From de558aaf40ca782b9edfbf47498b682e7ca905ea Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Mon, 25 Sep 2023 13:10:32 +0530 Subject: [PATCH] feat (kubernetes-client) : Add DSL entrypoints for Kubernetes 1.28.2 resources (#5401) Add KubernetesClient DSL entrypoints for these resources: - admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicy `client.admissionRegistration().v1beta1().validatingAdmissionPolicies()` - admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicyBinding `client.admissionRegistration().v1beta1().validatingAdmissionPolicyBindings()` - authentication.k8s.io/v1 SelfSubjectReview `client.authentication().v1().selfSubjectReviews()` Signed-off-by: Rohan Kumar --- CHANGELOG.md | 1 + .../client/V1AuthenticationAPIGroupDSL.java | 3 + ...beta1AdmissionRegistrationAPIGroupDSL.java | 8 + .../impl/V1AuthenticationAPIGroupClient.java | 6 + ...a1AdmissionRegistrationAPIGroupClient.java | 14 ++ .../client/mock/V1SelfSubjectReviewTest.java | 65 ++++++++ ...1ValidatingAdmissionPolicyBindingTest.java | 140 ++++++++++++++++++ .../V1beta1ValidatingAdmissionPolicyTest.java | 138 +++++++++++++++++ ...test-v1beta1-validatingadmissionpolicy.yml | 124 ++++++++++++++++ ...beta1-validatingadmissionpolicybinding.yml | 108 ++++++++++++++ 10 files changed, 607 insertions(+) create mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SelfSubjectReviewTest.java create mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyBindingTest.java create mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyTest.java create mode 100644 kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicy.yml create mode 100644 kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicybinding.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 60f80987a0a..d07a3a3918f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ #### Dependency Upgrade * Fix #5373: Gradle base API based on v8.2.1 +* Fix #5401: Upgrade Fabric8 Kubernetes Model to Kubernetes v1.28.2 #### New Features diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1AuthenticationAPIGroupDSL.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1AuthenticationAPIGroupDSL.java index 88afab62007..2a78caaa0c5 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1AuthenticationAPIGroupDSL.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1AuthenticationAPIGroupDSL.java @@ -15,6 +15,7 @@ */ package io.fabric8.kubernetes.client; +import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview; import io.fabric8.kubernetes.api.model.authentication.TokenReview; import io.fabric8.kubernetes.client.dsl.InOutCreateable; @@ -25,4 +26,6 @@ public interface V1AuthenticationAPIGroupDSL extends Client { * @return InOutCreateable instance for creating TokenReview object */ InOutCreateable tokenReviews(); + + InOutCreateable selfSubjectReviews(); } diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1beta1AdmissionRegistrationAPIGroupDSL.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1beta1AdmissionRegistrationAPIGroupDSL.java index e35f5d04534..92d439cc05a 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1beta1AdmissionRegistrationAPIGroupDSL.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1beta1AdmissionRegistrationAPIGroupDSL.java @@ -17,6 +17,10 @@ import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfiguration; import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfigurationList; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList; import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration; import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfigurationList; import io.fabric8.kubernetes.client.dsl.MixedOperation; @@ -27,4 +31,8 @@ public interface V1beta1AdmissionRegistrationAPIGroupDSL extends Client { MixedOperation> validatingWebhookConfigurations(); NonNamespaceOperation> mutatingWebhookConfigurations(); + + NonNamespaceOperation> validatingAdmissionPolicies(); + + NonNamespaceOperation> validatingAdmissionPolicyBindings(); } diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1AuthenticationAPIGroupClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1AuthenticationAPIGroupClient.java index 4240dfc0809..170763ece0c 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1AuthenticationAPIGroupClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1AuthenticationAPIGroupClient.java @@ -15,6 +15,7 @@ */ package io.fabric8.kubernetes.client.impl; +import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview; import io.fabric8.kubernetes.api.model.authentication.TokenReview; import io.fabric8.kubernetes.client.V1AuthenticationAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.InOutCreateable; @@ -27,6 +28,11 @@ public InOutCreateable tokenReviews() { return getClient().adapt(BaseClient.class).getHandlers().getNonListingOperation(TokenReview.class, this); } + @Override + public InOutCreateable selfSubjectReviews() { + return getClient().adapt(BaseClient.class).getHandlers().getNonListingOperation(SelfSubjectReview.class, this); + } + @Override public V1AuthenticationAPIGroupClient newInstance() { return new V1AuthenticationAPIGroupClient(); diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1beta1AdmissionRegistrationAPIGroupClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1beta1AdmissionRegistrationAPIGroupClient.java index 068457d2700..49df58bd7a1 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1beta1AdmissionRegistrationAPIGroupClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1beta1AdmissionRegistrationAPIGroupClient.java @@ -17,6 +17,10 @@ import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfiguration; import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfigurationList; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList; import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration; import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfigurationList; import io.fabric8.kubernetes.client.V1beta1AdmissionRegistrationAPIGroupDSL; @@ -38,6 +42,16 @@ public NonNamespaceOperation> validatingAdmissionPolicies() { + return resources(ValidatingAdmissionPolicy.class, ValidatingAdmissionPolicyList.class); + } + + @Override + public NonNamespaceOperation> validatingAdmissionPolicyBindings() { + return resources(ValidatingAdmissionPolicyBinding.class, ValidatingAdmissionPolicyBindingList.class); + } + @Override public V1beta1AdmissionRegistrationAPIGroupClient newInstance() { return new V1beta1AdmissionRegistrationAPIGroupClient(); diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SelfSubjectReviewTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SelfSubjectReviewTest.java new file mode 100644 index 00000000000..9ca7ae83817 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SelfSubjectReviewTest.java @@ -0,0 +1,65 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.mock; + +import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview; +import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReviewBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient; +import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer; +import org.junit.jupiter.api.Test; + +import java.util.Arrays; +import java.util.List; + +import static java.net.HttpURLConnection.HTTP_CREATED; +import static org.assertj.core.api.AssertionsForClassTypes.assertThat; + +@EnableKubernetesMockClient +class V1SelfSubjectReviewTest { + private KubernetesClient client; + private KubernetesMockServer server; + + @Test + void create_whenInvoked_shouldReturnObjectWithUpdatedStatus() { + // Given + SelfSubjectReview ssr = new SelfSubjectReview(); + server.expect().post() + .withPath("/apis/authentication.k8s.io/v1/selfsubjectreviews") + .andReturn(HTTP_CREATED, createNewSelfSubjectReview(Arrays.asList("system:masters", "system:authenticated"))) + .once(); + + // When + SelfSubjectReview result = client.authentication().v1().selfSubjectReviews().create(ssr); + + // Then + assertThat(result) + .isNotNull() + .hasFieldOrPropertyWithValue("status.userInfo.username", "kubernetes-admin") + .hasFieldOrPropertyWithValue("status.userInfo.groups", Arrays.asList("system:masters", "system:authenticated")); + } + + private SelfSubjectReview createNewSelfSubjectReview(List groups) { + return new SelfSubjectReviewBuilder() + .withNewStatus() + .withNewUserInfo() + .withUsername("kubernetes-admin") + .withGroups(groups) + .endUserInfo() + .endStatus() + .build(); + } +} diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyBindingTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyBindingTest.java new file mode 100644 index 00000000000..f87325193fe --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyBindingTest.java @@ -0,0 +1,140 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.mock; + +import io.fabric8.kubernetes.api.model.HasMetadata; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingBuilder; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingListBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient; +import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer; +import org.assertj.core.api.AssertionsForClassTypes; +import org.junit.jupiter.api.Test; + +import java.net.HttpURLConnection; +import java.util.List; + +import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat; + +@EnableKubernetesMockClient +class V1beta1ValidatingAdmissionPolicyBindingTest { + + private KubernetesMockServer server; + private KubernetesClient client; + + @Test + void load() { + List items = client.load(getClass().getResourceAsStream("/test-v1beta1-validatingadmissionpolicybinding.yml")) + .items(); + assertThat(items).isNotNull().hasSize(1); + AssertionsForClassTypes.assertThat(items.get(0)) + .isInstanceOf(ValidatingAdmissionPolicyBinding.class) + .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com"); + } + + @Test + void get() { + // Given + server.expect().get() + .withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings/demo-binding-test.example.com") + .andReturn(HttpURLConnection.HTTP_OK, createValidatingAdmissionPolicyBinding()) + .once(); + + // When + ValidatingAdmissionPolicyBinding validatingAdmissionPolicyBinding = client.admissionRegistration().v1beta1() + .validatingAdmissionPolicyBindings().withName("demo-binding-test.example.com").get(); + + // Then + AssertionsForClassTypes.assertThat(validatingAdmissionPolicyBinding) + .isNotNull() + .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com"); + } + + @Test + void list() { + // Given + server.expect().get().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings") + .andReturn(HttpURLConnection.HTTP_OK, new ValidatingAdmissionPolicyBindingListBuilder() + .addToItems(createValidatingAdmissionPolicyBinding()) + .build()) + .once(); + + // When + ValidatingAdmissionPolicyBindingList flowSchemas = client.admissionRegistration().v1beta1() + .validatingAdmissionPolicyBindings().list(); + + // Then + AssertionsForClassTypes.assertThat(flowSchemas).isNotNull(); + assertThat(flowSchemas.getItems()).hasSize(1); + AssertionsForClassTypes.assertThat(flowSchemas.getItems().get(0)) + .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com"); + } + + @Test + void create() { + // Given + ValidatingAdmissionPolicyBinding validatingAdmissionPolicyBinding = createValidatingAdmissionPolicyBinding(); + server.expect().post().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings") + .andReturn(HttpURLConnection.HTTP_OK, validatingAdmissionPolicyBinding) + .once(); + + // When + ValidatingAdmissionPolicyBinding createdValidatingAdmissionPolicyBinding = client.admissionRegistration().v1beta1() + .validatingAdmissionPolicyBindings().resource(validatingAdmissionPolicyBinding).create(); + + // Then + AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicyBinding).isNotNull(); + AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicyBinding) + .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com"); + } + + @Test + void delete() { + // Given + ValidatingAdmissionPolicyBinding flowSchema = createValidatingAdmissionPolicyBinding(); + server.expect().delete() + .withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings/demo-binding-test.example.com") + .andReturn(HttpURLConnection.HTTP_OK, flowSchema) + .once(); + + // When + boolean isDeleted = client.admissionRegistration().v1beta1().validatingAdmissionPolicyBindings() + .withName("demo-binding-test.example.com").delete().size() == 1; + + // Then + AssertionsForClassTypes.assertThat(isDeleted).isTrue(); + } + + private ValidatingAdmissionPolicyBinding createValidatingAdmissionPolicyBinding() { + return new ValidatingAdmissionPolicyBindingBuilder() + .withNewMetadata().withName("demo-binding-test.example.com").endMetadata() + .withNewSpec() + .withPolicyName("demo-policy.example.com") + .withNewMatchResources() + .withNewNamespaceSelector() + .addNewMatchExpression() + .withKey("environment") + .withOperator("In") + .withValues("test") + .endMatchExpression() + .endNamespaceSelector() + .endMatchResources() + .endSpec() + .build(); + } +} diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyTest.java new file mode 100644 index 00000000000..13e8f791228 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyTest.java @@ -0,0 +1,138 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.mock; + +import io.fabric8.kubernetes.api.model.HasMetadata; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBuilder; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList; +import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyListBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient; +import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer; +import org.assertj.core.api.AssertionsForClassTypes; +import org.junit.jupiter.api.Test; + +import java.net.HttpURLConnection; +import java.util.List; + +import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat; + +@EnableKubernetesMockClient +class V1beta1ValidatingAdmissionPolicyTest { + + private KubernetesMockServer server; + private KubernetesClient client; + + @Test + void load() { + List items = client.load(getClass().getResourceAsStream("/test-v1beta1-validatingadmissionpolicy.yml")) + .items(); + assertThat(items).isNotNull().hasSize(1); + AssertionsForClassTypes.assertThat(items.get(0)) + .isInstanceOf(ValidatingAdmissionPolicy.class) + .hasFieldOrPropertyWithValue("metadata.name", "demo-policy.example.com"); + } + + @Test + void get() { + // Given + server.expect().get() + .withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/demo-policy.example.com") + .andReturn(HttpURLConnection.HTTP_OK, createValidatingAdmissionPolicy()) + .once(); + + // When + ValidatingAdmissionPolicy validatingAdmissionPolicy = client.admissionRegistration().v1beta1() + .validatingAdmissionPolicies().withName("demo-policy.example.com").get(); + + // Then + AssertionsForClassTypes.assertThat(validatingAdmissionPolicy) + .isNotNull() + .hasFieldOrPropertyWithValue("metadata.name", "demo-policy.example.com"); + } + + @Test + void list() { + // Given + server.expect().get().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies") + .andReturn(HttpURLConnection.HTTP_OK, new ValidatingAdmissionPolicyListBuilder() + .addToItems(createValidatingAdmissionPolicy()) + .build()) + .once(); + + // When + ValidatingAdmissionPolicyList flowSchemas = client.admissionRegistration().v1beta1().validatingAdmissionPolicies().list(); + + // Then + AssertionsForClassTypes.assertThat(flowSchemas).isNotNull(); + assertThat(flowSchemas.getItems()).hasSize(1); + AssertionsForClassTypes.assertThat(flowSchemas.getItems().get(0)) + .hasFieldOrPropertyWithValue("metadata.name", "demo-policy.example.com"); + } + + @Test + void create() { + // Given + ValidatingAdmissionPolicy validatingAdmissionPolicy = createValidatingAdmissionPolicy(); + server.expect().post().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies") + .andReturn(HttpURLConnection.HTTP_OK, validatingAdmissionPolicy) + .once(); + + // When + ValidatingAdmissionPolicy createdValidatingAdmissionPolicy = client.admissionRegistration().v1beta1() + .validatingAdmissionPolicies().resource(validatingAdmissionPolicy).create(); + + // Then + AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicy).isNotNull(); + AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicy) + .hasFieldOrPropertyWithValue("metadata.name", "demo-policy.example.com"); + } + + @Test + void delete() { + // Given + ValidatingAdmissionPolicy flowSchema = createValidatingAdmissionPolicy(); + server.expect().delete() + .withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicies/demo-policy.example.com") + .andReturn(HttpURLConnection.HTTP_OK, flowSchema) + .once(); + + // When + boolean isDeleted = client.admissionRegistration().v1beta1().validatingAdmissionPolicies() + .withName("demo-policy.example.com").delete().size() == 1; + + // Then + AssertionsForClassTypes.assertThat(isDeleted).isTrue(); + } + + private ValidatingAdmissionPolicy createValidatingAdmissionPolicy() { + return new ValidatingAdmissionPolicyBuilder() + .withNewMetadata().withName("demo-policy.example.com").endMetadata() + .withNewSpec() + .addNewValidation().withExpression("object.spec.replicas <= 5").endValidation() + .withNewMatchConstraints() + .addNewResourceRule() + .addToApiGroups("apps") + .addToApiVersions("v1") + .addToOperations("CREATE", "UPDATE") + .addToResources("deployments") + .endResourceRule() + .endMatchConstraints() + .endSpec() + .build(); + } +} diff --git a/kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicy.yml b/kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicy.yml new file mode 100644 index 00000000000..201621fd416 --- /dev/null +++ b/kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicy.yml @@ -0,0 +1,124 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingAdmissionPolicy +metadata: + annotations: + annotationsKey: annotationsValue + creationTimestamp: "2008-01-01T01:01:01Z" + deletionGracePeriodSeconds: 10 + deletionTimestamp: "2009-01-01T01:01:01Z" + finalizers: + - finalizersValue + generateName: generateNameValue + generation: 7 + labels: + labelsKey: labelsValue + managedFields: + - apiVersion: apiVersionValue + fieldsType: fieldsTypeValue + fieldsV1: {} + manager: managerValue + operation: operationValue + subresource: subresourceValue + time: "2004-01-01T01:01:01Z" + name: demo-policy.example.com + namespace: namespaceValue + ownerReferences: + - apiVersion: apiVersionValue + blockOwnerDeletion: true + controller: true + kind: kindValue + name: nameValue + uid: uidValue + resourceVersion: resourceVersionValue + selfLink: selfLinkValue + uid: uidValue +spec: + auditAnnotations: + - key: keyValue + valueExpression: valueExpressionValue + failurePolicy: failurePolicyValue + matchConditions: + - expression: expressionValue + name: nameValue + matchConstraints: + excludeResourceRules: + - apiGroups: + - apiGroupsValue + apiVersions: + - apiVersionsValue + operations: + - operationsValue + resourceNames: + - resourceNamesValue + resources: + - resourcesValue + scope: scopeValue + matchPolicy: matchPolicyValue + namespaceSelector: + matchExpressions: + - key: keyValue + operator: operatorValue + values: + - valuesValue + matchLabels: + matchLabelsKey: matchLabelsValue + objectSelector: + matchExpressions: + - key: keyValue + operator: operatorValue + values: + - valuesValue + matchLabels: + matchLabelsKey: matchLabelsValue + resourceRules: + - apiGroups: + - apiGroupsValue + apiVersions: + - apiVersionsValue + operations: + - operationsValue + resourceNames: + - resourceNamesValue + resources: + - resourcesValue + scope: scopeValue + paramKind: + apiVersion: apiVersionValue + kind: kindValue + validations: + - expression: expressionValue + message: messageValue + messageExpression: messageExpressionValue + reason: reasonValue + variables: + - expression: expressionValue + name: nameValue +status: + conditions: + - lastTransitionTime: "2004-01-01T01:01:01Z" + message: messageValue + observedGeneration: 3 + reason: reasonValue + status: statusValue + type: typeValue + observedGeneration: 1 + typeChecking: + expressionWarnings: + - fieldRef: fieldRefValue + warning: warningValue diff --git a/kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicybinding.yml b/kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicybinding.yml new file mode 100644 index 00000000000..7d1f3ef942e --- /dev/null +++ b/kubernetes-tests/src/test/resources/test-v1beta1-validatingadmissionpolicybinding.yml @@ -0,0 +1,108 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingAdmissionPolicyBinding +metadata: + annotations: + annotationsKey: annotationsValue + creationTimestamp: "2008-01-01T01:01:01Z" + deletionGracePeriodSeconds: 10 + deletionTimestamp: "2009-01-01T01:01:01Z" + finalizers: + - finalizersValue + generateName: generateNameValue + generation: 7 + labels: + labelsKey: labelsValue + managedFields: + - apiVersion: apiVersionValue + fieldsType: fieldsTypeValue + fieldsV1: {} + manager: managerValue + operation: operationValue + subresource: subresourceValue + time: "2004-01-01T01:01:01Z" + name: demo-binding-test.example.com + namespace: namespaceValue + ownerReferences: + - apiVersion: apiVersionValue + blockOwnerDeletion: true + controller: true + kind: kindValue + name: nameValue + uid: uidValue + resourceVersion: resourceVersionValue + selfLink: selfLinkValue + uid: uidValue +spec: + matchResources: + excludeResourceRules: + - apiGroups: + - apiGroupsValue + apiVersions: + - apiVersionsValue + operations: + - operationsValue + resourceNames: + - resourceNamesValue + resources: + - resourcesValue + scope: scopeValue + matchPolicy: matchPolicyValue + namespaceSelector: + matchExpressions: + - key: keyValue + operator: operatorValue + values: + - valuesValue + matchLabels: + matchLabelsKey: matchLabelsValue + objectSelector: + matchExpressions: + - key: keyValue + operator: operatorValue + values: + - valuesValue + matchLabels: + matchLabelsKey: matchLabelsValue + resourceRules: + - apiGroups: + - apiGroupsValue + apiVersions: + - apiVersionsValue + operations: + - operationsValue + resourceNames: + - resourceNamesValue + resources: + - resourcesValue + scope: scopeValue + paramRef: + name: nameValue + namespace: namespaceValue + parameterNotFoundAction: parameterNotFoundActionValue + selector: + matchExpressions: + - key: keyValue + operator: operatorValue + values: + - valuesValue + matchLabels: + matchLabelsKey: matchLabelsValue + policyName: policyNameValue + validationActions: + - validationActionsValue