Examples with Role io.fabric8.kubernetes.api.model.rbac.Role used on opensource projects

Search in sources :

Example 16 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project devspaces-images by redhat-developer.

the class KubernetesWorkspaceServiceAccountTest method shouldNotCreateMetricsRoleIfAPINotEnabledOnServer.

@Test
public void shouldNotCreateMetricsRoleIfAPINotEnabledOnServer() throws Exception {
    KubernetesClient localK8sClient = spy(serverMock.getClient());
    when(localK8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(false);
    when(clientFactory.create(anyString())).thenReturn(localK8sClient);
    // when
    serviceAccount.prepare();
    // then
    // make sure metrics role & rb not added
    RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
    assertTrue(rl.getItems().stream().noneMatch(r -> r.getMetadata().getName().equals(METRICS_ROLE_NAME)));
    RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
    assertTrue(rbl.getItems().stream().noneMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-metrics")));
}
Also used : Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Mock(org.mockito.Mock) Role(io.fabric8.kubernetes.api.model.rbac.Role) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) Mockito.spy(org.mockito.Mockito.spy) Collections.singletonList(java.util.Collections.singletonList) RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) CONFIGMAPS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CONFIGMAPS_ROLE_NAME) RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Optional(java.util.Optional) METRICS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.METRICS_ROLE_NAME) Collections(java.util.Collections) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Test(org.testng.annotations.Test)

Example 17 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project devspaces-images by redhat-developer.

the class KubernetesWorkspaceServiceAccountTest method shouldCreateCredentialsSecretRole.

@Test
public void shouldCreateCredentialsSecretRole() throws Exception {
    KubernetesClient localK8sClient = spy(serverMock.getClient());
    when(clientFactory.create(anyString())).thenReturn(localK8sClient);
    // when
    serviceAccount.prepare();
    // then
    RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
    Optional<Role> roleOptional = rl.getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findFirst();
    assertTrue(roleOptional.isPresent());
    PolicyRule rule = roleOptional.get().getRules().get(0);
    assertEquals(rule.getResources(), singletonList("secrets"));
    assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
    assertEquals(rule.getApiGroups(), singletonList(""));
    assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
    RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
    assertTrue(rbl.getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-secrets")));
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Mock(org.mockito.Mock) Role(io.fabric8.kubernetes.api.model.rbac.Role) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) Mockito.spy(org.mockito.Mockito.spy) Collections.singletonList(java.util.Collections.singletonList) RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) CONFIGMAPS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CONFIGMAPS_ROLE_NAME) RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Optional(java.util.Optional) METRICS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.METRICS_ROLE_NAME) Collections(java.util.Collections) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Test(org.testng.annotations.Test)

Example 18 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project devspaces-images by redhat-developer.

the class KubernetesWorkspaceServiceAccountTest method shouldCreateMetricsRoleIfAPIEnabledOnServer.

@Test
public void shouldCreateMetricsRoleIfAPIEnabledOnServer() throws Exception {
    KubernetesClient localK8sClient = spy(serverMock.getClient());
    when(localK8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(true);
    when(clientFactory.create(anyString())).thenReturn(localK8sClient);
    // when
    serviceAccount.prepare();
    // then
    // make sure metrics role & rb added
    RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
    assertTrue(rl.getItems().stream().anyMatch(r -> r.getMetadata().getName().equals(METRICS_ROLE_NAME)));
    RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
    assertTrue(rbl.getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-metrics")));
}
Also used : Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Mock(org.mockito.Mock) Role(io.fabric8.kubernetes.api.model.rbac.Role) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) Mockito.spy(org.mockito.Mockito.spy) Collections.singletonList(java.util.Collections.singletonList) RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) CONFIGMAPS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CONFIGMAPS_ROLE_NAME) RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Optional(java.util.Optional) METRICS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.METRICS_ROLE_NAME) Collections(java.util.Collections) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Test(org.testng.annotations.Test)

Example 19 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project kubernetes-client by fabric8io.

the class UserImpersonationIT method init.

@Before
public void init() {
    currentNamespace = session.getNamespace();
    // Create impersonator cluster role
    impersonatorRole = new ClusterRoleBuilder().withNewMetadata().withName("impersonator").endMetadata().addToRules(new PolicyRuleBuilder().addToApiGroups("").addToResources("users", "groups", "userextras", "serviceaccounts").addToVerbs("impersonate").build()).build();
    client.rbac().clusterRoles().createOrReplace(impersonatorRole);
    // Create Service Account
    serviceAccount1 = new ServiceAccountBuilder().withNewMetadata().withName(SERVICE_ACCOUNT).endMetadata().build();
    client.serviceAccounts().inNamespace(currentNamespace).create(serviceAccount1);
    // Bind Impersonator Role to current user
    impersonatorRoleBinding = new ClusterRoleBindingBuilder().withNewMetadata().withName("impersonate-role").endMetadata().addToSubjects(new SubjectBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("User").withName(client.currentUser().getMetadata().getName()).withNamespace(currentNamespace).build()).withRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").withName("impersonator").build()).build();
    client.rbac().clusterRoleBindings().createOrReplace(impersonatorRoleBinding);
}
Also used : ClusterRoleBuilder(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder) ClusterRoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder) ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder) SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder) PolicyRuleBuilder(io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Before(org.junit.Before)

Example 20 with Role

use of io.fabric8.kubernetes.api.model.rbac.Role in project kubernetes-client by fabric8io.

the class K8sAuthorizationOnOpenShiftIT method createRoleK8s.

@Test
public void createRoleK8s() {
    // Given
    String name = "create-role-k8s";
    Role role = new RoleBuilder().withNewMetadata().withName(name).endMetadata().addNewRule().withApiGroups("").withResources("pods").withVerbs("get", "watch", "list").endRule().build();
    // When
    Role createdRole = client.rbac().roles().inNamespace(session.getNamespace()).create(role);
    // Then
    assertNotNull(createdRole);
    assertNotNull(createdRole.getMetadata().getUid());
    assertEquals(name, createdRole.getMetadata().getName());
    client.rbac().roles().inNamespace(session.getNamespace()).withName(name).delete();
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole) RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder) ClusterRoleBuilder(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder) Test(org.junit.Test)

Aggregations

Role (io.fabric8.kubernetes.api.model.rbac.Role)42 List (java.util.List)40 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40 Test (org.junit.jupiter.api.Test)38 RoleRefBuilder (io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)34 ArrayList (java.util.ArrayList)32 RoleBinding (io.fabric8.kubernetes.api.model.rbac.RoleBinding)29 SubjectBuilder (io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)28 RoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)25 ImmutableList (com.google.common.collect.ImmutableList)24 PodList (io.fabric8.kubernetes.api.model.PodList)24 RoleRef (io.fabric8.kubernetes.api.model.rbac.RoleRef)24 CustomResourceList (io.fabric8.kubernetes.client.CustomResourceList)24 DistributedLogsQueryParameters (io.stackgres.apiweb.distributedlogs.DistributedLogsQueryParameters)24 ClusterLogEntryDto (io.stackgres.apiweb.dto.cluster.ClusterLogEntryDto)24 StackGresClusterList (io.stackgres.common.crd.sgcluster.StackGresClusterList)24 InvocationOnMock (org.mockito.invocation.InvocationOnMock)24 RoleBuilder (io.fabric8.kubernetes.api.model.rbac.RoleBuilder)22 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)19 Subject (io.fabric8.kubernetes.api.model.rbac.Subject)18
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial