use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.
the class Helpers method findServiceAccountByToken.
/**
* Find the service account by supplied token
*
* @param token authentication token to search for
* @return V1ServiceAccount where token is secreted
* @throws ApiException if there is an API error
*/
protected V1ServiceAccount findServiceAccountByToken(String token) throws ApiException {
LOGGER.entering();
V1ServiceAccountList serviceAccounts = getAllServiceAccounts();
for (V1ServiceAccount serviceAccount : serviceAccounts.getItems()) {
for (V1ObjectReference reference : serviceAccount.getSecrets()) {
V1Secret secret = readSecretByReference(reference, serviceAccount.getMetadata().getNamespace());
Map<String, byte[]> secretMap = secret.getData();
for (Entry<String, byte[]> entry : secretMap.entrySet()) {
String secretToken = new String(entry.getValue());
if (entry.getKey().equals("token") && token.equals(secretToken)) {
LOGGER.exiting(serviceAccount);
return serviceAccount;
}
}
}
}
ApiException e = new ApiException("token does not match any secret");
LOGGER.throwing(e);
throw e;
}
use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.
the class Helpers method findServiceAccount.
/**
* Find the servivce account by name.
*
* @param serviceAccountName The name of the Service Account.
* @param namespace The Namespace the Service Account is defined in.
* @return V1ServiceAccount object that matches the requested Service Account name and Namespace (if found).
* @throws ApiException if an API error occurs.
*/
protected V1ServiceAccount findServiceAccount(String serviceAccountName, String namespace) throws ApiException {
LOGGER.entering();
// list all service accounts and look for the one we want.
// But make sure there are no duplicates spread across
// multiple namespaces if a specific name space is not specified
V1ServiceAccountList serviceAccountList = getAllServiceAccounts();
ArrayList<V1ServiceAccount> sas = new ArrayList<>();
if (serviceAccountList != null) {
for (V1ServiceAccount sa : serviceAccountList.getItems()) {
String name = sa.getMetadata().getName();
if (name.equals(serviceAccountName)) {
if (namespace != null) {
String ns = sa.getMetadata().getNamespace();
if (ns.equals(namespace)) {
LOGGER.exiting(sa);
return sa;
}
}
sas.add(sa);
}
}
}
if (sas.isEmpty()) {
ApiException e = new ApiException("serviceAccount " + serviceAccountName + " not found");
LOGGER.throwing(e);
throw e;
}
if (sas.size() > 1) {
ApiException e = new ApiException("serviceAccount " + serviceAccountName + " appears in more than one namespace");
LOGGER.throwing(e);
throw e;
}
V1ServiceAccount result = sas.get(0);
LOGGER.exiting(result);
return result;
}
use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.
the class RestBackendImpl method getDomainsList.
private List<Domain> getDomainsList() {
CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
Collection<List<Domain>> c = new ArrayList<List<Domain>>();
try {
for (String ns : targetNamespaces) {
DomainList dl = factory.create().listDomain(ns);
if (dl != null) {
c.add(dl.getItems());
}
}
return c.stream().flatMap(Collection::stream).collect(Collectors.toList());
} catch (ApiException e) {
throw handleApiException(e);
}
}
use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.
the class HealthCheckHelperTest method createNamespace.
// Create a named namespace
private V1Namespace createNamespace(String name) throws Exception {
CallBuilderFactory factory = new CallBuilderFactory(null);
try {
V1Namespace existing = factory.create().readNamespace(name);
if (existing != null)
return existing;
} catch (ApiException ignore) {
// Just ignore and try to create it
}
V1Namespace body = new V1Namespace();
// Set the required api version and kind of resource
body.setApiVersion("v1");
body.setKind("Namespace");
// Setup the standard object metadata
V1ObjectMeta meta = new V1ObjectMeta();
meta.setName(name);
body.setMetadata(meta);
return factory.create().createNamespace(body);
}
use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.
the class AuthorizationProxy method check.
/**
* Check if the specified principal is allowed to perform the specified operation on the
* specified resource in the specified scope.
*
* @param principal The user, group or service account.
* @param groups The groups that principal is a member of.
* @param operation The operation to be authorized.
* @param resource The kind of resource on which the operation is to be authorized.
* @param resourceName The name of the resource instance on which the operation is to be authorized.
* @param scope The scope of the operation (cluster or namespace).
* @param namespaceName name of the namespace if scope is namespace else null.
* @return true if the operation is allowed, or false if not.
*/
public boolean check(String principal, final List<String> groups, Operation operation, Resource resource, String resourceName, Scope scope, String namespaceName) {
LOGGER.entering();
V1SubjectAccessReview subjectAccessReview = prepareSubjectAccessReview(principal, groups, operation, resource, resourceName, scope, namespaceName);
try {
CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
subjectAccessReview = factory.create().createSubjectAccessReview(subjectAccessReview);
} catch (ApiException e) {
LOGGER.severe(MessageKeys.APIEXCEPTION_FROM_SUBJECT_ACCESS_REVIEW, e);
LOGGER.exiting(Boolean.FALSE);
return Boolean.FALSE;
}
V1SubjectAccessReviewStatus subjectAccessReviewStatus = subjectAccessReview.getStatus();
Boolean result = subjectAccessReviewStatus.isAllowed();
LOGGER.exiting(result);
return result;
}
Aggregations