io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder Java Examples
The following examples show how to use
io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 7 votes |
|
private RoleBinding createExecRoleBinding() {
return new RoleBindingBuilder()
.withNewMetadata()
.withName(serviceAccountName + "-exec")
.withNamespace(namespace)
.endMetadata()
.withNewRoleRef()
.withKind("Role")
.withName("exec")
.endRoleRef()
.withSubjects(
new SubjectBuilder()
.withKind("ServiceAccount")
.withName(serviceAccountName)
.withNamespace(namespace)
.build())
.build();
}
Example #2
| Source File: AddRoleBindingResourceDecorator.java From dekorate with Apache License 2.0 | 6 votes |
|
public void visit(KubernetesListBuilder list) {
ObjectMeta meta = getMandatoryDeploymentMetadata(list);
String name = Strings.isNotNullOrEmpty(this.name) ? this.name : meta.getName() + ":view";
String serviceAccount = Strings.isNotNullOrEmpty(this.serviceAccount) ? this.serviceAccount : meta.getName();
list.addToItems(new RoleBindingBuilder()
.withNewMetadata()
.withName(name)
.withLabels(meta.getLabels())
.endMetadata()
.withNewRoleRef()
.withKind(kind.name())
.withName(role)
.withApiGroup(DEFAULT_RBAC_API_GROUP)
.endRoleRef()
.addNewSubject()
.withKind("ServiceAccount")
.withName(serviceAccount)
.endSubject());
}
Example #3
| Source File: EntityUserOperator.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
public RoleBinding generateRoleBinding(String namespace, String watchedNamespace) {
Subject ks = new SubjectBuilder()
.withKind("ServiceAccount")
.withName(EntityOperator.entityOperatorServiceAccountName(cluster))
.withNamespace(namespace)
.build();
RoleRef roleRef = new RoleRefBuilder()
.withName(EntityOperator.EO_CLUSTER_ROLE_NAME)
.withApiGroup("rbac.authorization.k8s.io")
.withKind("ClusterRole")
.build();
RoleBinding rb = new RoleBindingBuilder()
.withNewMetadata()
.withName(roleBindingName(cluster))
.withNamespace(watchedNamespace)
.withOwnerReferences(createOwnerReference())
.withLabels(labels.toMap())
.endMetadata()
.withRoleRef(roleRef)
.withSubjects(singletonList(ks))
.build();
return rb;
}
Example #4
| Source File: EntityTopicOperator.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
public RoleBinding generateRoleBinding(String namespace, String watchedNamespace) {
Subject ks = new SubjectBuilder()
.withKind("ServiceAccount")
.withName(EntityOperator.entityOperatorServiceAccountName(cluster))
.withNamespace(namespace)
.build();
RoleRef roleRef = new RoleRefBuilder()
.withName(EntityOperator.EO_CLUSTER_ROLE_NAME)
.withApiGroup("rbac.authorization.k8s.io")
.withKind("ClusterRole")
.build();
RoleBinding rb = new RoleBindingBuilder()
.withNewMetadata()
.withName(roleBindingName(cluster))
.withNamespace(watchedNamespace)
.withOwnerReferences(createOwnerReference())
.withLabels(labels.toMap())
.endMetadata()
.withRoleRef(roleRef)
.withSubjects(singletonList(ks))
.build();
return rb;
}
Example #5
| Source File: RoleBindingOperatorIT.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
@Override
protected RoleBinding getOriginal() {
Subject ks = new SubjectBuilder()
.withKind("ServiceAccount")
.withName("my-service-account")
.withNamespace("my-namespace")
.build();
RoleRef roleRef = new RoleRefBuilder()
.withName("my-cluster-role")
.withApiGroup("rbac.authorization.k8s.io")
.withKind("ClusterRole")
.build();
return new RoleBindingBuilder()
.withNewMetadata()
.withName(RESOURCE_NAME)
.withNamespace(namespace)
.withLabels(singletonMap("state", "new"))
.endMetadata()
.withSubjects(ks)
.withRoleRef(roleRef)
.build();
}
Example #6
| Source File: RoleBindingOperatorIT.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
@Override
protected RoleBinding getModified() {
Subject ks = new SubjectBuilder()
.withKind("ServiceAccount")
.withName("my-service-account2")
.withNamespace("my-namespace2")
.build();
// RoleRef cannot be changed
RoleRef roleRef = new RoleRefBuilder()
.withName("my-cluster-role")
.withApiGroup("rbac.authorization.k8s.io")
.withKind("ClusterRole")
.build();
return new RoleBindingBuilder()
.withNewMetadata()
.withName(RESOURCE_NAME)
.withNamespace(namespace)
.withLabels(singletonMap("state", "modified"))
.endMetadata()
.withSubjects(ks)
.withRoleRef(roleRef)
.build();
}
Example #7
| Source File: RoleBindingOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
@Override
protected RoleBinding resource() {
Subject ks = new SubjectBuilder()
.withKind("ServiceAccount")
.withName("some-service-account")
.withNamespace(NAMESPACE)
.build();
RoleRef roleRef = new RoleRefBuilder()
.withName("some-role")
.withApiGroup("rbac.authorization.k8s.io")
.withKind("ClusterRole")
.build();
return new RoleBindingBuilder()
.withNewMetadata()
.withName(RESOURCE_NAME)
.withNamespace(NAMESPACE)
.withLabels(singletonMap("foo", "bar"))
.endMetadata()
.withRoleRef(roleRef)
.withSubjects(singletonList(ks))
.build();
}
Example #8
| Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 6 votes |
|
private RoleBinding createViewRoleBinding() {
return new RoleBindingBuilder()
.withNewMetadata()
.withName(serviceAccountName + "-view")
.withNamespace(namespace)
.endMetadata()
.withNewRoleRef()
.withKind("Role")
.withName("workspace-view")
.endRoleRef()
.withSubjects(
new SubjectBuilder()
.withKind("ServiceAccount")
.withName(serviceAccountName)
.withNamespace(namespace)
.build())
.build();
}
Example #9
| Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 6 votes |
|
private RoleBinding createCustomRoleBinding(String clusterRoleName) {
return new RoleBindingBuilder()
.withNewMetadata()
.withName(serviceAccountName + "-custom")
.withNamespace(namespace)
.endMetadata()
.withNewRoleRef()
.withKind("ClusterRole")
.withName(clusterRoleName)
.endRoleRef()
.withSubjects(
new SubjectBuilder()
.withKind("ServiceAccount")
.withName(serviceAccountName)
.withNamespace(namespace)
.build())
.build();
}
Example #10
| Source File: RoleBindingTest.java From kubernetes-client with Apache License 2.0 | 5 votes |
|
@Test
public void kubernetesRoleBuilderTest() throws Exception {
// given
final String originalJson = Helper.loadJson("/valid-roleBinding.json");
// when
RoleBinding kubernetesRoleBinding = new RoleBindingBuilder()
.withNewMetadata()
.withName("read-jobs")
.withNamespace("default")
.endMetadata()
.addToSubjects(0, new SubjectBuilder()
.withApiGroup("rbac.authorization.k8s.io")
.withKind("User")
.withName("jane")
.withNamespace("default")
.build()
)
.withRoleRef(new RoleRefBuilder()
.withApiGroup("rbac.authorization.k8s.io")
.withKind("Role")
.withName("job-reader")
.build()
)
.build();
final String serializedJson = mapper.writeValueAsString(kubernetesRoleBinding);
// then
assertThatJson(serializedJson).when(IGNORING_ARRAY_ORDER, TREATING_NULL_AS_ABSENT, IGNORING_EXTRA_FIELDS)
.isEqualTo(originalJson);
}
Example #11
| Source File: RoleBindingIT.java From kubernetes-client with Apache License 2.0 | 5 votes |
|
@Before
public void init() {
currentNamespace = session.getNamespace();
roleBinding = new RoleBindingBuilder()
.withNewMetadata()
.withName("read-jobs")
.withLabels(Collections.singletonMap("type", "io.fabric8.roleBindingIT"))
.endMetadata()
.addToSubjects(0, new SubjectBuilder()
.withApiGroup("rbac.authorization.k8s.io")
.withKind("User")
.withName("jane")
.withNamespace("default")
.build()
)
.withRoleRef(new RoleRefBuilder()
.withApiGroup("rbac.authorization.k8s.io")
.withKind("Role")
.withName("job-reader")
.build()
)
.build();
client.rbac().roleBindings().inNamespace(currentNamespace).createOrReplace(roleBinding);
}
Example #12
| Source File: SystemtestsKubernetesApps.java From enmasse with Apache License 2.0 | 4 votes |
|
public static void deployAMQBroker(String namespace, String name, String user, String password, BrokerCertBundle certBundle) throws Exception {
kube.createNamespace(namespace);
kube.getClient().rbac().roles().inNamespace(namespace).createOrReplace(new RoleBuilder()
.withNewMetadata()
.withName(name)
.withNamespace(namespace)
.endMetadata()
.withRules(new PolicyRuleBuilder()
.addToApiGroups("")
.addToResources("secrets")
.addToResourceNames(name)
.addToVerbs("get")
.build())
.build());
kube.getClient().rbac().roleBindings().inNamespace(namespace).createOrReplace(new RoleBindingBuilder()
.withNewMetadata()
.withName(name)
.withNamespace(namespace)
.endMetadata()
.withNewRoleRef("rbac.authorization.k8s.io", "Role", name)
.withSubjects(new SubjectBuilder()
.withKind("ServiceAccount")
.withName("address-space-controller")
.withNamespace(kube.getInfraNamespace())
.build())
.build());
kube.createSecret(namespace, getBrokerSecret(name, certBundle, user, password));
kube.createDeploymentFromResource(namespace, getBrokerDeployment(name, user, password), 3, TimeUnit.MINUTES);
ServicePort tlsPort = new ServicePortBuilder()
.withName("amqps")
.withPort(5671)
.withTargetPort(new IntOrString(5671))
.build();
ServicePort mutualTlsPort = new ServicePortBuilder()
.withName("amqpsmutual")
.withPort(55671)
.withTargetPort(new IntOrString(55671))
.build();
Service service = getSystemtestsServiceResource(name, name, new ServicePortBuilder()
.withName("amqp")
.withPort(5672)
.withTargetPort(new IntOrString(5672))
.build(),
tlsPort,
mutualTlsPort);
kube.createServiceFromResource(namespace, service);
kube.createExternalEndpoint(name, namespace, service, tlsPort);
kube.getClient()
.apps().deployments()
.inNamespace(namespace)
.withName(name)
.waitUntilReady(5, TimeUnit.MINUTES);
Thread.sleep(5000);
}
