use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi-kafka-operator by strimzi.
the class EntityUserOperator method generateRoleBindingForRole.
public RoleBinding generateRoleBindingForRole(String namespace, String watchedNamespace) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(EntityOperator.entityOperatorServiceAccountName(cluster)).withNamespace(namespace).build();
RoleRef roleRef = new RoleRefBuilder().withName(getRoleName()).withApiGroup("rbac.authorization.k8s.io").withKind("Role").build();
RoleBinding rb = generateRoleBinding(roleBindingForRoleName(cluster), watchedNamespace, roleRef, singletonList(ks));
// We set OwnerReference only within the same namespace since it does not work cross-namespace
if (!namespace.equals(watchedNamespace)) {
rb.getMetadata().setOwnerReferences(Collections.emptyList());
}
return rb;
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi-kafka-operator by strimzi.
the class ClusterRoleBindingOperatorIT method getOriginal.
@Override
protected ClusterRoleBinding getOriginal() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account").withNamespace("my-namespace").build();
RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new ClusterRoleBindingBuilder().withNewMetadata().withName(resourceName).withLabels(singletonMap("state", "new")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi-kafka-operator by strimzi.
the class RoleBindingOperatorIT method getModified.
@Override
protected RoleBinding getModified() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account2").withNamespace("my-namespace2").build();
// RoleRef cannot be changed
RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(resourceName).withNamespace(namespace).withLabels(singletonMap("state", "modified")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi-kafka-operator by strimzi.
the class RoleBindingOperatorTest method resource.
@Override
protected RoleBinding resource() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("some-service-account").withNamespace(NAMESPACE).build();
RoleRef roleRef = new RoleRefBuilder().withName("some-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(RESOURCE_NAME).withNamespace(NAMESPACE).withLabels(singletonMap("foo", "bar")).endMetadata().withRoleRef(roleRef).withSubjects(singletonList(ks)).build();
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi by strimzi.
the class RoleBindingOperatorIT method getOriginal.
@Override
protected RoleBinding getOriginal() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account").withNamespace("my-namespace").build();
RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(resourceName).withNamespace(namespace).withLabels(singletonMap("state", "new")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}
Aggregations