use of org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext in project devspaces-images by redhat-developer.
the class WorkspaceManagerTest method evaluatesDefaultInfraNamespaceIfInvalidOnWorkspaceStart.
@Test
public void evaluatesDefaultInfraNamespaceIfInvalidOnWorkspaceStart() throws Exception {
DevfileImpl devfile = mock(DevfileImpl.class);
WorkspaceImpl workspace = createAndMockWorkspace(devfile, NAMESPACE_1, ImmutableMap.of(WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE, "-invalid-dns-name"));
when(runtimes.evalInfrastructureNamespace(any())).thenReturn("evaluated-legal");
when(runtimes.isInfrastructureNamespaceValid(eq("-invalid-dns-name"))).thenReturn(false);
mockAnyWorkspaceStart();
workspaceManager.startWorkspace(workspace.getId(), null, emptyMap());
verify(runtimes).startAsync(eq(workspace), eq(null), anyMap());
verify(workspaceDao, times(2)).update(workspaceCaptor.capture());
assertEquals(workspaceCaptor.getAllValues().get(0).getAttributes().get(WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE), "evaluated-legal");
verify(runtimes).evalInfrastructureNamespace(new NamespaceResolutionContext(workspace.getId(), USER_ID, NAMESPACE_1));
}
use of org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext in project devspaces-images by redhat-developer.
the class KubernetesNamespaceFactory method list.
/**
* Returns list of k8s namespaces names where a user is able to run workspaces.
*/
public List<KubernetesNamespaceMeta> list() throws InfrastructureException {
NamespaceResolutionContext resolutionCtx = new NamespaceResolutionContext(EnvironmentContext.getCurrent().getSubject());
List<KubernetesNamespaceMeta> labeledNamespaces = findPreparedNamespaces(resolutionCtx);
if (!labeledNamespaces.isEmpty()) {
return labeledNamespaces;
} else {
return singletonList(getDefaultNamespace(resolutionCtx));
}
}
use of org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext in project devspaces-images by redhat-developer.
the class KubernetesNamespaceFactory method checkIfNamespaceIsAllowed.
/**
* Checks if the current user is able to use the specified namespace for their new workspaces.
*
* @param namespaceName namespace name to check
* @throws ValidationException if the specified namespace is not permitted for the current user
*/
public void checkIfNamespaceIsAllowed(String namespaceName) throws ValidationException {
NamespaceResolutionContext context = new NamespaceResolutionContext(EnvironmentContext.getCurrent().getSubject());
final String defaultNamespace = findStoredNamespace(context).orElse(evalPlaceholders(defaultNamespaceName, context));
if (!namespaceName.equals(defaultNamespace)) {
try {
List<KubernetesNamespaceMeta> labeledNamespaces = findPreparedNamespaces(context);
if (labeledNamespaces.stream().noneMatch(n -> n.getName().equals(namespaceName))) {
throw new ValidationException(format("User defined namespaces are not allowed. Only the default namespace '%s' is available.", defaultNamespace));
}
} catch (InfrastructureException e) {
throw new ValidationException("Some infrastructure failure caused failed validation.", e);
}
}
}
use of org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext in project devspaces-images by redhat-developer.
the class KubernetesNamespaceFactory method canCreateNamespace.
/**
* Tells the caller whether the namespace that is being prepared for the provided workspace
* runtime identity can be created or is expected to already be present.
*
* <p>Note that this method cannot be reduced to merely checking if user-defined namespaces are
* allowed or not (and depending on prior validation using the {@link
* #checkIfNamespaceIsAllowed(String)} method during the workspace creation) because workspace
* start is a) async from workspace creation and the underlying namespaces might have disappeared
* and b) can be called during workspace recovery, where we don't even have the current user in
* the context.
*
* @param identity the identity of the workspace runtime
* @return true if the namespace can be created, false if the namespace is expected to already
* exist
* @throws InfrastructureException on failure
*/
protected boolean canCreateNamespace(RuntimeIdentity identity) throws InfrastructureException {
if (!namespaceCreationAllowed) {
return false;
}
// we need to make sure that the provided namespace is indeed the one provided by our
// configuration
User owner;
try {
owner = userManager.getById(identity.getOwnerId());
} catch (NotFoundException | ServerException e) {
throw new InfrastructureException("Failed to resolve workspace owner. Cause: " + e.getMessage(), e);
}
String requiredNamespace = identity.getInfrastructureNamespace();
NamespaceResolutionContext resolutionContext = new NamespaceResolutionContext(identity.getWorkspaceId(), identity.getOwnerId(), owner.getName());
String resolvedDefaultNamespace = evaluateNamespaceName(resolutionContext);
return resolvedDefaultNamespace.equals(requiredNamespace);
}
use of org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext in project devspaces-images by redhat-developer.
the class KubernetesNamespaceFactoryTest method testEvalNamespaceSkipsNamespaceFromUserPreferencesIfTemplateChanged.
@Test
public void testEvalNamespaceSkipsNamespaceFromUserPreferencesIfTemplateChanged() throws Exception {
namespaceFactory = new KubernetesNamespaceFactory("che-<userid>-<username>", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, emptySet(), clientFactory, cheClientFactory, userManager, preferenceManager, pool);
Map<String, String> prefs = new HashMap<>();
// returned but ignored
prefs.put(WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE, "che-123");
prefs.put(NAMESPACE_TEMPLATE_ATTRIBUTE, "che-<userid>");
when(preferenceManager.find(anyString())).thenReturn(prefs);
String namespace = namespaceFactory.evaluateNamespaceName(new NamespaceResolutionContext("workspace123", "user123", "jondoe"));
assertEquals(namespace, "che-user123-jondoe");
}
Aggregations