Example 1 with V1SubjectAccessReview
use of io.kubernetes.client.models.V1SubjectAccessReview in project weblogic-kubernetes-operator by oracle.
the class AuthorizationProxy method prepareSubjectAccessReview.
/**
* Prepares an instance of SubjectAccessReview and returns same.
*
* @param principal The user, group or service account.
* @param groups The groups that principal is a member of.
* @param operation The operation to be authorized.
* @param resource The kind of resource on which the operation is to be authorized.
* @param resourceName The name of the resource instance on which the operation is to be authorized.
* @param scope The scope of the operation (cluster or namespace).
* @param namespaceName name of the namespace if scope is namespace else null.
* @return an instance of SubjectAccessReview.
*/
private V1SubjectAccessReview prepareSubjectAccessReview(String principal, final List<String> groups, Operation operation, Resource resource, String resourceName, Scope scope, String namespaceName) {
LOGGER.entering();
V1SubjectAccessReviewSpec subjectAccessReviewSpec = new V1SubjectAccessReviewSpec();
subjectAccessReviewSpec.setUser(principal);
subjectAccessReviewSpec.setGroups(groups);
subjectAccessReviewSpec.setResourceAttributes(prepareResourceAttributes(operation, resource, resourceName, scope, namespaceName));
V1SubjectAccessReview subjectAccessReview = new V1SubjectAccessReview();
subjectAccessReview.setApiVersion("authorization.k8s.io/v1");
subjectAccessReview.setKind("SubjectAccessReview");
subjectAccessReview.setMetadata(new V1ObjectMeta());
subjectAccessReview.setSpec(subjectAccessReviewSpec);
LOGGER.exiting(subjectAccessReview);
return subjectAccessReview;
}
Also used :
V1ObjectMeta(io.kubernetes.client.models.V1ObjectMeta)
V1SubjectAccessReviewSpec(io.kubernetes.client.models.V1SubjectAccessReviewSpec)
V1SubjectAccessReview(io.kubernetes.client.models.V1SubjectAccessReview)
Example 2 with V1SubjectAccessReview
use of io.kubernetes.client.models.V1SubjectAccessReview in project java by kubernetes-client.
the class AuthorizationV1Api method createSubjectAccessReviewWithHttpInfo.
/**
* create a SubjectAccessReview
* @param body (required)
* @param pretty If 'true', then the output is pretty printed. (optional)
* @return ApiResponse<V1SubjectAccessReview>
* @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
*/
public ApiResponse<V1SubjectAccessReview> createSubjectAccessReviewWithHttpInfo(V1SubjectAccessReview body, String pretty) throws ApiException {
com.squareup.okhttp.Call call = createSubjectAccessReviewValidateBeforeCall(body, pretty, null, null);
Type localVarReturnType = new TypeToken<V1SubjectAccessReview>() {
}.getType();
return apiClient.execute(call, localVarReturnType);
}
Also used :
Type(java.lang.reflect.Type)
V1SubjectAccessReview(io.kubernetes.client.models.V1SubjectAccessReview)
Example 3 with V1SubjectAccessReview
use of io.kubernetes.client.models.V1SubjectAccessReview in project java by kubernetes-client.
the class AuthorizationV1Api method createSubjectAccessReviewAsync.
/**
* (asynchronously)
* create a SubjectAccessReview
* @param body (required)
* @param pretty If 'true', then the output is pretty printed. (optional)
* @param callback The callback to be executed when the API call finishes
* @return The request call
* @throws ApiException If fail to process the API call, e.g. serializing the request body object
*/
public com.squareup.okhttp.Call createSubjectAccessReviewAsync(V1SubjectAccessReview body, String pretty, final ApiCallback<V1SubjectAccessReview> callback) throws ApiException {
ProgressResponseBody.ProgressListener progressListener = null;
ProgressRequestBody.ProgressRequestListener progressRequestListener = null;
if (callback != null) {
progressListener = new ProgressResponseBody.ProgressListener() {
@Override
public void update(long bytesRead, long contentLength, boolean done) {
callback.onDownloadProgress(bytesRead, contentLength, done);
}
};
progressRequestListener = new ProgressRequestBody.ProgressRequestListener() {
@Override
public void onRequestProgress(long bytesWritten, long contentLength, boolean done) {
callback.onUploadProgress(bytesWritten, contentLength, done);
}
};
}
com.squareup.okhttp.Call call = createSubjectAccessReviewValidateBeforeCall(body, pretty, progressListener, progressRequestListener);
Type localVarReturnType = new TypeToken<V1SubjectAccessReview>() {
}.getType();
apiClient.executeAsync(call, localVarReturnType, callback);
return call;
}
Also used :
ProgressResponseBody(io.kubernetes.client.ProgressResponseBody)
V1SubjectAccessReview(io.kubernetes.client.models.V1SubjectAccessReview)
Type(java.lang.reflect.Type)
ProgressRequestBody(io.kubernetes.client.ProgressRequestBody)
Example 4 with V1SubjectAccessReview
use of io.kubernetes.client.models.V1SubjectAccessReview in project java by kubernetes-client.
the class AuthorizationV1ApiTest method createSubjectAccessReviewTest.
/**
* create a SubjectAccessReview
*
* @throws ApiException
* if the Api call fails
*/
@Test
public void createSubjectAccessReviewTest() throws ApiException {
V1SubjectAccessReview body = null;
String pretty = null;
V1SubjectAccessReview response = api.createSubjectAccessReview(body, pretty);
// TODO: test validations
}
Also used :
V1SubjectAccessReview(io.kubernetes.client.models.V1SubjectAccessReview)
Test(org.junit.Test)
Example 5 with V1SubjectAccessReview
use of io.kubernetes.client.models.V1SubjectAccessReview in project weblogic-kubernetes-operator by oracle.
the class AuthorizationProxy method check.
/**
* Check if the specified principal is allowed to perform the specified operation on the
* specified resource in the specified scope.
*
* @param principal The user, group or service account.
* @param groups The groups that principal is a member of.
* @param operation The operation to be authorized.
* @param resource The kind of resource on which the operation is to be authorized.
* @param resourceName The name of the resource instance on which the operation is to be authorized.
* @param scope The scope of the operation (cluster or namespace).
* @param namespaceName name of the namespace if scope is namespace else null.
* @return true if the operation is allowed, or false if not.
*/
public boolean check(String principal, final List<String> groups, Operation operation, Resource resource, String resourceName, Scope scope, String namespaceName) {
LOGGER.entering();
V1SubjectAccessReview subjectAccessReview = prepareSubjectAccessReview(principal, groups, operation, resource, resourceName, scope, namespaceName);
try {
CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
subjectAccessReview = factory.create().createSubjectAccessReview(subjectAccessReview);
} catch (ApiException e) {
LOGGER.severe(MessageKeys.APIEXCEPTION_FROM_SUBJECT_ACCESS_REVIEW, e);
LOGGER.exiting(Boolean.FALSE);
return Boolean.FALSE;
}
V1SubjectAccessReviewStatus subjectAccessReviewStatus = subjectAccessReview.getStatus();
Boolean result = subjectAccessReviewStatus.isAllowed();
LOGGER.exiting(result);
return result;
}
Also used :
V1SubjectAccessReviewStatus(io.kubernetes.client.models.V1SubjectAccessReviewStatus)
V1SubjectAccessReview(io.kubernetes.client.models.V1SubjectAccessReview)
ApiException(io.kubernetes.client.ApiException)
Aggregations
V1SubjectAccessReview (io.kubernetes.client.models.V1SubjectAccessReview)5
Type (java.lang.reflect.Type)2
ApiException (io.kubernetes.client.ApiException)1
ProgressRequestBody (io.kubernetes.client.ProgressRequestBody)1
ProgressResponseBody (io.kubernetes.client.ProgressResponseBody)1
V1ObjectMeta (io.kubernetes.client.models.V1ObjectMeta)1
V1SubjectAccessReviewSpec (io.kubernetes.client.models.V1SubjectAccessReviewSpec)1
V1SubjectAccessReviewStatus (io.kubernetes.client.models.V1SubjectAccessReviewStatus)1
Test (org.junit.Test)1
