Examples with Role io.fabric8.kubernetes.api.model.rbac.Role used on opensource projects

Search in sources :

Example 1 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project kie-wb-common by kiegroup.

the class OpenShiftClient method addServiceAccountRole.

private void addServiceAccountRole(String prjName, String name, String role) {
    Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
    DoneablePolicyBinding binding;
    if (bindingResource.get() == null) {
        binding = bindingResource.createNew();
    } else {
        binding = bindingResource.edit();
    }
    binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToUserNames("system:serviceaccount:" + prjName + ":" + name).addNewSubject().withName("default").withNamespace(prjName).withKind("ServiceAccount").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used : DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)

Example 2 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project kie-wb-common by kiegroup.

the class OpenShiftClient method addSystemGroupRole.

private void addSystemGroupRole(String prjName, String name, String role) {
    Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
    DoneablePolicyBinding binding;
    if (bindingResource.get() == null) {
        binding = bindingResource.createNew();
    } else {
        binding = bindingResource.edit();
    }
    binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToGroupNames("system:serviceaccounts:" + prjName).addNewSubject().withName("default").withNamespace(prjName).withKind("SystemGroup").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used : DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)

Example 3 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project docker-maven-plugin by fabric8io.

the class AuthConfigFactory method readAwsCredentials.

private AuthConfig readAwsCredentials(CloseableHttpClient client, HttpGet request) throws IOException {
    try (CloseableHttpResponse response = client.execute(request)) {
        if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
            log.debug("No security credential found, return code was %d", response.getStatusLine().getStatusCode());
            // no instance role found
            return null;
        }
        // read instance role
        try (Reader r = new InputStreamReader(response.getEntity().getContent(), StandardCharsets.UTF_8)) {
            JsonObject securityCredentials = new Gson().fromJson(r, JsonObject.class);
            String user = securityCredentials.getAsJsonPrimitive("AccessKeyId").getAsString();
            String password = securityCredentials.getAsJsonPrimitive("SecretAccessKey").getAsString();
            String token = securityCredentials.getAsJsonPrimitive("Token").getAsString();
            log.debug("Received temporary access key %s...", user.substring(0, 8));
            return new AuthConfig(user, password, "none", token);
        }
    }
}
Also used : InputStreamReader(java.io.InputStreamReader) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) JsonObject(com.google.gson.JsonObject) Gson(com.google.gson.Gson) AuthConfig(io.fabric8.maven.docker.access.AuthConfig)

Example 4 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project fabric8 by jboss-fuse.

the class Controller method applyEntity.

/**
 * Applies the given DTOs onto the Kubernetes master
 */
public void applyEntity(Object dto, String sourceName) throws Exception {
    if (dto instanceof Pod) {
        applyPod((Pod) dto, sourceName);
    } else if (dto instanceof ReplicationController) {
        applyReplicationController((ReplicationController) dto, sourceName);
    } else if (dto instanceof Service) {
        applyService((Service) dto, sourceName);
    } else if (dto instanceof Namespace) {
        applyNamespace((Namespace) dto);
    } else if (dto instanceof Route) {
        applyRoute((Route) dto, sourceName);
    } else if (dto instanceof BuildConfig) {
        applyBuildConfig((BuildConfig) dto, sourceName);
    } else if (dto instanceof DeploymentConfig) {
        DeploymentConfig resource = (DeploymentConfig) dto;
        OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
        if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.APPS)) {
            applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
        } else {
            LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
        }
    } else if (dto instanceof PolicyBinding) {
        applyPolicyBinding((PolicyBinding) dto, sourceName);
    } else if (dto instanceof RoleBinding) {
        applyRoleBinding((RoleBinding) dto, sourceName);
    } else if (dto instanceof Role) {
        Role resource = (Role) dto;
        OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
        if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.AUTHORIZATION)) {
            applyResource(resource, sourceName, openShiftClient.roles());
        } else {
            LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
        }
    } else if (dto instanceof ImageStream) {
        applyImageStream((ImageStream) dto, sourceName);
    } else if (dto instanceof OAuthClient) {
        applyOAuthClient((OAuthClient) dto, sourceName);
    } else if (dto instanceof Template) {
        applyTemplate((Template) dto, sourceName);
    } else if (dto instanceof ServiceAccount) {
        applyServiceAccount((ServiceAccount) dto, sourceName);
    } else if (dto instanceof Secret) {
        applySecret((Secret) dto, sourceName);
    } else if (dto instanceof ConfigMap) {
        applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
    } else if (dto instanceof DaemonSet) {
        applyResource((DaemonSet) dto, sourceName, kubernetesClient.extensions().daemonSets());
    } else if (dto instanceof Deployment) {
        applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
    } else if (dto instanceof ReplicaSet) {
        applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
    } else if (dto instanceof StatefulSet) {
        applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
    } else if (dto instanceof Ingress) {
        applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
    } else if (dto instanceof PersistentVolumeClaim) {
        applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
    } else if (dto instanceof HasMetadata) {
        HasMetadata entity = (HasMetadata) dto;
        try {
            String namespace = getNamespace();
            String resourceNamespace = getNamespace(entity);
            if (Strings.isNotBlank(namespace) && Strings.isNullOrBlank(resourceNamespace)) {
                getOrCreateMetadata(entity).setNamespace(namespace);
            }
            LOG.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
            kubernetesClient.resource(entity).inNamespace(namespace).createOrReplace();
        } catch (Exception e) {
            onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
        }
    } else {
        throw new IllegalArgumentException("Unknown entity type " + dto);
    }
}
Also used : ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) OAuthClient(io.fabric8.openshift.api.model.OAuthClient) DoneableImageStream(io.fabric8.openshift.api.model.DoneableImageStream) ImageStream(io.fabric8.openshift.api.model.ImageStream) Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment) Template(io.fabric8.openshift.api.model.Template) ReplicationController(io.fabric8.kubernetes.api.model.ReplicationController) BuildConfig(io.fabric8.openshift.api.model.BuildConfig) RoleBinding(io.fabric8.openshift.api.model.RoleBinding) ReplicaSet(io.fabric8.kubernetes.api.model.extensions.ReplicaSet) Route(io.fabric8.openshift.api.model.Route) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Pod(io.fabric8.kubernetes.api.model.Pod) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Service(io.fabric8.kubernetes.api.model.Service) Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress) Namespace(io.fabric8.kubernetes.api.model.Namespace) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) FileNotFoundException(java.io.FileNotFoundException) OpenShiftNotAvailableException(io.fabric8.openshift.client.OpenShiftNotAvailableException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException) Role(io.fabric8.openshift.api.model.Role) Secret(io.fabric8.kubernetes.api.model.Secret) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) DaemonSet(io.fabric8.kubernetes.api.model.extensions.DaemonSet) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) DeploymentConfig(io.fabric8.openshift.api.model.DeploymentConfig) StatefulSet(io.fabric8.kubernetes.api.model.extensions.StatefulSet)

Example 5 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project fabric8 by fabric8io.

the class Controller method applyEntity.

/**
 * Applies the given DTOs onto the Kubernetes master
 */
public void applyEntity(Object dto, String sourceName) throws Exception {
    if (dto instanceof Pod) {
        applyPod((Pod) dto, sourceName);
    } else if (dto instanceof ReplicationController) {
        applyReplicationController((ReplicationController) dto, sourceName);
    } else if (dto instanceof Service) {
        applyService((Service) dto, sourceName);
    } else if (dto instanceof Namespace) {
        applyNamespace((Namespace) dto);
    } else if (dto instanceof Route) {
        applyRoute((Route) dto, sourceName);
    } else if (dto instanceof BuildConfig) {
        applyBuildConfig((BuildConfig) dto, sourceName);
    } else if (dto instanceof DeploymentConfig) {
        DeploymentConfig resource = (DeploymentConfig) dto;
        OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
        if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.APPS)) {
            applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
        } else {
            LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
        }
    } else if (dto instanceof PolicyBinding) {
        applyPolicyBinding((PolicyBinding) dto, sourceName);
    } else if (dto instanceof RoleBinding) {
        applyRoleBinding((RoleBinding) dto, sourceName);
    } else if (dto instanceof Role) {
        Role resource = (Role) dto;
        OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
        if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.AUTHORIZATION)) {
            applyResource(resource, sourceName, openShiftClient.roles());
        } else {
            LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
        }
    } else if (dto instanceof ImageStream) {
        applyImageStream((ImageStream) dto, sourceName);
    } else if (dto instanceof OAuthClient) {
        applyOAuthClient((OAuthClient) dto, sourceName);
    } else if (dto instanceof Template) {
        applyTemplate((Template) dto, sourceName);
    } else if (dto instanceof ServiceAccount) {
        applyServiceAccount((ServiceAccount) dto, sourceName);
    } else if (dto instanceof Secret) {
        applySecret((Secret) dto, sourceName);
    } else if (dto instanceof ConfigMap) {
        applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
    } else if (dto instanceof DaemonSet) {
        applyResource((DaemonSet) dto, sourceName, kubernetesClient.extensions().daemonSets());
    } else if (dto instanceof Deployment) {
        applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
    } else if (dto instanceof ReplicaSet) {
        applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
    } else if (dto instanceof StatefulSet) {
        applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
    } else if (dto instanceof Ingress) {
        applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
    } else if (dto instanceof PersistentVolumeClaim) {
        applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
    } else if (dto instanceof HasMetadata) {
        HasMetadata entity = (HasMetadata) dto;
        try {
            String namespace = getNamespace();
            String resourceNamespace = getNamespace(entity);
            if (Strings.isNotBlank(namespace) && Strings.isNullOrBlank(resourceNamespace)) {
                getOrCreateMetadata(entity).setNamespace(namespace);
            }
            LOG.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
            kubernetesClient.resource(entity).inNamespace(namespace).createOrReplace();
        } catch (Exception e) {
            onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
        }
    } else {
        throw new IllegalArgumentException("Unknown entity type " + dto);
    }
}
Also used : ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) OAuthClient(io.fabric8.openshift.api.model.OAuthClient) DoneableImageStream(io.fabric8.openshift.api.model.DoneableImageStream) ImageStream(io.fabric8.openshift.api.model.ImageStream) Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment) Template(io.fabric8.openshift.api.model.Template) ReplicationController(io.fabric8.kubernetes.api.model.ReplicationController) BuildConfig(io.fabric8.openshift.api.model.BuildConfig) RoleBinding(io.fabric8.openshift.api.model.RoleBinding) ReplicaSet(io.fabric8.kubernetes.api.model.extensions.ReplicaSet) Route(io.fabric8.openshift.api.model.Route) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Pod(io.fabric8.kubernetes.api.model.Pod) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Service(io.fabric8.kubernetes.api.model.Service) Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress) Namespace(io.fabric8.kubernetes.api.model.Namespace) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) FileNotFoundException(java.io.FileNotFoundException) OpenShiftNotAvailableException(io.fabric8.openshift.client.OpenShiftNotAvailableException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException) Role(io.fabric8.openshift.api.model.Role) Secret(io.fabric8.kubernetes.api.model.Secret) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) DaemonSet(io.fabric8.kubernetes.api.model.extensions.DaemonSet) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) DeploymentConfig(io.fabric8.openshift.api.model.DeploymentConfig) StatefulSet(io.fabric8.kubernetes.api.model.extensions.StatefulSet)

Aggregations

RoleRefBuilder (io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)28 RoleRef (io.fabric8.kubernetes.api.model.rbac.RoleRef)24 SubjectBuilder (io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)22 Role (io.fabric8.kubernetes.api.model.rbac.Role)19 RoleBinding (io.fabric8.kubernetes.api.model.rbac.RoleBinding)19 Subject (io.fabric8.kubernetes.api.model.rbac.Subject)18 Reconciliation (io.strimzi.operator.common.Reconciliation)12 ParallelTest (io.strimzi.test.annotations.ParallelTest)12 IOException (java.io.IOException)12 Kafka (io.strimzi.api.kafka.model.Kafka)10 KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)10 List (java.util.List)10 RoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)8 Future (io.vertx.core.Future)8 HashMap (java.util.HashMap)7 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)5 ClusterRoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder)5 ArrayList (java.util.ArrayList)5 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)4 ClusterRole (io.fabric8.kubernetes.api.model.rbac.ClusterRole)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial