Examples with SECRETS_ROLE_NAME org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME used on opensource projects

Search in sources :

Example 1 with SECRETS_ROLE_NAME

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME in project che-server by eclipse-che.

the class KubernetesNamespaceFactoryTest method shouldCreateAndBindCredentialsSecretRole.

@Test
public void shouldCreateAndBindCredentialsSecretRole() throws Exception {
    // given
    var serviceAccountConfigurator = new WorkspaceServiceAccountConfigurator("serviceAccount", "cr2, cr3", clientFactory);
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(serviceAccountConfigurator), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    when(toReturnNamespace.getName()).thenReturn("workspace123");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    when(clientFactory.create(any())).thenReturn(k8sClient);
    when(cheClientFactory.create()).thenReturn(k8sClient);
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    Optional<Role> roleOptional = k8sClient.rbac().roles().inNamespace("workspace123").list().getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findAny();
    assertTrue(roleOptional.isPresent());
    PolicyRule rule = roleOptional.get().getRules().get(0);
    assertEquals(rule.getResources(), singletonList("secrets"));
    assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
    assertEquals(rule.getApiGroups(), singletonList(""));
    assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
    assertTrue(k8sClient.rbac().roleBindings().inNamespace("workspace123").list().getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals("serviceAccount-secrets")));
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) Role(io.fabric8.kubernetes.api.model.rbac.Role) Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Test(org.testng.annotations.Test) AfterMethod(org.testng.annotations.AfterMethod) Collections.singletonList(java.util.Collections.singletonList) Mockito.doThrow(org.mockito.Mockito.doThrow) Resource(io.fabric8.kubernetes.client.dsl.Resource) CheServerKubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.CheServerKubernetesClientFactory) PreferenceManager(org.eclipse.che.api.user.server.PreferenceManager) Map(java.util.Map) Status(io.fabric8.kubernetes.api.model.Status) Mockito.doReturn(org.mockito.Mockito.doReturn) Assert.assertFalse(org.testng.Assert.assertFalse) Set(java.util.Set) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) Stream(java.util.stream.Stream) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) NamespaceBuilder(io.fabric8.kubernetes.api.model.NamespaceBuilder) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) WorkspaceImpl(org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl) Mockito.mock(org.mockito.Mockito.mock) Optional.empty(java.util.Optional.empty) Mock(org.mockito.Mock) ArgumentMatchers.anyMap(org.mockito.ArgumentMatchers.anyMap) Mockito.spy(org.mockito.Mockito.spy) Mockito.lenient(org.mockito.Mockito.lenient) ValidationException(org.eclipse.che.api.core.ValidationException) PHASE_ATTRIBUTE(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta.PHASE_ATTRIBUTE) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) Assert(org.testng.Assert) NamespaceConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) WorkspaceImplBuilder(org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl.WorkspaceImplBuilder) Constants(org.eclipse.che.api.workspace.shared.Constants) ConfigurationException(org.eclipse.che.inject.ConfigurationException) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Mockito.never(org.mockito.Mockito.never) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) CredentialsSecretConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.CredentialsSecretConfigurator) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) NamespaceResolutionContext(org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Role(io.fabric8.kubernetes.api.model.rbac.Role) LoggerFactory(org.slf4j.LoggerFactory) LoggingEvent(ch.qos.logback.classic.spi.LoggingEvent) ServiceAccountList(io.fabric8.kubernetes.api.model.ServiceAccountList) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ImmutableMap(com.google.common.collect.ImmutableMap) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) BeforeMethod(org.testng.annotations.BeforeMethod) NamespaceList(io.fabric8.kubernetes.api.model.NamespaceList) FilterWatchListDeletable(io.fabric8.kubernetes.client.dsl.FilterWatchListDeletable) Collectors(java.util.stream.Collectors) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesSharedPool(org.eclipse.che.workspace.infrastructure.kubernetes.util.KubernetesSharedPool) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) List(java.util.List) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Namespace(io.fabric8.kubernetes.api.model.Namespace) WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE(org.eclipse.che.api.workspace.shared.Constants.WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) MixedOperation(io.fabric8.kubernetes.client.dsl.MixedOperation) Assert.assertNull(org.testng.Assert.assertNull) NamespaceProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.NamespaceProvisioner) DataProvider(org.testng.annotations.DataProvider) Assert.assertEquals(org.testng.Assert.assertEquals) HashMap(java.util.HashMap) EnvironmentContext(org.eclipse.che.commons.env.EnvironmentContext) ArgumentCaptor(org.mockito.ArgumentCaptor) PreferencesConfigMapConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.PreferencesConfigMapConfigurator) Appender(ch.qos.logback.core.Appender) ClusterRoleBuilder(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder) Collections.emptyMap(java.util.Collections.emptyMap) Logger(org.slf4j.Logger) Collections.emptySet(java.util.Collections.emptySet) Assert.fail(org.testng.Assert.fail) DEFAULT_ATTRIBUTE(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta.DEFAULT_ATTRIBUTE) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) Mockito.verify(org.mockito.Mockito.verify) Mockito(org.mockito.Mockito) NonNamespaceOperation(io.fabric8.kubernetes.client.dsl.NonNamespaceOperation) NAMESPACE_TEMPLATE_ATTRIBUTE(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory.NAMESPACE_TEMPLATE_ATTRIBUTE) UserImpl(org.eclipse.che.api.user.server.model.impl.UserImpl) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Sets(org.testng.collections.Sets) UserManager(org.eclipse.che.api.user.server.UserManager) Collections(java.util.Collections) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Test(org.testng.annotations.Test)

Example 2 with SECRETS_ROLE_NAME

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME in project che-server by eclipse-che.

the class KubernetesWorkspaceServiceAccountTest method shouldCreateCredentialsSecretRole.

@Test
public void shouldCreateCredentialsSecretRole() throws Exception {
    KubernetesClient localK8sClient = spy(serverMock.getClient());
    when(clientFactory.create(anyString())).thenReturn(localK8sClient);
    // when
    serviceAccount.prepare();
    // then
    RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
    Optional<Role> roleOptional = rl.getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findFirst();
    assertTrue(roleOptional.isPresent());
    PolicyRule rule = roleOptional.get().getRules().get(0);
    assertEquals(rule.getResources(), singletonList("secrets"));
    assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
    assertEquals(rule.getApiGroups(), singletonList(""));
    assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
    RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
    assertTrue(rbl.getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-secrets")));
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Mock(org.mockito.Mock) Role(io.fabric8.kubernetes.api.model.rbac.Role) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) Mockito.spy(org.mockito.Mockito.spy) Collections.singletonList(java.util.Collections.singletonList) RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) CONFIGMAPS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CONFIGMAPS_ROLE_NAME) RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Optional(java.util.Optional) METRICS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.METRICS_ROLE_NAME) Collections(java.util.Collections) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Test(org.testng.annotations.Test)

Example 3 with SECRETS_ROLE_NAME

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME in project devspaces-images by redhat-developer.

the class KubernetesNamespaceFactoryTest method shouldCreateAndBindCredentialsSecretRole.

@Test
public void shouldCreateAndBindCredentialsSecretRole() throws Exception {
    // given
    var serviceAccountConfigurator = new WorkspaceServiceAccountConfigurator("serviceAccount", "cr2, cr3", clientFactory);
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(serviceAccountConfigurator), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    when(toReturnNamespace.getName()).thenReturn("workspace123");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    when(clientFactory.create(any())).thenReturn(k8sClient);
    when(cheClientFactory.create()).thenReturn(k8sClient);
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    Optional<Role> roleOptional = k8sClient.rbac().roles().inNamespace("workspace123").list().getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findAny();
    assertTrue(roleOptional.isPresent());
    PolicyRule rule = roleOptional.get().getRules().get(0);
    assertEquals(rule.getResources(), singletonList("secrets"));
    assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
    assertEquals(rule.getApiGroups(), singletonList(""));
    assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
    assertTrue(k8sClient.rbac().roleBindings().inNamespace("workspace123").list().getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals("serviceAccount-secrets")));
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) Role(io.fabric8.kubernetes.api.model.rbac.Role) Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Test(org.testng.annotations.Test) AfterMethod(org.testng.annotations.AfterMethod) Collections.singletonList(java.util.Collections.singletonList) Mockito.doThrow(org.mockito.Mockito.doThrow) Resource(io.fabric8.kubernetes.client.dsl.Resource) CheServerKubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.CheServerKubernetesClientFactory) PreferenceManager(org.eclipse.che.api.user.server.PreferenceManager) Map(java.util.Map) Status(io.fabric8.kubernetes.api.model.Status) Mockito.doReturn(org.mockito.Mockito.doReturn) Assert.assertFalse(org.testng.Assert.assertFalse) Set(java.util.Set) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) Stream(java.util.stream.Stream) ObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta) RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) NamespaceBuilder(io.fabric8.kubernetes.api.model.NamespaceBuilder) SubjectImpl(org.eclipse.che.commons.subject.SubjectImpl) WorkspaceImpl(org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl) Mockito.mock(org.mockito.Mockito.mock) Optional.empty(java.util.Optional.empty) Mock(org.mockito.Mock) ArgumentMatchers.anyMap(org.mockito.ArgumentMatchers.anyMap) Mockito.spy(org.mockito.Mockito.spy) Mockito.lenient(org.mockito.Mockito.lenient) ValidationException(org.eclipse.che.api.core.ValidationException) PHASE_ATTRIBUTE(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta.PHASE_ATTRIBUTE) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) Assert(org.testng.Assert) NamespaceConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) WorkspaceImplBuilder(org.eclipse.che.api.workspace.server.model.impl.WorkspaceImpl.WorkspaceImplBuilder) Constants(org.eclipse.che.api.workspace.shared.Constants) ConfigurationException(org.eclipse.che.inject.ConfigurationException) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Mockito.never(org.mockito.Mockito.never) KubernetesNamespaceMetaImpl(org.eclipse.che.workspace.infrastructure.kubernetes.api.server.impls.KubernetesNamespaceMetaImpl) CredentialsSecretConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.CredentialsSecretConfigurator) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) NamespaceResolutionContext(org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Role(io.fabric8.kubernetes.api.model.rbac.Role) LoggerFactory(org.slf4j.LoggerFactory) LoggingEvent(ch.qos.logback.classic.spi.LoggingEvent) ServiceAccountList(io.fabric8.kubernetes.api.model.ServiceAccountList) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ImmutableMap(com.google.common.collect.ImmutableMap) KubernetesNamespaceMeta(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta) BeforeMethod(org.testng.annotations.BeforeMethod) NamespaceList(io.fabric8.kubernetes.api.model.NamespaceList) FilterWatchListDeletable(io.fabric8.kubernetes.client.dsl.FilterWatchListDeletable) Collectors(java.util.stream.Collectors) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesSharedPool(org.eclipse.che.workspace.infrastructure.kubernetes.util.KubernetesSharedPool) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) List(java.util.List) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Namespace(io.fabric8.kubernetes.api.model.Namespace) WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE(org.eclipse.che.api.workspace.shared.Constants.WORKSPACE_INFRASTRUCTURE_NAMESPACE_ATTRIBUTE) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) MixedOperation(io.fabric8.kubernetes.client.dsl.MixedOperation) Assert.assertNull(org.testng.Assert.assertNull) NamespaceProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.NamespaceProvisioner) DataProvider(org.testng.annotations.DataProvider) Assert.assertEquals(org.testng.Assert.assertEquals) HashMap(java.util.HashMap) EnvironmentContext(org.eclipse.che.commons.env.EnvironmentContext) ArgumentCaptor(org.mockito.ArgumentCaptor) PreferencesConfigMapConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.PreferencesConfigMapConfigurator) Appender(ch.qos.logback.core.Appender) ClusterRoleBuilder(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder) Collections.emptyMap(java.util.Collections.emptyMap) Logger(org.slf4j.Logger) Collections.emptySet(java.util.Collections.emptySet) Assert.fail(org.testng.Assert.fail) DEFAULT_ATTRIBUTE(org.eclipse.che.workspace.infrastructure.kubernetes.api.shared.KubernetesNamespaceMeta.DEFAULT_ATTRIBUTE) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) Mockito.verify(org.mockito.Mockito.verify) Mockito(org.mockito.Mockito) NonNamespaceOperation(io.fabric8.kubernetes.client.dsl.NonNamespaceOperation) NAMESPACE_TEMPLATE_ATTRIBUTE(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory.NAMESPACE_TEMPLATE_ATTRIBUTE) UserImpl(org.eclipse.che.api.user.server.model.impl.UserImpl) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Sets(org.testng.collections.Sets) UserManager(org.eclipse.che.api.user.server.UserManager) Collections(java.util.Collections) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Test(org.testng.annotations.Test)

Example 4 with SECRETS_ROLE_NAME

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME in project devspaces-images by redhat-developer.

the class KubernetesWorkspaceServiceAccountTest method shouldCreateCredentialsSecretRole.

@Test
public void shouldCreateCredentialsSecretRole() throws Exception {
    KubernetesClient localK8sClient = spy(serverMock.getClient());
    when(clientFactory.create(anyString())).thenReturn(localK8sClient);
    // when
    serviceAccount.prepare();
    // then
    RoleList rl = k8sClient.rbac().roles().inNamespace(NAMESPACE).list();
    Optional<Role> roleOptional = rl.getItems().stream().filter(r -> r.getMetadata().getName().equals(SECRETS_ROLE_NAME)).findFirst();
    assertTrue(roleOptional.isPresent());
    PolicyRule rule = roleOptional.get().getRules().get(0);
    assertEquals(rule.getResources(), singletonList("secrets"));
    assertEquals(rule.getResourceNames(), singletonList(CREDENTIALS_SECRET_NAME));
    assertEquals(rule.getApiGroups(), singletonList(""));
    assertEquals(rule.getVerbs(), Arrays.asList("get", "patch"));
    RoleBindingList rbl = k8sClient.rbac().roleBindings().inNamespace(NAMESPACE).list();
    assertTrue(rbl.getItems().stream().anyMatch(rb -> rb.getMetadata().getName().equals(SA_NAME + "-secrets")));
}
Also used : Role(io.fabric8.kubernetes.api.model.rbac.Role) Arrays(java.util.Arrays) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) Listeners(org.testng.annotations.Listeners) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Mock(org.mockito.Mock) Role(io.fabric8.kubernetes.api.model.rbac.Role) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) Mockito.spy(org.mockito.Mockito.spy) Collections.singletonList(java.util.Collections.singletonList) RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder) SECRETS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME) CONFIGMAPS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CONFIGMAPS_ROLE_NAME) RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder) KubernetesServer(io.fabric8.kubernetes.client.server.mock.KubernetesServer) MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener) ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder) BeforeMethod(org.testng.annotations.BeforeMethod) Set(java.util.Set) CREDENTIALS_SECRET_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME) Mockito.when(org.mockito.Mockito.when) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Assert.assertTrue(org.testng.Assert.assertTrue) Optional(java.util.Optional) METRICS_ROLE_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.METRICS_ROLE_NAME) Collections(java.util.Collections) PREFERENCES_CONFIGMAP_NAME(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) PolicyRule(io.fabric8.kubernetes.api.model.rbac.PolicyRule) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) Test(org.testng.annotations.Test)

Aggregations

PolicyRule (io.fabric8.kubernetes.api.model.rbac.PolicyRule)4 Role (io.fabric8.kubernetes.api.model.rbac.Role)4 RoleBindingList (io.fabric8.kubernetes.api.model.rbac.RoleBindingList)4 RoleList (io.fabric8.kubernetes.api.model.rbac.RoleList)4 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)4 KubernetesServer (io.fabric8.kubernetes.client.server.mock.KubernetesServer)4 Arrays (java.util.Arrays)4 Collections (java.util.Collections)4 Collections.singletonList (java.util.Collections.singletonList)4 Optional (java.util.Optional)4 Set (java.util.Set)4 KubernetesClientFactory (org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory)4 CREDENTIALS_SECRET_NAME (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.CREDENTIALS_SECRET_NAME)4 PREFERENCES_CONFIGMAP_NAME (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.PREFERENCES_CONFIGMAP_NAME)4 SECRETS_ROLE_NAME (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.AbstractWorkspaceServiceAccount.SECRETS_ROLE_NAME)4 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)4 ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)4 Mock (org.mockito.Mock)4 Mockito.spy (org.mockito.Mockito.spy)4 Mockito.when (org.mockito.Mockito.when)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial