use of io.fabric8.kubernetes.api.model.rbac.Role in project kie-wb-common by kiegroup.
the class OpenShiftClient method addServiceAccountRole.
private void addServiceAccountRole(String prjName, String name, String role) {
Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
DoneablePolicyBinding binding;
if (bindingResource.get() == null) {
binding = bindingResource.createNew();
} else {
binding = bindingResource.edit();
}
binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToUserNames("system:serviceaccount:" + prjName + ":" + name).addNewSubject().withName("default").withNamespace(prjName).withKind("ServiceAccount").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project kie-wb-common by kiegroup.
the class OpenShiftClient method addSystemGroupRole.
private void addSystemGroupRole(String prjName, String name, String role) {
Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
DoneablePolicyBinding binding;
if (bindingResource.get() == null) {
binding = bindingResource.createNew();
} else {
binding = bindingResource.edit();
}
binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToGroupNames("system:serviceaccounts:" + prjName).addNewSubject().withName("default").withNamespace(prjName).withKind("SystemGroup").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project docker-maven-plugin by fabric8io.
the class AuthConfigFactory method readAwsCredentials.
private AuthConfig readAwsCredentials(CloseableHttpClient client, HttpGet request) throws IOException {
try (CloseableHttpResponse response = client.execute(request)) {
if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
log.debug("No security credential found, return code was %d", response.getStatusLine().getStatusCode());
// no instance role found
return null;
}
// read instance role
try (Reader r = new InputStreamReader(response.getEntity().getContent(), StandardCharsets.UTF_8)) {
JsonObject securityCredentials = new Gson().fromJson(r, JsonObject.class);
String user = securityCredentials.getAsJsonPrimitive("AccessKeyId").getAsString();
String password = securityCredentials.getAsJsonPrimitive("SecretAccessKey").getAsString();
String token = securityCredentials.getAsJsonPrimitive("Token").getAsString();
log.debug("Received temporary access key %s...", user.substring(0, 8));
return new AuthConfig(user, password, "none", token);
}
}
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project fabric8 by jboss-fuse.
the class Controller method applyEntity.
/**
* Applies the given DTOs onto the Kubernetes master
*/
public void applyEntity(Object dto, String sourceName) throws Exception {
if (dto instanceof Pod) {
applyPod((Pod) dto, sourceName);
} else if (dto instanceof ReplicationController) {
applyReplicationController((ReplicationController) dto, sourceName);
} else if (dto instanceof Service) {
applyService((Service) dto, sourceName);
} else if (dto instanceof Namespace) {
applyNamespace((Namespace) dto);
} else if (dto instanceof Route) {
applyRoute((Route) dto, sourceName);
} else if (dto instanceof BuildConfig) {
applyBuildConfig((BuildConfig) dto, sourceName);
} else if (dto instanceof DeploymentConfig) {
DeploymentConfig resource = (DeploymentConfig) dto;
OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.APPS)) {
applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
} else {
LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof PolicyBinding) {
applyPolicyBinding((PolicyBinding) dto, sourceName);
} else if (dto instanceof RoleBinding) {
applyRoleBinding((RoleBinding) dto, sourceName);
} else if (dto instanceof Role) {
Role resource = (Role) dto;
OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.AUTHORIZATION)) {
applyResource(resource, sourceName, openShiftClient.roles());
} else {
LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof ImageStream) {
applyImageStream((ImageStream) dto, sourceName);
} else if (dto instanceof OAuthClient) {
applyOAuthClient((OAuthClient) dto, sourceName);
} else if (dto instanceof Template) {
applyTemplate((Template) dto, sourceName);
} else if (dto instanceof ServiceAccount) {
applyServiceAccount((ServiceAccount) dto, sourceName);
} else if (dto instanceof Secret) {
applySecret((Secret) dto, sourceName);
} else if (dto instanceof ConfigMap) {
applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
} else if (dto instanceof DaemonSet) {
applyResource((DaemonSet) dto, sourceName, kubernetesClient.extensions().daemonSets());
} else if (dto instanceof Deployment) {
applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
} else if (dto instanceof ReplicaSet) {
applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
} else if (dto instanceof StatefulSet) {
applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
} else if (dto instanceof Ingress) {
applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
} else if (dto instanceof PersistentVolumeClaim) {
applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
} else if (dto instanceof HasMetadata) {
HasMetadata entity = (HasMetadata) dto;
try {
String namespace = getNamespace();
String resourceNamespace = getNamespace(entity);
if (Strings.isNotBlank(namespace) && Strings.isNullOrBlank(resourceNamespace)) {
getOrCreateMetadata(entity).setNamespace(namespace);
}
LOG.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
kubernetesClient.resource(entity).inNamespace(namespace).createOrReplace();
} catch (Exception e) {
onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
}
} else {
throw new IllegalArgumentException("Unknown entity type " + dto);
}
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project fabric8 by fabric8io.
the class Controller method applyEntity.
/**
* Applies the given DTOs onto the Kubernetes master
*/
public void applyEntity(Object dto, String sourceName) throws Exception {
if (dto instanceof Pod) {
applyPod((Pod) dto, sourceName);
} else if (dto instanceof ReplicationController) {
applyReplicationController((ReplicationController) dto, sourceName);
} else if (dto instanceof Service) {
applyService((Service) dto, sourceName);
} else if (dto instanceof Namespace) {
applyNamespace((Namespace) dto);
} else if (dto instanceof Route) {
applyRoute((Route) dto, sourceName);
} else if (dto instanceof BuildConfig) {
applyBuildConfig((BuildConfig) dto, sourceName);
} else if (dto instanceof DeploymentConfig) {
DeploymentConfig resource = (DeploymentConfig) dto;
OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.APPS)) {
applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
} else {
LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof PolicyBinding) {
applyPolicyBinding((PolicyBinding) dto, sourceName);
} else if (dto instanceof RoleBinding) {
applyRoleBinding((RoleBinding) dto, sourceName);
} else if (dto instanceof Role) {
Role resource = (Role) dto;
OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.AUTHORIZATION)) {
applyResource(resource, sourceName, openShiftClient.roles());
} else {
LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof ImageStream) {
applyImageStream((ImageStream) dto, sourceName);
} else if (dto instanceof OAuthClient) {
applyOAuthClient((OAuthClient) dto, sourceName);
} else if (dto instanceof Template) {
applyTemplate((Template) dto, sourceName);
} else if (dto instanceof ServiceAccount) {
applyServiceAccount((ServiceAccount) dto, sourceName);
} else if (dto instanceof Secret) {
applySecret((Secret) dto, sourceName);
} else if (dto instanceof ConfigMap) {
applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
} else if (dto instanceof DaemonSet) {
applyResource((DaemonSet) dto, sourceName, kubernetesClient.extensions().daemonSets());
} else if (dto instanceof Deployment) {
applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
} else if (dto instanceof ReplicaSet) {
applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
} else if (dto instanceof StatefulSet) {
applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
} else if (dto instanceof Ingress) {
applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
} else if (dto instanceof PersistentVolumeClaim) {
applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
} else if (dto instanceof HasMetadata) {
HasMetadata entity = (HasMetadata) dto;
try {
String namespace = getNamespace();
String resourceNamespace = getNamespace(entity);
if (Strings.isNotBlank(namespace) && Strings.isNullOrBlank(resourceNamespace)) {
getOrCreateMetadata(entity).setNamespace(namespace);
}
LOG.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
kubernetesClient.resource(entity).inNamespace(namespace).createOrReplace();
} catch (Exception e) {
onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
}
} else {
throw new IllegalArgumentException("Unknown entity type " + dto);
}
}
Aggregations