From 77a0d518156bdceda37b7be837f1a7e5271677a4 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Wed, 12 Aug 2020 01:43:48 +0530 Subject: [PATCH] Fix #2265: Refactor SubjectAccessReview API + Added new entrypoint authorization() into DSL which only allows create() operations + Removed old subjectAccessReviewAuth() API This should also fix #2191 --- CHANGELOG.md | 5 + doc/CHEATSHEET.md | 85 +++ .../client/AuthorizationAPIGroupClient.java | 39 ++ ...AuthorizationAPIGroupExtensionAdapter.java | 37 + .../client/AutoAdaptableKubernetesClient.java | 10 +- .../client/DefaultKubernetesClient.java | 11 +- .../kubernetes/client/KubernetesClient.java | 6 +- .../client/SubjectAccessOperations.java | 13 +- .../client/V1AuthorizationAPIGroupClient.java | 62 ++ .../client/V1AuthorizationAPIGroupDSL.java | 33 + ...AuthorizationAPIGroupExtensionAdapter.java | 35 + .../V1beta1AuthorizationAPIGroupClient.java | 63 ++ .../V1beta1AuthorizationAPIGroupDSL.java | 33 + ...AuthorizationAPIGroupExtensionAdapter.java | 35 + .../client/dsl/AuthorizationAPIGroupDSL.java | 36 + .../client/dsl/SubjectAccessReviewDSL.java | 32 - ...ocalSubjectAccessReviewOperationsImpl.java | 55 ++ .../internal/SubjectAccessOperationsImpl.java | 86 +++ .../internal/SubjectAccessReviewDSLImpl.java | 274 -------- .../client/osgi/ManagedKubernetesClient.java | 12 +- ...fabric8.kubernetes.client.ExtensionAdapter | 3 + .../kubernetes/client/internal/UtilsTest.java | 8 +- .../cmd/generate/generate.go | 22 +- .../main/resources/schema/kube-schema.json | 561 +++++++++++++-- .../resources/schema/validation-schema.json | 638 +++++++++++++++--- .../SubjectAccessReviewTest.java | 5 +- .../mock/SubjectAccessReviewAuthTest.java | 105 --- .../mock/V1SubjectAccessReviewAuthTest.java | 213 ++++++ .../V1beta1SubjectAccessReviewAuthTest.java | 213 ++++++ .../server/mock/SubjectAccessReviewTest.java | 23 +- .../client/DefaultOpenShiftClient.java | 28 +- .../openshift/client/OpenShiftClient.java | 4 +- ...ocalSubjectAccessReviewOperationsImpl.java | 70 ++ ... => OpenshiftSubjectAccessOperations.java} | 14 +- .../CreateableSelfSubjectAccessReview.java | 30 - .../dsl/CreateableSelfSubjectRulesReview.java | 30 - .../dsl/SubjectAccessReviewOperation.java | 34 - ...hiftSubjectAccessReviewOperationsImpl.java | 59 ++ .../SubjectAccessReviewOperationImpl.java | 285 -------- .../client/osgi/ManagedOpenShiftClient.java | 27 +- 40 files changed, 2298 insertions(+), 1036 deletions(-) create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupClient.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupExtensionAdapter.java rename openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableLocalSubjectAccessReview.java => kubernetes-client/src/main/java/io/fabric8/kubernetes/client/SubjectAccessOperations.java (52%) create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupClient.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupDSL.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupExtensionAdapter.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupClient.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupDSL.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupExtensionAdapter.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/AuthorizationAPIGroupDSL.java delete mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/SubjectAccessReviewDSL.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/LocalSubjectAccessReviewOperationsImpl.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessOperationsImpl.java delete mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessReviewDSLImpl.java delete mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/SubjectAccessReviewAuthTest.java create mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SubjectAccessReviewAuthTest.java create mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1SubjectAccessReviewAuthTest.java create mode 100644 openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java rename openshift-client/src/main/java/io/fabric8/openshift/client/{dsl/CreateableSubjectAccessReview.java => OpenshiftSubjectAccessOperations.java} (55%) delete mode 100644 openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectAccessReview.java delete mode 100644 openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectRulesReview.java delete mode 100644 openshift-client/src/main/java/io/fabric8/openshift/client/dsl/SubjectAccessReviewOperation.java create mode 100644 openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java delete mode 100644 openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/SubjectAccessReviewOperationImpl.java diff --git a/CHANGELOG.md b/CHANGELOG.md index e245940aabe..b90ad29b922 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ * Fix #2389: KubernetesServer does not use value from https in crud mode * Fix #2306: Make KubernetesServer CRUD mode work with informers * Fix #2418: CertificateSigningRequest doesn't implement Namespaced +* Fix #2265: InAnyNamespace uses invalid api endpoint for SelfSubjectAccessReviews #### Improvements * Fix #2331: Fixed documentation for namespaced informer for all custom types implementing `Namespaced` interface @@ -27,6 +28,10 @@ * Fix #2287: Add support for V1 and V1Beta1 CustomResourceDefinition * Fix #2319: Create Config without using auto-configure functionality or setting env variables +_**Note**_: Some classes have been moved to other packages: +- CustomResourceDefinition has been moved to `io.fabric8.kubernetes.api.model.apiextensions.v1` and `io.fabric8.kubernetes.api.model.apiextensions.v1beta1` +- SubjectAccessReview, SelfSubjectAccessReview, LocalSubjectAccessReview and SelfSubjectRulesReview have been moved to `io.fabric8.kubernetes.api.model.authorization.v1` and `io.fabric8.kubernetes.api.model.authorization.v1beta1` + ### 4.10.3 (2020-07-14) #### Bugs * Fix #2285: Raw CustomResource API createOrReplace does not propagate exceptions from create diff --git a/doc/CHEATSHEET.md b/doc/CHEATSHEET.md index a7be2a18b07..438bb258764 100644 --- a/doc/CHEATSHEET.md +++ b/doc/CHEATSHEET.md @@ -24,6 +24,10 @@ This document contains common usages of different resources using Fabric8 Kubern * [PersistentVolume](#persistentvolume) * [NetworkPolicy](#networkpolicy) * [PodDisruptionBudget](#poddisruptionbudget) + * [SelfSubjectAccessReview](#selfsubjectaccessreview) + * [SubjectAccessReview](#subjectaccessreview) + * [LocalSubjectAccessReview](#localsubjectaccessreview) + * [SelfSubjectRulesReview](#selfsubjectrulesreview) * [Top/Metrics](#fetching-metrics) * [Generic Resource API](#resource-api) * [Generic ResourceList API](#resourcelist-api) @@ -1566,6 +1570,87 @@ PodDisruptionBudgetList pdbList = client.policy().podDisruptionBudget().inNamesp Boolean deleted = client.policy().podDisruptionBudget().inNamespace("default").withName("poddisruptionbudget1").delete(); ``` +### SelfSubjectAccessReview +- Create `SelfSubjectAccessReview`(equivalent of `kubectl auth can-i create deployments --namespace dev`): +``` +try (KubernetesClient client = new DefaultKubernetesClient()) { + SelfSubjectAccessReview ssar = new SelfSubjectAccessReviewBuilder() + .withNewSpec() + .withNewResourceAttributes() + .withGroup("apps") + .withResource("deployments") + .withVerb("create") + .withNamespace("dev") + .endResourceAttributes() + .endSpec() + .build(); + + ssar = client.authorization().v1().selfSubjectAccessReview().create(ssar); + + System.out.println("Allowed: "+ ssar.getStatus().getAllowed()); +} +``` + +### SubjectAccessReview +- Create `SubjectAccessReview`: +``` +try (KubernetesClient client = new DefaultKubernetesClient()) { + SubjectAccessReview sar = new SubjectAccessReviewBuilder() + .withNewSpec() + .withNewResourceAttributes() + .withGroup("apps") + .withResource("deployments") + .withVerb("create") + .withNamespace("default") + .endResourceAttributes() + .withUser("kubeadmin") + .endSpec() + .build(); + + sar = client.authorization().v1().subjectAccessReview().create(sar); + + System.out.println("Allowed: "+ sar.getStatus().getAllowed()); +} +``` +### LocalSubjectAccessReview +- Create `LocalSubjectAccessReview`: +``` +try (KubernetesClient client = new DefaultKubernetesClient()) { + LocalSubjectAccessReview lsar = new LocalSubjectAccessReviewBuilder() + .withNewMetadata().withNamespace("default").endMetadata() + .withNewSpec() + .withUser("foo") + .withNewResourceAttributes() + .withNamespace("default") + .withVerb("get") + .withGroup("apps") + .withResource("pods") + .endResourceAttributes() + .endSpec() + .build(); + lsar = client.authorization().v1().localSubjectAccessReview().inNamespace("default").create(lsar); + System.out.println(lsar.getStatus().getAllowed()); +} +``` + +### SelfSubjectRulesReview +- Create `SelfSubjectRulesReview`: +``` +try (KubernetesClient client = new DefaultKubernetesClient()) { + SelfSubjectRulesReview selfSubjectRulesReview = new SelfSubjectRulesReviewBuilder() + .withNewMetadata().withName("foo").endMetadata() + .withNewSpec() + .withNamespace("default") + .endSpec() + .build(); + + selfSubjectRulesReview = client.authorization().v1().selfSubjectRulesReview().create(selfSubjectRulesReview); + System.out.println(selfSubjectRulesReview.getStatus().getIncomplete()); + System.out.println("non resource rules: " + selfSubjectRulesReview.getStatus().getNonResourceRules().size()); + System.out.println("resource rules: " + selfSubjectRulesReview.getStatus().getResourceRules().size()); +} +``` + ### Fetching Metrics Kubernetes Client also supports fetching metrics from API server if metrics are enabled on it. You can access metrics via `client.top()`. Here are some examples of its usage: - Get `NodeMetrics` for all nodes: diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupClient.java new file mode 100644 index 00000000000..fb2ea572123 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupClient.java @@ -0,0 +1,39 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import io.fabric8.kubernetes.client.dsl.AuthorizationAPIGroupDSL; +import okhttp3.OkHttpClient; + +public class AuthorizationAPIGroupClient extends BaseClient implements AuthorizationAPIGroupDSL { + public AuthorizationAPIGroupClient() { + super(); + } + + public AuthorizationAPIGroupClient(OkHttpClient httpClient, final Config config) { + super(httpClient, config); + } + + @Override + public V1AuthorizationAPIGroupDSL v1() { + return adapt(V1AuthorizationAPIGroupClient.class); + } + + @Override + public V1beta1AuthorizationAPIGroupDSL v1beta1() { + return adapt(V1beta1AuthorizationAPIGroupClient.class); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupExtensionAdapter.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupExtensionAdapter.java new file mode 100644 index 00000000000..8ded9dc151f --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AuthorizationAPIGroupExtensionAdapter.java @@ -0,0 +1,37 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import okhttp3.OkHttpClient; + +public class AuthorizationAPIGroupExtensionAdapter extends APIGroupExtensionAdapter { + + @Override + protected String getAPIGroupName() { + return "authorization"; + } + + @Override + public Class getExtensionType() { + return AuthorizationAPIGroupClient.class; + } + + @Override + protected AuthorizationAPIGroupClient newInstance(Client client) { + return new AuthorizationAPIGroupClient(client.adapt(OkHttpClient.class), client.getConfiguration()); + } + +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AutoAdaptableKubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AutoAdaptableKubernetesClient.java index a492ffe3381..109a478a945 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AutoAdaptableKubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/AutoAdaptableKubernetesClient.java @@ -136,6 +136,11 @@ public AutoscalingAPIGroupDSL autoscaling() { return delegate.autoscaling(); } + @Override + public AuthorizationAPIGroupDSL authorization() { + return delegate.authorization(); + } + @Override public NetworkAPIGroupDSL network() { return delegate.network(); } @@ -251,11 +256,6 @@ public MixedOperation> limitRanges() { return delegate.limitRanges(); diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java index ae5ad858a02..f380fa5c640 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java @@ -98,7 +98,6 @@ import io.fabric8.kubernetes.client.dsl.internal.RawCustomResourceOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.core.v1.ReplicationControllerOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.core.v1.ServiceOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.SubjectAccessReviewDSLImpl; import io.fabric8.kubernetes.client.dsl.internal.coordination.v1.LeaseOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.core.v1.BindingOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.core.v1.ConfigMapOperationsImpl; @@ -302,6 +301,11 @@ public NonNamespaceOperation, D extends Doneable> MixedOperation> customResources(CustomResourceDefinitionContext crdContext, Class resourceType, Class listClass, Class doneClass) { return new CustomResourceOperationsImpl<>(new CustomResourceOperationContext().withOkhttpClient(httpClient).withConfig(getConfiguration()) @@ -401,11 +405,6 @@ public AutoscalingAPIGroupDSL autoscaling() { @Override public SettingsAPIGroupDSL settings() { return adapt(SettingsAPIGroupClient.class); } - @Override - public SubjectAccessReviewDSL subjectAccessReviewAuth() { - return new SubjectAccessReviewDSLImpl(httpClient, getConfiguration()); - } - @Override public SharedInformerFactory informers() { return new SharedInformerFactory(ForkJoinPool.commonPool(), httpClient, getConfiguration()); diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java index c1f89d0c7e5..db629dd248d 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java @@ -457,11 +457,11 @@ public interface KubernetesClient extends Client { MixedOperation> limitRanges(); /** - * SubjectAccessReview operations. (authorization/v1) + * Authorization operations. (authorization.k8s.io/v1 and authorization.k8s.io/v1beta1) * - * @return SubjectAccessReviewDSL object for dealing with SubjectAccessReviewOperations + * @return AuthorizationAPIGroupDSL object for dealing with Authorization objects */ - SubjectAccessReviewDSL subjectAccessReviewAuth(); + AuthorizationAPIGroupDSL authorization(); /** * Get an instance of Kubernetes Client informer factory. It allows you to construct and diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableLocalSubjectAccessReview.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/SubjectAccessOperations.java similarity index 52% rename from openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableLocalSubjectAccessReview.java rename to kubernetes-client/src/main/java/io/fabric8/kubernetes/client/SubjectAccessOperations.java index c9ca851bdd6..d91bb91fa2e 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableLocalSubjectAccessReview.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/SubjectAccessOperations.java @@ -13,18 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +package io.fabric8.kubernetes.client; -package io.fabric8.openshift.client.dsl; - -import io.fabric8.kubernetes.api.model.Doneable; import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.openshift.api.model.LocalSubjectAccessReview; -import io.fabric8.openshift.api.model.LocalSubjectAccessReviewFluentImpl; -import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; -public abstract class CreateableLocalSubjectAccessReview extends - LocalSubjectAccessReviewFluentImpl - implements - Doneable, - Createable { +public interface SubjectAccessOperations extends Createable { } diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupClient.java new file mode 100644 index 00000000000..87f37b5fe86 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupClient.java @@ -0,0 +1,62 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableLocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableSelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableSelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview; +import io.fabric8.kubernetes.client.dsl.internal.LocalSubjectAccessReviewOperationsImpl; +import io.fabric8.kubernetes.client.dsl.internal.SubjectAccessOperationsImpl; +import io.fabric8.kubernetes.client.utils.Utils; +import okhttp3.OkHttpClient; + +public class V1AuthorizationAPIGroupClient extends BaseClient implements V1AuthorizationAPIGroupDSL { + public static final String AUTHORIZATION_APIGROUP = "authorization.k8s.io"; + public static final String AUTHORIZATION_APIVERSION = "v1"; + + public V1AuthorizationAPIGroupClient() { + super(); + } + + public V1AuthorizationAPIGroupClient(OkHttpClient httpClient, final Config config) { + super(httpClient, config); + } + + @Override + public SubjectAccessOperations selfSubjectAccessReview() { + return new SubjectAccessOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview.class.getSimpleName()), SelfSubjectAccessReview.class); + } + + @Override + public SubjectAccessOperations subjectAccessReview() { + return new SubjectAccessOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview.class.getSimpleName()), SubjectAccessReview.class); + } + + @Override + public LocalSubjectAccessReviewOperationsImpl localSubjectAccessReview() { + return new LocalSubjectAccessReviewOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview.class.getSimpleName()), LocalSubjectAccessReview.class); + } + + @Override + public SubjectAccessOperations selfSubjectRulesReview() { + return new SubjectAccessOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview.class.getSimpleName()), SelfSubjectRulesReview.class); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupDSL.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupDSL.java new file mode 100644 index 00000000000..4956fede38d --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupDSL.java @@ -0,0 +1,33 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableLocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableSelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableSelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1.DoneableSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview; +import io.fabric8.kubernetes.client.dsl.internal.LocalSubjectAccessReviewOperationsImpl; + +public interface V1AuthorizationAPIGroupDSL extends Client{ + SubjectAccessOperations selfSubjectAccessReview(); + SubjectAccessOperations subjectAccessReview(); + LocalSubjectAccessReviewOperationsImpl localSubjectAccessReview(); + SubjectAccessOperations selfSubjectRulesReview(); +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupExtensionAdapter.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupExtensionAdapter.java new file mode 100644 index 00000000000..c6c7a45c350 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1AuthorizationAPIGroupExtensionAdapter.java @@ -0,0 +1,35 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import okhttp3.OkHttpClient; + +public class V1AuthorizationAPIGroupExtensionAdapter extends APIGroupExtensionAdapter { + @Override + protected String getAPIGroupName() { + return "authorization/v1"; + } + + @Override + public Class getExtensionType() { + return V1AuthorizationAPIGroupClient.class; + } + + @Override + protected V1AuthorizationAPIGroupClient newInstance(Client client) { + return new V1AuthorizationAPIGroupClient(client.adapt(OkHttpClient.class), client.getConfiguration()); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupClient.java new file mode 100644 index 00000000000..cf68adf5653 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupClient.java @@ -0,0 +1,63 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableLocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableSelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableSelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview; +import io.fabric8.kubernetes.client.dsl.internal.LocalSubjectAccessReviewOperationsImpl; +import io.fabric8.kubernetes.client.dsl.internal.SubjectAccessOperationsImpl; +import io.fabric8.kubernetes.client.utils.Utils; +import okhttp3.OkHttpClient; + +public class V1beta1AuthorizationAPIGroupClient extends BaseClient implements V1beta1AuthorizationAPIGroupDSL { + + public static final String AUTHORIZATION_APIGROUP = "authorization.k8s.io"; + public static final String AUTHORIZATION_APIVERSION = "v1beta1"; + + public V1beta1AuthorizationAPIGroupClient() { + super(); + } + + public V1beta1AuthorizationAPIGroupClient(OkHttpClient httpClient, final Config config) { + super(httpClient, config); + } + + @Override + public SubjectAccessOperations selfSubjectAccessReview() { + return new SubjectAccessOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(SelfSubjectAccessReview.class.getSimpleName()), SelfSubjectAccessReview.class); + } + + @Override + public SubjectAccessOperations subjectAccessReview() { + return new SubjectAccessOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(SubjectAccessReview.class.getSimpleName()), SubjectAccessReview.class); + } + + @Override + public LocalSubjectAccessReviewOperationsImpl localSubjectAccessReview() { + return new LocalSubjectAccessReviewOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(LocalSubjectAccessReview.class.getSimpleName()), LocalSubjectAccessReview.class); + } + + @Override + public SubjectAccessOperations selfSubjectRulesReview() { + return new SubjectAccessOperationsImpl<>(getHttpClient(), getConfiguration(), AUTHORIZATION_APIGROUP, AUTHORIZATION_APIVERSION, Utils.getPluralFromKind(SelfSubjectRulesReview.class.getSimpleName()), SelfSubjectRulesReview.class); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupDSL.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupDSL.java new file mode 100644 index 00000000000..64e901c0f3e --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupDSL.java @@ -0,0 +1,33 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableLocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableSelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableSelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.DoneableSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview; +import io.fabric8.kubernetes.client.dsl.internal.LocalSubjectAccessReviewOperationsImpl; + +public interface V1beta1AuthorizationAPIGroupDSL extends Client { + SubjectAccessOperations selfSubjectAccessReview(); + SubjectAccessOperations subjectAccessReview(); + LocalSubjectAccessReviewOperationsImpl localSubjectAccessReview(); + SubjectAccessOperations selfSubjectRulesReview(); +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupExtensionAdapter.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupExtensionAdapter.java new file mode 100644 index 00000000000..2e76513d744 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/V1beta1AuthorizationAPIGroupExtensionAdapter.java @@ -0,0 +1,35 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client; + +import okhttp3.OkHttpClient; + +public class V1beta1AuthorizationAPIGroupExtensionAdapter extends APIGroupExtensionAdapter { + @Override + protected String getAPIGroupName() { + return "authorization/v1beta1"; + } + + @Override + public Class getExtensionType() { + return V1beta1AuthorizationAPIGroupClient.class; + } + + @Override + protected V1beta1AuthorizationAPIGroupClient newInstance(Client client) { + return new V1beta1AuthorizationAPIGroupClient(client.adapt(OkHttpClient.class), client.getConfiguration()); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/AuthorizationAPIGroupDSL.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/AuthorizationAPIGroupDSL.java new file mode 100644 index 00000000000..42621075873 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/AuthorizationAPIGroupDSL.java @@ -0,0 +1,36 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.dsl; + +import io.fabric8.kubernetes.client.Client; +import io.fabric8.kubernetes.client.V1AuthorizationAPIGroupDSL; +import io.fabric8.kubernetes.client.V1beta1AuthorizationAPIGroupDSL; + +public interface AuthorizationAPIGroupDSL extends Client { + /** + * DSL for authorization.k8s.io/v1 api group. + * + * @return V1 Authorization API DSL object + */ + V1AuthorizationAPIGroupDSL v1(); + + /** + * DSL for authorization.k8s.io/v1beta1 api group + * + * @return V1beta1 Authorization API DSL object + */ + V1beta1AuthorizationAPIGroupDSL v1beta1(); +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/SubjectAccessReviewDSL.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/SubjectAccessReviewDSL.java deleted file mode 100644 index 79f87d151b4..00000000000 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/SubjectAccessReviewDSL.java +++ /dev/null @@ -1,32 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package io.fabric8.kubernetes.client.dsl; - -import io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableLocalSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableSelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableSelfSubjectRulesReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableSubjectAccessReview; - -public interface SubjectAccessReviewDSL extends - Createable, - Namespaceable>, - AnyNamespaceable>, - Listable> { -} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/LocalSubjectAccessReviewOperationsImpl.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/LocalSubjectAccessReviewOperationsImpl.java new file mode 100644 index 00000000000..812f8021dea --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/LocalSubjectAccessReviewOperationsImpl.java @@ -0,0 +1,55 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.dsl.internal; + +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.dsl.Namespaceable; +import io.fabric8.kubernetes.client.dsl.base.OperationContext; +import okhttp3.OkHttpClient; + +public class LocalSubjectAccessReviewOperationsImpl extends SubjectAccessOperationsImpl implements Namespaceable> { + private Class subjectAccessRequestClass; + private String subjectAccessApiGroupName; + private String subjectAccessApiGroupVersion; + private String plural; + + public LocalSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String subjectAccessApiGroupName, String subjectAccessApiGroupVersion, String plural, Class subjectAccessRequestClass) { + super(client, config, subjectAccessApiGroupName, subjectAccessApiGroupVersion, plural, subjectAccessRequestClass); + this.subjectAccessRequestClass = subjectAccessRequestClass; + this.subjectAccessApiGroupName = subjectAccessApiGroupName; + this.subjectAccessApiGroupVersion = subjectAccessApiGroupVersion; + this.plural = plural; + } + + public LocalSubjectAccessReviewOperationsImpl(OperationContext context, String subjectAccessApiGroupName, String subjectAccessApiGroupVersion, String plural, Class subjectAccessRequestClass) { + super(context, subjectAccessApiGroupName, subjectAccessApiGroupVersion, plural, subjectAccessRequestClass); + this.subjectAccessRequestClass = subjectAccessRequestClass; + this.subjectAccessApiGroupName = subjectAccessApiGroupName; + this.subjectAccessApiGroupVersion = subjectAccessApiGroupVersion; + this.plural = plural; + } + + @Override + public LocalSubjectAccessReviewOperationsImpl inNamespace(String namespace) { + this.namespace = namespace; + return new LocalSubjectAccessReviewOperationsImpl<>(context.withNamespace(namespace), subjectAccessApiGroupName, subjectAccessApiGroupVersion, plural, subjectAccessRequestClass); + } + + @Override + public boolean isResourceNamespaced() { + return true; + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessOperationsImpl.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessOperationsImpl.java new file mode 100644 index 00000000000..49fbcc2b616 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessOperationsImpl.java @@ -0,0 +1,86 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.dsl.internal; + +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.KubernetesClientException; +import io.fabric8.kubernetes.client.SubjectAccessOperations; +import io.fabric8.kubernetes.client.dsl.base.OperationContext; +import io.fabric8.kubernetes.client.dsl.base.OperationSupport; +import okhttp3.OkHttpClient; + +import java.io.IOException; +import java.util.concurrent.ExecutionException; + +public class SubjectAccessOperationsImpl extends OperationSupport implements SubjectAccessOperations { + private Class subjectAccessRequestClass; + + public SubjectAccessOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural, Class subjectAccessRequestClass) { + this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural, subjectAccessRequestClass); + this.subjectAccessRequestClass = subjectAccessRequestClass; + } + + public SubjectAccessOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural, Class subjectAccessRequestClass) { + super(context.withApiGroupName(apiGroupName) + .withApiGroupVersion(apiGroupVersion) + .withPlural(plural)); + this.subjectAccessRequestClass = subjectAccessRequestClass; + } + + @Override + public boolean isResourceNamespaced() { + return false; + } + + @Override + public T create(T... resources) { + try { + if (resources.length > 1) { + throw new IllegalArgumentException("Too many items to create."); + } else if (resources.length == 1) { + return handleCreate(resources[0], subjectAccessRequestClass); + } else { + return handleCreate(getItem(), subjectAccessRequestClass); + } + } catch (ExecutionException | IOException e) { + throw KubernetesClientException.launderThrowable(e); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + throw KubernetesClientException.launderThrowable(ie); + } + } + + @Override + public T create(T item) { + try { + return handleCreate(item, subjectAccessRequestClass); + } catch (ExecutionException | IOException e) { + throw KubernetesClientException.launderThrowable(e); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + throw KubernetesClientException.launderThrowable(ie); + } + } + + @Override + public D createNew() { + throw new IllegalStateException("this operation is not supported, please use create() instead"); + } + + public T getItem() { + return (T) context.getItem(); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessReviewDSLImpl.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessReviewDSLImpl.java deleted file mode 100644 index 4c92db152cc..00000000000 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/SubjectAccessReviewDSLImpl.java +++ /dev/null @@ -1,274 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package io.fabric8.kubernetes.client.dsl.internal; - -import io.fabric8.kubernetes.api.model.ListOptions; -import io.fabric8.kubernetes.api.model.ObjectMeta; -import io.fabric8.kubernetes.api.model.StatusBuilder; -import io.fabric8.kubernetes.api.model.authorization.*; -import io.fabric8.kubernetes.api.model.authorization.DoneableLocalSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableSelfSubjectRulesReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.DoneableSelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview; -import io.fabric8.kubernetes.client.Config; -import io.fabric8.kubernetes.client.KubernetesClientException; -import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.kubernetes.client.dsl.SubjectAccessReviewDSL; -import io.fabric8.kubernetes.client.dsl.base.OperationContext; -import io.fabric8.kubernetes.client.dsl.base.OperationSupport; -import io.fabric8.kubernetes.client.utils.Utils; - -import okhttp3.OkHttpClient; - -import java.io.IOException; -import java.util.concurrent.ExecutionException; - -public class SubjectAccessReviewDSLImpl extends OperationSupport implements SubjectAccessReviewDSL { - - private static final String AUTHORIZATION = "authorization.k8s.io/v1"; - private static final String SAR_PLURAL = "subjectaccessreviews"; - private static final String LSAR_PLURAL = "localsubjectaccessreviews"; - private static final String SSAR_PLURAL = "selfsubjectaccessreviews"; - private static final String SSRR_PLURAL = "selfsubjectrulesreviews"; - - private boolean isNamespaced = false; - - public SubjectAccessReviewDSLImpl(OperationContext context) { - super(context.withApiGroupName(AUTHORIZATION).withPlural(SAR_PLURAL)); - } - - private SubjectAccessReviewDSLImpl(OperationContext context, String namespace, String plural, boolean isNamespaced) { - super(context.withApiGroupName(AUTHORIZATION).withNamespace(namespace).withPlural(plural)); - this.isNamespaced = isNamespaced; - } - - public SubjectAccessReviewDSLImpl(OkHttpClient client, Config config) { - this(new OperationContext().withOkhttpClient(client).withConfig(config)); - } - - @Override - public boolean isResourceNamespaced() { - return isNamespaced; - } - - @Override - public SubjectAccessReview create(SubjectAccessReview... resources) { - return new CreatableSubjectAccessReview().create(resources); - } - - @Override - public SubjectAccessReview create(SubjectAccessReview resource) { - return create(new SubjectAccessReview[]{resource}); - } - - @Override - public DoneableSubjectAccessReview createNew() { - return new CreatableSubjectAccessReview().createNew(); - } - - @Override - public Createable inNamespace(String namespace) { - //Should we use this namespace to set the metadata namespace and the spec namespace of the LocalSubjectAccessReview object? - return new SubjectAccessReviewDSLImpl(this.context, namespace, LSAR_PLURAL, true).local(namespace); - } - - @Override - public Createable inAnyNamespace() { - return new SubjectAccessReviewDSLImpl(this.context, namespace, SSAR_PLURAL, true).self(); - } - - private Createable local(String namespace) { - return new CreatableLocalSubjectAccessReview(namespace); - } - - private Createable self() { - return new CreatableSelfSubjectAccessReview(); - } - - @Override - public Createable list() { - throw new KubernetesClientException(new StatusBuilder() - .withStatus("Failure") - .withMessage("the server does not allow this method on the requested resource") - .withReason("MethodNotAllowed") - .withCode(405) - .build()); - } - - @Override - public Createable list(Integer limitVal, String continueVal) { - throw new KubernetesClientException(new StatusBuilder() - .withStatus("Failure") - .withMessage("the server does not allow this method on the requested resource") - .withReason("MethodNotAllowed") - .withCode(405) - .build()); - } - - @Override - public Createable list(ListOptions listOptions) { - throw new KubernetesClientException(new StatusBuilder() - .withStatus("Failure") - .withMessage("the server does not allow this method on the requested resource") - .withReason("MethodNotAllowed") - .withCode(405) - .build()); - } - - - private class CreatableLocalSubjectAccessReview implements Createable { - - private final String namespace; - - CreatableLocalSubjectAccessReview(String namespace) { - this.namespace = namespace; - } - - @Override - public LocalSubjectAccessReview create(LocalSubjectAccessReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - setNamespace(resources[0]); - return handleCreate(resources[0], LocalSubjectAccessReview.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public LocalSubjectAccessReview create(LocalSubjectAccessReview resource) { - return create(new LocalSubjectAccessReview[]{resource}); - } - - private void setNamespace(LocalSubjectAccessReview resource) { - ObjectMeta meta = resource.getMetadata(); - - if(meta == null) { - meta = new ObjectMeta(); - resource.setMetadata(meta); - } - - if(Utils.isNullOrEmpty(meta.getNamespace())) { - meta.setNamespace(this.namespace); - } - - SubjectAccessReviewSpec spec = resource.getSpec(); - if(spec != null) { - if (spec.getResourceAttributes() != null - && Utils.isNullOrEmpty(spec.getResourceAttributes().getNamespace())) { - spec.getResourceAttributes().setNamespace(this.namespace); - } - } - } - - @Override - public DoneableLocalSubjectAccessReview createNew() { - return new DoneableLocalSubjectAccessReview(this::create); - } - } - - private class CreatableSubjectAccessReview implements Createable { - - @Override - public SubjectAccessReview create(SubjectAccessReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - return handleCreate(resources[0], SubjectAccessReview.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public SubjectAccessReview create(SubjectAccessReview resource) { - return create(new SubjectAccessReview[]{resource}); - } - - @Override - public DoneableSubjectAccessReview createNew() { - return new DoneableSubjectAccessReview(this::create); - } - } - - private class CreatableSelfSubjectAccessReview implements Createable { - - @Override - public SelfSubjectAccessReview create(SelfSubjectAccessReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - return handleCreate(resources[0], SelfSubjectAccessReview.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public SelfSubjectAccessReview create(SelfSubjectAccessReview resource) { - return create(new SelfSubjectAccessReview[]{resource}); - } - - @Override - public DoneableSelfSubjectAccessReview createNew() { - return new DoneableSelfSubjectAccessReview(this::create); - } - } - - private class CreatableSelfSubjectRulesReview implements Createable { - - @Override - public SelfSubjectRulesReview create(SelfSubjectRulesReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - return handleCreate(resources[0], SelfSubjectRulesReview.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public SelfSubjectRulesReview create(SelfSubjectRulesReview resource) { - return create(new SelfSubjectRulesReview[]{resource}); - } - - @Override - public DoneableSelfSubjectRulesReview createNew() { - return new DoneableSelfSubjectRulesReview(this::create); - } - } - -} - diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java index fcc8d251c37..4d62b7ede6e 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java @@ -94,6 +94,7 @@ import io.fabric8.kubernetes.client.VersionInfo; import io.fabric8.kubernetes.client.dsl.ApiextensionsAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.AppsAPIGroupDSL; +import io.fabric8.kubernetes.client.dsl.AuthorizationAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.AutoscalingAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.BatchAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.ExtensionsAPIGroupDSL; @@ -115,7 +116,6 @@ import io.fabric8.kubernetes.client.dsl.ServiceResource; import io.fabric8.kubernetes.client.dsl.SettingsAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.StorageAPIGroupDSL; -import io.fabric8.kubernetes.client.dsl.SubjectAccessReviewDSL; import io.fabric8.kubernetes.client.dsl.V1APIGroupDSL; import io.fabric8.kubernetes.client.dsl.base.CustomResourceDefinitionContext; import io.fabric8.kubernetes.client.dsl.internal.RawCustomResourceOperationsImpl; @@ -343,11 +343,6 @@ public NonNamespaceOperation> persistentVolumeClaims() { return delegate.persistentVolumeClaims(); } @@ -439,6 +434,11 @@ public NonNamespaceOperation, D extends Doneable> MixedOperation> customResources(CustomResourceDefinitionContext crdContext, Class resourceType, Class listClass, Class doneClass) { return delegate.customResources(crdContext, resourceType, listClass, doneClass); diff --git a/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ExtensionAdapter b/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ExtensionAdapter index e4de37b85fe..3ef1f039af0 100644 --- a/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ExtensionAdapter +++ b/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ExtensionAdapter @@ -20,6 +20,7 @@ io.fabric8.kubernetes.client.V1AdmissionRegistrationAPIGroupExtensionAdapter io.fabric8.kubernetes.client.V1beta1AdmissionRegistrationAPIGroupExtensionAdapter io.fabric8.kubernetes.client.AutoscalingAPIGroupExtensionAdapter io.fabric8.kubernetes.client.ApiextensionsAPIGroupExtensionAdapter +io.fabric8.kubernetes.client.AuthorizationAPIGroupExtensionAdapter io.fabric8.kubernetes.client.V1AutoscalingAPIGroupExtensionAdapter io.fabric8.kubernetes.client.V2beta1AutoscalingAPIGroupExtensionAdapter io.fabric8.kubernetes.client.V2beta2AutoscalingAPIGroupExtensionAdapter @@ -35,3 +36,5 @@ io.fabric8.kubernetes.client.StorageAPIGroupExtensionAdapter io.fabric8.kubernetes.client.V1APIGroupExtensionAdapter io.fabric8.kubernetes.client.V1ApiextensionsAPIGroupExtensionAdapter io.fabric8.kubernetes.client.V1beta1ApiextensionsAPIGroupExtensionAdapter +io.fabric8.kubernetes.client.V1AuthorizationAPIGroupExtensionAdapter +io.fabric8.kubernetes.client.V1beta1AuthorizationAPIGroupExtensionAdapter diff --git a/kubernetes-client/src/test/java/io/fabric8/kubernetes/client/internal/UtilsTest.java b/kubernetes-client/src/test/java/io/fabric8/kubernetes/client/internal/UtilsTest.java index 509a6efccc6..afa52f68c5e 100644 --- a/kubernetes-client/src/test/java/io/fabric8/kubernetes/client/internal/UtilsTest.java +++ b/kubernetes-client/src/test/java/io/fabric8/kubernetes/client/internal/UtilsTest.java @@ -42,10 +42,10 @@ import io.fabric8.kubernetes.api.model.apps.ReplicaSet; import io.fabric8.kubernetes.api.model.apps.StatefulSet; import io.fabric8.kubernetes.api.model.authentication.TokenReview; -import io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview; -import io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview; import io.fabric8.kubernetes.api.model.batch.CronJob; import io.fabric8.kubernetes.api.model.batch.Job; import io.fabric8.kubernetes.api.model.certificates.CertificateSigningRequest; diff --git a/kubernetes-model-generator/kubernetes-model-admissionregistration/cmd/generate/generate.go b/kubernetes-model-generator/kubernetes-model-admissionregistration/cmd/generate/generate.go index 8fe4bb4f2ba..21b9479d33e 100644 --- a/kubernetes-model-generator/kubernetes-model-admissionregistration/cmd/generate/generate.go +++ b/kubernetes-model-generator/kubernetes-model-admissionregistration/cmd/generate/generate.go @@ -29,6 +29,7 @@ import ( admissionregistrationv1 "k8s.io/api/admissionregistration/v1" admissionregistration "k8s.io/api/admissionregistration/v1beta1" k8sauthapi "k8s.io/api/authorization/v1" + k8sauthapiv1beta1 "k8s.io/api/authorization/v1beta1" "log" "reflect" @@ -73,17 +74,21 @@ type Schema struct { MutatingWebhookConfigurationList admissionregistration.MutatingWebhookConfigurationList RuleWithOperations admissionregistration.RuleWithOperations ServiceReference admissionregistration.ServiceReference - V1Rule admissionregistrationv1.Rule - V1ValidatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - V1ValidatingWebhookConfigurationList admissionregistrationv1.ValidatingWebhookConfigurationList - V1MutatingWebhookConfiguration admissionregistrationv1.MutatingWebhookConfiguration - V1MutatingWebhookConfigurationList admissionregistrationv1.MutatingWebhookConfigurationList - V1RuleWithOperations admissionregistrationv1.RuleWithOperations - V1ServiceReference admissionregistrationv1.ServiceReference + V1Rule admissionregistrationv1.Rule + V1ValidatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration + V1ValidatingWebhookConfigurationList admissionregistrationv1.ValidatingWebhookConfigurationList + V1MutatingWebhookConfiguration admissionregistrationv1.MutatingWebhookConfiguration + V1MutatingWebhookConfigurationList admissionregistrationv1.MutatingWebhookConfigurationList + V1RuleWithOperations admissionregistrationv1.RuleWithOperations + V1ServiceReference admissionregistrationv1.ServiceReference K8sSubjectAccessReview k8sauthapi.SubjectAccessReview K8sLocalSubjectAccessReview k8sauthapi.LocalSubjectAccessReview SelfSubjectRulesReview k8sauthapi.SelfSubjectRulesReview SelfSubjectAccessReview k8sauthapi.SelfSubjectAccessReview + V1beta1K8sSubjectAccessReview k8sauthapiv1beta1.SubjectAccessReview + V1beta1K8sLocalSubjectAccessReview k8sauthapiv1beta1.LocalSubjectAccessReview + V1beta1SelfSubjectRulesReview k8sauthapiv1beta1.SelfSubjectRulesReview + V1beta1SelfSubjectAccessReview k8sauthapiv1beta1.SelfSubjectAccessReview } func main() { @@ -96,7 +101,8 @@ func main() { {"k8s.io/apimachinery/pkg/runtime", "", "io.fabric8.kubernetes.api.model.runtime", "kubernetes_apimachinery_pkg_runtime_"}, {"k8s.io/apimachinery/pkg/version", "", "io.fabric8.kubernetes.api.model.version", "kubernetes_apimachinery_pkg_version_"}, {"k8s.io/apimachinery/pkg/apis/meta/v1", "", "io.fabric8.kubernetes.api.model", "kubernetes_apimachinery_"}, - {"k8s.io/api/authorization/v1", "authorization.k8s.io", "io.fabric8.kubernetes.api.model.authorization", "kubernetes_authorization_"}, + {"k8s.io/api/authorization/v1", "authorization.k8s.io", "io.fabric8.kubernetes.api.model.authorization.v1", "kubernetes_authorization_v1_"}, + {"k8s.io/api/authorization/v1beta1", "authorization.k8s.io", "io.fabric8.kubernetes.api.model.authorization.v1beta1", "kubernetes_authorization_v1beta1_"}, } typeMap := map[reflect.Type]reflect.Type{ diff --git a/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/kube-schema.json b/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/kube-schema.json index f98841fda72..8da2412a336 100644 --- a/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/kube-schema.json +++ b/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/kube-schema.json @@ -2084,7 +2084,7 @@ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_LocalSubjectAccessReview": { + "kubernetes_authorization_v1_LocalSubjectAccessReview": { "type": "object", "description": "", "properties": { @@ -2105,22 +2105,22 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata", "io.fabric8.kubernetes.api.model.Namespaced" ] }, - "kubernetes_authorization_NonResourceAttributes": { + "kubernetes_authorization_v1_NonResourceAttributes": { "type": "object", "description": "", "properties": { @@ -2134,12 +2134,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_NonResourceRule": { + "kubernetes_authorization_v1_NonResourceRule": { "type": "object", "description": "", "properties": { @@ -2162,12 +2162,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceRule", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_ResourceAttributes": { + "kubernetes_authorization_v1_ResourceAttributes": { "type": "object", "description": "", "properties": { @@ -2201,12 +2201,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_ResourceRule": { + "kubernetes_authorization_v1_ResourceRule": { "type": "object", "description": "", "properties": { @@ -2247,12 +2247,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceRule", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SelfSubjectAccessReview": { + "kubernetes_authorization_v1_SelfSubjectAccessReview": { "type": "object", "description": "", "properties": { @@ -2273,40 +2273,40 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata" ] }, - "kubernetes_authorization_SelfSubjectAccessReviewSpec": { + "kubernetes_authorization_v1_SelfSubjectAccessReviewSpec": { "type": "object", "description": "", "properties": { "nonResourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes" }, "resourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_ResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewSpec", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SelfSubjectRulesReview": { + "kubernetes_authorization_v1_SelfSubjectRulesReview": { "type": "object", "description": "", "properties": { @@ -2327,21 +2327,21 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectRulesReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectRulesReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectRulesReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectRulesReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata" ] }, - "kubernetes_authorization_SelfSubjectRulesReviewSpec": { + "kubernetes_authorization_v1_SelfSubjectRulesReviewSpec": { "type": "object", "description": "", "properties": { @@ -2351,12 +2351,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReviewSpec", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SubjectAccessReview": { + "kubernetes_authorization_v1_SubjectAccessReview": { "type": "object", "description": "", "properties": { @@ -2377,21 +2377,21 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata" ] }, - "kubernetes_authorization_SubjectAccessReviewSpec": { + "kubernetes_authorization_v1_SubjectAccessReviewSpec": { "type": "object", "description": "", "properties": { @@ -2418,12 +2418,12 @@ } }, "nonResourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes" }, "resourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_ResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes" }, "uid": { "type": "string", @@ -2435,12 +2435,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewSpec", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SubjectAccessReviewStatus": { + "kubernetes_authorization_v1_SubjectAccessReviewStatus": { "type": "object", "description": "", "properties": { @@ -2462,12 +2462,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SubjectRulesReviewStatus": { + "kubernetes_authorization_v1_SubjectRulesReviewStatus": { "type": "object", "description": "", "properties": { @@ -2483,21 +2483,442 @@ "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceRule", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceRule" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceRule" } }, "resourceRules": { "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_authorization_ResourceRule", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceRule" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceRule" } } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectRulesReviewStatus", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_LocalSubjectAccessReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "LocalSubjectAccessReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_NonResourceAttributes": { + "type": "object", + "description": "", + "properties": { + "path": { + "type": "string", + "description": "" + }, + "verb": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceAttributes", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_NonResourceRule": { + "type": "object", + "description": "", + "properties": { + "nonResourceURLs": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "verbs": { + "type": "array", + "description": "", + "items": { + "type": "string", + "description": "" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRule", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_ResourceAttributes": { + "type": "object", + "description": "", + "properties": { + "group": { + "type": "string", + "description": "" + }, + "name": { + "type": "string", + "description": "" + }, + "namespace": { + "type": "string", + "description": "" + }, + "resource": { + "type": "string", + "description": "" + }, + "subresource": { + "type": "string", + "description": "" + }, + "verb": { + "type": "string", + "description": "" + }, + "version": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceAttributes", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_ResourceRule": { + "type": "object", + "description": "", + "properties": { + "apiGroups": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "resourceNames": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "resources": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "verbs": { + "type": "array", + "description": "", + "items": { + "type": "string", + "description": "" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRule", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectAccessReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "SelfSubjectAccessReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectAccessReviewSpec": { + "type": "object", + "description": "", + "properties": { + "nonResourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceAttributes" + }, + "resourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceAttributes" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReviewSpec", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectRulesReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "SelfSubjectRulesReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectRulesReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectRulesReviewSpec": { + "type": "object", + "description": "", + "properties": { + "namespace": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReviewSpec", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SubjectAccessReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "SubjectAccessReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_SubjectAccessReviewSpec": { + "type": "object", + "description": "", + "properties": { + "extra": { + "type": "object", + "description": "", + "additionalProperties": { + "type": "array", + "description": "", + "items": { + "type": "string", + "description": "" + } + }, + "javaType": "java.util.Map\u003cString,java.util.ArrayList\u003cString\u003e\u003e" + }, + "group": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "nonResourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceAttributes" + }, + "resourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceAttributes" + }, + "uid": { + "type": "string", + "description": "" + }, + "user": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SubjectAccessReviewStatus": { + "type": "object", + "description": "", + "properties": { + "allowed": { + "type": "boolean", + "description": "" + }, + "denied": { + "type": "boolean", + "description": "" + }, + "evaluationError": { + "type": "string", + "description": "" + }, + "reason": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SubjectRulesReviewStatus": { + "type": "object", + "description": "", + "properties": { + "evaluationError": { + "type": "string", + "description": "" + }, + "incomplete": { + "type": "boolean", + "description": "" + }, + "nonResourceRules": { + "type": "array", + "description": "", + "items": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRule" + } + }, + "resourceRules": { + "type": "array", + "description": "", + "items": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRule" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectRulesReviewStatus", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] @@ -2546,12 +2967,12 @@ "javaType": "io.fabric8.kubernetes.api.model.version.Info" }, "K8sLocalSubjectAccessReview": { - "$ref": "#/definitions/kubernetes_authorization_LocalSubjectAccessReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview" + "$ref": "#/definitions/kubernetes_authorization_v1_LocalSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview" }, "K8sSubjectAccessReview": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview" }, "ListOptions": { "$ref": "#/definitions/kubernetes_apimachinery_ListOptions", @@ -2602,12 +3023,12 @@ "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.RuleWithOperations" }, "SelfSubjectAccessReview": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectAccessReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview" }, "SelfSubjectRulesReview": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectRulesReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectRulesReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview" }, "ServiceReference": { "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_ServiceReference", @@ -2661,6 +3082,22 @@ "$ref": "#/definitions/kubernetes_admissionregistration_v1_ValidatingWebhookConfigurationList", "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1.ValidatingWebhookConfigurationList" }, + "V1beta1K8sLocalSubjectAccessReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_LocalSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview" + }, + "V1beta1K8sSubjectAccessReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview" + }, + "V1beta1SelfSubjectAccessReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview" + }, + "V1beta1SelfSubjectRulesReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectRulesReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview" + }, "ValidatingWebhookConfiguration": { "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_ValidatingWebhookConfiguration", "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration" diff --git a/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/validation-schema.json b/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/validation-schema.json index 43cb519c2cc..b87897ac943 100644 --- a/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/validation-schema.json +++ b/kubernetes-model-generator/kubernetes-model-admissionregistration/src/main/resources/schema/validation-schema.json @@ -2084,7 +2084,7 @@ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_LocalSubjectAccessReview": { + "kubernetes_authorization_v1_LocalSubjectAccessReview": { "type": "object", "description": "", "properties": { @@ -2105,22 +2105,22 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata", "io.fabric8.kubernetes.api.model.Namespaced" ] }, - "kubernetes_authorization_NonResourceAttributes": { + "kubernetes_authorization_v1_NonResourceAttributes": { "type": "object", "description": "", "properties": { @@ -2134,12 +2134,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_NonResourceRule": { + "kubernetes_authorization_v1_NonResourceRule": { "type": "object", "description": "", "properties": { @@ -2162,12 +2162,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceRule", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_ResourceAttributes": { + "kubernetes_authorization_v1_ResourceAttributes": { "type": "object", "description": "", "properties": { @@ -2201,12 +2201,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_ResourceRule": { + "kubernetes_authorization_v1_ResourceRule": { "type": "object", "description": "", "properties": { @@ -2247,12 +2247,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceRule", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SelfSubjectAccessReview": { + "kubernetes_authorization_v1_SelfSubjectAccessReview": { "type": "object", "description": "", "properties": { @@ -2273,40 +2273,40 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata" ] }, - "kubernetes_authorization_SelfSubjectAccessReviewSpec": { + "kubernetes_authorization_v1_SelfSubjectAccessReviewSpec": { "type": "object", "description": "", "properties": { "nonResourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes" }, "resourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_ResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewSpec", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SelfSubjectRulesReview": { + "kubernetes_authorization_v1_SelfSubjectRulesReview": { "type": "object", "description": "", "properties": { @@ -2327,21 +2327,21 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectRulesReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectRulesReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectRulesReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectRulesReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata" ] }, - "kubernetes_authorization_SelfSubjectRulesReviewSpec": { + "kubernetes_authorization_v1_SelfSubjectRulesReviewSpec": { "type": "object", "description": "", "properties": { @@ -2351,12 +2351,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReviewSpec", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SubjectAccessReview": { + "kubernetes_authorization_v1_SubjectAccessReview": { "type": "object", "description": "", "properties": { @@ -2377,21 +2377,21 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.HasMetadata" ] }, - "kubernetes_authorization_SubjectAccessReviewSpec": { + "kubernetes_authorization_v1_SubjectAccessReviewSpec": { "type": "object", "description": "", "properties": { @@ -2418,12 +2418,12 @@ } }, "nonResourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes" }, "resourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_ResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes" }, "uid": { "type": "string", @@ -2435,12 +2435,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewSpec", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SubjectAccessReviewStatus": { + "kubernetes_authorization_v1_SubjectAccessReviewStatus": { "type": "object", "description": "", "properties": { @@ -2462,12 +2462,12 @@ } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, - "kubernetes_authorization_SubjectRulesReviewStatus": { + "kubernetes_authorization_v1_SubjectRulesReviewStatus": { "type": "object", "description": "", "properties": { @@ -2483,21 +2483,442 @@ "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceRule", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceRule" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceRule" } }, "resourceRules": { "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_authorization_ResourceRule", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceRule" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceRule" } } }, "additionalProperties": true, - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectRulesReviewStatus", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_LocalSubjectAccessReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "LocalSubjectAccessReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_NonResourceAttributes": { + "type": "object", + "description": "", + "properties": { + "path": { + "type": "string", + "description": "" + }, + "verb": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceAttributes", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_NonResourceRule": { + "type": "object", + "description": "", + "properties": { + "nonResourceURLs": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "verbs": { + "type": "array", + "description": "", + "items": { + "type": "string", + "description": "" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRule", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_ResourceAttributes": { + "type": "object", + "description": "", + "properties": { + "group": { + "type": "string", + "description": "" + }, + "name": { + "type": "string", + "description": "" + }, + "namespace": { + "type": "string", + "description": "" + }, + "resource": { + "type": "string", + "description": "" + }, + "subresource": { + "type": "string", + "description": "" + }, + "verb": { + "type": "string", + "description": "" + }, + "version": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceAttributes", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_ResourceRule": { + "type": "object", + "description": "", + "properties": { + "apiGroups": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "resourceNames": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "resources": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "verbs": { + "type": "array", + "description": "", + "items": { + "type": "string", + "description": "" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRule", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectAccessReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "SelfSubjectAccessReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectAccessReviewSpec": { + "type": "object", + "description": "", + "properties": { + "nonResourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceAttributes" + }, + "resourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceAttributes" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReviewSpec", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectRulesReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "SelfSubjectRulesReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectRulesReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_SelfSubjectRulesReviewSpec": { + "type": "object", + "description": "", + "properties": { + "namespace": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReviewSpec", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SubjectAccessReview": { + "type": "object", + "description": "", + "properties": { + "apiVersion": { + "type": "string", + "description": "", + "default": "authorization.k8s.io/v1beta1", + "required": true + }, + "kind": { + "type": "string", + "description": "", + "default": "SubjectAccessReview", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", + "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec" + }, + "status": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.HasMetadata", + "io.fabric8.kubernetes.api.model.Namespaced" + ] + }, + "kubernetes_authorization_v1beta1_SubjectAccessReviewSpec": { + "type": "object", + "description": "", + "properties": { + "extra": { + "type": "object", + "description": "", + "additionalProperties": { + "type": "array", + "description": "", + "items": { + "type": "string", + "description": "" + } + }, + "javaType": "java.util.Map\u003cString,java.util.ArrayList\u003cString\u003e\u003e" + }, + "group": { + "type": "array", + "description": "", + "javaOmitEmpty": true, + "items": { + "type": "string", + "description": "" + } + }, + "nonResourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceAttributes" + }, + "resourceAttributes": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceAttributes" + }, + "uid": { + "type": "string", + "description": "" + }, + "user": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SubjectAccessReviewStatus": { + "type": "object", + "description": "", + "properties": { + "allowed": { + "type": "boolean", + "description": "" + }, + "denied": { + "type": "boolean", + "description": "" + }, + "evaluationError": { + "type": "string", + "description": "" + }, + "reason": { + "type": "string", + "description": "" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, + "kubernetes_authorization_v1beta1_SubjectRulesReviewStatus": { + "type": "object", + "description": "", + "properties": { + "evaluationError": { + "type": "string", + "description": "" + }, + "incomplete": { + "type": "boolean", + "description": "" + }, + "nonResourceRules": { + "type": "array", + "description": "", + "items": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRule" + } + }, + "resourceRules": { + "type": "array", + "description": "", + "items": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRule" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectRulesReviewStatus", "javaInterfaces": [ "io.fabric8.kubernetes.api.model.KubernetesResource" ] @@ -2546,12 +2967,12 @@ "javaType": "io.fabric8.kubernetes.api.model.version.Info" }, "K8sLocalSubjectAccessReview": { - "$ref": "#/definitions/kubernetes_authorization_LocalSubjectAccessReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview" + "$ref": "#/definitions/kubernetes_authorization_v1_LocalSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview" }, "K8sSubjectAccessReview": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview" }, "ListOptions": { "$ref": "#/definitions/kubernetes_apimachinery_ListOptions", @@ -2602,12 +3023,12 @@ "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.RuleWithOperations" }, "SelfSubjectAccessReview": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectAccessReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview" }, "SelfSubjectRulesReview": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectRulesReview", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectRulesReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview" }, "ServiceReference": { "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_ServiceReference", @@ -2661,6 +3082,22 @@ "$ref": "#/definitions/kubernetes_admissionregistration_v1_ValidatingWebhookConfigurationList", "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1.ValidatingWebhookConfigurationList" }, + "V1beta1K8sLocalSubjectAccessReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_LocalSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview" + }, + "V1beta1K8sSubjectAccessReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview" + }, + "V1beta1SelfSubjectAccessReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectAccessReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview" + }, + "V1beta1SelfSubjectRulesReview": { + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectRulesReview", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview" + }, "ValidatingWebhookConfiguration": { "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_ValidatingWebhookConfiguration", "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration" @@ -3203,7 +3640,7 @@ "apiVersion": { "type": "string", "description": "", - "default": "authorization.k8s.io/v1", + "default": "authorization.k8s.io/v1beta1", "required": true }, "kind": { @@ -3217,12 +3654,12 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" } }, "additionalProperties": true @@ -3261,14 +3698,15 @@ "admissionReviewVersions": { "type": "array", "description": "", + "javaOmitEmpty": true, "items": { "type": "string", "description": "" } }, "clientConfig": { - "$ref": "#/definitions/kubernetes_admissionregistration_v1_WebhookClientConfig", - "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1.WebhookClientConfig" + "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_WebhookClientConfig", + "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.WebhookClientConfig" }, "failurePolicy": { "type": "string", @@ -3299,8 +3737,8 @@ "description": "", "javaOmitEmpty": true, "items": { - "$ref": "#/definitions/kubernetes_admissionregistration_v1_RuleWithOperations", - "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1.RuleWithOperations" + "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_RuleWithOperations", + "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.RuleWithOperations" } }, "sideEffects": { @@ -3783,12 +4221,12 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1_SelfSubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus" } }, "additionalProperties": true @@ -3796,12 +4234,12 @@ "selfsubjectaccessreviewspec": { "properties": { "nonResourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes" }, "resourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_ResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes" } }, "additionalProperties": true @@ -3811,7 +4249,7 @@ "apiVersion": { "type": "string", "description": "", - "default": "authorization.k8s.io/v1", + "default": "authorization.k8s.io/v1beta1", "required": true }, "kind": { @@ -3825,12 +4263,12 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SelfSubjectRulesReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SelfSubjectRulesReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectRulesReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectRulesReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectRulesReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectRulesReviewStatus" } }, "additionalProperties": true @@ -3975,7 +4413,7 @@ "apiVersion": { "type": "string", "description": "", - "default": "authorization.k8s.io/v1", + "default": "authorization.k8s.io/v1beta1", "required": true }, "kind": { @@ -3989,12 +4427,12 @@ "javaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, "spec": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewSpec", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewSpec" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewSpec", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewSpec" }, "status": { - "$ref": "#/definitions/kubernetes_authorization_SubjectAccessReviewStatus", - "javaType": "io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_SubjectAccessReviewStatus", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus" } }, "additionalProperties": true @@ -4024,12 +4462,12 @@ } }, "nonResourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_NonResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.NonResourceAttributes" }, "resourceAttributes": { - "$ref": "#/definitions/kubernetes_authorization_ResourceAttributes", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceAttributes" + "$ref": "#/definitions/kubernetes_authorization_v1_ResourceAttributes", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1.ResourceAttributes" }, "uid": { "type": "string", @@ -4077,16 +4515,16 @@ "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_authorization_NonResourceRule", - "javaType": "io.fabric8.kubernetes.api.model.authorization.NonResourceRule" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_NonResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRule" } }, "resourceRules": { "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_authorization_ResourceRule", - "javaType": "io.fabric8.kubernetes.api.model.authorization.ResourceRule" + "$ref": "#/definitions/kubernetes_authorization_v1beta1_ResourceRule", + "javaType": "io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRule" } } }, @@ -4342,15 +4780,15 @@ "apiVersion": { "type": "string", "description": "", - "default": "admissionregistration.k8s.io/v1", + "default": "admissionregistration.k8s.io/v1beta1", "required": true }, "items": { "type": "array", "description": "", "items": { - "$ref": "#/definitions/kubernetes_admissionregistration_v1_ValidatingWebhookConfiguration", - "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1.ValidatingWebhookConfiguration" + "$ref": "#/definitions/kubernetes_admissionregistration_v1beta1_ValidatingWebhookConfiguration", + "javaType": "io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration" } }, "kind": { diff --git a/kubernetes-model-generator/kubernetes-model-admissionregistration/src/test/java/io/fabric8/kubernetes/api/model/authorization/SubjectAccessReviewTest.java b/kubernetes-model-generator/kubernetes-model-admissionregistration/src/test/java/io/fabric8/kubernetes/api/model/authorization/SubjectAccessReviewTest.java index 90b0340e43d..3aa9a3f8bf6 100644 --- a/kubernetes-model-generator/kubernetes-model-admissionregistration/src/test/java/io/fabric8/kubernetes/api/model/authorization/SubjectAccessReviewTest.java +++ b/kubernetes-model-generator/kubernetes-model-admissionregistration/src/test/java/io/fabric8/kubernetes/api/model/authorization/SubjectAccessReviewTest.java @@ -15,6 +15,9 @@ */ package io.fabric8.kubernetes.api.model.authorization; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewBuilder; + import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -23,7 +26,7 @@ public class SubjectAccessReviewTest { @Test public void testBuilder() { - SubjectAccessReview sar = new io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewBuilder() + SubjectAccessReview sar = new SubjectAccessReviewBuilder() .withNewMetadata().withName("test-sar").endMetadata() .withNewSpec() .withNewResourceAttributes() diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/SubjectAccessReviewAuthTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/SubjectAccessReviewAuthTest.java deleted file mode 100644 index bc707df9bd2..00000000000 --- a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/SubjectAccessReviewAuthTest.java +++ /dev/null @@ -1,105 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package io.fabric8.kubernetes.client.mock; - -import io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.LocalSubjectAccessReviewBuilder; -import io.fabric8.kubernetes.api.model.authorization.ResourceRuleBuilder; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewBuilder; -import io.fabric8.kubernetes.api.model.authorization.SubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewBuilder; -import io.fabric8.kubernetes.api.model.authorization.SubjectAccessReviewStatus; -import io.fabric8.kubernetes.client.KubernetesClient; -import io.fabric8.kubernetes.client.server.mock.KubernetesServer; -import io.fabric8.kubernetes.client.utils.Serialization; -import org.junit.Rule; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.migrationsupport.rules.EnableRuleMigrationSupport; - -import java.nio.charset.Charset; - -import static org.junit.jupiter.api.Assertions.assertAll; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; - -@EnableRuleMigrationSupport -public class SubjectAccessReviewAuthTest { - - @Rule - public KubernetesServer server = new KubernetesServer(); - - @Test - public void createSubjectAccessReviewTest() { - KubernetesClient client = server.getClient(); - - SubjectAccessReview review = new SubjectAccessReviewBuilder().withNewSpec() - .withUser("admin-user") - .withNewResourceAttributes() - .withResource("pod") - .withVerb("create") - .endResourceAttributes() - .endSpec() - .build(); - - server.expect().post().withPath("/apis/authorization.k8s.io/v1/subjectaccessreviews").andReply(200, recordedRequest -> { - SubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), SubjectAccessReview.class); - - reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); - - return reviewResponse; - }).always(); - - SubjectAccessReview reviewResponse = client.subjectAccessReviewAuth().create(review); - - assertAll(() -> { - assertNotNull(reviewResponse); - assertEquals(true, reviewResponse.getStatus().getAllowed()); - }); - } - - @Test - public void createLocalSubjectAccessReviewTest() { - KubernetesClient client = server.getClient(); - - LocalSubjectAccessReview review = new LocalSubjectAccessReviewBuilder().withNewSpec() - .withUser("admin-user") - .withNewResourceAttributes() - .withResource("pod") - .withVerb("create") - .endResourceAttributes() - .endSpec() - .build(); - - server.expect().post().withPath("/apis/authorization.k8s.io/v1/namespaces/test/localsubjectaccessreviews").andReply(200, recordedRequest -> { - LocalSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), LocalSubjectAccessReview.class); - reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); - - return reviewResponse; - }).once(); - - LocalSubjectAccessReview reviewResponse = client.subjectAccessReviewAuth() - .inNamespace("test").create(review); - - assertAll(() -> { - assertNotNull(reviewResponse); - assertNotNull(reviewResponse.getMetadata()); - assertEquals("test", reviewResponse.getMetadata().getNamespace()); - assertEquals("test", reviewResponse.getSpec().getResourceAttributes().getNamespace()); - assertEquals(true, reviewResponse.getStatus().getAllowed()); - }); - } -} diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SubjectAccessReviewAuthTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SubjectAccessReviewAuthTest.java new file mode 100644 index 00000000000..7f0adfcbc82 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SubjectAccessReviewAuthTest.java @@ -0,0 +1,213 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.mock; + +import io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.LocalSubjectAccessReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1.NonResourceRule; +import io.fabric8.kubernetes.api.model.authorization.v1.NonResourceRuleBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1.ResourceRule; +import io.fabric8.kubernetes.api.model.authorization.v1.ResourceRuleBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectAccessReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectAccessReviewStatus; +import io.fabric8.kubernetes.api.model.authorization.v1.SubjectRulesReviewStatusBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.server.mock.KubernetesServer; +import io.fabric8.kubernetes.client.utils.Serialization; +import org.junit.Rule; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.migrationsupport.rules.EnableRuleMigrationSupport; + +import java.net.HttpURLConnection; +import java.nio.charset.Charset; +import java.util.ArrayList; +import java.util.List; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +@EnableRuleMigrationSupport +class V1SubjectAccessReviewAuthTest { + @Rule + public KubernetesServer server = new KubernetesServer(); + + @Test + @DisplayName("Should Create SubjectAccessReview") + void createSubjectAccessReviewTest() { + // Given + SubjectAccessReview review = new SubjectAccessReviewBuilder() + .withNewSpec() + .withUser("admin-user") + .withNewResourceAttributes() + .withResource("pod") + .withVerb("create") + .endResourceAttributes() + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1/subjectaccessreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + LocalSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), LocalSubjectAccessReview.class); + reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + SubjectAccessReview reviewResponse = client.authorization().v1().subjectAccessReview().create(review); + + // Then + assertNotNull(reviewResponse); + assertEquals(true, reviewResponse.getStatus().getAllowed()); + } + + @Test + @DisplayName("Should Create LocalSubjectAccessReview") + void createLocalSubjectAccessReviewTest() { + // Given + LocalSubjectAccessReview review = new LocalSubjectAccessReviewBuilder().withNewSpec() + .withUser("admin-user") + .withNewResourceAttributes() + .withResource("pod") + .withNamespace("test") + .withVerb("create") + .endResourceAttributes() + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1/namespaces/test/localsubjectaccessreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + LocalSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), LocalSubjectAccessReview.class); + reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + LocalSubjectAccessReview reviewResponse = client.authorization().v1() + .localSubjectAccessReview() + .inNamespace("test") + .create(review); + + // Then + assertNotNull(reviewResponse); + assertEquals("test", reviewResponse.getSpec().getResourceAttributes().getNamespace()); + assertTrue( reviewResponse.getStatus().getAllowed()); + } + + @Test + @DisplayName("Create SelfSubjectRulesReview") + void testCreateSelfSubjectRulesReview() { + // Given + SelfSubjectRulesReview selfSubjectRulesReview = new SelfSubjectRulesReviewBuilder() + .withNewMetadata().withName("foo").endMetadata() + .withNewSpec() + .withNamespace("test") + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1/selfsubjectrulesreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + SelfSubjectRulesReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), SelfSubjectRulesReview.class); + List nonResourceRuleList = new ArrayList<>(); + nonResourceRuleList.add(new NonResourceRuleBuilder().withNonResourceURLs("*").withVerbs("*").build()); + nonResourceRuleList.add(new NonResourceRuleBuilder() + .withNonResourceURLs("/healthz", "/livez", "/readyz", "/version", "/version/") + .withVerbs("get") + .build()); + nonResourceRuleList.add(new NonResourceRuleBuilder() + .withNonResourceURLs("/api", "/api/*", "/apis", "/apis/*", "/healthz", "/livez", "/openapi", "/openapi/*", "/readyz", "/version", "/version/") + .withVerbs("get") + .build()); + + List resourceRuleList = new ArrayList<>(); + resourceRuleList.add(new ResourceRuleBuilder().withApiGroups("*").withResources("*").withVerbs("*").build()); + resourceRuleList.add(new ResourceRuleBuilder() + .withApiGroups("authorization.k8s.io") + .withResources("selfsubjectaccessreviews", "selfsubjectrulesreviews") + .withVerbs("create") + .build()); + + + reviewResponse.setStatus(new SubjectRulesReviewStatusBuilder() + .withIncomplete(false) + .withNonResourceRules(nonResourceRuleList) + .withResourceRules(resourceRuleList) + .build()); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + SelfSubjectRulesReview reviewResponse = client.authorization().v1() + .selfSubjectRulesReview() + .create(selfSubjectRulesReview); + + // Then + assertNotNull(reviewResponse); + assertEquals("test", reviewResponse.getSpec().getNamespace()); + assertNotNull(reviewResponse.getStatus()); + assertFalse(reviewResponse.getStatus().getIncomplete()); + assertEquals(3, reviewResponse.getStatus().getNonResourceRules().size()); + assertEquals(2, reviewResponse.getStatus().getResourceRules().size()); + } + + @Test + @DisplayName("Create SelfSubjectAccessReview") + void testCreateSelfSubjectAccessReview() { + // Given + SelfSubjectAccessReview ssar = new SelfSubjectAccessReviewBuilder() + .withNewSpec() + .withNewResourceAttributes() + .withGroup("apps") + .withResource("deployments") + .withVerb("create") + .withNamespace("test") + .endResourceAttributes() + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1/selfsubjectaccessreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + SelfSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), SelfSubjectAccessReview.class); + reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + SelfSubjectAccessReview reviewResponse = client.authorization().v1() + .selfSubjectAccessReview() + .create(ssar); + + // Then + assertNotNull(reviewResponse); + assertEquals("test", reviewResponse.getSpec().getResourceAttributes().getNamespace()); + assertTrue(reviewResponse.getStatus().getAllowed()); + } +} diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1SubjectAccessReviewAuthTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1SubjectAccessReviewAuthTest.java new file mode 100644 index 00000000000..56ddb764a84 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1SubjectAccessReviewAuthTest.java @@ -0,0 +1,213 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.mock; + +import io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.LocalSubjectAccessReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRule; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.NonResourceRuleBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRule; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.ResourceRuleBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectAccessReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SelfSubjectRulesReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReview; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewBuilder; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectAccessReviewStatus; +import io.fabric8.kubernetes.api.model.authorization.v1beta1.SubjectRulesReviewStatusBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.server.mock.KubernetesServer; +import io.fabric8.kubernetes.client.utils.Serialization; +import org.junit.Rule; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.migrationsupport.rules.EnableRuleMigrationSupport; + +import java.net.HttpURLConnection; +import java.nio.charset.Charset; +import java.util.ArrayList; +import java.util.List; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +@EnableRuleMigrationSupport +class V1beta1SubjectAccessReviewAuthTest { + @Rule + public KubernetesServer server = new KubernetesServer(); + + @Test + @DisplayName("Should Create SubjectAccessReview") + void createSubjectAccessReviewTest() { + // Given + SubjectAccessReview review = new SubjectAccessReviewBuilder() + .withNewSpec() + .withUser("admin-user") + .withNewResourceAttributes() + .withResource("pod") + .withVerb("create") + .endResourceAttributes() + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1beta1/subjectaccessreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + LocalSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), LocalSubjectAccessReview.class); + reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + SubjectAccessReview reviewResponse = client.authorization().v1beta1().subjectAccessReview().create(review); + + // Then + assertNotNull(reviewResponse); + assertEquals(true, reviewResponse.getStatus().getAllowed()); + } + + @Test + @DisplayName("Should Create LocalSubjectAccessReview") + void createLocalSubjectAccessReviewTest() { + // Given + LocalSubjectAccessReview review = new LocalSubjectAccessReviewBuilder().withNewSpec() + .withUser("admin-user") + .withNewResourceAttributes() + .withResource("pod") + .withNamespace("test") + .withVerb("create") + .endResourceAttributes() + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1beta1/namespaces/test/localsubjectaccessreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + LocalSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), LocalSubjectAccessReview.class); + reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + LocalSubjectAccessReview reviewResponse = client.authorization().v1beta1() + .localSubjectAccessReview() + .inNamespace("test") + .create(review); + + // Then + assertNotNull(reviewResponse); + assertEquals("test", reviewResponse.getSpec().getResourceAttributes().getNamespace()); + assertTrue(reviewResponse.getStatus().getAllowed()); + } + + @Test + void testCreateSelfSubjectRulesReview() { + // Given + SelfSubjectRulesReview selfSubjectRulesReview = new SelfSubjectRulesReviewBuilder() + .withNewMetadata().withName("foo").endMetadata() + .withNewSpec() + .withNamespace("test") + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1beta1/selfsubjectrulesreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + SelfSubjectRulesReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), SelfSubjectRulesReview.class); + List nonResourceRuleList = new ArrayList<>(); + nonResourceRuleList.add(new NonResourceRuleBuilder().withNonResourceURLs("*").withVerbs("*").build()); + nonResourceRuleList.add(new NonResourceRuleBuilder() + .withNonResourceURLs("/healthz", "/livez", "/readyz", "/version", "/version/") + .withVerbs("get") + .build()); + nonResourceRuleList.add(new NonResourceRuleBuilder() + .withNonResourceURLs("/api", "/api/*", "/apis", "/apis/*", "/healthz", "/livez", "/openapi", "/openapi/*", "/readyz", "/version", "/version/") + .withVerbs("get") + .build()); + + List resourceRuleList = new ArrayList<>(); + resourceRuleList.add(new ResourceRuleBuilder().withApiGroups("*").withResources("*").withVerbs("*").build()); + resourceRuleList.add(new ResourceRuleBuilder() + .withApiGroups("authorization.k8s.io") + .withResources("selfsubjectaccessreviews", "selfsubjectrulesreviews") + .withVerbs("create") + .build()); + + + reviewResponse.setStatus(new SubjectRulesReviewStatusBuilder() + .withIncomplete(false) + .withNonResourceRules(nonResourceRuleList) + .withResourceRules(resourceRuleList) + .build()); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + SelfSubjectRulesReview reviewResponse = client.authorization().v1beta1() + .selfSubjectRulesReview() + .create(selfSubjectRulesReview); + + // Then + assertNotNull(reviewResponse); + assertEquals("test", reviewResponse.getSpec().getNamespace()); + assertNotNull(reviewResponse.getStatus()); + assertFalse(reviewResponse.getStatus().getIncomplete()); + assertEquals(3, reviewResponse.getStatus().getNonResourceRules().size()); + assertEquals(2, reviewResponse.getStatus().getResourceRules().size()); + } + + @Test + @DisplayName("Create SelfSubjectAccessReview") + void testCreateSelfAccessRulesReview() { + // Given + SelfSubjectAccessReview ssar = new SelfSubjectAccessReviewBuilder() + .withNewSpec() + .withNewResourceAttributes() + .withGroup("apps") + .withResource("deployments") + .withVerb("create") + .withNamespace("test") + .endResourceAttributes() + .endSpec() + .build(); + + server.expect().post().withPath("/apis/authorization.k8s.io/v1beta1/selfsubjectaccessreviews") + .andReply(HttpURLConnection.HTTP_OK, recordedRequest -> { + SelfSubjectAccessReview reviewResponse = Serialization.unmarshal(recordedRequest.getBody().readString(Charset.defaultCharset()), SelfSubjectAccessReview.class); + reviewResponse.setStatus(new SubjectAccessReviewStatus(true, false, "", "")); + + return reviewResponse; + }).once(); + KubernetesClient client = server.getClient(); + + // When + SelfSubjectAccessReview reviewResponse = client.authorization().v1beta1() + .selfSubjectAccessReview() + .create(ssar); + + // Then + assertNotNull(reviewResponse); + assertEquals("test", reviewResponse.getSpec().getResourceAttributes().getNamespace()); + assertTrue(reviewResponse.getStatus().getAllowed()); + } +} + diff --git a/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java index e12ae1b465b..bab25e0d04d 100644 --- a/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java +++ b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java @@ -16,7 +16,6 @@ package io.fabric8.openshift.client.server.mock; -import io.fabric8.kubernetes.api.model.APIGroupListBuilder; import io.fabric8.openshift.api.model.LocalSubjectAccessReviewBuilder; import io.fabric8.openshift.api.model.SubjectAccessReviewBuilder; import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; @@ -44,7 +43,8 @@ public void testCreate() { NamespacedOpenShiftClient client = server.getOpenshiftClient(); - SubjectAccessReviewResponse response = client.inAnyNamespace().subjectAccessReviews().create(new SubjectAccessReviewBuilder().build()); + SubjectAccessReviewResponse response = client.inAnyNamespace().subjectAccessReviews().create(new SubjectAccessReviewBuilder() + .build()); assertNotNull(response); assertEquals("r1", response.getReason()); } @@ -56,10 +56,10 @@ public void testCreateInLine() { .withReason("r2") .build()).once(); - NamespacedOpenShiftClient client = server.getOpenshiftClient(); - SubjectAccessReviewResponse response = client.inAnyNamespace().subjectAccessReviews().createNew().withUser("user").withVerb("verb").done(); + SubjectAccessReviewResponse response = client.inAnyNamespace().subjectAccessReviews() + .create(new SubjectAccessReviewBuilder().build()); assertNotNull(response); assertEquals("r2", response.getReason()); } @@ -67,13 +67,17 @@ public void testCreateInLine() { @Test public void testCreateLocal() { - server.expect().withPath("/apis/authorization.openshift.io/v1/namespaces/test/subjectaccessreviews").andReturn(201, new SubjectAccessReviewResponseBuilder() + server.expect().withPath("/apis/authorization.openshift.io/v1/namespaces/test/localsubjectaccessreviews").andReturn(201, new SubjectAccessReviewResponseBuilder() .withReason("r1") .build()).once(); OpenShiftClient client = server.getOpenshiftClient(); - SubjectAccessReviewResponse response = client.subjectAccessReviews().inNamespace("test").create(new LocalSubjectAccessReviewBuilder().build()); + SubjectAccessReviewResponse response = client.localSubjectAccessReviews().inNamespace("test").create(new LocalSubjectAccessReviewBuilder() + .withNamespace("test") + .withVerb("get") + .withGroups("test.fabric8.io") + .build()); assertNotNull(response); assertEquals("r1", response.getReason()); } @@ -81,13 +85,16 @@ public void testCreateLocal() { @Test public void testCreateLocalInLine() { - server.expect().withPath("/apis/authorization.openshift.io/v1/namespaces/test/subjectaccessreviews").andReturn( 201, new SubjectAccessReviewResponseBuilder() + server.expect().withPath("/apis/authorization.openshift.io/v1/namespaces/test/localsubjectaccessreviews").andReturn( 201, new SubjectAccessReviewResponseBuilder() .withReason("r2") .build()).once(); OpenShiftClient client = server.getOpenshiftClient(); - SubjectAccessReviewResponse response = client.subjectAccessReviews().inNamespace("test").createNew().withUser("user").withVerb("verb").done(); + SubjectAccessReviewResponse response = client.localSubjectAccessReviews().inNamespace("test").create(new LocalSubjectAccessReviewBuilder() + .withUser("user") + .withVerb("verb") + .build()); assertNotNull(response); assertEquals("r2", response.getReason()); } diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java index 465c660a543..1727f2f6a68 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java @@ -58,6 +58,7 @@ import io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor; import io.fabric8.kubernetes.client.utils.Serialization; import io.fabric8.kubernetes.client.informers.SharedInformerFactory; +import io.fabric8.kubernetes.client.utils.Utils; import io.fabric8.openshift.api.model.Build; import io.fabric8.openshift.api.model.BuildConfig; import io.fabric8.openshift.api.model.BuildConfigList; @@ -86,6 +87,7 @@ import io.fabric8.openshift.api.model.ImageStreamList; import io.fabric8.openshift.api.model.ImageStreamTag; import io.fabric8.openshift.api.model.ImageStreamTagList; +import io.fabric8.openshift.api.model.LocalSubjectAccessReview; import io.fabric8.openshift.api.model.OAuthAccessToken; import io.fabric8.openshift.api.model.OAuthAccessTokenList; import io.fabric8.openshift.api.model.OAuthAuthorizeToken; @@ -102,6 +104,7 @@ import io.fabric8.openshift.api.model.RouteList; import io.fabric8.openshift.api.model.SecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraintsList; +import io.fabric8.openshift.api.model.SubjectAccessReview; import io.fabric8.openshift.api.model.Template; import io.fabric8.openshift.api.model.TemplateList; import io.fabric8.openshift.api.model.User; @@ -354,11 +357,6 @@ public MixedOperation, D extends Doneable> MixedOperation> customResources(CustomResourceDefinitionContext crdContext, Class resourceType, Class listClass, Class doneClass) { return new CustomResourceOperationsImpl<>(new CustomResourceOperationContext().withOkhttpClient(httpClient).withConfig(getConfiguration()).withCrdContext(crdContext).withType(resourceType).withListType(listClass).withDoneableType(doneClass)); @@ -389,6 +387,11 @@ public NonNamespaceOperation return new UserOperationsImpl(httpClient, OpenShiftConfig.wrap(getConfiguration())); } - @Override - public SubjectAccessReviewOperation subjectAccessReviews() { - return new SubjectAccessReviewOperationImpl(httpClient, OpenShiftConfig.wrap(getConfiguration())); - } - @Override public MixedOperation> clusterRoleBindings() { return new ClusterRoleBindingOperationsImpl(httpClient, OpenShiftConfig.wrap(getConfiguration())); @@ -541,6 +539,16 @@ public AutoscalingAPIGroupDSL autoscaling() { @Override public SettingsAPIGroupDSL settings() { return adapt(SettingsAPIGroupClient.class); } + @Override + public OpenshiftSubjectAccessOperations subjectAccessReviews() { + return new OpenShiftSubjectAccessReviewOperationsImpl(httpClient, getConfiguration(), "authorization.openshift.io", "v1", Utils.getPluralFromKind(SubjectAccessReview.class.getSimpleName())); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews() { + return new OpenShiftLocalSubjectAccessReviewOperationsImpl(httpClient, getConfiguration(), "authorization.openshift.io", "v1", Utils.getPluralFromKind(LocalSubjectAccessReview.class.getSimpleName())); + } + @Override public BatchAPIGroupDSL batch() { return adapt(BatchAPIGroupClient.class); } diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java index c16224708d5..48b3edf85ad 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java @@ -101,7 +101,9 @@ public interface OpenShiftClient extends KubernetesClient { NonNamespaceOperation> securityContextConstraints(); - SubjectAccessReviewOperation subjectAccessReviews(); + OpenshiftSubjectAccessOperations subjectAccessReviews(); + + OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews(); MixedOperation> clusterRoleBindings(); diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java new file mode 100644 index 00000000000..2046fd004de --- /dev/null +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java @@ -0,0 +1,70 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.openshift.client; + +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.KubernetesClientException; +import io.fabric8.kubernetes.client.dsl.Namespaceable; +import io.fabric8.kubernetes.client.dsl.base.OperationContext; +import io.fabric8.kubernetes.client.dsl.base.OperationSupport; +import io.fabric8.openshift.api.model.LocalSubjectAccessReview; +import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; +import okhttp3.OkHttpClient; + +import java.io.IOException; +import java.util.concurrent.ExecutionException; + +public class OpenShiftLocalSubjectAccessReviewOperationsImpl extends OperationSupport implements OpenshiftSubjectAccessOperations, Namespaceable { + private String subjectAccessApiGroupName; + private String subjectAccessApiGroupVersion; + private String plural; + + public OpenShiftLocalSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural) { + this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural); + this.subjectAccessApiGroupName = apiGroupName; + this.subjectAccessApiGroupVersion = apiGroupVersion; + this.plural = plural; + } + + public OpenShiftLocalSubjectAccessReviewOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural) { + super(context.withApiGroupName(apiGroupName) + .withApiGroupVersion(apiGroupVersion) + .withPlural(plural)); + this.subjectAccessApiGroupName = apiGroupName; + this.subjectAccessApiGroupVersion = apiGroupVersion; + this.plural = plural; + } + + @Override + public SubjectAccessReviewResponse create(LocalSubjectAccessReview item) { + try { + return handleCreate(item, SubjectAccessReviewResponse.class); + } catch (ExecutionException | IOException e) { + throw KubernetesClientException.launderThrowable(e); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + throw KubernetesClientException.launderThrowable(ie); + } + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl inNamespace(String namespace) { + this.namespace = namespace; + return new OpenShiftLocalSubjectAccessReviewOperationsImpl(context.withNamespace(namespace), subjectAccessApiGroupName, subjectAccessApiGroupVersion, this.plural); + } + +} + diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSubjectAccessReview.java b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenshiftSubjectAccessOperations.java similarity index 55% rename from openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSubjectAccessReview.java rename to openshift-client/src/main/java/io/fabric8/openshift/client/OpenshiftSubjectAccessOperations.java index b4f5aa401d4..45a0f4694d2 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSubjectAccessReview.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenshiftSubjectAccessOperations.java @@ -13,18 +13,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +package io.fabric8.openshift.client; -package io.fabric8.openshift.client.dsl; - -import io.fabric8.kubernetes.api.model.Doneable; -import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.openshift.api.model.SubjectAccessReview; -import io.fabric8.openshift.api.model.SubjectAccessReviewFluentImpl; import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; -public abstract class CreateableSubjectAccessReview extends - SubjectAccessReviewFluentImpl - implements - Doneable, - Createable { +public interface OpenshiftSubjectAccessOperations { + SubjectAccessReviewResponse create(T item); } diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectAccessReview.java b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectAccessReview.java deleted file mode 100644 index 81844a9c9a0..00000000000 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectAccessReview.java +++ /dev/null @@ -1,30 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fabric8.openshift.client.dsl; - -import io.fabric8.kubernetes.api.model.Doneable; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewFluentImpl; -import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; - -public abstract class CreateableSelfSubjectAccessReview extends - SelfSubjectAccessReviewFluentImpl - implements - Doneable, - Createable { -} diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectRulesReview.java b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectRulesReview.java deleted file mode 100644 index 35a2150cc7e..00000000000 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/CreateableSelfSubjectRulesReview.java +++ /dev/null @@ -1,30 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fabric8.openshift.client.dsl; - -import io.fabric8.kubernetes.api.model.Doneable; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReviewFluentImpl; -import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; - -public abstract class CreateableSelfSubjectRulesReview extends - SelfSubjectRulesReviewFluentImpl - implements - Doneable, - Createable { -} diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/SubjectAccessReviewOperation.java b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/SubjectAccessReviewOperation.java deleted file mode 100644 index eda5af5be66..00000000000 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/SubjectAccessReviewOperation.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fabric8.openshift.client.dsl; - -import io.fabric8.kubernetes.api.model.Doneable; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview; -import io.fabric8.kubernetes.client.dsl.AnyNamespaceable; -import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.kubernetes.client.dsl.Listable; -import io.fabric8.kubernetes.client.dsl.Namespaceable; -import io.fabric8.openshift.api.model.*; - -public interface SubjectAccessReviewOperation, L extends Doneable, M extends Doneable, N extends Doneable> extends - Createable, - Namespaceable>, - AnyNamespaceable>, - Listable> { - -} diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java new file mode 100644 index 00000000000..850c805af0a --- /dev/null +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java @@ -0,0 +1,59 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.openshift.client.dsl.internal; + +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.KubernetesClientException; +import io.fabric8.kubernetes.client.dsl.base.OperationContext; +import io.fabric8.kubernetes.client.dsl.base.OperationSupport; +import io.fabric8.openshift.api.model.SubjectAccessReview; +import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; +import io.fabric8.openshift.client.OpenshiftSubjectAccessOperations; +import okhttp3.OkHttpClient; + +import java.io.IOException; +import java.util.concurrent.ExecutionException; + + +public class OpenShiftSubjectAccessReviewOperationsImpl extends OperationSupport implements OpenshiftSubjectAccessOperations { + + public OpenShiftSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural) { + this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural); + } + + public OpenShiftSubjectAccessReviewOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural) { + super(context.withApiGroupName(apiGroupName) + .withApiGroupVersion(apiGroupVersion) + .withPlural(plural)); + } + + @Override + public SubjectAccessReviewResponse create(SubjectAccessReview item) { + try { + return handleCreate(item, SubjectAccessReviewResponse.class); + } catch (ExecutionException | IOException e) { + throw KubernetesClientException.launderThrowable(e); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + throw KubernetesClientException.launderThrowable(ie); + } + } + + @Override + public boolean isResourceNamespaced() { + return false; + } +} diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/SubjectAccessReviewOperationImpl.java b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/SubjectAccessReviewOperationImpl.java deleted file mode 100644 index 5e1020d17c5..00000000000 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/SubjectAccessReviewOperationImpl.java +++ /dev/null @@ -1,285 +0,0 @@ -/** - * Copyright (C) 2015 Red Hat, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fabric8.openshift.client.dsl.internal; - -import io.fabric8.kubernetes.api.model.ListOptions; -import io.fabric8.kubernetes.api.model.StatusBuilder; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReview; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectAccessReviewBuilder; -import io.fabric8.kubernetes.api.model.authorization.SelfSubjectRulesReview; -import io.fabric8.kubernetes.client.dsl.Createable; -import io.fabric8.kubernetes.client.dsl.base.OperationContext; -import io.fabric8.openshift.api.model.*; -import io.fabric8.openshift.api.model.LocalSubjectAccessReviewBuilder; -import io.fabric8.openshift.api.model.SubjectAccessReviewBuilder; -import io.fabric8.openshift.client.dsl.*; -import okhttp3.OkHttpClient; -import io.fabric8.kubernetes.api.model.HasMetadata; -import io.fabric8.kubernetes.client.KubernetesClientException; -import io.fabric8.kubernetes.client.dsl.base.OperationSupport; -import io.fabric8.kubernetes.client.utils.Utils; -import io.fabric8.openshift.client.OpenShiftConfig; - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.concurrent.ExecutionException; - -import static io.fabric8.openshift.client.OpenShiftAPIGroups.AUTHORIZATION; - -// TODO: Check why this class does not extend OpenshiftOperation, then the getRoot method can be removed -public class SubjectAccessReviewOperationImpl extends OperationSupport implements SubjectAccessReviewOperation { - - public SubjectAccessReviewOperationImpl(OkHttpClient client, OpenShiftConfig config) { - this(new OperationContext().withOkhttpClient(client).withConfig(config)); - } - - public SubjectAccessReviewOperationImpl(OperationContext context) { - super(context.withApiGroupName(AUTHORIZATION) - .withPlural("subjectaccessreviews")); - } - - @Override - public CreateableLocalSubjectAccessReview inNamespace(String namespace) { - return new SubjectAccessReviewOperationImpl(client, OpenShiftConfig.wrap(getConfig())).local(); - } - - @Override - public SubjectAccessReviewResponse create(SubjectAccessReview... item) { - return new CreateableSubjectAccessReviewImpl(client).create(item); - } - - @Override - public SubjectAccessReviewResponse create(SubjectAccessReview item) { - return create(new SubjectAccessReview[] {item}); - } - - @Override - public CreateableSubjectAccessReview createNew() { - return new CreateableSubjectAccessReviewImpl(client).createNew(); - } - - @Override - public URL getRootUrl() { - // This is an OpenShift resource. If no API Group Name is specified, use /oapi endpoint - if (Utils.isNullOrEmpty(context.getApiGroupName())) { - try { - return new URL(OpenShiftConfig.wrap(getConfig()).getOpenShiftUrl()); - } catch (MalformedURLException e) { - throw KubernetesClientException.launderThrowable(e); - } - } else { - return super.getRootUrl(); - } - } - - @Override - public Createable inAnyNamespace() { - return new SubjectAccessReviewOperationImpl(client, OpenShiftConfig.wrap(getConfig())).self(); - } - - private CreateableSelfSubjectAccessReview self() { - return new CreateableSelfSubjectAccessReviewImpl(client); - } - - @Override - public Createable list() { - throw new KubernetesClientException(new StatusBuilder() - .withStatus("Failure") - .withMessage("the server does not allow this method on the requested resource") - .withReason("MethodNotAllowed") - .withCode(405) - .build()); - } - - @Override - public Createable list(Integer limitVal, String continueVal) { - throw new KubernetesClientException(new StatusBuilder() - .withStatus("Failure") - .withMessage("the server does not allow this method on the requested resource") - .withReason("MethodNotAllowed") - .withCode(405) - .build()); - } - - @Override - public Createable list(ListOptions listOptions) { - throw new KubernetesClientException(new StatusBuilder() - .withStatus("Failure") - .withMessage("the server does not allow this method on the requested resource") - .withReason("MethodNotAllowed") - .withCode(405) - .build()); - } - - private class CreateableLocalSubjectAccessReviewImpl extends CreateableLocalSubjectAccessReview { - private final OkHttpClient client; - private final LocalSubjectAccessReviewBuilder builder; - - private CreateableLocalSubjectAccessReviewImpl(OkHttpClient client) { - this.client = client; - this.builder = new LocalSubjectAccessReviewBuilder(CreateableLocalSubjectAccessReviewImpl.this); - } - - private CreateableLocalSubjectAccessReviewImpl(OkHttpClient client, LocalSubjectAccessReviewBuilder builder) { - this.client = client; - this.builder = builder; - } - - @Override - public SubjectAccessReviewResponse create(LocalSubjectAccessReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - return handleCreate(resources[0], SubjectAccessReviewResponse.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public SubjectAccessReviewResponse create(LocalSubjectAccessReview resource) { - return create(new LocalSubjectAccessReview[]{resource}); - } - - @Override - public CreateableLocalSubjectAccessReview createNew() { - return this; - } - - @Override - public SubjectAccessReviewResponse done() { - return create(builder.build()); - } - } - - private CreateableLocalSubjectAccessReview local() { - return new CreateableLocalSubjectAccessReviewImpl(client); - } - - //Subject Access Review is a category on its own so we need to override the default behavior. - @Override - protected String checkNamespace(T item) { - String operationNs = getNamespace(); - String itemNs = (item instanceof HasMetadata && ((HasMetadata)item).getMetadata() != null) ? ((HasMetadata) item).getMetadata().getNamespace() : null; - if (Utils.isNullOrEmpty(operationNs) && Utils.isNullOrEmpty(itemNs)) { - return null; - } else if (Utils.isNullOrEmpty(itemNs)) { - return operationNs; - } else if (Utils.isNullOrEmpty(operationNs)) { - return itemNs; - } else if (itemNs.equals(operationNs)) { - return itemNs; - } - throw new KubernetesClientException("Namespace mismatch. Item namespace:" + itemNs + ". Operation namespace:" + operationNs + "."); - } - - private class CreateableSubjectAccessReviewImpl extends CreateableSubjectAccessReview { - private final OkHttpClient client; - private final SubjectAccessReviewBuilder builder; - - private CreateableSubjectAccessReviewImpl(OkHttpClient client) { - this.client = client; - this.builder = new SubjectAccessReviewBuilder(CreateableSubjectAccessReviewImpl.this); - } - - private CreateableSubjectAccessReviewImpl(OkHttpClient client, SubjectAccessReviewBuilder builder) { - this.client = client; - this.builder = builder; - } - - @Override - public SubjectAccessReviewResponse create(SubjectAccessReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - return handleCreate(resources[0], SubjectAccessReviewResponse.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public SubjectAccessReviewResponse create(SubjectAccessReview resource) { - return create(new SubjectAccessReview[]{resource}); - } - - @Override - public CreateableSubjectAccessReview createNew() { - return this; - } - - @Override - public SubjectAccessReviewResponse done() { - return create(builder.build()); - } - } - - private class CreateableSelfSubjectAccessReviewImpl extends CreateableSelfSubjectAccessReview { - private final OkHttpClient client; - private final SelfSubjectAccessReviewBuilder builder; - - private CreateableSelfSubjectAccessReviewImpl(OkHttpClient client) { - this.client = client; - this.builder = new SelfSubjectAccessReviewBuilder(CreateableSelfSubjectAccessReviewImpl.this); - } - - private CreateableSelfSubjectAccessReviewImpl(OkHttpClient client, SelfSubjectAccessReviewBuilder builder) { - this.client = client; - this.builder = builder; - } - - @Override - public SubjectAccessReviewResponse create(SelfSubjectAccessReview... resources) { - try { - if (resources.length > 1) { - throw new IllegalArgumentException("Too many items to create."); - } else if (resources.length == 1) { - return handleCreate(resources[0], SubjectAccessReviewResponse.class); - } else { - throw new IllegalArgumentException("Nothing to create."); - } - } catch (InterruptedException | ExecutionException | IOException e) { - throw KubernetesClientException.launderThrowable(e); - } - } - - @Override - public SubjectAccessReviewResponse create(SelfSubjectAccessReview resource) { - return create(new SelfSubjectAccessReview[]{resource}); - } - - @Override - public CreateableSelfSubjectAccessReview createNew() { - return this; - } - - @Override - public SubjectAccessReviewResponse done() { - return create(builder.build()); - } - } - -} diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java index ce7d63026e6..b588842d2da 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java @@ -50,6 +50,8 @@ import io.fabric8.openshift.client.NamespacedOpenShiftClient; import io.fabric8.openshift.client.OpenShiftClient; import io.fabric8.openshift.client.OpenShiftConfigBuilder; +import io.fabric8.openshift.client.OpenShiftLocalSubjectAccessReviewOperationsImpl; +import io.fabric8.openshift.client.OpenshiftSubjectAccessOperations; import io.fabric8.openshift.client.dsl.*; import org.apache.felix.scr.annotations.*; import org.apache.felix.scr.annotations.Service; @@ -270,11 +272,6 @@ public NonNamespaceOperation subjectAccessReviews() { - return delegate.subjectAccessReviews(); - } - @Override public MixedOperation> clusterRoleBindings() { return delegate.clusterRoleBindings(); @@ -405,11 +402,6 @@ public MixedOperation, D extends Doneable> MixedOperation> customResources(CustomResourceDefinitionContext crdContext, Class resourceType, Class listClass, Class doneClass) { return delegate.customResources(crdContext, resourceType, listClass, doneClass); @@ -440,6 +432,11 @@ public NonNamespaceOperation subjectAccessReviews() { + return delegate.subjectAccessReviews(); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews() { + return delegate.localSubjectAccessReviews(); + } + @Override public SharedInformerFactory informers() { return delegate.informers(); }