io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder Java Examples

The following examples show how to use io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ClusterRoleOperatorIT.java    From strimzi-kafka-operator with Apache License 2.0 6 votes vote down vote up
@Override
protected ClusterRole getOriginal()  {
    PolicyRule rule = new PolicyRuleBuilder()
            .withApiGroups("")
            .withResources("nodes")
            .withVerbs("get")
            .build();

    return new ClusterRoleBuilder()
            .withNewMetadata()
                .withName(RESOURCE_NAME)
                .withLabels(singletonMap("state", "new"))
            .endMetadata()
            .withRules(rule)
            .build();
}
 
Example #2
Source File: ClusterRoleOperatorIT.java    From strimzi-kafka-operator with Apache License 2.0 6 votes vote down vote up
@Override
protected ClusterRole getModified()  {
    PolicyRule rule = new PolicyRuleBuilder()
            .withApiGroups("")
            .withResources("nodes")
            .withVerbs("get", "list")
            .build();

    return new ClusterRoleBuilder()
            .withNewMetadata()
            .withName(RESOURCE_NAME)
            .withLabels(singletonMap("state", "modified"))
            .endMetadata()
            .withRules(rule)
            .build();
}
 
Example #3
Source File: RoleIT.java    From kubernetes-client with Apache License 2.0 6 votes vote down vote up
@Before
public void init() {

  currentNamespace = session.getNamespace();

  // Do not run tests on opeshift 3.6.0 and 3.6.1
  assumeFalse(client.getVersion().getMajor().equalsIgnoreCase("1")
    && client.getVersion().getMinor().startsWith("6"));

  Role role = new RoleBuilder()
    .withNewMetadata()
    .withName("job-reader")
    .endMetadata()
    .addToRules(0, new PolicyRuleBuilder()
      .addToApiGroups(0,"batch")
      .addToResourceNames(0,"my-job")
      .addToResources(0,"jobs")
      .addToVerbs(0, "get")
      .addToVerbs(1, "watch")
      .addToVerbs(2, "list")
      .build()
    )
    .build();

  client.rbac().roles().inNamespace(currentNamespace).createOrReplace(role);
}
 
Example #4
Source File: ClusterRoleIT.java    From kubernetes-client with Apache License 2.0 6 votes vote down vote up
@Before
public void init() {
  // Do not run tests on opeshift 3.6.0 and 3.6.1
  assumeFalse(client.getVersion().getMajor().equalsIgnoreCase("1")
    && client.getVersion().getMinor().startsWith("6"));

  ClusterRole kubernetesclusterRole = new ClusterRoleBuilder()
    .withNewMetadata()
    .withName("node-reader")
    .endMetadata()
    .addToRules(0, new PolicyRuleBuilder()
      .addToApiGroups(0,"")
      .addToResourceNames(0,"my-node")
      .addToResources(0,"nodes")
      .addToVerbs(0, "get")
      .addToVerbs(1, "watch")
      .addToVerbs(2, "list")
      .build()
    )
    .build();

  client.rbac().clusterRoles().createOrReplace(kubernetesclusterRole);
}
 
Example #5
Source File: KubernetesWorkspaceServiceAccount.java    From che with Eclipse Public License 2.0 5 votes vote down vote up
private void createExecRole(KubernetesClient k8sClient, String name) {
  Role execRole =
      new RoleBuilder()
          .withNewMetadata()
          .withName(name)
          .endMetadata()
          .withRules(
              new PolicyRuleBuilder()
                  .withResources("pods/exec")
                  .withApiGroups("")
                  .withVerbs("create")
                  .build())
          .build();
  k8sClient.rbac().roles().inNamespace(namespace).create(execRole);
}
 
Example #6
Source File: KubernetesWorkspaceServiceAccount.java    From che with Eclipse Public License 2.0 5 votes vote down vote up
private void createViewRole(KubernetesClient k8sClient, String name) {
  Role viewRole =
      new RoleBuilder()
          .withNewMetadata()
          .withName(name)
          .endMetadata()
          .withRules(
              new PolicyRuleBuilder()
                  .withResources("pods", "services")
                  .withApiGroups("")
                  .withVerbs("list")
                  .build())
          .build();
  k8sClient.rbac().roles().inNamespace(namespace).create(viewRole);
}
 
Example #7
Source File: SystemtestsKubernetesApps.java    From enmasse with Apache License 2.0 4 votes vote down vote up
public static void deployAMQBroker(String namespace, String name, String user, String password, BrokerCertBundle certBundle) throws Exception {
    kube.createNamespace(namespace);

    kube.getClient().rbac().roles().inNamespace(namespace).createOrReplace(new RoleBuilder()
            .withNewMetadata()
            .withName(name)
            .withNamespace(namespace)
            .endMetadata()
            .withRules(new PolicyRuleBuilder()
                    .addToApiGroups("")
                    .addToResources("secrets")
                    .addToResourceNames(name)
                    .addToVerbs("get")
                    .build())
            .build());
    kube.getClient().rbac().roleBindings().inNamespace(namespace).createOrReplace(new RoleBindingBuilder()
            .withNewMetadata()
            .withName(name)
            .withNamespace(namespace)
            .endMetadata()
            .withNewRoleRef("rbac.authorization.k8s.io", "Role", name)
            .withSubjects(new SubjectBuilder()
                    .withKind("ServiceAccount")
                    .withName("address-space-controller")
                    .withNamespace(kube.getInfraNamespace())
                    .build())
            .build());

    kube.createSecret(namespace, getBrokerSecret(name, certBundle, user, password));

    kube.createDeploymentFromResource(namespace, getBrokerDeployment(name, user, password), 3, TimeUnit.MINUTES);

    ServicePort tlsPort = new ServicePortBuilder()
            .withName("amqps")
            .withPort(5671)
            .withTargetPort(new IntOrString(5671))
            .build();

    ServicePort mutualTlsPort = new ServicePortBuilder()
            .withName("amqpsmutual")
            .withPort(55671)
            .withTargetPort(new IntOrString(55671))
            .build();

    Service service = getSystemtestsServiceResource(name, name, new ServicePortBuilder()
                    .withName("amqp")
                    .withPort(5672)
                    .withTargetPort(new IntOrString(5672))
                    .build(),
            tlsPort,
            mutualTlsPort);

    kube.createServiceFromResource(namespace, service);

    kube.createExternalEndpoint(name, namespace, service, tlsPort);

    kube.getClient()
            .apps().deployments()
            .inNamespace(namespace)
            .withName(name)
            .waitUntilReady(5, TimeUnit.MINUTES);

    Thread.sleep(5000);
}