Search in sources :

Example 41 with RoleBinding

use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project fabric8-maven-plugin by fabric8io.

the class ApplyService method applyRoleBinding.

public void applyRoleBinding(RoleBinding entity, String sourceName) {
    OpenShiftClient openShiftClient = getOpenShiftClient();
    if (openShiftClient != null) {
        String id = getName(entity);
        Objects.requireNonNull(id, "No name for " + entity + " " + sourceName);
        String namespace = KubernetesHelper.getNamespace(entity);
        if (StringUtils.isBlank(namespace)) {
            namespace = getNamespace(entity);
        }
        applyNamespace(namespace);
        RoleBinding old = openShiftClient.rbac().roleBindings().inNamespace(namespace).withName(id).get();
        if (isRunning(old)) {
            if (UserConfigurationCompare.configEqual(entity, old)) {
                log.info("RoleBinding has not changed so not doing anything");
            } else {
                if (isRecreateMode()) {
                    log.info("Deleting RoleBinding: " + id);
                    openShiftClient.roleBindings().inNamespace(namespace).withName(id).delete();
                    doCreateRoleBinding(entity, namespace, sourceName);
                } else {
                    log.info("Updating RoleBinding from " + sourceName);
                    try {
                        String resourceVersion = KubernetesHelper.getResourceVersion(old);
                        ObjectMeta metadata = getOrCreateMetadata(entity);
                        metadata.setNamespace(namespace);
                        metadata.setResourceVersion(resourceVersion);
                        Object answer = openShiftClient.rbac().roleBindings().inNamespace(namespace).withName(id).replace(entity);
                        logGeneratedEntity("Updated RoleBinding: ", namespace, entity, answer);
                    } catch (Exception e) {
                        onApplyError("Failed to update RoleBinding from " + sourceName + ". " + e + ". " + entity, e);
                    }
                }
            }
        } else {
            if (!isAllowCreate()) {
                log.warn("Creation disabled so not creating RoleBinding from " + sourceName + " namespace " + namespace + " name " + getName(entity));
            } else {
                doCreateRoleBinding(entity, namespace, sourceName);
            }
        }
    }
}
Also used : ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException)

Example 42 with RoleBinding

use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi by strimzi.

the class EntityTopicOperatorTest method testRoleBindingInOtherNamespace.

@ParallelTest
public void testRoleBindingInOtherNamespace() {
    RoleBinding binding = entityTopicOperator.generateRoleBindingForRole(namespace, toWatchedNamespace);
    assertThat(binding.getSubjects().get(0).getNamespace(), is(namespace));
    assertThat(binding.getMetadata().getNamespace(), is(toWatchedNamespace));
    assertThat(binding.getMetadata().getOwnerReferences().size(), is(0));
    assertThat(binding.getRoleRef().getKind(), is("Role"));
    assertThat(binding.getRoleRef().getName(), is("foo-entity-operator"));
}
Also used : RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 43 with RoleBinding

use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi by strimzi.

the class RoleBindingOperatorIT method getOriginal.

@Override
protected RoleBinding getOriginal() {
    Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account").withNamespace("my-namespace").build();
    RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
    return new RoleBindingBuilder().withNewMetadata().withName(resourceName).withNamespace(namespace).withLabels(singletonMap("state", "new")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}
Also used : RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef) SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder) Subject(io.fabric8.kubernetes.api.model.rbac.Subject) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)

Example 44 with RoleBinding

use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi by strimzi.

the class RoleBindingOperatorTest method resource.

@Override
protected RoleBinding resource() {
    Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("some-service-account").withNamespace(NAMESPACE).build();
    RoleRef roleRef = new RoleRefBuilder().withName("some-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
    return new RoleBindingBuilder().withNewMetadata().withName(RESOURCE_NAME).withNamespace(NAMESPACE).withLabels(singletonMap("foo", "bar")).endMetadata().withRoleRef(roleRef).withSubjects(singletonList(ks)).build();
}
Also used : RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef) SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder) Subject(io.fabric8.kubernetes.api.model.rbac.Subject) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)

Example 45 with RoleBinding

use of io.fabric8.kubernetes.api.model.rbac.RoleBinding in project strimzi by strimzi.

the class EntityUserOperatorTest method testRoleBindingInTheSameNamespace.

@ParallelTest
public void testRoleBindingInTheSameNamespace() {
    RoleBinding binding = entityUserOperator.generateRoleBindingForRole(namespace, namespace);
    assertThat(binding.getSubjects().get(0).getNamespace(), is(namespace));
    assertThat(binding.getMetadata().getNamespace(), is(namespace));
    assertThat(binding.getMetadata().getOwnerReferences().size(), is(1));
    assertThat(binding.getRoleRef().getKind(), is("Role"));
    assertThat(binding.getRoleRef().getName(), is("foo-entity-operator"));
}
Also used : RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

RoleBinding (io.fabric8.kubernetes.api.model.rbac.RoleBinding)33 RoleRefBuilder (io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)20 RoleBinding (io.fabric8.openshift.api.model.RoleBinding)19 Test (org.junit.jupiter.api.Test)19 RoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)16 RoleRef (io.fabric8.kubernetes.api.model.rbac.RoleRef)16 SubjectBuilder (io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)14 RoleBindingBuilder (io.fabric8.openshift.api.model.RoleBindingBuilder)13 Role (io.fabric8.kubernetes.api.model.rbac.Role)10 Subject (io.fabric8.kubernetes.api.model.rbac.Subject)10 KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)10 OpenShiftClient (io.fabric8.openshift.client.OpenShiftClient)10 List (java.util.List)8 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)6 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)6 Kafka (io.strimzi.api.kafka.model.Kafka)6 KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)6 CertManager (io.strimzi.certs.CertManager)6 KubernetesVersion (io.strimzi.operator.KubernetesVersion)6 PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)6