Example 16 with RoleBinding
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project kubernetes-client by fabric8io.
the class OpenshiftRoleBindingTest method testPatchWithOnlySubjects.
@Test
void testPatchWithOnlySubjects() throws Exception {
server.expect().get().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings/testrb").andReturn(200, new RoleBindingBuilder().addToUserNames("unexpected").build()).once();
server.expect().patch().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings/testrb").andReturn(200, expectedRoleBinding).once();
RoleBinding response = client.roleBindings().withName("testrb").patch(new RoleBindingBuilder().withNewMetadata().endMetadata().addNewSubject().withKind("User").withName("testuser1").endSubject().addNewSubject().withKind("User").withName("testuser2").endSubject().addNewSubject().withKind("ServiceAccount").withName("svcacct").endSubject().addNewSubject().withKind("Group").withName("testgroup").endSubject().build());
assertEquals(expectedRoleBinding, response);
assertEquals("[{\"op\":\"replace\",\"path\":\"/userNames/0\",\"value\":\"testuser1\"},{\"op\":\"add\",\"path\":\"/userNames/1\",\"value\":\"testuser2\"},{\"op\":\"add\",\"path\":\"/userNames/2\",\"value\":\"system:serviceaccount:test:svcacct\"},{\"op\":\"add\",\"path\":\"/metadata\",\"value\":{}},{\"op\":\"add\",\"path\":\"/groupNames\",\"value\":[\"testgroup\"]},{\"op\":\"add\",\"path\":\"/subjects\",\"value\":[{\"kind\":\"User\",\"name\":\"testuser1\"},{\"kind\":\"User\",\"name\":\"testuser2\"},{\"kind\":\"ServiceAccount\",\"name\":\"svcacct\",\"namespace\":\"test\"},{\"kind\":\"Group\",\"name\":\"testgroup\"}]}]", server.getLastRequest().getBody().readUtf8());
}
Also used :
RoleBindingBuilder(io.fabric8.openshift.api.model.RoleBindingBuilder)
RoleBinding(io.fabric8.openshift.api.model.RoleBinding)
Test(org.junit.jupiter.api.Test)
Example 17 with RoleBinding
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project kubernetes-client by fabric8io.
the class OpenshiftRoleBindingTest method testCreateWithUserNamesAndGroupsAndNoSubjects.
@Test
void testCreateWithUserNamesAndGroupsAndNoSubjects() throws Exception {
server.expect().post().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings").andReturn(201, expectedRoleBinding).once();
RoleBinding response = client.roleBindings().create(new RoleBindingBuilder().withNewMetadata().endMetadata().addToUserNames("testuser1", "testuser2", "system:serviceaccount:test:svcacct").addToGroupNames("testgroup").build());
assertEquals(expectedRoleBinding, response);
assertEquals(expectedRoleBinding, new ObjectMapper().readerFor(RoleBinding.class).readValue(server.getLastRequest().getBody().inputStream()));
}
Also used :
RoleBindingBuilder(io.fabric8.openshift.api.model.RoleBindingBuilder)
RoleBinding(io.fabric8.openshift.api.model.RoleBinding)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
Example 18 with RoleBinding
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project kubernetes-client by fabric8io.
the class OpenshiftRoleBindingTest method testCreateInline.
@Test
void testCreateInline() throws Exception {
server.expect().post().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings").andReturn(201, expectedRoleBinding).once();
RoleBinding response = client.roleBindings().create(new RoleBindingBuilder().withNewMetadata().endMetadata().addNewSubject().withKind("User").withName("testuser1").endSubject().addNewSubject().withKind("User").withName("testuser2").endSubject().addNewSubject().withKind("ServiceAccount").withName("svcacct").endSubject().addNewSubject().withKind("Group").withName("testgroup").endSubject().build());
assertEquals(expectedRoleBinding, response);
assertEquals(expectedRoleBinding, new ObjectMapper().readerFor(RoleBinding.class).readValue(server.getLastRequest().getBody().inputStream()));
}
Also used :
RoleBindingBuilder(io.fabric8.openshift.api.model.RoleBindingBuilder)
RoleBinding(io.fabric8.openshift.api.model.RoleBinding)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
Example 19 with RoleBinding
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project kubernetes-client by fabric8io.
the class OpenshiftRoleBindingTest method testReplaceWithOnlySubjects.
@Test
void testReplaceWithOnlySubjects() throws Exception {
server.expect().get().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings/testrb").andReturn(200, expectedRoleBinding).once();
server.expect().put().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings/testrb").andReturn(200, expectedRoleBinding).once();
RoleBinding response = client.roleBindings().withName("testrb").replace(new RoleBindingBuilder().withNewMetadata().endMetadata().addNewSubject().withKind("User").withName("testuser1").endSubject().addNewSubject().withKind("User").withName("testuser2").endSubject().addNewSubject().withKind("ServiceAccount").withName("svcacct").endSubject().addNewSubject().withKind("Group").withName("testgroup").endSubject().build());
assertEquals(expectedRoleBinding, response);
assertEquals(expectedRoleBinding, new ObjectMapper().readerFor(RoleBinding.class).readValue(server.getLastRequest().getBody().inputStream()));
}
Also used :
RoleBindingBuilder(io.fabric8.openshift.api.model.RoleBindingBuilder)
RoleBinding(io.fabric8.openshift.api.model.RoleBinding)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
Example 20 with RoleBinding
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project kubernetes-client by fabric8io.
the class ProjectOperationsImpl method initRoleBindings.
private List<HasMetadata> initRoleBindings(String name, String adminUser) {
RoleBinding roleBindingPuller = new RoleBindingBuilder().withNewMetadata().addToAnnotations(OPENSHIFT_IO_DESCRIPTION_ANNOTATION, "Allows all pods in this namespace to pull images from this namespace. It is auto-managed by a controller; remove subjects to disable.").withName("system:image-pullers").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup(RBAC_AUTHORIZATION_APIGROUP).withKind(CLUSTER_ROLE).withName("system:image-puller").endRoleRef().addNewSubject().withApiGroup(RBAC_AUTHORIZATION_APIGROUP).withKind("Group").withName("system:serviceaccounts:" + name).endSubject().build();
RoleBinding roleBindingBuilder = new RoleBindingBuilder().withNewMetadata().addToAnnotations(OPENSHIFT_IO_DESCRIPTION_ANNOTATION, "Allows builds in this namespace to push images to" + "this namespace. It is auto-managed by a controller; remove subjects to disable.").withName("system:image-builders").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup(RBAC_AUTHORIZATION_APIGROUP).withKind(CLUSTER_ROLE).withName("system:image-builder").endRoleRef().addNewSubject().withKind("ServiceAccount").withName("builder").withNamespace(name).endSubject().build();
RoleBinding roleBindingDeployer = new RoleBindingBuilder().withNewMetadata().addToAnnotations(OPENSHIFT_IO_DESCRIPTION_ANNOTATION, " Allows deploymentconfigs in this namespace to rollout" + " pods in this namespace. It is auto-managed by a controller; remove subjects" + " to disable.").withName("system:deployers").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup(RBAC_AUTHORIZATION_APIGROUP).withKind(CLUSTER_ROLE).withName("system:deployer").endRoleRef().addNewSubject().withKind("ServiceAccount").withName("deployer").withNamespace(name).endSubject().build();
RoleBinding roleBindingAdmin = new RoleBindingBuilder().withNewMetadata().withName("admin").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup(RBAC_AUTHORIZATION_APIGROUP).withKind(CLUSTER_ROLE).withName("admin").endRoleRef().addNewSubject().withApiGroup(RBAC_AUTHORIZATION_APIGROUP).withKind("User").withName(adminUser).endSubject().build();
List<HasMetadata> resources = new ArrayList<>();
resources.add(roleBindingPuller);
resources.add(roleBindingBuilder);
resources.add(roleBindingDeployer);
resources.add(roleBindingAdmin);
return resources;
}
Also used :
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)
ArrayList(java.util.ArrayList)
RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding)
Aggregations
RoleBinding (io.fabric8.kubernetes.api.model.rbac.RoleBinding)33
RoleRefBuilder (io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)20
RoleBinding (io.fabric8.openshift.api.model.RoleBinding)19
Test (org.junit.jupiter.api.Test)19
RoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)16
RoleRef (io.fabric8.kubernetes.api.model.rbac.RoleRef)16
SubjectBuilder (io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)14
RoleBindingBuilder (io.fabric8.openshift.api.model.RoleBindingBuilder)13
Role (io.fabric8.kubernetes.api.model.rbac.Role)10
Subject (io.fabric8.kubernetes.api.model.rbac.Subject)10
KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)10
OpenShiftClient (io.fabric8.openshift.client.OpenShiftClient)10
List (java.util.List)8
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)6
ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)6
Kafka (io.strimzi.api.kafka.model.Kafka)6
KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)6
CertManager (io.strimzi.certs.CertManager)6
KubernetesVersion (io.strimzi.operator.KubernetesVersion)6
PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)6
