use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi-kafka-operator by strimzi.
the class Main method maybeCreateClusterRoles.
/*test*/
static Future<Void> maybeCreateClusterRoles(Vertx vertx, ClusterOperatorConfig config, KubernetesClient client) {
if (config.isCreateClusterRoles()) {
List<Future> futures = new ArrayList<>();
ClusterRoleOperator cro = new ClusterRoleOperator(vertx, client);
Map<String, String> clusterRoles = new HashMap<>(6);
clusterRoles.put("strimzi-cluster-operator-namespaced", "020-ClusterRole-strimzi-cluster-operator-role.yaml");
clusterRoles.put("strimzi-cluster-operator-global", "021-ClusterRole-strimzi-cluster-operator-role.yaml");
clusterRoles.put("strimzi-kafka-broker", "030-ClusterRole-strimzi-kafka-broker.yaml");
clusterRoles.put("strimzi-entity-operator", "031-ClusterRole-strimzi-entity-operator.yaml");
clusterRoles.put("strimzi-kafka-client", "033-ClusterRole-strimzi-kafka-client.yaml");
for (Map.Entry<String, String> clusterRole : clusterRoles.entrySet()) {
LOGGER.info("Creating cluster role {}", clusterRole.getKey());
try (BufferedReader br = new BufferedReader(new InputStreamReader(Main.class.getResourceAsStream("/cluster-roles/" + clusterRole.getValue()), StandardCharsets.UTF_8))) {
String yaml = br.lines().collect(Collectors.joining(System.lineSeparator()));
ClusterRole role = ClusterRoleOperator.convertYamlToClusterRole(yaml);
Future fut = cro.reconcile(new Reconciliation("start-cluster-operator", "Deployment", config.getOperatorNamespace(), "cluster-operator"), role.getMetadata().getName(), role);
futures.add(fut);
} catch (IOException e) {
LOGGER.error("Failed to create Cluster Roles.", e);
throw new RuntimeException(e);
}
}
Promise<Void> returnPromise = Promise.promise();
CompositeFuture.all(futures).onComplete(res -> {
if (res.succeeded()) {
returnPromise.complete();
} else {
returnPromise.fail("Failed to create Cluster Roles.");
}
});
return returnPromise.future();
} else {
return Future.succeededFuture();
}
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi-kafka-operator by strimzi.
the class EntityUserOperator method generateRoleBindingForRole.
public RoleBinding generateRoleBindingForRole(String namespace, String watchedNamespace) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(EntityOperator.entityOperatorServiceAccountName(cluster)).withNamespace(namespace).build();
RoleRef roleRef = new RoleRefBuilder().withName(getRoleName()).withApiGroup("rbac.authorization.k8s.io").withKind("Role").build();
RoleBinding rb = generateRoleBinding(roleBindingForRoleName(cluster), watchedNamespace, roleRef, singletonList(ks));
// We set OwnerReference only within the same namespace since it does not work cross-namespace
if (!namespace.equals(watchedNamespace)) {
rb.getMetadata().setOwnerReferences(Collections.emptyList());
}
return rb;
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi-kafka-operator by strimzi.
the class EntityOperatorTest method testRoleInDifferentNamespace.
@ParallelTest
public void testRoleInDifferentNamespace() {
Kafka resource = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout)).editSpec().editOrNewEntityOperator().endEntityOperator().endSpec().build();
EntityOperator eo = EntityOperator.fromCrd(new Reconciliation("test", resource.getKind(), resource.getMetadata().getNamespace(), resource.getMetadata().getName()), resource, VERSIONS);
Role role = eo.generateRole(namespace, namespace);
assertThat(role.getMetadata().getOwnerReferences().get(0), is(entityOperator.createOwnerReference()));
role = eo.generateRole(namespace, "some-other-namespace");
assertThat(role.getMetadata().getOwnerReferences().size(), is(0));
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi-kafka-operator by strimzi.
the class EntityOperatorTest method testRole.
@ParallelTest
public void testRole() {
Kafka resource = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout)).editSpec().editOrNewEntityOperator().endEntityOperator().endSpec().build();
EntityOperator eo = EntityOperator.fromCrd(new Reconciliation("test", resource.getKind(), resource.getMetadata().getNamespace(), resource.getMetadata().getName()), resource, VERSIONS);
Role role = eo.generateRole(namespace, namespace);
assertThat(role.getMetadata().getName(), is("foo-entity-operator"));
assertThat(role.getMetadata().getNamespace(), is(namespace));
List<PolicyRule> rules = new ArrayList<>();
rules.add(new PolicyRuleBuilder().addToResources("kafkatopics", "kafkatopics/status", "kafkausers", "kafkausers/status").addToVerbs("get", "list", "watch", "create", "patch", "update", "delete").addToApiGroups(Constants.RESOURCE_GROUP_NAME).build());
rules.add(new PolicyRuleBuilder().addToResources("events").addToVerbs("create").addToApiGroups("").build());
rules.add(new PolicyRuleBuilder().addToResources("secrets").addToVerbs("get", "list", "watch", "create", "delete", "patch", "update").addToApiGroups("").build());
assertThat(role.getRules(), is(rules));
}
use of io.fabric8.kubernetes.api.model.rbac.Role in project strimzi-kafka-operator by strimzi.
the class EntityUserOperatorTest method testRoleBindingInOtherNamespace.
@ParallelTest
public void testRoleBindingInOtherNamespace() {
RoleBinding binding = entityUserOperator.generateRoleBindingForRole(namespace, uoWatchedNamespace);
assertThat(binding.getSubjects().get(0).getNamespace(), is(namespace));
assertThat(binding.getMetadata().getNamespace(), is(uoWatchedNamespace));
assertThat(binding.getMetadata().getOwnerReferences().size(), is(0));
assertThat(binding.getRoleRef().getKind(), is("Role"));
assertThat(binding.getRoleRef().getName(), is("foo-entity-operator"));
}
Aggregations