Example 1 with Role
use of io.fabric8.openshift.api.model.Role in project kie-wb-common by kiegroup.
the class OpenShiftClient method addServiceAccountRole.
private void addServiceAccountRole(String prjName, String name, String role) {
Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
DoneablePolicyBinding binding;
if (bindingResource.get() == null) {
binding = bindingResource.createNew();
} else {
binding = bindingResource.edit();
}
binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToUserNames("system:serviceaccount:" + prjName + ":" + name).addNewSubject().withName("default").withNamespace(prjName).withKind("ServiceAccount").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used :
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)
Example 2 with Role
use of io.fabric8.openshift.api.model.Role in project kie-wb-common by kiegroup.
the class OpenShiftClient method addSystemGroupRole.
private void addSystemGroupRole(String prjName, String name, String role) {
Resource<PolicyBinding, DoneablePolicyBinding> bindingResource = delegate.policyBindings().inNamespace(prjName).withName(":default");
DoneablePolicyBinding binding;
if (bindingResource.get() == null) {
binding = bindingResource.createNew();
} else {
binding = bindingResource.edit();
}
binding.editOrNewMetadata().withName(":default").endMetadata().editOrNewPolicyRef().withName("default").endPolicyRef().addNewRoleBinding().withName(role).editOrNewRoleBinding().editOrNewMetadata().withName(role).withNamespace(prjName).endMetadata().addToGroupNames("system:serviceaccounts:" + prjName).addNewSubject().withName("default").withNamespace(prjName).withKind("SystemGroup").endSubject().withNewRoleRef().withName(role).endRoleRef().endRoleBinding().endRoleBinding().done();
}
Also used :
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
DoneablePolicyBinding(io.fabric8.openshift.api.model.DoneablePolicyBinding)
PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)
Example 3 with Role
use of io.fabric8.openshift.api.model.Role in project fabric8 by fabric8io.
the class Controller method applyEntity.
/**
* Applies the given DTOs onto the Kubernetes master
*/
public void applyEntity(Object dto, String sourceName) throws Exception {
if (dto instanceof Pod) {
applyPod((Pod) dto, sourceName);
} else if (dto instanceof ReplicationController) {
applyReplicationController((ReplicationController) dto, sourceName);
} else if (dto instanceof Service) {
applyService((Service) dto, sourceName);
} else if (dto instanceof Namespace) {
applyNamespace((Namespace) dto);
} else if (dto instanceof Route) {
applyRoute((Route) dto, sourceName);
} else if (dto instanceof BuildConfig) {
applyBuildConfig((BuildConfig) dto, sourceName);
} else if (dto instanceof DeploymentConfig) {
DeploymentConfig resource = (DeploymentConfig) dto;
OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.APPS)) {
applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
} else {
LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof PolicyBinding) {
applyPolicyBinding((PolicyBinding) dto, sourceName);
} else if (dto instanceof RoleBinding) {
applyRoleBinding((RoleBinding) dto, sourceName);
} else if (dto instanceof Role) {
Role resource = (Role) dto;
OpenShiftClient openShiftClient = getOpenShiftClientOrNull();
if (openShiftClient != null && openShiftClient.supportsOpenShiftAPIGroup(OpenShiftAPIGroups.AUTHORIZATION)) {
applyResource(resource, sourceName, openShiftClient.roles());
} else {
LOG.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof ImageStream) {
applyImageStream((ImageStream) dto, sourceName);
} else if (dto instanceof OAuthClient) {
applyOAuthClient((OAuthClient) dto, sourceName);
} else if (dto instanceof Template) {
applyTemplate((Template) dto, sourceName);
} else if (dto instanceof ServiceAccount) {
applyServiceAccount((ServiceAccount) dto, sourceName);
} else if (dto instanceof Secret) {
applySecret((Secret) dto, sourceName);
} else if (dto instanceof ConfigMap) {
applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
} else if (dto instanceof DaemonSet) {
applyResource((DaemonSet) dto, sourceName, kubernetesClient.extensions().daemonSets());
} else if (dto instanceof Deployment) {
applyResource((Deployment) dto, sourceName, kubernetesClient.extensions().deployments());
} else if (dto instanceof ReplicaSet) {
applyResource((ReplicaSet) dto, sourceName, kubernetesClient.extensions().replicaSets());
} else if (dto instanceof StatefulSet) {
applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
} else if (dto instanceof Ingress) {
applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
} else if (dto instanceof PersistentVolumeClaim) {
applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
} else if (dto instanceof HasMetadata) {
HasMetadata entity = (HasMetadata) dto;
try {
String namespace = getNamespace();
String resourceNamespace = getNamespace(entity);
if (Strings.isNotBlank(namespace) && Strings.isNullOrBlank(resourceNamespace)) {
getOrCreateMetadata(entity).setNamespace(namespace);
}
LOG.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
kubernetesClient.resource(entity).inNamespace(namespace).createOrReplace();
} catch (Exception e) {
onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
}
} else {
throw new IllegalArgumentException("Unknown entity type " + dto);
}
}
Also used :
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
OAuthClient(io.fabric8.openshift.api.model.OAuthClient)
DoneableImageStream(io.fabric8.openshift.api.model.DoneableImageStream)
ImageStream(io.fabric8.openshift.api.model.ImageStream)
Deployment(io.fabric8.kubernetes.api.model.extensions.Deployment)
Template(io.fabric8.openshift.api.model.Template)
ReplicationController(io.fabric8.kubernetes.api.model.ReplicationController)
BuildConfig(io.fabric8.openshift.api.model.BuildConfig)
RoleBinding(io.fabric8.openshift.api.model.RoleBinding)
ReplicaSet(io.fabric8.kubernetes.api.model.extensions.ReplicaSet)
Route(io.fabric8.openshift.api.model.Route)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
Pod(io.fabric8.kubernetes.api.model.Pod)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
Service(io.fabric8.kubernetes.api.model.Service)
Ingress(io.fabric8.kubernetes.api.model.extensions.Ingress)
Namespace(io.fabric8.kubernetes.api.model.Namespace)
PolicyBinding(io.fabric8.openshift.api.model.PolicyBinding)
KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)
FileNotFoundException(java.io.FileNotFoundException)
OpenShiftNotAvailableException(io.fabric8.openshift.client.OpenShiftNotAvailableException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
IOException(java.io.IOException)
Role(io.fabric8.openshift.api.model.Role)
Secret(io.fabric8.kubernetes.api.model.Secret)
OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient)
DaemonSet(io.fabric8.kubernetes.api.model.extensions.DaemonSet)
PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim)
DeploymentConfig(io.fabric8.openshift.api.model.DeploymentConfig)
StatefulSet(io.fabric8.kubernetes.api.model.extensions.StatefulSet)
Example 4 with Role
use of io.fabric8.openshift.api.model.Role in project fabric8 by jboss-fuse.
the class GitHttpServerRegistrationHandler method registerServlet.
private void registerServlet(Path dataPath, String realm, String role) throws Exception {
synchronized (gitRemoteUrl) {
basePath = dataPath.resolve(Paths.get("git", "servlet"));
Path fabricRepoPath = basePath.resolve("fabric");
String servletBase = basePath.toFile().getAbsolutePath();
// Init and clone the local repo.
File fabricRoot = fabricRepoPath.toFile();
if (!fabricRoot.exists()) {
LOGGER.info("Cloning master root repo into {}", fabricRoot);
File localRepo = gitDataStore.get().getGit().getRepository().getDirectory();
git = Git.cloneRepository().setTimeout(10).setBare(true).setNoCheckout(true).setCloneAllBranches(true).setDirectory(fabricRoot).setURI(localRepo.toURI().toString()).call();
} else {
LOGGER.info("{} already exists", fabricRoot);
git = Git.open(fabricRoot);
}
HttpContext base = httpService.get().createDefaultHttpContext();
HttpContext secure = new GitSecureHttpContext(base, curator.get(), realm, role);
Dictionary<String, Object> initParams = new Hashtable<String, Object>();
initParams.put("base-path", servletBase);
initParams.put("repository-root", servletBase);
initParams.put("export-all", "true");
httpService.get().registerServlet("/git", new FabricGitServlet(git, curator.get()), initParams, secure);
registerGitHttpEndpoint();
}
}
Also used :
ZkPath(io.fabric8.zookeeper.ZkPath)
Path(java.nio.file.Path)
Hashtable(java.util.Hashtable)
HttpContext(org.osgi.service.http.HttpContext)
File(java.io.File)
Example 5 with Role
use of io.fabric8.openshift.api.model.Role in project fabric8 by jboss-fuse.
the class ClusterBootstrapManager method getCreateEnsembleOptions.
static CreateEnsembleOptions getCreateEnsembleOptions(RuntimeProperties sysprops, Map<String, Object> options) {
String username = (String) options.remove("username");
String password = (String) options.remove("password");
String role = (String) options.remove("role");
if (username == null || password == null || role == null) {
throw new FabricException("Must specify an administrator username, password and administrative role when creating a fabric");
}
Object profileObject = options.remove("profiles");
ObjectMapper mapper = new ObjectMapper();
mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
mapper.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
CreateEnsembleOptions.Builder builder = mapper.convertValue(options, CreateEnsembleOptions.Builder.class);
if (profileObject != null) {
List profiles = mapper.convertValue(profileObject, List.class);
builder.profiles(profiles);
}
org.apache.felix.utils.properties.Properties userProps = null;
try {
userProps = new org.apache.felix.utils.properties.Properties(sysprops.getConfPath().resolve("users.properties").toFile());
} catch (IOException e) {
userProps = new org.apache.felix.utils.properties.Properties();
}
if (userProps.get(username) == null) {
userProps.put(username, password + "," + role);
}
CreateEnsembleOptions answer = builder.users(userProps).withUser(username, password, role).build();
LOG.debug("Creating ensemble with options: {}", answer);
System.setProperty(ZkDefs.GLOBAL_RESOLVER_PROPERTY, answer.getGlobalResolver());
System.setProperty(ZkDefs.LOCAL_RESOLVER_PROPERTY, answer.getResolver());
System.setProperty(ZkDefs.MANUAL_IP, answer.getManualIp());
System.setProperty(ZkDefs.BIND_ADDRESS, answer.getBindAddress());
System.setProperty(ZkDefs.MINIMUM_PORT, "" + answer.getMinimumPort());
System.setProperty(ZkDefs.MAXIMUM_PORT, "" + answer.getMaximumPort());
return answer;
}
Also used :
FabricException(io.fabric8.api.FabricException)
CreateEnsembleOptions(io.fabric8.api.CreateEnsembleOptions)
IOException(java.io.IOException)
RuntimeProperties(io.fabric8.api.RuntimeProperties)
List(java.util.List)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Aggregations
PolicyBinding (io.fabric8.openshift.api.model.PolicyBinding)3
Pod (io.fabric8.kubernetes.api.model.Pod)2
Service (io.fabric8.kubernetes.api.model.Service)2
BuildConfig (io.fabric8.openshift.api.model.BuildConfig)2
DeploymentConfig (io.fabric8.openshift.api.model.DeploymentConfig)2
DoneablePolicyBinding (io.fabric8.openshift.api.model.DoneablePolicyBinding)2
ImageStream (io.fabric8.openshift.api.model.ImageStream)2
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
OpenShiftDocumentKeyValueStyleGenerator (com.github.isdream.chameleon.docs.OpenShiftDocumentKeyValueStyleGenerator)1
KubernetesContainerClient (de.zalando.ep.zalenium.container.kubernetes.KubernetesContainerClient)1
CreateEnsembleOptions (io.fabric8.api.CreateEnsembleOptions)1
FabricException (io.fabric8.api.FabricException)1
RuntimeProperties (io.fabric8.api.RuntimeProperties)1
ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)1
Container (io.fabric8.kubernetes.api.model.Container)1
ContainerBuilder (io.fabric8.kubernetes.api.model.ContainerBuilder)1
EnvVarBuilder (io.fabric8.kubernetes.api.model.EnvVarBuilder)1
HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)1
HostAlias (io.fabric8.kubernetes.api.model.HostAlias)1
