Examples with WorkspaceServiceAccountConfigurator org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator used on opensource projects

Search in sources :

Example 6 with WorkspaceServiceAccountConfigurator

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator in project che-server by eclipse-che.

the class KubernetesNamespaceFactoryTest method shouldCreateExecAndViewRolesAndBindings.

@Test
public void shouldCreateExecAndViewRolesAndBindings() throws Exception {
    // given
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(new WorkspaceServiceAccountConfigurator("serviceAccount", "", clientFactory)), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    when(toReturnNamespace.getName()).thenReturn("workspace123");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    when(k8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(true);
    when(clientFactory.create(any())).thenReturn(k8sClient);
    when(cheClientFactory.create()).thenReturn(k8sClient);
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    ServiceAccountList sas = k8sClient.serviceAccounts().inNamespace("workspace123").list();
    assertEquals(sas.getItems().size(), 1);
    assertEquals(sas.getItems().get(0).getMetadata().getName(), "serviceAccount");
    RoleList roles = k8sClient.rbac().roles().inNamespace("workspace123").list();
    assertEquals(roles.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("workspace-configmaps", "workspace-view", "workspace-metrics", "workspace-secrets", "exec"));
    Role role1 = roles.getItems().get(0);
    Role role2 = roles.getItems().get(1);
    assertFalse(role1.getRules().containsAll(role2.getRules()) && role2.getRules().containsAll(role1.getRules()), "exec and view roles should not be the same");
    RoleBindingList bindings = k8sClient.rbac().roleBindings().inNamespace("workspace123").list();
    assertEquals(bindings.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("serviceAccount-metrics", "serviceAccount-view", "serviceAccount-exec", "serviceAccount-configmaps", "serviceAccount-secrets"));
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) Role(io.fabric8.kubernetes.api.model.rbac.Role) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) ServiceAccountList(io.fabric8.kubernetes.api.model.ServiceAccountList) Test(org.testng.annotations.Test)

Example 7 with WorkspaceServiceAccountConfigurator

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator in project devspaces-images by redhat-developer.

the class KubernetesNamespaceFactoryTest method shouldBindToAllConfiguredClusterRoles.

@Test
public void shouldBindToAllConfiguredClusterRoles() throws Exception {
    // given
    var serviceAccountConfigurator = new WorkspaceServiceAccountConfigurator("serviceAccount", "cr2, cr3", clientFactory);
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(serviceAccountConfigurator), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    when(toReturnNamespace.getName()).thenReturn("workspace123");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    when(k8sClient.supportsApiPath(eq("/apis/metrics.k8s.io"))).thenReturn(true);
    when(cheClientFactory.create()).thenReturn(k8sClient);
    when(clientFactory.create(any())).thenReturn(k8sClient);
    // pre-create the cluster roles
    Stream.of("cr1", "cr2", "cr3").forEach(cr -> k8sClient.rbac().clusterRoles().createOrReplace(new ClusterRoleBuilder().withNewMetadata().withName(cr).endMetadata().build()));
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    ServiceAccountList sas = k8sClient.serviceAccounts().inNamespace("workspace123").list();
    assertEquals(sas.getItems().size(), 1);
    assertEquals(sas.getItems().get(0).getMetadata().getName(), "serviceAccount");
    RoleList roles = k8sClient.rbac().roles().inNamespace("workspace123").list();
    assertEquals(roles.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("workspace-configmaps", "workspace-view", "workspace-metrics", "workspace-secrets", "exec"));
    RoleBindingList bindings = k8sClient.rbac().roleBindings().inNamespace("workspace123").list();
    assertEquals(bindings.getItems().stream().map(r -> r.getMetadata().getName()).collect(Collectors.toSet()), Sets.newHashSet("serviceAccount-metrics", "serviceAccount-cluster0", "serviceAccount-cluster1", "serviceAccount-configmaps", "serviceAccount-view", "serviceAccount-exec", "serviceAccount-secrets"));
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) ClusterRoleBuilder(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) RoleList(io.fabric8.kubernetes.api.model.rbac.RoleList) RoleBindingList(io.fabric8.kubernetes.api.model.rbac.RoleBindingList) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) ServiceAccountList(io.fabric8.kubernetes.api.model.ServiceAccountList) Test(org.testng.annotations.Test)

Example 8 with WorkspaceServiceAccountConfigurator

use of org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator in project devspaces-images by redhat-developer.

the class KubernetesNamespaceFactoryTest method shouldPrepareWorkspaceServiceAccountIfItIsConfiguredAndNamespaceIsNotPredefined.

@Test
public void shouldPrepareWorkspaceServiceAccountIfItIsConfiguredAndNamespaceIsNotPredefined() throws Exception {
    // given
    var serviceAccountCfg = spy(new WorkspaceServiceAccountConfigurator("serviceAccount", "", clientFactory));
    namespaceFactory = spy(new KubernetesNamespaceFactory("<username>-che", true, true, true, NAMESPACE_LABELS, NAMESPACE_ANNOTATIONS, Set.of(serviceAccountCfg), clientFactory, cheClientFactory, userManager, preferenceManager, pool));
    KubernetesNamespace toReturnNamespace = mock(KubernetesNamespace.class);
    prepareNamespace(toReturnNamespace);
    when(toReturnNamespace.getName()).thenReturn("workspace123");
    doReturn(toReturnNamespace).when(namespaceFactory).doCreateNamespaceAccess(any(), any());
    KubernetesWorkspaceServiceAccount serviceAccount = mock(KubernetesWorkspaceServiceAccount.class);
    doReturn(serviceAccount).when(serviceAccountCfg).doCreateServiceAccount(any(), any());
    // when
    RuntimeIdentity identity = new RuntimeIdentityImpl("workspace123", null, USER_ID, "workspace123");
    namespaceFactory.getOrCreate(identity);
    // then
    verify(serviceAccountCfg).doCreateServiceAccount("workspace123", "workspace123");
    verify(serviceAccount).prepare();
}
Also used : RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity) WorkspaceServiceAccountConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator) RuntimeIdentityImpl(org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl) Test(org.testng.annotations.Test)

Aggregations

RuntimeIdentity (org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)8 RuntimeIdentityImpl (org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl)8 WorkspaceServiceAccountConfigurator (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.WorkspaceServiceAccountConfigurator)8 Test (org.testng.annotations.Test)8 ServiceAccountList (io.fabric8.kubernetes.api.model.ServiceAccountList)6 RoleBindingList (io.fabric8.kubernetes.api.model.rbac.RoleBindingList)6 RoleList (io.fabric8.kubernetes.api.model.rbac.RoleList)6 ClusterRoleBuilder (io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder)4 Role (io.fabric8.kubernetes.api.model.rbac.Role)4 LoggingEvent (ch.qos.logback.classic.spi.LoggingEvent)2 Appender (ch.qos.logback.core.Appender)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)2 Namespace (io.fabric8.kubernetes.api.model.Namespace)2 NamespaceBuilder (io.fabric8.kubernetes.api.model.NamespaceBuilder)2 NamespaceList (io.fabric8.kubernetes.api.model.NamespaceList)2 ObjectMeta (io.fabric8.kubernetes.api.model.ObjectMeta)2 Secret (io.fabric8.kubernetes.api.model.Secret)2 Status (io.fabric8.kubernetes.api.model.Status)2 PolicyRule (io.fabric8.kubernetes.api.model.rbac.PolicyRule)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial