Example 91 with RuntimeIdentity
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldCreateExecAndViewRolesAndBindings.
@Test
public void shouldCreateExecAndViewRolesAndBindings() throws Exception {
// given
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new WorkspaceServiceAccountConfigurator("serviceAccount", "", clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
prepareNamespace(toReturnNamespace);
when(toReturnNamespace.getName()).thenReturn("workspace123");
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
when(k8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(true);
when(clientFactory.create(any())).thenReturn(k8sClient);
when(cheClientFactory.create()).thenReturn(k8sClient);
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
namespaceFactory.getOrCreate(identity);
// then
ServiceAccountList sas = k8sClient.serviceAccounts().inNamespace("workspace123").list();
assertEquals(sas.getItems().size(), 1);
assertEquals(sas.getItems().get(0).getMetadata().getName(), "serviceAccount");
RoleList roles = k8sClient.rbac().roles().inNamespace("workspace123").list();
assertEquals(roles.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("workspace-configmaps", "workspace-view", "workspace-metrics", "workspace-secrets", "exec"));
Role role1 = roles.getItems().get(0);
Role role2 = roles.getItems().get(1);
assertFalse(role1.getRules().containsAll(role2.getRules()) && role2.getRules().containsAll(role1.getRules()), "exec and view roles should not be the same");
RoleBindingList bindings = k8sClient.rbac().roleBindings().inNamespace("workspace123").list();
assertEquals(bindings.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("serviceAccount-metrics", "serviceAccount-view", "serviceAccount-exec", "serviceAccount-configmaps", "serviceAccount-secrets"));
}
Also used :
RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)
Role(io.fabric8.kubernetes.api.model.rbac.Role)
WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator)
RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList)
RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList)
RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)
ServiceAccountList(io.fabric8.kubernetes.api.model.ServiceAccountList)
Test(org.testng.annotations.Test)
Example 92 with RuntimeIdentity
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldCreateCredentialsSecretIfNotExists.
@Test
public void shouldCreateCredentialsSecretIfNotExists() throws Exception {
// given
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new CredentialsSecretConfigurator(clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
when(toReturnNamespace.getName()).thenReturn("namespaceName");
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
MixedOperation mixedOperation = mock(MixedOperation.class);
when(k8sClient.secrets()).thenReturn(mixedOperation);
when(mixedOperation.inNamespace(anyString())).thenReturn(namespaceOperation);
when(namespaceResource.get()).thenReturn(null);
when(cheClientFactory.create()).thenReturn(k8sClient);
when(clientFactory.create()).thenReturn(k8sClient);
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
namespaceFactory.getOrCreate(identity);
// then
ArgumentCaptor<Secret> secretsCaptor = ArgumentCaptor.forClass(Secret.class);
verify(namespaceOperation).create(secretsCaptor.capture());
Secret secret = secretsCaptor.getValue();
Assert.assertEquals(secret.getMetadata().getName(), CREDENTIALS_SECRET_NAME);
Assert.assertEquals(secret.getType(), "opaque");
}
Also used :
CredentialsSecretConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.CredentialsSecretConfigurator)
RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)
Secret(io.fabric8.kubernetes.api.model.Secret)
MixedOperation(io.fabric8.kubernetes.client.dsl.MixedOperation)
RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)
Test(org.testng.annotations.Test)
Example 93 with RuntimeIdentity
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldReturnDefaultNamespaceWhenCreatingIsNotIsNotAllowed.
@Test
public void shouldReturnDefaultNamespaceWhenCreatingIsNotIsNotAllowed() throws Exception {
// given
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", false, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, emptySet(), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
prepareNamespace(toReturnNamespace);
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "old-default");
KubernetesNamespace namespace = namespaceFactory.getOrCreate(identity);
// then
assertEquals(toReturnNamespace, namespace);
verify(toReturnNamespace).prepare(eq(false), any(), any());
}
Also used :
RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)
RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)
Test(org.testng.annotations.Test)
Example 94 with RuntimeIdentity
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class WorkspaceRuntimes method startAsync.
/**
* Starts all machines from specified workspace environment, creates workspace runtime instance
* based on that environment.
*
* <p>During the start of the workspace its runtime is visible with {@link
* WorkspaceStatus#STARTING} status.
*
* @param workspace workspace which environment should be started
* @param envName optional environment name to run
* @param options whether machines should be recovered(true) or not(false)
* @return completable future of start execution.
* @throws ConflictException when workspace is already running
* @throws ConflictException when start is interrupted
* @throws NotFoundException when any not found exception occurs during environment start
* @throws ServerException other error occurs during environment start
* @see WorkspaceStatus#STARTING
* @see WorkspaceStatus#RUNNING
*/
@Traced
public CompletableFuture<Void> startAsync(WorkspaceImpl workspace, @Nullable String envName, Map<String, String> options) throws ConflictException, NotFoundException, ServerException {
TracingTags.WORKSPACE_ID.set(workspace.getId());
final String workspaceId = workspace.getId();
if (isStartRefused.get()) {
throw new ConflictException(format("Start of the workspace '%s' is rejected by the system, " + "no more workspaces are allowed to start", workspace.getName()));
}
WorkspaceConfigImpl config = workspace.getConfig();
if (config == null) {
config = devfileConverter.convert(workspace.getDevfile());
}
if (envName == null) {
envName = config.getDefaultEnv();
}
String infraNamespace = workspace.getAttributes().get(WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE);
if (isNullOrEmpty(infraNamespace)) {
throw new ServerException(String.format("Workspace does not have infrastructure namespace " + "specified. Please set value of '%s' workspace attribute.", WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE));
}
final RuntimeIdentity runtimeId = new RuntimeIdentityImpl(workspaceId, envName, EnvironmentContext.getCurrent().getSubject().getUserId(), infraNamespace);
try {
InternalEnvironment internalEnv = createInternalEnvironment(config.getEnvironments().get(envName), config.getAttributes(), config.getCommands(), config.getDevfile());
RuntimeContext runtimeContext = infrastructure.prepare(runtimeId, internalEnv);
InternalRuntime runtime = runtimeContext.getRuntime();
try (Unlocker ignored = lockService.writeLock(workspaceId)) {
final WorkspaceStatus existingStatus = statuses.putIfAbsent(workspaceId, STARTING);
if (existingStatus != null) {
throw new ConflictException(format("Could not start workspace '%s' because its state is '%s'", workspaceId, existingStatus));
}
setRuntimesId(workspaceId);
runtimes.put(workspaceId, runtime);
}
LOG.info("Starting workspace '{}/{}' with id '{}' by user '{}'", workspace.getNamespace(), workspace.getName(), workspace.getId(), sessionUserNameOr("undefined"));
publishWorkspaceStatusEvent(workspaceId, STARTING, STOPPED, null, true, options);
return CompletableFuture.runAsync(ThreadLocalPropagateContext.wrap(new StartRuntimeTask(workspace, options, runtime)), sharedPool.getExecutor());
} catch (ValidationException e) {
LOG.error(e.getLocalizedMessage(), e);
throw new ConflictException(e.getLocalizedMessage());
} catch (InfrastructureException e) {
LOG.error(e.getLocalizedMessage(), e);
throw new ServerException(e.getLocalizedMessage(), e);
}
}
Also used :
ServerException(org.eclipse.che.api.core.ServerException)
ValidationException(org.eclipse.che.api.core.ValidationException)
ConflictException(org.eclipse.che.api.core.ConflictException)
InternalRuntime(org.eclipse.che.api.workspace.server.spi.InternalRuntime)
RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)
Unlocker(org.eclipse.che.commons.lang.concurrent.Unlocker)
InternalEnvironment(org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironment)
WorkspaceConfigImpl(org.eclipse.che.api.workspace.server.model.impl.WorkspaceConfigImpl)
WorkspaceStatus(org.eclipse.che.api.core.model.workspace.WorkspaceStatus)
RuntimeContext(org.eclipse.che.api.workspace.server.spi.RuntimeContext)
RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)
InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException)
InternalInfrastructureException(org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException)
Traced(org.eclipse.che.commons.annotation.Traced)
Example 95 with RuntimeIdentity
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class CommonPVCStrategy method prepare.
@Override
@Traced
public void prepare(KubernetesEnvironment k8sEnv, RuntimeIdentity identity, long timeoutMillis, Map<String, String> startOptions) throws InfrastructureException {
String workspaceId = identity.getWorkspaceId();
TracingTags.WORKSPACE_ID.set(workspaceId);
if (EphemeralWorkspaceUtility.isEphemeral(k8sEnv.getAttributes())) {
return;
}
log.debug("Preparing PVC started for workspace '{}'", workspaceId);
Map<String, PersistentVolumeClaim> claims = k8sEnv.getPersistentVolumeClaims();
if (claims.isEmpty()) {
return;
}
if (claims.size() > 1) {
throw new InfrastructureException(format("The only one PVC MUST be present in common strategy while it contains: %s.", claims.keySet().stream().collect(joining(", "))));
}
PersistentVolumeClaim commonPVC = claims.values().iterator().next();
final KubernetesNamespace namespace = factory.getOrCreate(identity);
final KubernetesPersistentVolumeClaims pvcs = namespace.persistentVolumeClaims();
final Set<String> existing = pvcs.get().stream().map(p -> p.getMetadata().getName()).collect(toSet());
if (!existing.contains(commonPVC.getMetadata().getName())) {
log.debug("Creating PVC for workspace '{}'", workspaceId);
pvcs.create(commonPVC);
if (waitBound) {
log.debug("Waiting for PVC for workspace '{}' to be bound", workspaceId);
pvcs.waitBound(commonPVC.getMetadata().getName(), timeoutMillis);
}
}
final String[] subpaths = (String[]) commonPVC.getAdditionalProperties().remove(format(SUBPATHS_PROPERTY_FMT, workspaceId));
if (preCreateDirs && subpaths != null) {
pvcSubPathHelper.createDirs(identity, workspaceId, commonPVC.getMetadata().getName(), startOptions, subpaths);
}
log.debug("Preparing PVC done for workspace '{}'", workspaceId);
}
Also used :
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
Workspace(org.eclipse.che.api.core.model.workspace.Workspace)
PERSONAL_ACCOUNT(org.eclipse.che.api.user.server.UserManager.PERSONAL_ACCOUNT)
Inject(com.google.inject.Inject)
Page(org.eclipse.che.api.core.Page)
LoggerFactory(org.slf4j.LoggerFactory)
Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty)
KubernetesEnvironment(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment)
AccountImpl(org.eclipse.che.account.spi.AccountImpl)
Traced(org.eclipse.che.commons.annotation.Traced)
KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace)
Map(java.util.Map)
Named(javax.inject.Named)
Collectors.toSet(java.util.stream.Collectors.toSet)
KubernetesObjectUtil.newPVC(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesObjectUtil.newPVC)
WorkspaceManager(org.eclipse.che.api.workspace.server.WorkspaceManager)
Logger(org.slf4j.Logger)
Set(java.util.Set)
KubernetesPersistentVolumeClaims(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesPersistentVolumeClaims)
Collectors(java.util.stream.Collectors)
String.format(java.lang.String.format)
Collectors.joining(java.util.stream.Collectors.joining)
KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory)
InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException)
ServerException(org.eclipse.che.api.core.ServerException)
TracingTags(org.eclipse.che.commons.tracing.TracingTags)
RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)
PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim)
WorkspaceImpl(org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl)
PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim)
InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException)
KubernetesPersistentVolumeClaims(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesPersistentVolumeClaims)
KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace)
Traced(org.eclipse.che.commons.annotation.Traced)
Aggregations
RuntimeIdentity (org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)128
Test (org.testng.annotations.Test)88
RuntimeIdentityImpl (org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)70
InfrastructureException (org.eclipse.che.api.workspace.server.spi.InfrastructureException)40
WorkspaceImpl (org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl)28
InternalEnvironment (org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironment)24
RuntimeContext (org.eclipse.che.api.workspace.server.spi.RuntimeContext)22
Map (java.util.Map)20
MixedOperation (io.fabric8.kubernetes.client.dsl.MixedOperation)18
List (java.util.List)16
Set (java.util.Set)14
ServerException (org.eclipse.che.api.core.ServerException)14
InternalInfrastructureException (org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException)14
Traced (org.eclipse.che.commons.annotation.Traced)14
KubernetesMachineImpl (org.eclipse.che.workspace.infrastructure.kubernetes.model.KubernetesMachineImpl)14
ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)12
Secret (io.fabric8.kubernetes.api.model.Secret)12
String.format (java.lang.String.format)12
Collectors (java.util.stream.Collectors)12
Named (javax.inject.Named)12
