Search in sources :

Example 1 with PolicyBinding

use of io.fabric8.openshift.api.model.PolicyBinding in project kie-wb-common by kiegroup.

the class OpenShiftClient method addServiceAccountRole.

private void addServiceAccountRole(String prjName, String name, String role) {
    Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
    DoneablePolicyBinding binding;
    if (bindingResource.get() == null) {
        binding = bindingResource.createNew();
    } else {
        binding = bindingResource.edit();
    }
    binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToUserNames("system:serviceaccount:" + prjName + ":" + name).addNewSubject().withName("default").withNamespace(prjName).withKind("ServiceAccount").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used : DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)

Example 2 with PolicyBinding

use of io.fabric8.openshift.api.model.PolicyBinding in project kie-wb-common by kiegroup.

the class OpenShiftClient method addSystemGroupRole.

private void addSystemGroupRole(String prjName, String name, String role) {
    Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
    DoneablePolicyBinding binding;
    if (bindingResource.get() == null) {
        binding = bindingResource.createNew();
    } else {
        binding = bindingResource.edit();
    }
    binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToGroupNames("system:serviceaccounts:" + prjName).addNewSubject().withName("default").withNamespace(prjName).withKind("SystemGroup").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used : DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)

Example 3 with PolicyBinding

use of io.fabric8.openshift.api.model.PolicyBinding in project fabric8 by fabric8io.

the class Controller method applyEntity.

/**
 * Applies the given DTOs onto the Kubernetes master
 */
public void applyEntity(Object dto, String sourceName) throws Exception {
    if (dto instanceof Pod) {
        applyPod((Pod) dto, sourceName);
    } else if (dto instanceof ReplicationController) {
        applyReplicationController((ReplicationController) dto, sourceName);
    } else if (dto instanceof Service) {
        applyService((Service) dto, sourceName);
    } else if (dto instanceof Namespace) {
        applyNamespace((Namespace) dto);
    } else if (dto instanceof Route) {
        applyRoute((Route) dto, sourceName);
    } else if (dto instanceof BuildConfig) {
        applyBuildConfig((BuildConfig) dto, sourceName);
    } else if (dto instanceof DeploymentConfig) {
        DeploymentConfig resource = (DeploymentConfig) dto;
        OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
        if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.APPS)) {
            applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
        } else {
            LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
        }
    } else if (dto instanceof PolicyBinding) {
        applyPolicyBinding((PolicyBinding) dto, sourceName);
    } else if (dto instanceof RoleBinding) {
        applyRoleBinding((RoleBinding) dto, sourceName);
    } else if (dto instanceof Role) {
        Role resource = (Role) dto;
        OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
        if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.AUTHORIZATION)) {
            applyResource(resource, sourceName, openShiftClient.roles());
        } else {
            LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
        }
    } else if (dto instanceof ImageStream) {
        applyImageStream((ImageStream) dto, sourceName);
    } else if (dto instanceof OAuthClient) {
        applyOAuthClient((OAuthClient) dto, sourceName);
    } else if (dto instanceof Template) {
        applyTemplate((Template) dto, sourceName);
    } else if (dto instanceof ServiceAccount) {
        applyServiceAccount((ServiceAccount) dto, sourceName);
    } else if (dto instanceof Secret) {
        applySecret((Secret) dto, sourceName);
    } else if (dto instanceof ConfigMap) {
        applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
    } else if (dto instanceof DaemonSet) {
        applyResource((DaemonSet) dto, sourceName, kubernetesClient.extensions().daemonSets());
    } else if (dto instanceof Deployment) {
        applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
    } else if (dto instanceof ReplicaSet) {
        applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
    } else if (dto instanceof StatefulSet) {
        applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
    } else if (dto instanceof Ingress) {
        applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
    } else if (dto instanceof PersistentVolumeClaim) {
        applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
    } else if (dto instanceof HasMetadata) {
        HasMetadata entity = (HasMetadata) dto;
        try {
            String namespace = getNamespace();
            String resourceNamespace = getNamespace(entity);
            if (Strings.isNotBlank(namespace) && Strings.isNullOrBlank(resourceNamespace)) {
                getOrCreateMetadata(entity).setNamespace(namespace);
            }
            LOG.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
            kubernetesClient.resource(entity).inNamespace(namespace).createOrReplace();
        } catch (Exception e) {
            onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
        }
    } else {
        throw new IllegalArgumentException("Unknown entity type " + dto);
    }
}
Also used : ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) OAuthClient(io.fabric8.openshift.api.model.OAuthClient) DoneableImageStream(io.fabric8.openshift.api.model.DoneableImageStream) ImageStream(io.fabric8.openshift.api.model.ImageStream) Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment) Template(io.fabric8.openshift.api.model.Template) ReplicationController(io.fabric8.kubernetes.api.model.ReplicationController) BuildConfig(io.fabric8.openshift.api.model.BuildConfig) RoleBinding(io.fabric8.openshift.api.model.RoleBinding) ReplicaSet(io.fabric8.kubernetes.api.model.extensions.ReplicaSet) Route(io.fabric8.openshift.api.model.Route) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Pod(io.fabric8.kubernetes.api.model.Pod) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Service(io.fabric8.kubernetes.api.model.Service) Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress) Namespace(io.fabric8.kubernetes.api.model.Namespace) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) FileNotFoundException(java.io.FileNotFoundException) OpenShiftNotAvailableException(io.fabric8.openshift.client.OpenShiftNotAvailableException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException) Role(io.fabric8.openshift.api.model.Role) Secret(io.fabric8.kubernetes.api.model.Secret) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) DaemonSet(io.fabric8.kubernetes.api.model.extensions.DaemonSet) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) DeploymentConfig(io.fabric8.openshift.api.model.DeploymentConfig) StatefulSet(io.fabric8.kubernetes.api.model.extensions.StatefulSet)

Example 4 with PolicyBinding

use of io.fabric8.openshift.api.model.PolicyBinding in project jointware by isdream.

the class KubernetesKeyValueStyleGeneratorTest method testOpenShiftWithAllKind.

protected static void testOpenShiftWithAllKind() throws Exception {
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new Policy());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new Group());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new User());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new OAuthClient());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new ClusterRoleBinding());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new ImageStreamTag());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new ImageStream());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new Build());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new BuildConfig());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new RoleBinding());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new Route());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new PolicyBinding());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new OAuthAuthorizeToken());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new Role());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new Project());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new OAuthAccessToken());
    info(OPENSHIFT_KIND, OpenShiftDocumentKeyValueStyleGenerator.class.getName(), new DeploymentConfig());
}
Also used : NetworkPolicy(io.fabric8.kubernetes.api.model.extensions.NetworkPolicy) Policy(io.fabric8.openshift.api.model.Policy) Group(io.fabric8.openshift.api.model.Group) User(io.fabric8.openshift.api.model.User) OAuthClient(io.fabric8.openshift.api.model.OAuthClient) ClusterRoleBinding(io.fabric8.openshift.api.model.ClusterRoleBinding) ImageStreamTag(io.fabric8.openshift.api.model.ImageStreamTag) ImageStream(io.fabric8.openshift.api.model.ImageStream) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding) OAuthAuthorizeToken(io.fabric8.openshift.api.model.OAuthAuthorizeToken) Role(io.fabric8.openshift.api.model.Role) Project(io.fabric8.openshift.api.model.Project) Build(io.fabric8.openshift.api.model.Build) OpenShiftDocumentKeyValueStyleGenerator(com.github.isdream.chameleon.docs.OpenShiftDocumentKeyValueStyleGenerator) BuildConfig(io.fabric8.openshift.api.model.BuildConfig) OAuthAccessToken(io.fabric8.openshift.api.model.OAuthAccessToken) ClusterRoleBinding(io.fabric8.openshift.api.model.ClusterRoleBinding) RoleBinding(io.fabric8.openshift.api.model.RoleBinding) DeploymentConfig(io.fabric8.openshift.api.model.DeploymentConfig) Route(io.fabric8.openshift.api.model.Route)

Example 5 with PolicyBinding

use of io.fabric8.openshift.api.model.PolicyBinding in project fabric8 by fabric8io.

the class Controller method applyPolicyBinding.

public void applyPolicyBinding(PolicyBinding entity, String sourceName) {
    OpenShiftClient openShiftClient = getOpenShiftClientOrJenkinshift();
    if (openShiftClient != null) {
        String id = getName(entity);
        Objects.notNull(id, "No name for " + entity + " " + sourceName);
        String namespace = KubernetesHelper.getNamespace(entity);
        if (Strings.isNullOrBlank(namespace)) {
            namespace = getNamespace();
        }
        applyNamespace(namespace);
        PolicyBinding old = openShiftClient.policyBindings().inNamespace(namespace).withName(id).get();
        if (isRunning(old)) {
            if (UserConfigurationCompare.configEqual(entity, old)) {
                LOG.info("PolicyBinding has not changed so not doing anything");
            } else {
                if (isRecreateMode()) {
                    LOG.info("Deleting PolicyBinding: " + id);
                    openShiftClient.policyBindings().inNamespace(namespace).withName(id).delete();
                    doCreatePolicyBinding(entity, namespace, sourceName);
                } else {
                    LOG.info("Updating PolicyBinding from " + sourceName);
                    try {
                        String resourceVersion = KubernetesHelper.getResourceVersion(old);
                        ObjectMeta metadata = KubernetesHelper.getOrCreateMetadata(entity);
                        metadata.setNamespace(namespace);
                        metadata.setResourceVersion(resourceVersion);
                        Object answer = openShiftClient.policyBindings().inNamespace(namespace).withName(id).replace(entity);
                        logGeneratedEntity("Updated PolicyBinding: ", namespace, entity, answer);
                    } catch (Exception e) {
                        onApplyError("Failed to update PolicyBinding from " + sourceName + ". " + e + ". " + entity, e);
                    }
                }
            }
        } else {
            if (!isAllowCreate()) {
                LOG.warn("Creation disabled so not creating PolicyBinding from " + sourceName + " namespace " + namespace + " name " + getName(entity));
            } else {
                doCreatePolicyBinding(entity, namespace, sourceName);
            }
        }
    }
}
Also used : ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) JSONObject(org.json.JSONObject) PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) FileNotFoundException(java.io.FileNotFoundException) OpenShiftNotAvailableException(io.fabric8.openshift.client.OpenShiftNotAvailableException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException)

Aggregations

PolicyBinding (io.fabric8.openshift.api.model.PolicyBinding)5 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)2 BuildConfig (io.fabric8.openshift.api.model.BuildConfig)2 DeploymentConfig (io.fabric8.openshift.api.model.DeploymentConfig)2 DoneablePolicyBinding (io.fabric8.openshift.api.model.DoneablePolicyBinding)2 ImageStream (io.fabric8.openshift.api.model.ImageStream)2 OAuthClient (io.fabric8.openshift.api.model.OAuthClient)2 Role (io.fabric8.openshift.api.model.Role)2 RoleBinding (io.fabric8.openshift.api.model.RoleBinding)2 Route (io.fabric8.openshift.api.model.Route)2 OpenShiftClient (io.fabric8.openshift.client.OpenShiftClient)2 OpenShiftNotAvailableException (io.fabric8.openshift.client.OpenShiftNotAvailableException)2 FileNotFoundException (java.io.FileNotFoundException)2 IOException (java.io.IOException)2 OpenShiftDocumentKeyValueStyleGenerator (com.github.isdream.chameleon.docs.OpenShiftDocumentKeyValueStyleGenerator)1 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)1 HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)1 Namespace (io.fabric8.kubernetes.api.model.Namespace)1 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)1