use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldCreateExecAndViewRolesAndBindings.
@Test
public void shouldCreateExecAndViewRolesAndBindings() throws Exception {
// given
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new WorkspaceServiceAccountConfigurator("serviceAccount", "", clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
prepareNamespace(toReturnNamespace);
when(toReturnNamespace.getName()).thenReturn("workspace123");
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
when(k8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(true);
when(clientFactory.create(any())).thenReturn(k8sClient);
when(cheClientFactory.create()).thenReturn(k8sClient);
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
namespaceFactory.getOrCreate(identity);
// then
ServiceAccountList sas = k8sClient.serviceAccounts().inNamespace("workspace123").list();
assertEquals(sas.getItems().size(), 1);
assertEquals(sas.getItems().get(0).getMetadata().getName(), "serviceAccount");
RoleList roles = k8sClient.rbac().roles().inNamespace("workspace123").list();
assertEquals(roles.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("workspace-configmaps", "workspace-view", "workspace-metrics", "workspace-secrets", "exec"));
Role role1 = roles.getItems().get(0);
Role role2 = roles.getItems().get(1);
assertFalse(role1.getRules().containsAll(role2.getRules()) && role2.getRules().containsAll(role1.getRules()), "exec and view roles should not be the same");
RoleBindingList bindings = k8sClient.rbac().roleBindings().inNamespace("workspace123").list();
assertEquals(bindings.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("serviceAccount-metrics", "serviceAccount-view", "serviceAccount-exec", "serviceAccount-configmaps", "serviceAccount-secrets"));
}
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldCreateCredentialsSecretIfNotExists.
@Test
public void shouldCreateCredentialsSecretIfNotExists() throws Exception {
// given
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new CredentialsSecretConfigurator(clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
when(toReturnNamespace.getName()).thenReturn("namespaceName");
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
MixedOperation mixedOperation = mock(MixedOperation.class);
when(k8sClient.secrets()).thenReturn(mixedOperation);
when(mixedOperation.inNamespace(anyString())).thenReturn(namespaceOperation);
when(namespaceResource.get()).thenReturn(null);
when(cheClientFactory.create()).thenReturn(k8sClient);
when(clientFactory.create()).thenReturn(k8sClient);
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
namespaceFactory.getOrCreate(identity);
// then
ArgumentCaptor<Secret> secretsCaptor = ArgumentCaptor.forClass(Secret.class);
verify(namespaceOperation).create(secretsCaptor.capture());
Secret secret = secretsCaptor.getValue();
Assert.assertEquals(secret.getMetadata().getName(), CREDENTIALS_SECRET_NAME);
Assert.assertEquals(secret.getType(), "opaque");
}
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldReturnDefaultNamespaceWhenCreatingIsNotIsNotAllowed.
@Test
public void shouldReturnDefaultNamespaceWhenCreatingIsNotIsNotAllowed() throws Exception {
// given
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", false, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, emptySet(), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
prepareNamespace(toReturnNamespace);
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "old-default");
KubernetesNamespace namespace = namespaceFactory.getOrCreate(identity);
// then
assertEquals(toReturnNamespace, namespace);
verify(toReturnNamespace).prepare(eq(false), any(), any());
}
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class WorkspaceRuntimes method startAsync.
/**
* Starts all machines from specified workspace environment, creates workspace runtime instance
* based on that environment.
*
* <p>During the start of the workspace its runtime is visible with {@link
* WorkspaceStatus#STARTING} status.
*
* @param workspace workspace which environment should be started
* @param envName optional environment name to run
* @param options whether machines should be recovered(true) or not(false)
* @return completable future of start execution.
* @throws ConflictException when workspace is already running
* @throws ConflictException when start is interrupted
* @throws NotFoundException when any not found exception occurs during environment start
* @throws ServerException other error occurs during environment start
* @see WorkspaceStatus#STARTING
* @see WorkspaceStatus#RUNNING
*/
@Traced
public CompletableFuture<Void> startAsync(WorkspaceImpl workspace, @Nullable String envName, Map<String, String> options) throws ConflictException, NotFoundException, ServerException {
TracingTags.WORKSPACE_ID.set(workspace.getId());
final String workspaceId = workspace.getId();
if (isStartRefused.get()) {
throw new ConflictException(format("Start of the workspace '%s' is rejected by the system, " + "no more workspaces are allowed to start", workspace.getName()));
}
WorkspaceConfigImpl config = workspace.getConfig();
if (config == null) {
config = devfileConverter.convert(workspace.getDevfile());
}
if (envName == null) {
envName = config.getDefaultEnv();
}
String infraNamespace = workspace.getAttributes().get(WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE);
if (isNullOrEmpty(infraNamespace)) {
throw new ServerException(String.format("Workspace does not have infrastructure namespace " + "specified. Please set value of '%s' workspace attribute.", WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE));
}
final RuntimeIdentity runtimeId = new RuntimeIdentityImpl(workspaceId, envName, EnvironmentContext.getCurrent().getSubject().getUserId(), infraNamespace);
try {
InternalEnvironment internalEnv = createInternalEnvironment(config.getEnvironments().get(envName), config.getAttributes(), config.getCommands(), config.getDevfile());
RuntimeContext runtimeContext = infrastructure.prepare(runtimeId, internalEnv);
InternalRuntime runtime = runtimeContext.getRuntime();
try (Unlocker ignored = lockService.writeLock(workspaceId)) {
final WorkspaceStatus existingStatus = statuses.putIfAbsent(workspaceId, STARTING);
if (existingStatus != null) {
throw new ConflictException(format("Could not start workspace '%s' because its state is '%s'", workspaceId, existingStatus));
}
setRuntimesId(workspaceId);
runtimes.put(workspaceId, runtime);
}
LOG.info("Starting workspace '{}/{}' with id '{}' by user '{}'", workspace.getNamespace(), workspace.getName(), workspace.getId(), sessionUserNameOr("undefined"));
publishWorkspaceStatusEvent(workspaceId, STARTING, STOPPED, null, true, options);
return CompletableFuture.runAsync(ThreadLocalPropagateContext.wrap(new StartRuntimeTask(workspace, options, runtime)), sharedPool.getExecutor());
} catch (ValidationException e) {
LOG.error(e.getLocalizedMessage(), e);
throw new ConflictException(e.getLocalizedMessage());
} catch (InfrastructureException e) {
LOG.error(e.getLocalizedMessage(), e);
throw new ServerException(e.getLocalizedMessage(), e);
}
}
use of org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity in project che-server by eclipse-che.
the class CommonPVCStrategy method prepare.
@Override
@Traced
public void prepare(KubernetesEnvironment k8sEnv, RuntimeIdentity identity, long timeoutMillis, Map<String, String> startOptions) throws InfrastructureException {
String workspaceId = identity.getWorkspaceId();
TracingTags.WORKSPACE_ID.set(workspaceId);
if (EphemeralWorkspaceUtility.isEphemeral(k8sEnv.getAttributes())) {
return;
}
log.debug("Preparing PVC started for workspace '{}'", workspaceId);
Map<String, PersistentVolumeClaim> claims = k8sEnv.getPersistentVolumeClaims();
if (claims.isEmpty()) {
return;
}
if (claims.size() > 1) {
throw new InfrastructureException(format("The only one PVC MUST be present in common strategy while it contains: %s.", claims.keySet().stream().collect(joining(", "))));
}
PersistentVolumeClaim commonPVC = claims.values().iterator().next();
final KubernetesNamespace namespace = factory.getOrCreate(identity);
final KubernetesPersistentVolumeClaims pvcs = namespace.persistentVolumeClaims();
final Set<String> existing = pvcs.get().stream().map(p -> p.getMetadata().getName()).collect(toSet());
if (!existing.contains(commonPVC.getMetadata().getName())) {
log.debug("Creating PVC for workspace '{}'", workspaceId);
pvcs.create(commonPVC);
if (waitBound) {
log.debug("Waiting for PVC for workspace '{}' to be bound", workspaceId);
pvcs.waitBound(commonPVC.getMetadata().getName(), timeoutMillis);
}
}
final String[] subpaths = (String[]) commonPVC.getAdditionalProperties().remove(format(SUBPATHS_PROPERTY_FMT, workspaceId));
if (preCreateDirs && subpaths != null) {
pvcSubPathHelper.createDirs(identity, workspaceId, commonPVC.getMetadata().getName(), startOptions, subpaths);
}
log.debug("Preparing PVC done for workspace '{}'", workspaceId);
}
Aggregations