi.operator.common.Reconciliation)2 ParallelTest (io.strimzi.test.annotations.ParallelTest)2 BufferedReader (java.io.BufferedReader)2 IOException (java.io.IOException)2 InputStreamReader (java.io.InputStreamReader)2 ArrayList (java.util.ArrayList)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial