use of io.fabric8.kubernetes.api.model.rbac.Role in project fabric8-maven-plugin by fabric8io.
the class ApplyService method applyEntity.
/**
* Applies the given DTOs onto the Kubernetes master
*/
private void applyEntity(Object dto, String sourceName) throws Exception {
if (dto instanceof Pod) {
applyPod((Pod) dto, sourceName);
} else if (dto instanceof ReplicationController) {
applyReplicationController((ReplicationController) dto, sourceName);
} else if (dto instanceof Service) {
applyService((Service) dto, sourceName);
} else if (dto instanceof Route) {
applyRoute((Route) dto, sourceName);
} else if (dto instanceof BuildConfig) {
applyBuildConfig((BuildConfig) dto, sourceName);
} else if (dto instanceof DeploymentConfig) {
DeploymentConfig resource = (DeploymentConfig) dto;
OpenShiftClient openShiftClient = getOpenShiftClient();
if (openShiftClient != null) {
applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
} else {
log.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof RoleBinding) {
applyRoleBinding((RoleBinding) dto, sourceName);
} else if (dto instanceof Role) {
Role resource = (Role) dto;
OpenShiftClient openShiftClient = getOpenShiftClient();
if (openShiftClient != null) {
applyResource(resource, sourceName, openShiftClient.rbac().roles());
} else {
log.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof ImageStream) {
applyImageStream((ImageStream) dto, sourceName);
} else if (dto instanceof OAuthClient) {
applyOAuthClient((OAuthClient) dto, sourceName);
} else if (dto instanceof Template) {
applyTemplate((Template) dto, sourceName);
} else if (dto instanceof ServiceAccount) {
applyServiceAccount((ServiceAccount) dto, sourceName);
} else if (dto instanceof Secret) {
applySecret((Secret) dto, sourceName);
} else if (dto instanceof ConfigMap) {
applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
} else if (dto instanceof DaemonSet) {
applyResource((DaemonSet) dto, sourceName, kubernetesClient.apps().daemonSets());
} else if (dto instanceof Deployment) {
applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
} else if (dto instanceof ReplicaSet) {
applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
} else if (dto instanceof StatefulSet) {
applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
} else if (dto instanceof Ingress) {
applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
} else if (dto instanceof PersistentVolumeClaim) {
applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
} else if (dto instanceof CustomResourceDefinition) {
applyCustomResourceDefinition((CustomResourceDefinition) dto, sourceName);
} else if (dto instanceof Job) {
applyJob((Job) dto, sourceName);
} else if (dto instanceof HasMetadata) {
HasMetadata entity = (HasMetadata) dto;
try {
log.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
kubernetesClient.resource(entity).inNamespace(getNamespace(entity)).createOrReplace();
} catch (Exception e) {
onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
}
} else {
throw new IllegalArgumentException("Unknown entity type " + dto);
}
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project elastest-torm by elastest.
the class K8sService method deleteClusterRoleBindingAdmin.
public void deleteClusterRoleBindingAdmin(String name, String namespace) throws Exception {
if (namespace != null && !"default".equals(namespace) && name != null && !"cluster-admin".equals("name")) {
String role = "cluster-admin";
logger.debug("Deleting Cluster Role Binding with name {} in the namespace {} with role {}", name, namespace, role);
ClusterRoleBinding clusterRoleBinding = new ClusterRoleBindingBuilder().withNewMetadata().withName(name).endMetadata().withRoleRef(new RoleRefBuilder().withName(role).withKind("ClusterRole").withApiGroup("rbac.authorization.k8s.io").build()).withSubjects(new SubjectBuilder().withKind("ServiceAccount").withNamespace(namespace).withName("default").build()).build();
client.rbac().clusterRoleBindings().delete(clusterRoleBinding);
logger.debug("Cluster Role Binding with name {} deleted successfully from namespace {}", name, namespace);
}
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project elastest-torm by elastest.
the class K8sService method createClusterRoleBindingAdmin.
public void createClusterRoleBindingAdmin(String name, String namespace) throws Exception {
String role = "cluster-admin";
logger.debug("Creating Cluster Role Binding with name {} in the namespace {} with role {}", name, namespace, role);
ClusterRoleBinding clusterRoleBinding = new ClusterRoleBindingBuilder().withNewMetadata().withName(name).endMetadata().withRoleRef(new RoleRefBuilder().withName(role).withKind("ClusterRole").withApiGroup("rbac.authorization.k8s.io").build()).withSubjects(new SubjectBuilder().withKind("ServiceAccount").withNamespace(namespace).withName("default").build()).build();
client.rbac().clusterRoleBindings().create(clusterRoleBinding);
logger.debug("Cluster Role Binding with name {} created successfully in the namespace {}", name, namespace);
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi by strimzi.
the class EntityUserOperatorTest method testRoleBindingInOtherNamespace.
@ParallelTest
public void testRoleBindingInOtherNamespace() {
RoleBinding binding = entityUserOperator.generateRoleBindingForRole(namespace, uoWatchedNamespace);
assertThat(binding.getSubjects().get(0).getNamespace(), is(namespace));
assertThat(binding.getMetadata().getNamespace(), is(uoWatchedNamespace));
assertThat(binding.getMetadata().getOwnerReferences().size(), is(0));
assertThat(binding.getRoleRef().getKind(), is("Role"));
assertThat(binding.getRoleRef().getName(), is("foo-entity-operator"));
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi by strimzi.
the class ClusterRoleBindingOperatorIT method getOriginal.
@Override
protected ClusterRoleBinding getOriginal() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account").withNamespace("my-namespace").build();
RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new ClusterRoleBindingBuilder().withNewMetadata().withName(resourceName).withLabels(singletonMap("state", "new")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}
Aggregations