Examples with RoleBindingBuilder io.fabric8.openshift.api.model.RoleBindingBuilder used on opensource projects

Example 26 with RoleBindingBuilder

use of io.fabric8.openshift.api.model.RoleBindingBuilder in project kubernetes-client by fabric8io.

the class RoleBindingOperationsImpl method enrichFromSubjects.

private void enrichFromSubjects(RoleBindingBuilder builder, List<ObjectReference> subjects) {
    for (ObjectReference ref : subjects) {
        switch(ref.getKind()) {
            case USER:
                builder.addToUserNames(ref.getName());
                break;
            case SERVICE_ACCOUNT:
                String namespace = ref.getNamespace();
                if (namespace == null || namespace.isEmpty()) {
                    namespace = getNamespace();
                }
                builder.addToUserNames("system:serviceaccount:" + namespace + ":" + ref.getName());
                break;
            case GROUP:
                builder.addToGroupNames(ref.getName());
                break;
        }
    }
}

Example 27 with RoleBindingBuilder

use of io.fabric8.openshift.api.model.RoleBindingBuilder in project kubernetes-client by fabric8io.

the class RoleBindingTest method kubernetesRoleBuilderTest.

@Test
public void kubernetesRoleBuilderTest() throws Exception {
    // given
    final String originalJson = Helper.loadJson("/valid-roleBinding.json");
    // when
    RoleBinding kubernetesRoleBinding = new RoleBindingBuilder().withNewMetadata().withName("read-jobs").withNamespace("default").endMetadata().addToSubjects(0, new SubjectBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("User").withName("jane").withNamespace("default").build()).withRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("job-reader").build()).build();
    final String serializedJson = mapper.writeValueAsString(kubernetesRoleBinding);
    // then
    assertThatJson(serializedJson).when(IGNORING_ARRAY_ORDER, TREATING_NULL_AS_ABSENT, IGNORING_EXTRA_FIELDS).isEqualTo(originalJson);
}

Example 28 with RoleBindingBuilder

use of io.fabric8.openshift.api.model.RoleBindingBuilder in project kubernetes-client by fabric8io.

the class ProjectTest method testCreateProjectAndRoleBindings.

@Test
void testCreateProjectAndRoleBindings() {
    // Given
    String name = "test-project";
    String displayName = "test-project";
    String description = "test project";
    String requestingUser = "request-user";
    String adminUser = "admin-user";
    server.expect().post().withPath("/apis/project.openshift.io/v1/projects").andReturn(HttpURLConnection.HTTP_CREATED, new ProjectBuilder().withNewMetadata().addToAnnotations("openshift.io/description", description).addToAnnotations("openshift.io/display-name", displayName).addToAnnotations("openshift.io/requester", requestingUser).withName("test-project").endMetadata().build()).once();
    server.expect().post().withPath("/apis/rbac.authorization.k8s.io/v1/namespaces/test-project/rolebindings").andReturn(HttpURLConnection.HTTP_CREATED, new RoleBindingBuilder().withNewMetadata().addToAnnotations("openshift.io/description", "Allows all pods in this namespace to pull images from this namespace.  It is auto-managed by a controller; remove subjects to disable.").withName("system:image-pullers").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").withName("system:image-puller").endRoleRef().addNewSubject().withApiGroup("rbac.authorization.k8s.io").withKind("Group").withName("system:serviceaccounts:" + name).endSubject().build()).once();
    server.expect().post().withPath("/apis/rbac.authorization.k8s.io/v1/namespaces/test-project/rolebindings").andReturn(HttpURLConnection.HTTP_CREATED, new RoleBindingBuilder().withNewMetadata().addToAnnotations("openshift.io/description", "Allows builds in this namespace to push images to" + "this namespace.  It is auto-managed by a controller; remove subjects to disable.").withName("system:image-builders").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").withName("system:image-builder").endRoleRef().addNewSubject().withKind("ServiceAccount").withName("builder").withNamespace(name).endSubject().build()).once();
    server.expect().post().withPath("/apis/rbac.authorization.k8s.io/v1/namespaces/test-project/rolebindings").andReturn(HttpURLConnection.HTTP_CREATED, new RoleBindingBuilder().withNewMetadata().addToAnnotations("openshift.io/description", " Allows deploymentconfigs in this namespace to rollout" + " pods in this namespace.  It is auto-managed by a controller; remove subjects" + " to disable.").withName("system:deployers").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").withName("system:deployer").endRoleRef().addNewSubject().withKind("ServiceAccount").withName("deployer").withNamespace(name).endSubject().build()).once();
    server.expect().post().withPath("/apis/rbac.authorization.k8s.io/v1/namespaces/test-project/rolebindings").andReturn(HttpURLConnection.HTTP_CREATED, new RoleBindingBuilder().withNewMetadata().withName("admin").withNamespace(name).endMetadata().withNewRoleRef().withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").withName("admin").endRoleRef().addNewSubject().withApiGroup("rbac.authorization.k8s.io").withKind("User").withName(adminUser).endSubject().build()).once();
    // When
    List<HasMetadata> result = client.projects().createProjectAndRoleBindings(name, description, displayName, adminUser, requestingUser);
    // Then
    assertNotNull(result);
    assertEquals(5, result.size());
}

Example 29 with RoleBindingBuilder

use of io.fabric8.openshift.api.model.RoleBindingBuilder in project kubernetes-client by fabric8io.

the class OpenshiftRoleBindingTest method testPatchWithUserNamesAndGroupsAndOverwriteSubjects.

@Test
void testPatchWithUserNamesAndGroupsAndOverwriteSubjects() throws Exception {
    server.expect().get().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings/testrb").andReturn(200, new RoleBindingBuilder().addToUserNames("unexpected").build()).once();
    server.expect().patch().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings/testrb").andReturn(200, expectedRoleBinding).once();
    RoleBinding response = client.roleBindings().withName("testrb").patch(new RoleBindingBuilder().withNewMetadata().endMetadata().addToUserNames("testuser1", "testuser2", "system:serviceaccount:test:svcacct").addToGroupNames("testgroup").addNewSubject().withKind("User").withName("unexpected").endSubject().build());
    assertEquals(expectedRoleBinding, response);
    assertEquals("[{\"op\":\"replace\",\"path\":\"/userNames/0\",\"value\":\"testuser1\"},{\"op\":\"add\",\"path\":\"/userNames/1\",\"value\":\"testuser2\"},{\"op\":\"add\",\"path\":\"/userNames/2\",\"value\":\"system:serviceaccount:test:svcacct\"},{\"op\":\"add\",\"path\":\"/metadata\",\"value\":{}},{\"op\":\"add\",\"path\":\"/groupNames\",\"value\":[\"testgroup\"]},{\"op\":\"add\",\"path\":\"/subjects\",\"value\":[{\"kind\":\"User\",\"name\":\"testuser1\"},{\"kind\":\"User\",\"name\":\"testuser2\"},{\"kind\":\"ServiceAccount\",\"name\":\"svcacct\",\"namespace\":\"test\"},{\"kind\":\"Group\",\"name\":\"testgroup\"}]}]", server.getLastRequest().getBody().readUtf8());
}

Example 30 with RoleBindingBuilder

use of io.fabric8.openshift.api.model.RoleBindingBuilder in project kubernetes-client by fabric8io.

the class OpenshiftRoleBindingTest method testCreateWithOnlySubjects.

@Test
void testCreateWithOnlySubjects() throws Exception {
    server.expect().post().withPath("/apis/authorization.openshift.io/v1/namespaces/test/rolebindings").andReturn(201, expectedRoleBinding).once();
    RoleBinding response = client.roleBindings().create(new RoleBindingBuilder().withNewMetadata().endMetadata().addNewSubject().withKind("User").withName("testuser1").endSubject().addNewSubject().withKind("User").withName("testuser2").endSubject().addNewSubject().withKind("ServiceAccount").withName("svcacct").endSubject().addNewSubject().withKind("Group").withName("testgroup").endSubject().build());
    assertEquals(expectedRoleBinding, response);
    assertEquals(expectedRoleBinding, new ObjectMapper().readerFor(RoleBinding.class).readValue(server.getLastRequest().getBody().readByteArray()));
}