diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespace.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespace.java
index 29d269ff67..aaf326108c 100644
--- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespace.java
+++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespace.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -153,10 +153,10 @@ public class KubernetesNamespace {
throw new InfrastructureException(
format("Creating the namespace '%s' is not allowed, yet it was not found.", name));
}
- namespace = create(name, client);
+ create(name, client);
}
- label(namespace, labels);
- annotate(namespace, annotations);
+ label(client.namespaces().withName(name).get(), labels);
+ annotate(client.namespaces().withName(name).get(), annotations);
}
/**
diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceTest.java
index c31ffb0586..af083f63eb 100644
--- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceTest.java
+++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -126,9 +126,14 @@ public class KubernetesNamespaceTest {
@Test
public void testKubernetesNamespacePreparingCreationWhenNamespaceDoesNotExist() throws Exception {
// given
+ doThrow(new KubernetesClientException("error", 403, null))
+ .doReturn(namespaceOperation)
+ .doReturn(namespaceOperation)
+ .when(kubernetesClient)
+ .namespaces();
+ Resource namespaceResource = mock(Resource.class);
+ doReturn(namespaceResource).when(namespaceOperation).withName(anyString());
- Resource resource = prepareNamespaceResource(NAMESPACE);
- doThrow(new KubernetesClientException("error", 403, null)).when(resource).get();
KubernetesNamespace namespace =
new KubernetesNamespace(clientFactory, cheClientFactory, executor, NAMESPACE, WORKSPACE_ID);
@@ -232,9 +237,15 @@ public class KubernetesNamespaceTest {
@Test
public void testStopsWaitingServiceAccountEventJustAfterEventReceived() throws Exception {
+ // given
+ doThrow(new KubernetesClientException("error", 403, null))
+ .doReturn(namespaceOperation)
+ .doReturn(namespaceOperation)
+ .when(kubernetesClient)
+ .namespaces();
+ Resource namespaceResource = mock(Resource.class);
+ doReturn(namespaceResource).when(namespaceOperation).withName(anyString());
- final Resource resource = prepareNamespaceResource(NAMESPACE);
- doThrow(new KubernetesClientException("error", 403, null)).when(resource).get();
when(serviceAccountResource.get()).thenReturn(null);
doAnswer(
invocation -> {
@@ -245,8 +256,11 @@ public class KubernetesNamespaceTest {
.when(serviceAccountResource)
.watch(any());
- new KubernetesNamespace(clientFactory, cheClientFactory, executor, NAMESPACE, WORKSPACE_ID)
- .prepare(true, Map.of(), Map.of());
+ KubernetesNamespace namespace =
+ new KubernetesNamespace(clientFactory, cheClientFactory, executor, NAMESPACE, WORKSPACE_ID);
+
+ // when
+ namespace.prepare(true, Map.of(), Map.of());
verify(serviceAccountResource).get();
verify(serviceAccountResource).watch(any());
diff --git a/infrastructures/openshift/pom.xml b/infrastructures/openshift/pom.xml
index 976afbfb2d..f6ff5466ba 100644
--- a/infrastructures/openshift/pom.xml
+++ b/infrastructures/openshift/pom.xml
@@ -50,6 +50,10 @@
io.fabric8
kubernetes-model-networking
+
+ io.fabric8
+ kubernetes-model-rbac
+
io.fabric8
openshift-client
diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInfraModule.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInfraModule.java
index fd838c9320..154ded2873 100644
--- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInfraModule.java
+++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInfraModule.java
@@ -54,6 +54,7 @@ import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurato
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.PreferencesConfigMapConfigurator;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.SshKeysConfigurator;
+import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.UserPermissionConfigurator;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.UserPreferencesConfigurator;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.UserProfileConfigurator;
import org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner;
@@ -107,6 +108,7 @@ public class OpenShiftInfraModule extends AbstractModule {
Multibinder namespaceConfigurators =
Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
+ namespaceConfigurators.addBinding().to(UserPermissionConfigurator.class);
namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProject.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProject.java
index 9009ea35d3..09af9ab683 100644
--- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProject.java
+++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProject.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -14,11 +14,9 @@ package org.eclipse.che.workspace.infrastructure.openshift.project;
import static java.lang.String.format;
import com.google.common.annotations.VisibleForTesting;
-import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClientException;
import io.fabric8.openshift.api.model.Project;
import io.fabric8.openshift.api.model.ProjectRequestBuilder;
-import io.fabric8.openshift.api.model.RoleBindingBuilder;
import io.fabric8.openshift.api.model.Route;
import io.fabric8.openshift.client.OpenShiftClient;
import java.util.Map;
@@ -116,9 +114,7 @@ public class OpenShiftProject extends KubernetesNamespace {
String workspaceId = getWorkspaceId();
String projectName = getName();
- KubernetesClient kubeClient = clientFactory.create(workspaceId);
- OpenShiftClient osClient = clientFactory.createOC(workspaceId);
-
+ OpenShiftClient osClient = cheServerOpenshiftClientFactory.createOC();
Project project = get(projectName, osClient);
if (project == null) {
@@ -130,27 +126,11 @@ public class OpenShiftProject extends KubernetesNamespace {
}
if (initWithCheServerSa) {
- OpenShiftClient openshiftClient = cheServerOpenshiftClientFactory.createOC();
- create(projectName, openshiftClient);
- waitDefaultServiceAccount(projectName, openshiftClient);
- openshiftClient
- .roleBindings()
- .inNamespace(projectName)
- .createOrReplace(
- new RoleBindingBuilder()
- .withNewMetadata()
- .withName("admin")
- .endMetadata()
- .addToUserNames(osClient.currentUser().getMetadata().getName())
- .withNewRoleRef()
- .withApiVersion("rbac.authorization.k8s.io")
- .withKind("RoleBinding")
- .withName("admin")
- .endRoleRef()
- .build());
- } else {
create(projectName, osClient);
- waitDefaultServiceAccount(projectName, kubeClient);
+ waitDefaultServiceAccount(projectName, osClient);
+ } else {
+ create(projectName, clientFactory.createOC(workspaceId));
+ waitDefaultServiceAccount(projectName, clientFactory.create(workspaceId));
}
}
label(osClient.namespaces().withName(projectName).get(), labels);
@@ -167,7 +147,7 @@ public class OpenShiftProject extends KubernetesNamespace {
String workspaceId = getWorkspaceId();
String projectName = getName();
- OpenShiftClient osClient = clientFactory.createOC(workspaceId);
+ OpenShiftClient osClient = cheServerOpenshiftClientFactory.createOC(workspaceId);
try {
delete(projectName, osClient);
diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfigurator.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfigurator.java
index b3cd80391e..0f1e65dacd 100644
--- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfigurator.java
+++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfigurator.java
@@ -13,23 +13,18 @@ package org.eclipse.che.workspace.infrastructure.openshift.project.configurator;
import static com.google.common.base.Strings.isNullOrEmpty;
-import io.fabric8.kubernetes.api.model.ObjectReferenceBuilder;
+import io.fabric8.kubernetes.api.model.rbac.*;
+import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClientException;
-import io.fabric8.openshift.api.model.PolicyRuleBuilder;
-import io.fabric8.openshift.api.model.Role;
-import io.fabric8.openshift.api.model.RoleBinding;
-import io.fabric8.openshift.api.model.RoleBindingBuilder;
-import io.fabric8.openshift.api.model.RoleBuilder;
-import io.fabric8.openshift.client.OpenShiftClient;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
import org.eclipse.che.api.workspace.server.spi.NamespaceResolutionContext;
import org.eclipse.che.commons.annotation.Nullable;
+import org.eclipse.che.workspace.infrastructure.kubernetes.CheServerKubernetesClientFactory;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.CheInstallationLocation;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator;
-import org.eclipse.che.workspace.infrastructure.openshift.OpenShiftClientFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,7 +37,7 @@ import org.slf4j.LoggerFactory;
@Singleton
public class OpenShiftStopWorkspaceRoleConfigurator implements NamespaceConfigurator {
- private final OpenShiftClientFactory clientFactory;
+ private final CheServerKubernetesClientFactory cheClientFactory;
private final String installationLocation;
private final boolean stopWorkspaceRoleEnabled;
private final String oAuthIdentityProvider;
@@ -52,12 +47,12 @@ public class OpenShiftStopWorkspaceRoleConfigurator implements NamespaceConfigur
@Inject
public OpenShiftStopWorkspaceRoleConfigurator(
- OpenShiftClientFactory clientFactory,
+ CheServerKubernetesClientFactory cheClientFactory,
CheInstallationLocation installationLocation,
@Named("che.workspace.stop.role.enabled") boolean stopWorkspaceRoleEnabled,
@Nullable @Named("che.infra.openshift.oauth_identity_provider") String oAuthIdentityProvider)
throws InfrastructureException {
- this.clientFactory = clientFactory;
+ this.cheClientFactory = cheClientFactory;
this.installationLocation = installationLocation.getInstallationLocationNamespace();
this.stopWorkspaceRoleEnabled = stopWorkspaceRoleEnabled;
this.oAuthIdentityProvider = oAuthIdentityProvider;
@@ -72,19 +67,20 @@ public class OpenShiftStopWorkspaceRoleConfigurator implements NamespaceConfigur
try {
if (stopWorkspaceRoleEnabled && installationLocation != null) {
- OpenShiftClient osClient = clientFactory.createOC();
+ KubernetesClient client = cheClientFactory.create();
String stopWorkspacesRoleName = "workspace-stop";
- if (osClient.roles().inNamespace(projectName).withName(stopWorkspacesRoleName).get()
- == null) {
- osClient
- .roles()
- .inNamespace(projectName)
- .createOrReplace(createStopWorkspacesRole(stopWorkspacesRoleName));
- }
- osClient
+
+ client
+ .rbac()
+ .roles()
+ .inNamespace(projectName)
+ .createOrReplace(createStopWorkspacesRole(stopWorkspacesRoleName));
+
+ client
+ .rbac()
.roleBindings()
.inNamespace(projectName)
- .createOrReplace(createStopWorkspacesRoleBinding(projectName));
+ .createOrReplace(createStopWorkspacesRoleBinding(stopWorkspacesRoleName));
}
} catch (KubernetesClientException e) {
LOG.warn(
@@ -124,18 +120,17 @@ public class OpenShiftStopWorkspaceRoleConfigurator implements NamespaceConfigur
.build();
}
- protected RoleBinding createStopWorkspacesRoleBinding(String projectName) {
+ protected RoleBinding createStopWorkspacesRoleBinding(String name) {
return new RoleBindingBuilder()
.withNewMetadata()
- .withName("che-workspace-stop")
- .withNamespace(projectName)
+ .withName(name)
.endMetadata()
.withNewRoleRef()
- .withName("workspace-stop")
- .withNamespace(projectName)
+ .withKind("Role")
+ .withName(name)
.endRoleRef()
.withSubjects(
- new ObjectReferenceBuilder()
+ new SubjectBuilder()
.withKind("ServiceAccount")
.withName("che")
.withNamespace(installationLocation)
diff --git a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectTest.java b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectTest.java
index 1e8ad7820b..368c71472a 100644
--- a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectTest.java
+++ b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftProjectTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -26,7 +26,6 @@ import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertTrue;
-import com.google.common.collect.ImmutableList;
import io.fabric8.kubernetes.api.model.Namespace;
import io.fabric8.kubernetes.api.model.NamespaceBuilder;
import io.fabric8.kubernetes.api.model.ServiceAccount;
@@ -42,7 +41,6 @@ import io.fabric8.openshift.api.model.ProjectRequest;
import io.fabric8.openshift.api.model.ProjectRequestFluent.MetadataNested;
import io.fabric8.openshift.api.model.RoleBinding;
import io.fabric8.openshift.api.model.RoleBindingList;
-import io.fabric8.openshift.api.model.UserBuilder;
import io.fabric8.openshift.client.OpenShiftClient;
import io.fabric8.openshift.client.dsl.ProjectOperation;
import io.fabric8.openshift.client.dsl.ProjectRequestOperation;
@@ -112,6 +110,9 @@ public class OpenShiftProjectTest {
lenient().when(clientFactory.createOC(anyString())).thenReturn(openShiftClient);
lenient().when(cheServerOpenshiftClientFactory.createOC()).thenReturn(openShiftCheServerClient);
+ lenient()
+ .when(cheServerOpenshiftClientFactory.createOC(anyString()))
+ .thenReturn(openShiftCheServerClient);
lenient().when(openShiftClient.adapt(OpenShiftClient.class)).thenReturn(openShiftClient);
@@ -202,13 +203,6 @@ public class OpenShiftProjectTest {
when(namespaceOperation.withName(anyString())).thenReturn(serviceAccountResource);
when(serviceAccountResource.get()).thenReturn(mock(ServiceAccount.class));
doReturn(projectRequestOperation).when(openShiftCheServerClient).projectrequests();
- // doReturn(metadataNested).when(metadataNested).withName(anyString());
- when(openShiftCheServerClient.roleBindings()).thenReturn(mixedRoleBindingOperation);
- lenient()
- .when(mixedRoleBindingOperation.inNamespace(anyString()))
- .thenReturn(nonNamespaceRoleBindingOperation);
- when(openShiftClient.currentUser())
- .thenReturn(new UserBuilder().withNewMetadata().withName("user").endMetadata().build());
// when
openShiftProject.prepare(true, true, Map.of(), Map.of());
@@ -218,46 +212,6 @@ public class OpenShiftProjectTest {
Assert.assertEquals(captor.getValue().getMetadata().getName(), PROJECT_NAME);
verifyNoMoreInteractions(openShiftCheServerClient);
verifyNoMoreInteractions(kubernetesClient);
- ArgumentCaptor roleBindingArgumentCaptor =
- ArgumentCaptor.forClass(RoleBinding.class);
- verify(nonNamespaceRoleBindingOperation).createOrReplace(roleBindingArgumentCaptor.capture());
- assertNotNull(roleBindingArgumentCaptor.getValue());
- }
-
- @Test(dependsOnMethods = "testOpenShiftProjectPreparingWhenProjectDoesNotExistWithCheServerSA")
- public void testOpenShiftProjectPreparingRoleBindingWhenProjectDoesNotExistWithCheServerSA()
- throws Exception {
- // given
- prepareNamespaceGet(PROJECT_NAME);
-
- Resource resource = prepareProjectResource(PROJECT_NAME);
- doThrow(new KubernetesClientException("error", 403, null)).when(resource).get();
- final MixedOperation mixedOperation = mock(MixedOperation.class);
- final NonNamespaceOperation namespaceOperation = mock(NonNamespaceOperation.class);
- doReturn(mixedOperation).when(openShiftCheServerClient).serviceAccounts();
- when(mixedOperation.inNamespace(anyString())).thenReturn(namespaceOperation);
- when(namespaceOperation.withName(anyString())).thenReturn(serviceAccountResource);
- when(serviceAccountResource.get()).thenReturn(mock(ServiceAccount.class));
- doReturn(projectRequestOperation).when(openShiftCheServerClient).projectrequests();
- // doReturn(metadataNested).when(metadataNested).withName(anyString());
- when(openShiftCheServerClient.roleBindings()).thenReturn(mixedRoleBindingOperation);
- lenient()
- .when(mixedRoleBindingOperation.inNamespace(anyString()))
- .thenReturn(nonNamespaceRoleBindingOperation);
- when(openShiftClient.currentUser())
- .thenReturn(new UserBuilder().withNewMetadata().withName("jdoe").endMetadata().build());
- // when
- openShiftProject.prepare(true, true, Map.of(), Map.of());
-
- // then
- ArgumentCaptor roleBindingArgumentCaptor =
- ArgumentCaptor.forClass(RoleBinding.class);
- verify(nonNamespaceRoleBindingOperation).createOrReplace(roleBindingArgumentCaptor.capture());
- RoleBinding roleBinding = roleBindingArgumentCaptor.getValue();
- assertNotNull(roleBinding);
- assertEquals(roleBinding.getMetadata().getName(), "admin");
- assertEquals(roleBinding.getRoleRef().getName(), "admin");
- assertEquals(roleBinding.getUserNames(), ImmutableList.of("jdoe"));
}
@Test(expectedExceptions = InfrastructureException.class)
@@ -596,13 +550,13 @@ public class OpenShiftProjectTest {
ProjectOperation projectOperation = mock(ProjectOperation.class);
doReturn(projectResource).when(projectOperation).withName(projectName);
- doReturn(projectOperation).when(openShiftClient).projects();
+ doReturn(projectOperation).when(openShiftCheServerClient).projects();
when(projectResource.get())
.thenReturn(
new ProjectBuilder().withNewMetadata().withName(projectName).endMetadata().build());
- openShiftClient.projects().withName(projectName).get();
+ openShiftCheServerClient.projects().withName(projectName).get();
return projectResource;
}
@@ -611,7 +565,7 @@ public class OpenShiftProjectTest {
new NamespaceBuilder().withNewMetadata().withName(namespaceName).endMetadata().build();
NonNamespaceOperation nsOperation = mock(NonNamespaceOperation.class);
- doReturn(nsOperation).when(openShiftClient).namespaces();
+ doReturn(nsOperation).when(openShiftCheServerClient).namespaces();
Resource nsResource = mock(Resource.class);
doReturn(nsResource).when(nsOperation).withName(namespaceName);
diff --git a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfiguratorTest.java b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfiguratorTest.java
index e59f0888bc..6e8af087d2 100644
--- a/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfiguratorTest.java
+++ b/infrastructures/openshift/src/test/java/org/eclipse/che/workspace/infrastructure/openshift/project/configurator/OpenShiftStopWorkspaceRoleConfiguratorTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2021 Red Hat, Inc.
+ * Copyright (c) 2012-2022 Red Hat, Inc.
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -20,22 +20,15 @@ import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
-import io.fabric8.kubernetes.api.model.ObjectReferenceBuilder;
+import io.fabric8.kubernetes.api.model.rbac.*;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.dsl.MixedOperation;
import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
+import io.fabric8.kubernetes.client.dsl.RbacAPIGroupDSL;
import io.fabric8.kubernetes.client.dsl.Resource;
-import io.fabric8.openshift.api.model.PolicyRuleBuilder;
-import io.fabric8.openshift.api.model.Role;
-import io.fabric8.openshift.api.model.RoleBinding;
-import io.fabric8.openshift.api.model.RoleBindingBuilder;
-import io.fabric8.openshift.api.model.RoleBindingList;
-import io.fabric8.openshift.api.model.RoleBuilder;
-import io.fabric8.openshift.api.model.RoleList;
-import io.fabric8.openshift.client.OpenShiftClient;
import org.eclipse.che.api.workspace.server.spi.InfrastructureException;
+import org.eclipse.che.workspace.infrastructure.kubernetes.CheServerKubernetesClientFactory;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.CheInstallationLocation;
-import org.eclipse.che.workspace.infrastructure.openshift.OpenShiftClientFactory;
import org.mockito.Mock;
import org.mockito.testng.MockitoTestNGListener;
import org.testng.annotations.BeforeMethod;
@@ -54,9 +47,8 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
@Mock private CheInstallationLocation cheInstallationLocation;
private OpenShiftStopWorkspaceRoleConfigurator stopWorkspaceRoleProvisioner;
- @Mock private OpenShiftClientFactory clientFactory;
- @Mock private OpenShiftClient osClient;
- @Mock private KubernetesClient kubernetesClient;
+ @Mock private CheServerKubernetesClientFactory cheClientFactory;
+ @Mock private KubernetesClient client;
@Mock private MixedOperation> mixedRoleOperation;
@@ -74,6 +66,7 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
@Mock private Resource roleBindingResource;
@Mock private Role mockRole;
@Mock private RoleBinding mockRoleBinding;
+ @Mock private RbacAPIGroupDSL rbacAPIGroupDSL;
private final Role expectedRole =
new RoleBuilder()
@@ -106,15 +99,14 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
private final RoleBinding expectedRoleBinding =
new RoleBindingBuilder()
.withNewMetadata()
- .withName("che-workspace-stop")
- .withNamespace("developer-che")
+ .withName("workspace-stop")
.endMetadata()
.withNewRoleRef()
+ .withKind("Role")
.withName("workspace-stop")
- .withNamespace("developer-che")
.endRoleRef()
.withSubjects(
- new ObjectReferenceBuilder()
+ new SubjectBuilder()
.withKind("ServiceAccount")
.withName("che")
.withNamespace("che")
@@ -126,10 +118,11 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
lenient().when(cheInstallationLocation.getInstallationLocationNamespace()).thenReturn("che");
stopWorkspaceRoleProvisioner =
new OpenShiftStopWorkspaceRoleConfigurator(
- clientFactory, cheInstallationLocation, true, "yes");
- lenient().when(clientFactory.createOC()).thenReturn(osClient);
- lenient().when(osClient.roles()).thenReturn(mixedRoleOperation);
- lenient().when(osClient.roleBindings()).thenReturn(mixedRoleBindingOperation);
+ cheClientFactory, cheInstallationLocation, true, "yes");
+ lenient().when(cheClientFactory.create()).thenReturn(client);
+ lenient().when(client.rbac()).thenReturn(rbacAPIGroupDSL);
+ lenient().when(rbacAPIGroupDSL.roles()).thenReturn(mixedRoleOperation);
+ lenient().when(rbacAPIGroupDSL.roleBindings()).thenReturn(mixedRoleBindingOperation);
lenient()
.when(mixedRoleOperation.inNamespace(anyString()))
.thenReturn(nonNamespaceRoleOperation);
@@ -156,7 +149,7 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
@Test
public void shouldCreateRoleBinding() throws InfrastructureException {
assertEquals(
- stopWorkspaceRoleProvisioner.createStopWorkspacesRoleBinding("developer-che"),
+ stopWorkspaceRoleProvisioner.createStopWorkspacesRoleBinding("workspace-stop"),
expectedRoleBinding);
}
@@ -164,24 +157,8 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
public void shouldCreateRoleAndRoleBindingWhenRoleDoesNotYetExist()
throws InfrastructureException {
stopWorkspaceRoleProvisioner.configure(null, "developer-che");
- verify(osClient, times(2)).roles();
- verify(osClient.roles(), times(2)).inNamespace("developer-che");
- verify(osClient.roles().inNamespace("developer-che")).withName("workspace-stop");
- verify(osClient.roles().inNamespace("developer-che")).createOrReplace(expectedRole);
- verify(osClient).roleBindings();
- verify(osClient.roleBindings()).inNamespace("developer-che");
- verify(osClient.roleBindings().inNamespace("developer-che"))
- .createOrReplace(expectedRoleBinding);
- }
-
- @Test
- public void shouldCreateRoleBindingWhenRoleAlreadyExists() throws InfrastructureException {
- lenient().when(roleResource.get()).thenReturn(expectedRole);
- stopWorkspaceRoleProvisioner.configure(null, "developer-che");
- verify(osClient, times(1)).roles();
- verify(osClient).roleBindings();
- verify(osClient.roleBindings()).inNamespace("developer-che");
- verify(osClient.roleBindings().inNamespace("developer-che"))
+ verify(client.rbac().roles().inNamespace("developer-che")).createOrReplace(expectedRole);
+ verify(client.rbac().roleBindings().inNamespace("developer-che"))
.createOrReplace(expectedRoleBinding);
}
@@ -190,11 +167,9 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
throws InfrastructureException {
OpenShiftStopWorkspaceRoleConfigurator disabledStopWorkspaceRoleProvisioner =
new OpenShiftStopWorkspaceRoleConfigurator(
- clientFactory, cheInstallationLocation, false, "yes");
+ cheClientFactory, cheInstallationLocation, false, "yes");
disabledStopWorkspaceRoleProvisioner.configure(null, "developer-che");
- verify(osClient, never()).roles();
- verify(osClient, never()).roleBindings();
- verify(osClient.roleBindings(), never()).inNamespace("developer-che");
+ verify(client, never()).rbac();
}
@Test
@@ -204,11 +179,9 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
OpenShiftStopWorkspaceRoleConfigurator
stopWorkspaceRoleProvisionerWithoutValidInstallationLocation =
new OpenShiftStopWorkspaceRoleConfigurator(
- clientFactory, cheInstallationLocation, true, "yes");
+ cheClientFactory, cheInstallationLocation, true, "yes");
stopWorkspaceRoleProvisionerWithoutValidInstallationLocation.configure(null, "developer-che");
- verify(osClient, never()).roles();
- verify(osClient, never()).roleBindings();
- verify(osClient.roleBindings(), never()).inNamespace("developer-che");
+ verify(client, never()).rbac();
}
@Test
@@ -217,10 +190,10 @@ public class OpenShiftStopWorkspaceRoleConfiguratorTest {
when(cheInstallationLocation.getInstallationLocationNamespace()).thenReturn("something");
OpenShiftStopWorkspaceRoleConfigurator configurator =
new OpenShiftStopWorkspaceRoleConfigurator(
- clientFactory, cheInstallationLocation, true, null);
+ cheClientFactory, cheInstallationLocation, true, null);
configurator.configure(null, "something");
- verify(clientFactory, times(0)).createOC();
+ verify(cheClientFactory, times(0)).create();
}
}