use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi by strimzi.
the class EntityTopicOperator method generateRoleBindingForRole.
public RoleBinding generateRoleBindingForRole(String namespace, String watchedNamespace) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(EntityOperator.entityOperatorServiceAccountName(cluster)).withNamespace(namespace).build();
RoleRef roleRef = new RoleRefBuilder().withName(getRoleName()).withApiGroup("rbac.authorization.k8s.io").withKind("Role").build();
RoleBinding rb = generateRoleBinding(roleBindingForRoleName(cluster), watchedNamespace, roleRef, singletonList(ks));
// We set OwnerReference only within the same namespace since it does not work cross-namespace
if (!namespace.equals(watchedNamespace)) {
rb.getMetadata().setOwnerReferences(Collections.emptyList());
}
return rb;
}
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi by strimzi.
the class EntityTopicOperatorTest method testRoleBindingInTheSameNamespace.
@ParallelTest
public void testRoleBindingInTheSameNamespace() {
RoleBinding binding = entityTopicOperator.generateRoleBindingForRole(namespace, namespace);
assertThat(binding.getSubjects().get(0).getNamespace(), is(namespace));
assertThat(binding.getMetadata().getNamespace(), is(namespace));
assertThat(binding.getMetadata().getOwnerReferences().size(), is(1));
assertThat(binding.getRoleRef().getKind(), is("Role"));
assertThat(binding.getRoleRef().getName(), is("foo-entity-operator"));
}
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi-kafka-operator by strimzi.
the class EntityUserOperatorTest method testRoleBindingInOtherNamespace.
@ParallelTest
public void testRoleBindingInOtherNamespace() {
RoleBinding binding = entityUserOperator.generateRoleBindingForRole(namespace, uoWatchedNamespace);
assertThat(binding.getSubjects().get(0).getNamespace(), is(namespace));
assertThat(binding.getMetadata().getNamespace(), is(uoWatchedNamespace));
assertThat(binding.getMetadata().getOwnerReferences().size(), is(0));
assertThat(binding.getRoleRef().getKind(), is("Role"));
assertThat(binding.getRoleRef().getName(), is("foo-entity-operator"));
}
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi-kafka-operator by strimzi.
the class RoleBindingOperatorIT method getModified.
@Override
protected RoleBinding getModified() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account2").withNamespace("my-namespace2").build();
// RoleRef cannot be changed
RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(resourceName).withNamespace(namespace).withLabels(singletonMap("state", "modified")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}
use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi-kafka-operator by strimzi.
the class RoleBindingOperatorTest method resource.
@Override
protected RoleBinding resource() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("some-service-account").withNamespace(NAMESPACE).build();
RoleRef roleRef = new RoleRefBuilder().withName("some-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(RESOURCE_NAME).withNamespace(NAMESPACE).withLabels(singletonMap("foo", "bar")).endMetadata().withRoleRef(roleRef).withSubjects(singletonList(ks)).build();
}
Aggregations