Search in sources :

Example 91 with RuntimeIdentity

use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.

the class KubernetesNamespaceFactoryTest method shouldCreateExecAndViewRolesAndBindings.

@Test
public void shouldCreateExecAndViewRolesAndBindings() throws Exception {
    // given
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new WorkspaceServiceAccountConfigurator("serviceAccount", "", clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    when(toReturnNamespace.getName()).thenReturn("workspace123");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    when(k8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(true);
    when(clientFactory.create(any())).thenReturn(k8sClient);
    when(cheClientFactory.create()).thenReturn(k8sClient);
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    ServiceAccountList sas = k8sClient.serviceAccounts().inNamespace("workspace123").list();
    assertEquals(sas.getItems().size(), 1);
    assertEquals(sas.getItems().get(0).getMetadata().getName(), "serviceAccount");
    RoleList roles = k8sClient.rbac().roles().inNamespace("workspace123").list();
    assertEquals(roles.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("workspace-configmaps", "workspace-view", "workspace-metrics", "workspace-secrets", "exec"));
    Role role1 = roles.getItems().get(0);
    Role role2 = roles.getItems().get(1);
    assertFalse(role1.getRules().containsAll(role2.getRules()) && role2.getRules().containsAll(role1.getRules()), "exec and view roles should not be the same");
    RoleBindingList bindings = k8sClient.rbac().roleBindings().inNamespace("workspace123").list();
    assertEquals(bindings.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("serviceAccount-metrics", "serviceAccount-view", "serviceAccount-exec", "serviceAccount-configmaps", "serviceAccount-secrets"));
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) Role(io.fabric8.kubernetes.api.model.rbac.Role) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) ServiceAccountList(io.fabric8.kubernetes.api.model.ServiceAccountList) Test(org.testng.annotations.Test)

Example 92 with RuntimeIdentity

use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.

the class KubernetesNamespaceFactoryTest method shouldCreateCredentialsSecretIfNotExists.

@Test
public void shouldCreateCredentialsSecretIfNotExists() throws Exception {
    // given
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new CredentialsSecretConfigurator(clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    when(toReturnNamespace.getName()).thenReturn("namespaceName");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    MixedOperation mixedOperation = mock(MixedOperation.class);
    when(k8sClient.secrets()).thenReturn(mixedOperation);
    when(mixedOperation.inNamespace(anyString())).thenReturn(namespaceOperation);
    when(namespaceResource.get()).thenReturn(null);
    when(cheClientFactory.create()).thenReturn(k8sClient);
    when(clientFactory.create()).thenReturn(k8sClient);
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    ArgumentCaptor<Secret> secretsCaptor = ArgumentCaptor.forClass(Secret.class);
    verify(namespaceOperation).create(secretsCaptor.capture());
    Secret secret = secretsCaptor.getValue();
    Assert.assertEquals(secret.getMetadata().getName(), CREDENTIALS_SECRET_NAME);
    Assert.assertEquals(secret.getType(), "opaque");
}
Also used : CredentialsSecretConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.CredentialsSecretConfigurator) RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) Secret(io.fabric8.kubernetes.api.model.Secret) MixedOperation(io.fabric8.kubernetes.client.dsl.MixedOperation) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Test(org.testng.annotations.Test)

Example 93 with RuntimeIdentity

use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.

the class KubernetesNamespaceFactoryTest method shouldReturnDefaultNamespaceWhenCreatingIsNotIsNotAllowed.

@Test
public void shouldReturnDefaultNamespaceWhenCreatingIsNotIsNotAllowed() throws Exception {
    // given
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", false, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, emptySet(), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "old-default");
    KubernetesNamespace namespace = namespaceFactory.getOrCreate(identity);
    // then
    assertEquals(toReturnNamespace, namespace);
    verify(toReturnNamespace).prepare(eq(false), any(), any());
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Test(org.testng.annotations.Test)

Example 94 with RuntimeIdentity

use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.

the class WorkspaceRuntimes method startAsync.

/**
 * Starts all machines from specified workspace environment, creates workspace runtime instance
 * based on that environment.
 *
 * <p>During the start of the workspace its runtime is visible with {@link
 * WorkspaceStatus#STARTING} status.
 *
 * @param workspace workspace which environment should be started
 * @param envName optional environment name to run
 * @param options whether machines should be recovered(true) or not(false)
 * @return completable future of start execution.
 * @throws ConflictException when workspace is already running
 * @throws ConflictException when start is interrupted
 * @throws NotFoundException when any not found exception occurs during environment start
 * @throws ServerException other error occurs during environment start
 * @see WorkspaceStatus#STARTING
 * @see WorkspaceStatus#RUNNING
 */
@Traced
public CompletableFuture<Void> startAsync(WorkspaceImpl workspace, @Nullable String envName, Map<String, String> options) throws ConflictException, NotFoundException, ServerException {
    TracingTags.WORKSPACE_ID.set(workspace.getId());
    final String workspaceId = workspace.getId();
    if (isStartRefused.get()) {
        throw new ConflictException(format("Start of the workspace '%s' is rejected by the system, " + "no more workspaces are allowed to start", workspace.getName()));
    }
    WorkspaceConfigImpl config = workspace.getConfig();
    if (config == null) {
        config = devfileConverter.convert(workspace.getDevfile());
    }
    if (envName == null) {
        envName = config.getDefaultEnv();
    }
    String infraNamespace = workspace.getAttributes().get(WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE);
    if (isNullOrEmpty(infraNamespace)) {
        throw new ServerException(String.format("Workspace does not have infrastructure namespace " + "specified. Please set value of '%s' workspace attribute.", WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE));
    }
    final RuntimeIdentity runtimeId = new RuntimeIdentityImpl(workspaceId, envName, EnvironmentContext.getCurrent().getSubject().getUserId(), infraNamespace);
    try {
        InternalEnvironment internalEnv = createInternalEnvironment(config.getEnvironments().get(envName), config.getAttributes(), config.getCommands(), config.getDevfile());
        RuntimeContext runtimeContext = infrastructure.prepare(runtimeId, internalEnv);
        InternalRuntime runtime = runtimeContext.getRuntime();
        try (Unlocker ignored = lockService.writeLock(workspaceId)) {
            final WorkspaceStatus existingStatus = statuses.putIfAbsent(workspaceId, STARTING);
            if (existingStatus != null) {
                throw new ConflictException(format("Could not start workspace '%s' because its state is '%s'", workspaceId, existingStatus));
            }
            setRuntimesId(workspaceId);
            runtimes.put(workspaceId, runtime);
        }
        LOG.info("Starting workspace '{}/{}' with id '{}' by user '{}'", workspace.getNamespace(), workspace.getName(), workspace.getId(), sessionUserNameOr("undefined"));
        publishWorkspaceStatusEvent(workspaceId, STARTING, STOPPED, null, true, options);
        return CompletableFuture.runAsync(ThreadLocalPropagateContext.wrap(new StartRuntimeTask(workspace, options, runtime)), sharedPool.getExecutor());
    } catch (ValidationException e) {
        LOG.error(e.getLocalizedMessage(), e);
        throw new ConflictException(e.getLocalizedMessage());
    } catch (InfrastructureException e) {
        LOG.error(e.getLocalizedMessage(), e);
        throw new ServerException(e.getLocalizedMessage(), e);
    }
}
Also used : ServerException(org.eclipse.che.api.core.ServerException) ValidationException(org.eclipse.che.api.core.ValidationException) ConflictException(org.eclipse.che.api.core.ConflictException) InternalRuntime(org.eclipse.che.api.workspace.server.spi.InternalRuntime) RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) Unlocker(org.eclipse.che.commons.lang.concurrent.Unlocker) InternalEnvironment(org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironment) WorkspaceConfigImpl(org.eclipse.che.api.workspace.server.model.impl.WorkspaceConfigImpl) WorkspaceStatus(org.eclipse.che.api.core.model.workspace.WorkspaceStatus) RuntimeContext(org.eclipse.che.api.workspace.server.spi.RuntimeContext) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) InternalInfrastructureException(org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException) Traced(org.eclipse.che.commons.annotation.Traced)

Example 95 with RuntimeIdentity

use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.

the class CommonPVCStrategy method prepare.

@Override
@Traced
public void prepare(KubernetesEnvironment k8sEnv, RuntimeIdentity identity, long timeoutMillis, Map<String, String> startOptions) throws InfrastructureException {
    String workspaceId = identity.getWorkspaceId();
    TracingTags.WORKSPACE_ID.set(workspaceId);
    if (EphemeralWorkspaceUtility.isEphemeral(k8sEnv.getAttributes())) {
        return;
    }
    log.debug("Preparing PVC started for workspace '{}'", workspaceId);
    Map<String, PersistentVolumeClaim> claims = k8sEnv.getPersistentVolumeClaims();
    if (claims.isEmpty()) {
        return;
    }
    if (claims.size() > 1) {
        throw new InfrastructureException(format("The only one PVC MUST be present in common strategy while it contains: %s.", claims.keySet().stream().collect(joining(", "))));
    }
    PersistentVolumeClaim commonPVC = claims.values().iterator().next();
    final KubernetesNamespace namespace = factory.getOrCreate(identity);
    final KubernetesPersistentVolumeClaims pvcs = namespace.persistentVolumeClaims();
    final Set<String> existing = pvcs.get().stream().map(p -> p.getMetadata().getName()).collect(toSet());
    if (!existing.contains(commonPVC.getMetadata().getName())) {
        log.debug("Creating PVC for workspace '{}'", workspaceId);
        pvcs.create(commonPVC);
        if (waitBound) {
            log.debug("Waiting for PVC for workspace '{}' to be bound", workspaceId);
            pvcs.waitBound(commonPVC.getMetadata().getName(), timeoutMillis);
        }
    }
    final String[] subpaths = (String[]) commonPVC.getAdditionalProperties().remove(format(SUBPATHS_PROPERTY_FMT, workspaceId));
    if (preCreateDirs && subpaths != null) {
        pvcSubPathHelper.createDirs(identity, workspaceId, commonPVC.getMetadata().getName(), startOptions, subpaths);
    }
    log.debug("Preparing PVC done for workspace '{}'", workspaceId);
}
Also used : VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) Workspace(org.eclipse.che.api.core.model.workspace.Workspace) PERSONAL_ACCOUNT(org.eclipse.che.api.user.server.UserManager.PERSONAL_ACCOUNT) Inject(com.google.inject.Inject) Page(org.eclipse.che.api.core.Page) LoggerFactory(org.slf4j.LoggerFactory) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) KubernetesEnvironment(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment) AccountImpl(org.eclipse.che.account.spi.AccountImpl) Traced(org.eclipse.che.commons.annotation.Traced) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Map(java.util.Map) Named(javax.inject.Named) Collectors.toSet(java.util.stream.Collectors.toSet) KubernetesObjectUtil.newPVC(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesObjectUtil.newPVC) WorkspaceManager(org.eclipse.che.api.workspace.server.WorkspaceManager) Logger(org.slf4j.Logger) Set(java.util.Set) KubernetesPersistentVolumeClaims(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesPersistentVolumeClaims) Collectors(java.util.stream.Collectors) String.format(java.lang.String.format) Collectors.joining(java.util.stream.Collectors.joining) KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) ServerException(org.eclipse.che.api.core.ServerException) TracingTags(org.eclipse.che.commons.tracing.TracingTags) RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) WorkspaceImpl(org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) KubernetesPersistentVolumeClaims(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesPersistentVolumeClaims) KubernetesNamespace(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace) Traced(org.eclipse.che.commons.annotation.Traced)

Aggregations

RuntimeIdentity (org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)128 Test (org.testng.annotations.Test)88 RuntimeIdentityImpl (org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)70 InfrastructureException (org.eclipse.che.api.workspace.server.spi.InfrastructureException)40 WorkspaceImpl (org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl)28 InternalEnvironment (org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironment)24 RuntimeContext (org.eclipse.che.api.workspace.server.spi.RuntimeContext)22 Map (java.util.Map)20 MixedOperation (io.fabric8.kubernetes.client.dsl.MixedOperation)18 List (java.util.List)16 Set (java.util.Set)14 ServerException (org.eclipse.che.api.core.ServerException)14 InternalInfrastructureException (org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException)14 Traced (org.eclipse.che.commons.annotation.Traced)14 KubernetesMachineImpl (org.eclipse.che.workspace.infrastructure.kubernetes.model.KubernetesMachineImpl)14 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)12 Secret (io.fabric8.kubernetes.api.model.Secret)12 String.format (java.lang.String.format)12 Collectors (java.util.stream.Collectors)12 Named (javax.inject.Named)12