io.fabric8.kubernetes.api.model.rbac.Role Java Examples
The following examples show how to use
io.fabric8.kubernetes.api.model.rbac.Role.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RoleIT.java From kubernetes-client with Apache License 2.0 | 6 votes |
|
@Before
public void init() {
currentNamespace = session.getNamespace();
// Do not run tests on opeshift 3.6.0 and 3.6.1
assumeFalse(client.getVersion().getMajor().equalsIgnoreCase("1")
&& client.getVersion().getMinor().startsWith("6"));
Role role = new RoleBuilder()
.withNewMetadata()
.withName("job-reader")
.endMetadata()
.addToRules(0, new PolicyRuleBuilder()
.addToApiGroups(0,"batch")
.addToResourceNames(0,"my-job")
.addToResources(0,"jobs")
.addToVerbs(0, "get")
.addToVerbs(1, "watch")
.addToVerbs(2, "list")
.build()
)
.build();
client.rbac().roles().inNamespace(currentNamespace).createOrReplace(role);
}
Example #2
| Source File: TektonHandler.java From dekorate with Apache License 2.0 | 5 votes |
|
public Role createRole(TektonConfig config) {
return new RoleBuilder()
.withNewMetadata()
.withName("pipeline-deployer")
.endMetadata()
.addNewRule()
.withApiGroups("", "apps", "extensions", "serving.knative.dev", "apps.openshift.io")
.withResources("deployments", "services", "ingresses", "serviceaccounts", "rolebindings", "persistentvolumeclaims", "configmaps", "secrets")
.withVerbs("get", "create", "update", "patch")
.endRule()
.build();
}
Example #3
| Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 5 votes |
|
private void createExecRole(KubernetesClient k8sClient, String name) {
Role execRole =
new RoleBuilder()
.withNewMetadata()
.withName(name)
.endMetadata()
.withRules(
new PolicyRuleBuilder()
.withResources("pods/exec")
.withApiGroups("")
.withVerbs("create")
.build())
.build();
k8sClient.rbac().roles().inNamespace(namespace).create(execRole);
}
Example #4
| Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 5 votes |
|
private void createViewRole(KubernetesClient k8sClient, String name) {
Role viewRole =
new RoleBuilder()
.withNewMetadata()
.withName(name)
.endMetadata()
.withRules(
new PolicyRuleBuilder()
.withResources("pods", "services")
.withApiGroups("")
.withVerbs("list")
.build())
.build();
k8sClient.rbac().roles().inNamespace(namespace).create(viewRole);
}
Example #5
| Source File: RoleIT.java From kubernetes-client with Apache License 2.0 | 5 votes |
|
@Test
public void load() {
Role aRole = client.rbac().roles().inNamespace(currentNamespace)
.load(getClass().getResourceAsStream("/test-kubernetesrole.yml")).get();
assertNotNull(aRole);
assertEquals("Role", aRole.getKind());
assertNotNull(aRole.getMetadata());
assertEquals("job-reader", aRole.getMetadata().getName());
assertNotNull(aRole.getRules());
assertEquals(1, aRole.getRules().size());
assertNotNull(aRole.getRules().get(0).getApiGroups());
assertEquals(1, aRole.getRules().get(0).getApiGroups().size());
assertEquals("batch", aRole.getRules().get(0).getApiGroups().get(0));
assertNotNull(aRole.getRules().get(0).getNonResourceURLs());
assertEquals(1, aRole.getRules().get(0).getNonResourceURLs().size());
assertEquals("/healthz", aRole.getRules().get(0).getNonResourceURLs().get(0));
assertNotNull(aRole.getRules().get(0).getResourceNames());
assertEquals(1, aRole.getRules().get(0).getResourceNames().size());
assertEquals("my-job", aRole.getRules().get(0).getResourceNames().get(0));
assertNotNull(aRole.getRules().get(0).getResources());
assertEquals(1, aRole.getRules().get(0).getResources().size());
assertEquals("jobs", aRole.getRules().get(0).getResources().get(0));
assertNotNull(aRole.getRules().get(0).getVerbs());
assertEquals(3, aRole.getRules().get(0).getVerbs().size());
assertEquals("get", aRole.getRules().get(0).getVerbs().get(0));
assertEquals("watch", aRole.getRules().get(0).getVerbs().get(1));
assertEquals("list", aRole.getRules().get(0).getVerbs().get(2));
}
Example #6
| Source File: RoleIT.java From kubernetes-client with Apache License 2.0 | 5 votes |
|
@Test
public void delete() {
Integer countBeforeDeletion = client.rbac().roles().inNamespace(currentNamespace).list().getItems().size();
boolean deleted = client.rbac().roles().inNamespace(currentNamespace).delete();
assertTrue(deleted);
DeleteEntity<Role> deleteEntity = new DeleteEntity<>(Role.class, client, "job-reader", currentNamespace);
await().atMost(30, TimeUnit.SECONDS).until(deleteEntity);
RoleList roleList = client.rbac().roles().inNamespace(currentNamespace).list();
assertEquals(countBeforeDeletion - 1,roleList.getItems().size());
}
Example #7
| Source File: ApplyService.java From jkube with Eclipse Public License 2.0 | 4 votes |
|
/**
* Applies the given DTOs onto the Kubernetes master
*/
private void applyEntity(Object dto, String sourceName) throws Exception {
if (dto instanceof Pod) {
applyPod((Pod) dto, sourceName);
} else if (dto instanceof ReplicationController) {
applyReplicationController((ReplicationController) dto, sourceName);
} else if (dto instanceof Service) {
applyService((Service) dto, sourceName);
} else if (dto instanceof Route) {
applyRoute((Route) dto, sourceName);
} else if (dto instanceof BuildConfig) {
applyBuildConfig((BuildConfig) dto, sourceName);
} else if (dto instanceof DeploymentConfig) {
DeploymentConfig resource = (DeploymentConfig) dto;
OpenShiftClient openShiftClient = getOpenShiftClient();
if (openShiftClient != null) {
applyResource(resource, sourceName, openShiftClient.deploymentConfigs());
} else {
log.warn("Not connected to OpenShift cluster so cannot apply entity " + dto);
}
} else if (dto instanceof RoleBinding) {
applyRoleBinding((RoleBinding) dto, sourceName);
} else if (dto instanceof Role) {
applyResource((Role)dto, sourceName, kubernetesClient.rbac().roles());
} else if (dto instanceof ImageStream) {
applyImageStream((ImageStream) dto, sourceName);
} else if (dto instanceof OAuthClient) {
applyOAuthClient((OAuthClient) dto, sourceName);
} else if (dto instanceof Template) {
applyTemplate((Template) dto, sourceName);
} else if (dto instanceof ServiceAccount) {
applyServiceAccount((ServiceAccount) dto, sourceName);
} else if (dto instanceof Secret) {
applySecret((Secret) dto, sourceName);
} else if (dto instanceof ConfigMap) {
applyResource((ConfigMap) dto, sourceName, kubernetesClient.configMaps());
} else if (dto instanceof DaemonSet) {
applyResource((DaemonSet) dto, sourceName, kubernetesClient.apps().daemonSets());
} else if (dto instanceof Deployment) {
applyResource((Deployment) dto, sourceName, kubernetesClient.apps().deployments());
} else if (dto instanceof ReplicaSet) {
applyResource((ReplicaSet) dto, sourceName, kubernetesClient.apps().replicaSets());
} else if (dto instanceof StatefulSet) {
applyResource((StatefulSet) dto, sourceName, kubernetesClient.apps().statefulSets());
} else if (dto instanceof Ingress) {
applyResource((Ingress) dto, sourceName, kubernetesClient.extensions().ingresses());
} else if (dto instanceof PersistentVolumeClaim) {
applyPersistentVolumeClaim((PersistentVolumeClaim) dto, sourceName);
}else if (dto instanceof CustomResourceDefinition) {
applyCustomResourceDefinition((CustomResourceDefinition) dto, sourceName);
} else if (dto instanceof Job) {
applyJob((Job) dto, sourceName);
} else if (dto instanceof HasMetadata) {
HasMetadata entity = (HasMetadata) dto;
try {
log.info("Applying " + getKind(entity) + " " + getName(entity) + " from " + sourceName);
kubernetesClient.resource(entity).inNamespace(getNamespace()).createOrReplace();
} catch (Exception e) {
onApplyError("Failed to create " + getKind(entity) + " from " + sourceName + ". " + e, e);
}
} else {
throw new IllegalArgumentException("Unknown entity type " + dto);
}
}
Example #8
| Source File: UtilsTest.java From kubernetes-client with Apache License 2.0 | 4 votes |
|
@Test
void testGetPluralFromKind() {
// Given
Map<String, Class> pluralToKubernetesResourceMap = new HashMap<>();
pluralToKubernetesResourceMap.put("bindings", Binding.class);
pluralToKubernetesResourceMap.put("componentstatuses", ComponentStatus.class);
pluralToKubernetesResourceMap.put("configmaps", ConfigMap.class);
pluralToKubernetesResourceMap.put("endpoints", Endpoints.class);
pluralToKubernetesResourceMap.put("events", Event.class);
pluralToKubernetesResourceMap.put("limitranges", LimitRange.class);
pluralToKubernetesResourceMap.put("namespaces", Namespace.class);
pluralToKubernetesResourceMap.put("nodes", Node.class);
pluralToKubernetesResourceMap.put("persistentvolumeclaims", PersistentVolumeClaim.class);
pluralToKubernetesResourceMap.put("persistentvolumes", PersistentVolume.class);
pluralToKubernetesResourceMap.put("pods", Pod.class);
pluralToKubernetesResourceMap.put("podtemplates", PodTemplate.class);
pluralToKubernetesResourceMap.put("replicationcontrollers", ReplicationController.class);
pluralToKubernetesResourceMap.put("resourcequotas", ResourceQuota.class);
pluralToKubernetesResourceMap.put("secrets", Secret.class);
pluralToKubernetesResourceMap.put("serviceaccounts", ServiceAccount.class);
pluralToKubernetesResourceMap.put("services", Service.class);
pluralToKubernetesResourceMap.put("mutatingwebhookconfigurations", MutatingWebhookConfiguration.class);
pluralToKubernetesResourceMap.put("validatingwebhookconfigurations", ValidatingWebhookConfiguration.class);
pluralToKubernetesResourceMap.put("customresourcedefinitions", CustomResourceDefinition.class);
pluralToKubernetesResourceMap.put("controllerrevisions", ControllerRevision.class);
pluralToKubernetesResourceMap.put("daemonsets", DaemonSet.class);
pluralToKubernetesResourceMap.put("deployments", Deployment.class);
pluralToKubernetesResourceMap.put("replicasets", ReplicaSet.class);
pluralToKubernetesResourceMap.put("statefulsets", StatefulSet.class);
pluralToKubernetesResourceMap.put("tokenreviews", TokenReview.class);
pluralToKubernetesResourceMap.put("localsubjectaccessreviews", LocalSubjectAccessReview.class);
pluralToKubernetesResourceMap.put("selfsubjectaccessreviews", SelfSubjectAccessReview.class);
pluralToKubernetesResourceMap.put("selfsubjectrulesreviews", SelfSubjectRulesReview.class);
pluralToKubernetesResourceMap.put("subjectaccessreviews", SubjectAccessReview.class);
pluralToKubernetesResourceMap.put("horizontalpodautoscalers", HorizontalPodAutoscaler.class);
pluralToKubernetesResourceMap.put("cronjobs", CronJob.class);
pluralToKubernetesResourceMap.put("jobs", Job.class);
pluralToKubernetesResourceMap.put("certificatesigningrequests", CertificateSigningRequest.class);
pluralToKubernetesResourceMap.put("leases", Lease.class);
pluralToKubernetesResourceMap.put("endpointslices", EndpointSlice.class);
pluralToKubernetesResourceMap.put("ingresses", Ingress.class);
pluralToKubernetesResourceMap.put("networkpolicies", NetworkPolicy.class);
pluralToKubernetesResourceMap.put("poddisruptionbudgets", PodDisruptionBudget.class);
pluralToKubernetesResourceMap.put("podsecuritypolicies", PodSecurityPolicy.class);
pluralToKubernetesResourceMap.put("clusterrolebindings", ClusterRoleBinding.class);
pluralToKubernetesResourceMap.put("clusterroles", ClusterRole.class);
pluralToKubernetesResourceMap.put("rolebindings", RoleBinding.class);
pluralToKubernetesResourceMap.put("roles", Role.class);
pluralToKubernetesResourceMap.put("priorityclasses", PriorityClass.class);
pluralToKubernetesResourceMap.put("csidrivers", CSIDriver.class);
pluralToKubernetesResourceMap.put("csinodes", CSINode.class);
pluralToKubernetesResourceMap.put("storageclasses", StorageClass.class);
pluralToKubernetesResourceMap.put("volumeattachments", VolumeAttachment.class);
// When & Then
pluralToKubernetesResourceMap.forEach((plural, kubernetesResource)
-> assertEquals(plural, Utils.getPluralFromKind(kubernetesResource.getSimpleName())));
}
Example #9
| Source File: UtilsTest.java From kubernetes-client with Apache License 2.0 | 4 votes |
|
@Test
@DisplayName("Should test whether resource is namespaced or not")
void testWhetherNamespacedOrNot() {
assertTrue(Utils.isResourceNamespaced(Binding.class));
assertFalse(Utils.isResourceNamespaced(ComponentStatus.class));
assertTrue(Utils.isResourceNamespaced(ConfigMap.class));
assertTrue(Utils.isResourceNamespaced(Endpoints.class));
assertTrue(Utils.isResourceNamespaced(Event.class));
assertTrue(Utils.isResourceNamespaced(LimitRange.class));
assertFalse(Utils.isResourceNamespaced(Namespace.class));
assertFalse(Utils.isResourceNamespaced(Node.class));
assertTrue(Utils.isResourceNamespaced(PersistentVolumeClaim.class));
assertFalse(Utils.isResourceNamespaced(PersistentVolume.class));
assertTrue(Utils.isResourceNamespaced(Pod.class));
assertTrue(Utils.isResourceNamespaced(PodTemplate.class));
assertTrue(Utils.isResourceNamespaced(ReplicationController.class));
assertTrue(Utils.isResourceNamespaced(ResourceQuota.class));
assertTrue(Utils.isResourceNamespaced(Secret.class));
assertTrue(Utils.isResourceNamespaced(ServiceAccount.class));
assertTrue(Utils.isResourceNamespaced(Service.class));
assertFalse(Utils.isResourceNamespaced(MutatingWebhookConfiguration.class));
assertFalse(Utils.isResourceNamespaced(ValidatingWebhookConfiguration.class));
assertFalse(Utils.isResourceNamespaced(CustomResourceDefinition.class));
assertTrue(Utils.isResourceNamespaced(ControllerRevision.class));
assertTrue(Utils.isResourceNamespaced(DaemonSet.class));
assertTrue(Utils.isResourceNamespaced(Deployment.class));
assertTrue(Utils.isResourceNamespaced(ReplicaSet.class));
assertTrue(Utils.isResourceNamespaced(StatefulSet.class));
assertTrue(Utils.isResourceNamespaced(TokenReview.class));
assertTrue(Utils.isResourceNamespaced(LocalSubjectAccessReview.class));
assertTrue(Utils.isResourceNamespaced(SelfSubjectAccessReview.class));
assertTrue(Utils.isResourceNamespaced(SelfSubjectRulesReview.class));
assertTrue(Utils.isResourceNamespaced(SubjectAccessReview.class));
assertTrue(Utils.isResourceNamespaced(HorizontalPodAutoscaler.class));
assertTrue(Utils.isResourceNamespaced(CronJob.class));
assertTrue(Utils.isResourceNamespaced(Job.class));
assertTrue(Utils.isResourceNamespaced(CertificateSigningRequest.class));
assertTrue(Utils.isResourceNamespaced(Lease.class));
assertTrue(Utils.isResourceNamespaced(EndpointSlice.class));
assertTrue(Utils.isResourceNamespaced(Ingress.class));
assertTrue(Utils.isResourceNamespaced(NetworkPolicy.class));
assertTrue(Utils.isResourceNamespaced(PodDisruptionBudget.class));
assertFalse(Utils.isResourceNamespaced(PodSecurityPolicy.class));
assertFalse(Utils.isResourceNamespaced(ClusterRoleBinding.class));
assertFalse(Utils.isResourceNamespaced(ClusterRole.class));
assertTrue(Utils.isResourceNamespaced(RoleBinding.class));
assertTrue(Utils.isResourceNamespaced(Role.class));
assertFalse(Utils.isResourceNamespaced(PriorityClass.class));
assertTrue(Utils.isResourceNamespaced(CSIDriver.class));
assertTrue(Utils.isResourceNamespaced(CSINode.class));
assertFalse(Utils.isResourceNamespaced(StorageClass.class));
assertTrue(Utils.isResourceNamespaced(VolumeAttachment.class));
}
Example #10
| Source File: RbacAPIGroupDSL.java From kubernetes-client with Apache License 2.0 | votes |
|
MixedOperation<Role, RoleList, DoneableRole, Resource<Role, DoneableRole>> roles();
