Skip to content

Commit

Permalink
feat (kubernetes-client) : Add DSL entrypoints for Kubernetes 1.28.2 …
Browse files Browse the repository at this point in the history
…resources (fabric8io#5401)

Add KubernetesClient DSL entrypoints for these resources:
- admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicy `client.admissionRegistration().v1beta1().validatingAdmissionPolicies()`
- admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicyBinding `client.admissionRegistration().v1beta1().validatingAdmissionPolicyBindings()`
- authentication.k8s.io/v1 SelfSubjectReview `client.authentication().v1().selfSubjectReviews()`

Signed-off-by: Rohan Kumar <[email protected]>
  • Loading branch information
rohanKanojia committed Sep 25, 2023
1 parent 6ab9aaa commit ab9660d
Show file tree
Hide file tree
Showing 10 changed files with 630 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

#### Dependency Upgrade
* Fix #5373: Gradle base API based on v8.2.1
* Fix #5401: Upgrade Fabric8 Kubernetes Model to Kubernetes v1.28.2

#### New Features

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package io.fabric8.kubernetes.client;

import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview;
import io.fabric8.kubernetes.api.model.authentication.TokenReview;
import io.fabric8.kubernetes.client.dsl.InOutCreateable;

Expand All @@ -25,4 +26,15 @@ public interface V1AuthenticationAPIGroupDSL extends Client {
* @return InOutCreateable instance for creating TokenReview object
*/
InOutCreateable<TokenReview, TokenReview> tokenReviews();

/**
* API for creating authentication.k8s.io/v1 SelfSubjectReview
* <p>
* SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
* When using impersonation, users will receive the user info of the user being impersonated. If impersonation or
* request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
* </p>
* @return InOutCreateable instance for creating SelfSubjectReview object
*/
InOutCreateable<SelfSubjectReview, SelfSubjectReview> selfSubjectReviews();
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@

import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfiguration;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfigurationList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfigurationList;
import io.fabric8.kubernetes.client.dsl.MixedOperation;
Expand All @@ -27,4 +31,22 @@ public interface V1beta1AdmissionRegistrationAPIGroupDSL extends Client {
MixedOperation<ValidatingWebhookConfiguration, ValidatingWebhookConfigurationList, Resource<ValidatingWebhookConfiguration>> validatingWebhookConfigurations();

NonNamespaceOperation<MutatingWebhookConfiguration, MutatingWebhookConfigurationList, Resource<MutatingWebhookConfiguration>> mutatingWebhookConfigurations();

/**
* API entrypoint for admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicy
* <p>
* ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or
* rejects an object without changing it.
* </p>
* @return NonNamespaceOperation for ValidatingAdmissionPolicy
*/
NonNamespaceOperation<ValidatingAdmissionPolicy, ValidatingAdmissionPolicyList, Resource<ValidatingAdmissionPolicy>> validatingAdmissionPolicies();
/**
* API entrypoint for admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicyBinding
* <p>
* ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
* </p>
* @return NonNamespaceOperation for ValidatingAdmissionPolicyBinding
*/
NonNamespaceOperation<ValidatingAdmissionPolicyBinding, ValidatingAdmissionPolicyBindingList, Resource<ValidatingAdmissionPolicyBinding>> validatingAdmissionPolicyBindings();
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
*/
package io.fabric8.kubernetes.client.impl;

import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview;
import io.fabric8.kubernetes.api.model.authentication.TokenReview;
import io.fabric8.kubernetes.client.V1AuthenticationAPIGroupDSL;
import io.fabric8.kubernetes.client.dsl.InOutCreateable;
Expand All @@ -27,6 +28,11 @@ public InOutCreateable<TokenReview, TokenReview> tokenReviews() {
return getClient().adapt(BaseClient.class).getHandlers().getNonListingOperation(TokenReview.class, this);
}

@Override
public InOutCreateable<SelfSubjectReview, SelfSubjectReview> selfSubjectReviews() {
return getClient().adapt(BaseClient.class).getHandlers().getNonListingOperation(SelfSubjectReview.class, this);
}

@Override
public V1AuthenticationAPIGroupClient newInstance() {
return new V1AuthenticationAPIGroupClient();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@

import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfiguration;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfigurationList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfigurationList;
import io.fabric8.kubernetes.client.V1beta1AdmissionRegistrationAPIGroupDSL;
Expand All @@ -38,6 +42,16 @@ public NonNamespaceOperation<MutatingWebhookConfiguration, MutatingWebhookConfig
return resources(MutatingWebhookConfiguration.class, MutatingWebhookConfigurationList.class);
}

@Override
public NonNamespaceOperation<ValidatingAdmissionPolicy, ValidatingAdmissionPolicyList, Resource<io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy>> validatingAdmissionPolicies() {
return resources(ValidatingAdmissionPolicy.class, ValidatingAdmissionPolicyList.class);
}

@Override
public NonNamespaceOperation<ValidatingAdmissionPolicyBinding, ValidatingAdmissionPolicyBindingList, Resource<ValidatingAdmissionPolicyBinding>> validatingAdmissionPolicyBindings() {
return resources(ValidatingAdmissionPolicyBinding.class, ValidatingAdmissionPolicyBindingList.class);
}

@Override
public V1beta1AdmissionRegistrationAPIGroupClient newInstance() {
return new V1beta1AdmissionRegistrationAPIGroupClient();
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
/**
* Copyright (C) 2015 Red Hat, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.fabric8.kubernetes.client.mock;

import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview;
import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReviewBuilder;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient;
import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer;
import org.junit.jupiter.api.Test;

import java.util.Arrays;
import java.util.List;

import static java.net.HttpURLConnection.HTTP_CREATED;
import static org.assertj.core.api.AssertionsForClassTypes.assertThat;

@EnableKubernetesMockClient
class V1SelfSubjectReviewTest {
private KubernetesClient client;
private KubernetesMockServer server;

@Test
void create_whenInvoked_shouldReturnObjectWithUpdatedStatus() {
// Given
SelfSubjectReview ssr = new SelfSubjectReview();
server.expect().post()
.withPath("/apis/authentication.k8s.io/v1/selfsubjectreviews")
.andReturn(HTTP_CREATED, createNewSelfSubjectReview(Arrays.asList("system:masters", "system:authenticated")))
.once();

// When
SelfSubjectReview result = client.authentication().v1().selfSubjectReviews().create(ssr);

// Then
assertThat(result)
.isNotNull()
.hasFieldOrPropertyWithValue("status.userInfo.username", "kubernetes-admin")
.hasFieldOrPropertyWithValue("status.userInfo.groups", Arrays.asList("system:masters", "system:authenticated"));
}

private SelfSubjectReview createNewSelfSubjectReview(List<String> groups) {
return new SelfSubjectReviewBuilder()
.withNewStatus()
.withNewUserInfo()
.withUsername("kubernetes-admin")
.withGroups(groups)
.endUserInfo()
.endStatus()
.build();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
/**
* Copyright (C) 2015 Red Hat, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.fabric8.kubernetes.client.mock;

import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingBuilder;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList;
import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingListBuilder;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient;
import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer;
import org.assertj.core.api.AssertionsForClassTypes;
import org.junit.jupiter.api.Test;

import java.net.HttpURLConnection;
import java.util.List;

import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;

@EnableKubernetesMockClient
class V1beta1ValidatingAdmissionPolicyBindingTest {

private KubernetesMockServer server;
private KubernetesClient client;

@Test
void load() {
List<HasMetadata> items = client.load(getClass().getResourceAsStream("/test-v1beta1-validatingadmissionpolicybinding.yml"))
.items();
assertThat(items).isNotNull().hasSize(1);
AssertionsForClassTypes.assertThat(items.get(0))
.isInstanceOf(ValidatingAdmissionPolicyBinding.class)
.hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
}

@Test
void get() {
// Given
server.expect().get()
.withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings/demo-binding-test.example.com")
.andReturn(HttpURLConnection.HTTP_OK, createValidatingAdmissionPolicyBinding())
.once();

// When
ValidatingAdmissionPolicyBinding validatingAdmissionPolicyBinding = client.admissionRegistration().v1beta1()
.validatingAdmissionPolicyBindings().withName("demo-binding-test.example.com").get();

// Then
AssertionsForClassTypes.assertThat(validatingAdmissionPolicyBinding)
.isNotNull()
.hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
}

@Test
void list() {
// Given
server.expect().get().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings")
.andReturn(HttpURLConnection.HTTP_OK, new ValidatingAdmissionPolicyBindingListBuilder()
.addToItems(createValidatingAdmissionPolicyBinding())
.build())
.once();

// When
ValidatingAdmissionPolicyBindingList flowSchemas = client.admissionRegistration().v1beta1()
.validatingAdmissionPolicyBindings().list();

// Then
AssertionsForClassTypes.assertThat(flowSchemas).isNotNull();
assertThat(flowSchemas.getItems()).hasSize(1);
AssertionsForClassTypes.assertThat(flowSchemas.getItems().get(0))
.hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
}

@Test
void create() {
// Given
ValidatingAdmissionPolicyBinding validatingAdmissionPolicyBinding = createValidatingAdmissionPolicyBinding();
server.expect().post().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings")
.andReturn(HttpURLConnection.HTTP_OK, validatingAdmissionPolicyBinding)
.once();

// When
ValidatingAdmissionPolicyBinding createdValidatingAdmissionPolicyBinding = client.admissionRegistration().v1beta1()
.validatingAdmissionPolicyBindings().resource(validatingAdmissionPolicyBinding).create();

// Then
AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicyBinding).isNotNull();
AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicyBinding)
.hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
}

@Test
void delete() {
// Given
ValidatingAdmissionPolicyBinding flowSchema = createValidatingAdmissionPolicyBinding();
server.expect().delete()
.withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings/demo-binding-test.example.com")
.andReturn(HttpURLConnection.HTTP_OK, flowSchema)
.once();

// When
boolean isDeleted = client.admissionRegistration().v1beta1().validatingAdmissionPolicyBindings()
.withName("demo-binding-test.example.com").delete().size() == 1;

// Then
AssertionsForClassTypes.assertThat(isDeleted).isTrue();
}

private ValidatingAdmissionPolicyBinding createValidatingAdmissionPolicyBinding() {
return new ValidatingAdmissionPolicyBindingBuilder()
.withNewMetadata().withName("demo-binding-test.example.com").endMetadata()
.withNewSpec()
.withPolicyName("demo-policy.example.com")
.withNewMatchResources()
.withNewNamespaceSelector()
.addNewMatchExpression()
.withKey("environment")
.withOperator("In")
.withValues("test")
.endMatchExpression()
.endNamespaceSelector()
.endMatchResources()
.endSpec()
.build();
}
}
Loading

0 comments on commit ab9660d

Please sign in to comment.