Examples with RoleRefBuilder io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder used on opensource projects

Example 16 with RoleRefBuilder

use of io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorRbacScopeTest method testRolesDeployedWhenNamespaceRbacScope.

/**
 * This test checks that when STRIMZI_RBAC_SCOPE feature is set to 'NAMESPACE', the cluster operator only
 * deploys and binds to Roles
 */
@Test
public void testRolesDeployedWhenNamespaceRbacScope(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(clusterName).withNamespace(namespace).endMetadata().withNewSpec().withNewKafka().withReplicas(3).endKafka().withNewZookeeper().withReplicas(3).endZookeeper().withNewEntityOperator().withNewUserOperator().endUserOperator().withNewTopicOperator().endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(namespace), eq(clusterName))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(namespace), eq(clusterName))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the operations for RoleBindings
    RoleBindingOperator mockRoleBindingOps = supplier.roleBindingOperations;
    // Capture the names of reconciled rolebindings and their patched state
    ArgumentCaptor<String> roleBindingNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<RoleBinding> roleBindingCaptor = ArgumentCaptor.forClass(RoleBinding.class);
    when(mockRoleBindingOps.reconcile(any(), eq(namespace), roleBindingNameCaptor.capture(), roleBindingCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperatorRolesSubset kao = new KafkaAssemblyOperatorRolesSubset(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, configNamespaceRbacScope);
    Checkpoint async = context.checkpoint();
    kao.reconcile(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> roleBindingNames = roleBindingNameCaptor.getAllValues();
        List<RoleBinding> roleBindings = roleBindingCaptor.getAllValues();
        assertThat(roleBindingNames, hasSize(2));
        assertThat(roleBindings, hasSize(2));
        // Check all RoleBindings, easier to index by order applied
        assertThat(roleBindingNames.get(0), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(0), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        assertThat(roleBindingNames.get(1), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(1), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        verify(supplier.clusterRoleBindingOperator, never()).reconcile(any(), anyString(), any());
        async.flag();
    })));
}

Example 17 with RoleRefBuilder

use of io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorRbacScopeTest method testRolesDeployedWhenNamespaceRbacScopeAndMultiWatchNamespace.

/**
 * This test checks that when STRIMZI_RBAC_SCOPE feature is set to 'NAMESPACE', the cluster operator
 * binds to ClusterRoles when it can't use Roles due to cross namespace permissions
 */
@Test
public void testRolesDeployedWhenNamespaceRbacScopeAndMultiWatchNamespace(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(clusterName).withNamespace(namespace).endMetadata().withNewSpec().withNewKafka().withReplicas(3).endKafka().withNewZookeeper().withReplicas(3).endZookeeper().withNewEntityOperator().withNewUserOperator().withWatchedNamespace("other-ns").endUserOperator().withNewTopicOperator().withWatchedNamespace("another-ns").endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(namespace), eq(clusterName))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(namespace), eq(clusterName))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the operations for Roles
    RoleOperator mockRoleOps = supplier.roleOperations;
    // Capture the names of reconciled Roles and their patched state
    ArgumentCaptor<String> roleNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Role> roleCaptor = ArgumentCaptor.forClass(Role.class);
    when(mockRoleOps.reconcile(any(), anyString(), roleNameCaptor.capture(), roleCaptor.capture())).thenReturn(Future.succeededFuture());
    // Mock the operations for RoleBindings
    RoleBindingOperator mockRoleBindingOps = supplier.roleBindingOperations;
    // Capture the names of reconciled RoleBindings and their patched state
    ArgumentCaptor<String> roleBindingNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<RoleBinding> roleBindingCaptor = ArgumentCaptor.forClass(RoleBinding.class);
    when(mockRoleBindingOps.reconcile(any(), anyString(), roleBindingNameCaptor.capture(), roleBindingCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperatorRolesSubset kao = new KafkaAssemblyOperatorRolesSubset(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, configNamespaceRbacScope);
    Checkpoint async = context.checkpoint();
    kao.reconcile(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> roleBindingNames = roleBindingNameCaptor.getAllValues();
        List<RoleBinding> roleBindings = roleBindingCaptor.getAllValues();
        assertThat(roleBindingNames, hasSize(4));
        assertThat(roleBindings, hasSize(4));
        // Check all RoleBindings, easier to index by order applied
        assertThat(roleBindingNames.get(0), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(0).getMetadata().getNamespace(), is("another-ns"));
        assertThat(roleBindings.get(0), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        assertThat(roleBindingNames.get(1), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(1).getMetadata().getNamespace(), is("test-ns"));
        assertThat(roleBindings.get(1), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        assertThat(roleBindingNames.get(2), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(2).getMetadata().getNamespace(), is("other-ns"));
        assertThat(roleBindings.get(2), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        assertThat(roleBindingNames.get(3), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(3).getMetadata().getNamespace(), is("test-ns"));
        assertThat(roleBindings.get(3), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        List<String> roleNames = roleNameCaptor.getAllValues();
        List<Role> roles = roleCaptor.getAllValues();
        assertThat(roleNames, hasSize(3));
        assertThat(roles, hasSize(3));
        // Check all Roles, easier to index by order applied
        assertThat(roleNames.get(0), is("test-instance-entity-operator"));
        assertThat(roles.get(0).getMetadata().getNamespace(), is("test-ns"));
        assertThat(roleNames.get(1), is("test-instance-entity-operator"));
        assertThat(roles.get(1).getMetadata().getNamespace(), is("other-ns"));
        assertThat(roleNames.get(2), is("test-instance-entity-operator"));
        assertThat(roles.get(2).getMetadata().getNamespace(), is("another-ns"));
        async.flag();
    })));
}

Example 18 with RoleRefBuilder

use of io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorRbacScopeTest method testRolesDeployedWhenClusterRbacScope.

/**
 * This test checks that when STRIMZI_RBAC_SCOPE feature is set to 'CLUSTER', the cluster operator
 * binds to ClusterRoles
 */
@Test
public void testRolesDeployedWhenClusterRbacScope(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(clusterName).withNamespace(namespace).endMetadata().withNewSpec().withNewKafka().withReplicas(3).endKafka().withNewZookeeper().withReplicas(3).endZookeeper().withNewEntityOperator().withNewUserOperator().endUserOperator().withNewTopicOperator().endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(namespace), eq(clusterName))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(namespace), eq(clusterName))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the operations for RoleBindings
    RoleBindingOperator mockRoleBindingOps = supplier.roleBindingOperations;
    // Capture the names of reconciled rolebindings and their patched state
    ArgumentCaptor<String> roleBindingNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<RoleBinding> roleBindingCaptor = ArgumentCaptor.forClass(RoleBinding.class);
    when(mockRoleBindingOps.reconcile(any(), eq(namespace), roleBindingNameCaptor.capture(), roleBindingCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperatorRolesSubset kao = new KafkaAssemblyOperatorRolesSubset(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, config);
    Checkpoint async = context.checkpoint();
    kao.reconcile(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> roleBindingNames = roleBindingNameCaptor.getAllValues();
        List<RoleBinding> roleBindings = roleBindingCaptor.getAllValues();
        assertThat(roleBindingNames, hasSize(2));
        assertThat(roleBindings, hasSize(2));
        // Check all RoleBindings, easier to index by order applied
        assertThat(roleBindingNames.get(0), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(0), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        assertThat(roleBindingNames.get(1), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(1), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        async.flag();
    })));
}

Example 19 with RoleRefBuilder

use of io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder in project stackgres by ongres.

the class DbOpsRole method createRoleBinding.

/**
 * Create the RoleBinding for Job associated to the dbOps.
 */
private RoleBinding createRoleBinding(StackGresDbOpsContext context) {
    final StackGresDbOps dbOps = context.getSource();
    final Map<String, String> labels = labelFactory.clusterLabels(context.getCluster());
    return new RoleBindingBuilder().withNewMetadata().withName(roleName(context)).withNamespace(dbOps.getMetadata().getNamespace()).withLabels(labels).endMetadata().withSubjects(new SubjectBuilder().withKind("ServiceAccount").withName(roleName(context)).withNamespace(dbOps.getMetadata().getNamespace()).build()).withRoleRef(new RoleRefBuilder().withKind("Role").withName(roleName(context)).withApiGroup("rbac.authorization.k8s.io").build()).build();
}

Example 20 with RoleRefBuilder

use of io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder in project strimzi by strimzi.

the class RoleBindingOperatorIT method getOriginal.

@Override
protected RoleBinding getOriginal() {
    Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("my-service-account").withNamespace("my-namespace").build();
    RoleRef roleRef = new RoleRefBuilder().withName("my-cluster-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
    return new RoleBindingBuilder().withNewMetadata().withName(resourceName).withNamespace(namespace).withLabels(singletonMap("state", "new")).endMetadata().withSubjects(ks).withRoleRef(roleRef).build();
}