Search in sources :

Example 21 with ApiException

use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.

the class Helpers method findServiceAccountByToken.

/**
 * Find the service account by supplied token
 *
 * @param token authentication token to search for
 * @return V1ServiceAccount where token is secreted
 * @throws ApiException if there is an API error
 */
protected V1ServiceAccount findServiceAccountByToken(String token) throws ApiException {
    LOGGER.entering();
    V1ServiceAccountList serviceAccounts = getAllServiceAccounts();
    for (V1ServiceAccount serviceAccount : serviceAccounts.getItems()) {
        for (V1ObjectReference reference : serviceAccount.getSecrets()) {
            V1Secret secret = readSecretByReference(reference, serviceAccount.getMetadata().getNamespace());
            Map<String, byte[]> secretMap = secret.getData();
            for (Entry<String, byte[]> entry : secretMap.entrySet()) {
                String secretToken = new String(entry.getValue());
                if (entry.getKey().equals("token") && token.equals(secretToken)) {
                    LOGGER.exiting(serviceAccount);
                    return serviceAccount;
                }
            }
        }
    }
    ApiException e = new ApiException("token does not match any secret");
    LOGGER.throwing(e);
    throw e;
}
Also used : V1ServiceAccountList(io.kubernetes.client.models.V1ServiceAccountList) V1ObjectReference(io.kubernetes.client.models.V1ObjectReference) V1ServiceAccount(io.kubernetes.client.models.V1ServiceAccount) V1Secret(io.kubernetes.client.models.V1Secret) ApiException(io.kubernetes.client.ApiException)

Example 22 with ApiException

use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.

the class Helpers method findServiceAccount.

/**
 * Find the servivce account by name.
 *
 * @param serviceAccountName The name of the Service Account.
 * @param namespace The Namespace the Service Account is defined in.
 * @return V1ServiceAccount object that matches the requested Service Account name and Namespace (if found).
 * @throws ApiException if an API error occurs.
 */
protected V1ServiceAccount findServiceAccount(String serviceAccountName, String namespace) throws ApiException {
    LOGGER.entering();
    // list all service accounts and look for the one we want.
    // But make sure there are no duplicates spread across
    // multiple namespaces if a specific name space is not specified
    V1ServiceAccountList serviceAccountList = getAllServiceAccounts();
    ArrayList<V1ServiceAccount> sas = new ArrayList<>();
    if (serviceAccountList != null) {
        for (V1ServiceAccount sa : serviceAccountList.getItems()) {
            String name = sa.getMetadata().getName();
            if (name.equals(serviceAccountName)) {
                if (namespace != null) {
                    String ns = sa.getMetadata().getNamespace();
                    if (ns.equals(namespace)) {
                        LOGGER.exiting(sa);
                        return sa;
                    }
                }
                sas.add(sa);
            }
        }
    }
    if (sas.isEmpty()) {
        ApiException e = new ApiException("serviceAccount " + serviceAccountName + " not found");
        LOGGER.throwing(e);
        throw e;
    }
    if (sas.size() > 1) {
        ApiException e = new ApiException("serviceAccount " + serviceAccountName + " appears in more than one namespace");
        LOGGER.throwing(e);
        throw e;
    }
    V1ServiceAccount result = sas.get(0);
    LOGGER.exiting(result);
    return result;
}
Also used : V1ServiceAccountList(io.kubernetes.client.models.V1ServiceAccountList) ArrayList(java.util.ArrayList) V1ServiceAccount(io.kubernetes.client.models.V1ServiceAccount) ApiException(io.kubernetes.client.ApiException)

Example 23 with ApiException

use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.

the class RestBackendImpl method getDomainsList.

private List<Domain> getDomainsList() {
    CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
    Collection<List<Domain>> c = new ArrayList<List<Domain>>();
    try {
        for (String ns : targetNamespaces) {
            DomainList dl = factory.create().listDomain(ns);
            if (dl != null) {
                c.add(dl.getItems());
            }
        }
        return c.stream().flatMap(Collection::stream).collect(Collectors.toList());
    } catch (ApiException e) {
        throw handleApiException(e);
    }
}
Also used : ArrayList(java.util.ArrayList) CallBuilderFactory(oracle.kubernetes.operator.helpers.CallBuilderFactory) DomainList(oracle.kubernetes.weblogic.domain.v1.DomainList) ArrayList(java.util.ArrayList) List(java.util.List) DomainList(oracle.kubernetes.weblogic.domain.v1.DomainList) Domain(oracle.kubernetes.weblogic.domain.v1.Domain) ApiException(io.kubernetes.client.ApiException)

Example 24 with ApiException

use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.

the class HealthCheckHelperTest method createNamespace.

// Create a named namespace
private V1Namespace createNamespace(String name) throws Exception {
    CallBuilderFactory factory = new CallBuilderFactory(null);
    try {
        V1Namespace existing = factory.create().readNamespace(name);
        if (existing != null)
            return existing;
    } catch (ApiException ignore) {
    // Just ignore and try to create it
    }
    V1Namespace body = new V1Namespace();
    // Set the required api version and kind of resource
    body.setApiVersion("v1");
    body.setKind("Namespace");
    // Setup the standard object metadata
    V1ObjectMeta meta = new V1ObjectMeta();
    meta.setName(name);
    body.setMetadata(meta);
    return factory.create().createNamespace(body);
}
Also used : V1ObjectMeta(io.kubernetes.client.models.V1ObjectMeta) V1Namespace(io.kubernetes.client.models.V1Namespace) CallBuilderFactory(oracle.kubernetes.operator.helpers.CallBuilderFactory) ApiException(io.kubernetes.client.ApiException)

Example 25 with ApiException

use of io.kubernetes.client.ApiException in project weblogic-kubernetes-operator by oracle.

the class AuthorizationProxy method check.

/**
 * Check if the specified principal is allowed to perform the specified operation on the
 * specified resource in the specified scope.
 *
 * @param principal     The user, group or service account.
 * @param groups        The groups that principal is a member of.
 * @param operation     The operation to be authorized.
 * @param resource      The kind of resource on which the operation is to be authorized.
 * @param resourceName  The name of the resource instance on which the operation is to be authorized.
 * @param scope         The scope of the operation (cluster or namespace).
 * @param namespaceName name of the namespace if scope is namespace else null.
 * @return true if the operation is allowed, or false if not.
 */
public boolean check(String principal, final List<String> groups, Operation operation, Resource resource, String resourceName, Scope scope, String namespaceName) {
    LOGGER.entering();
    V1SubjectAccessReview subjectAccessReview = prepareSubjectAccessReview(principal, groups, operation, resource, resourceName, scope, namespaceName);
    try {
        CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
        subjectAccessReview = factory.create().createSubjectAccessReview(subjectAccessReview);
    } catch (ApiException e) {
        LOGGER.severe(MessageKeys.APIEXCEPTION_FROM_SUBJECT_ACCESS_REVIEW, e);
        LOGGER.exiting(Boolean.FALSE);
        return Boolean.FALSE;
    }
    V1SubjectAccessReviewStatus subjectAccessReviewStatus = subjectAccessReview.getStatus();
    Boolean result = subjectAccessReviewStatus.isAllowed();
    LOGGER.exiting(result);
    return result;
}
Also used : V1SubjectAccessReviewStatus(io.kubernetes.client.models.V1SubjectAccessReviewStatus) V1SubjectAccessReview(io.kubernetes.client.models.V1SubjectAccessReview) ApiException(io.kubernetes.client.ApiException)

Aggregations

ApiException (io.kubernetes.client.ApiException)29 IOException (java.io.IOException)11 CallBuilderFactory (oracle.kubernetes.operator.helpers.CallBuilderFactory)9 V1ObjectMeta (io.kubernetes.client.models.V1ObjectMeta)7 Response (com.squareup.okhttp.Response)5 ApiClient (io.kubernetes.client.ApiClient)5 TopologyRuntimeManagementException (com.twitter.heron.scheduler.TopologyRuntimeManagementException)4 V1DeleteOptions (io.kubernetes.client.models.V1DeleteOptions)3 V1Secret (io.kubernetes.client.models.V1Secret)3 V1beta1StatefulSet (io.kubernetes.client.models.V1beta1StatefulSet)3 ArrayList (java.util.ArrayList)3 List (java.util.List)3 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 JSON (io.kubernetes.client.JSON)2 CustomObjectsApi (io.kubernetes.client.apis.CustomObjectsApi)2 V1Namespace (io.kubernetes.client.models.V1Namespace)2 V1Pod (io.kubernetes.client.models.V1Pod)2 V1PodList (io.kubernetes.client.models.V1PodList)2 V1ServiceAccount (io.kubernetes.client.models.V1ServiceAccount)2 V1ServiceAccountList (io.kubernetes.client.models.V1ServiceAccountList)2