use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME in project che-server by eclipse-che.
the class KubernetesNamespaceFactoryTest method shouldCreateAndBindCredentialsSecretRole.
@Test
public void shouldCreateAndBindCredentialsSecretRole() throws Exception {
// given
var serviceAccountConfigurator = new WorkspaceServiceAccountConfigurator("serviceAccount", "cr2, cr3", clientFactory);
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(serviceAccountConfigurator), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
prepareNamespace(toReturnNamespace);
when(toReturnNamespace.getName()).thenReturn("workspace123");
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
when(clientFactory.create(any())).thenReturn(k8sClient);
when(cheClientFactory.create()).thenReturn(k8sClient);
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
namespaceFactory.getOrCreate(identity);
// then
Optional<Role> roleOptional = k8sClient.rbac().roles().inNamespace("workspace123").list().getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findAny();
assertTrue(roleOptional.isPresent());
PolicyRule rule = roleOptional.get().getRules().get(0);
assertEquals(rule.getResources(), singletonList("secrets"));
assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
assertEquals(rule.getApiGroups(), singletonList(""));
assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
assertTrue(k8sClient.rbac().roleBindings().inNamespace("workspace123").list().getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals("serviceAccount-secrets")));
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME in project che-server by eclipse-che.
the class KubernetesWorkspaceServiceAccountTest method shouldCreateCredentialsSecretRole.
@Test
public void shouldCreateCredentialsSecretRole() throws Exception {
KubernetesClient localK8sClient = spy(serverMock.getClient());
when(clientFactory.create(anyString())).thenReturn(localK8sClient);
// when
serviceAccount.prepare();
// then
RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
Optional<Role> roleOptional = rl.getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findFirst();
assertTrue(roleOptional.isPresent());
PolicyRule rule = roleOptional.get().getRules().get(0);
assertEquals(rule.getResources(), singletonList("secrets"));
assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
assertEquals(rule.getApiGroups(), singletonList(""));
assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
assertTrue(rbl.getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-secrets")));
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME in project devspaces-images by redhat-developer.
the class KubernetesNamespaceFactoryTest method shouldCreateAndBindCredentialsSecretRole.
@Test
public void shouldCreateAndBindCredentialsSecretRole() throws Exception {
// given
var serviceAccountConfigurator = new WorkspaceServiceAccountConfigurator("serviceAccount", "cr2, cr3", clientFactory);
namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(serviceAccountConfigurator), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
prepareNamespace(toReturnNamespace);
when(toReturnNamespace.getName()).thenReturn("workspace123");
doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
when(clientFactory.create(any())).thenReturn(k8sClient);
when(cheClientFactory.create()).thenReturn(k8sClient);
// when
RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
namespaceFactory.getOrCreate(identity);
// then
Optional<Role> roleOptional = k8sClient.rbac().roles().inNamespace("workspace123").list().getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findAny();
assertTrue(roleOptional.isPresent());
PolicyRule rule = roleOptional.get().getRules().get(0);
assertEquals(rule.getResources(), singletonList("secrets"));
assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
assertEquals(rule.getApiGroups(), singletonList(""));
assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
assertTrue(k8sClient.rbac().roleBindings().inNamespace("workspace123").list().getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals("serviceAccount-secrets")));
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME in project devspaces-images by redhat-developer.
the class KubernetesWorkspaceServiceAccountTest method shouldCreateCredentialsSecretRole.
@Test
public void shouldCreateCredentialsSecretRole() throws Exception {
KubernetesClient localK8sClient = spy(serverMock.getClient());
when(clientFactory.create(anyString())).thenReturn(localK8sClient);
// when
serviceAccount.prepare();
// then
RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
Optional<Role> roleOptional = rl.getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findFirst();
assertTrue(roleOptional.isPresent());
PolicyRule rule = roleOptional.get().getRules().get(0);
assertEquals(rule.getResources(), singletonList("secrets"));
assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
assertEquals(rule.getApiGroups(), singletonList(""));
assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
assertTrue(rbl.getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-secrets")));
}
Aggregations