private async Task <string> DescribeObject(Kubernetes client, V1ClusterRole o, StringBuilder buffer)
{
var fetched = await client.ReadClusterRoleAsync(o.Metadata.Name).ConfigureAwait(false);
buffer.AppendLine($"API Veresion: {fetched.ApiVersion}");
buffer.AppendLine($"Kind: {fetched.Kind}");
buffer.AppendLine(DescribeMetadata(fetched.Metadata));
return($"Cluster Role - {fetched.Metadata.Name}");
}
public void JustNameFromClusterResource()
{
var resource = new V1ClusterRole(
apiVersion: V1ClusterRole.KubeApiVersion,
kind: V1ClusterRole.KubeKind,
metadata: new V1ObjectMeta(
name: "the-name"));
var nn = NamespacedName.From(resource);
Assert.Equal("the-name", nn.Name);
Assert.Null(nn.Namespace);
}
public void NamespaceCanBeNull()
{
var resource = new V1ClusterRole(
apiVersion: $"{V1ClusterRole.KubeGroup}/{V1ClusterRole.KubeApiVersion}",
kind: V1ClusterRole.KubeKind,
metadata: new V1ObjectMeta(
name: "the-name"));
var key = GroupKindNamespacedName.From(resource);
Assert.Equal("rbac.authorization.k8s.io", key.Group);
Assert.Equal("ClusterRole", key.Kind);
Assert.Null(key.NamespacedName.Namespace);
Assert.Equal("the-name", key.NamespacedName.Name);
}
public void JustNameFromClusterResource()
{
// arrange
var resource = new V1ClusterRole(
apiVersion: V1ClusterRole.KubeApiVersion,
kind: V1ClusterRole.KubeKind,
metadata: new V1ObjectMeta(
name: "the-name"));
// act
var nn = NamespacedName.From(resource);
// assert
nn.Name.ShouldBe("the-name");
nn.Namespace.ShouldBeNull();
}
public void NamespaceCanBeNull()
{
// arrange
var resource = new V1ClusterRole(
apiVersion: $"{V1ClusterRole.KubeGroup}/{V1ClusterRole.KubeApiVersion}",
kind: V1ClusterRole.KubeKind,
metadata: new V1ObjectMeta(
name: "the-name"));
// act
var key = GroupKindNamespacedName.From(resource);
// assert
key.Group.ShouldBe("rbac.authorization.k8s.io");
key.Kind.ShouldBe("ClusterRole");
key.NamespacedName.Namespace.ShouldBeNull();
key.NamespacedName.Name.ShouldBe("the-name");
}
private async Task <T> WithKubernetesContext <T>(Component component, DeploymentScope deploymentScope, Func <IKubernetes, KubernetesData, V1ClusterRole, V1ServiceAccount, Task <T> > callback)
{
if (component is null)
{
throw new ArgumentNullException(nameof(component));
}
if (deploymentScope is null)
{
throw new ArgumentNullException(nameof(deploymentScope));
}
if (callback is null)
{
throw new ArgumentNullException(nameof(callback));
}
var identity = await azureResourceService
.GetResourceAsync <AzureIdentityResource>(component.IdentityId, throwIfNotExists : true)
.ConfigureAwait(false);
var data = GetKubernetesData(deploymentScope);
var client = GetKubernetesClient(data);
var roleDefinition = new V1ClusterRole()
{
Metadata = new V1ObjectMeta()
{
Name = "teamcloud-runner"
},
Rules = new List <V1PolicyRule>()
{
new V1PolicyRule()
{
ApiGroups = new List <string>()
{
"", "extensions", "apps"
},
Resources = new List <string>()
{
"*"
},
Verbs = new List <string>()
{
"*"
}
},
new V1PolicyRule()
{
ApiGroups = new List <string>()
{
"batch"
},
Resources = new List <string>()
{
"jobs", "cronjobs"
},
Verbs = new List <string>()
{
"*"
}
}
}
};
try
{
roleDefinition = await client
.CreateClusterRoleAsync(roleDefinition)
.ConfigureAwait(false);
}
catch (HttpOperationException exc) when(exc.Response.StatusCode == System.Net.HttpStatusCode.Conflict)
{
roleDefinition = await client
.ReadClusterRoleAsync(roleDefinition.Metadata.Name)
.ConfigureAwait(false);
}
var serviceAccount = new V1ServiceAccount()
{
Metadata = new V1ObjectMeta()
{
Name = $"{data.Namespace}-{identity.PrincipalId}"
}
};
try
{
serviceAccount = await client
.CreateNamespacedServiceAccountAsync(serviceAccount, data.Namespace)
.ConfigureAwait(false);
}
catch (HttpOperationException exc) when(exc.Response.StatusCode == System.Net.HttpStatusCode.Conflict)
{
serviceAccount = await client
.ReadNamespacedServiceAccountAsync(serviceAccount.Metadata.Name, data.Namespace)
.ConfigureAwait(false);
}
return(await callback(client, data, roleDefinition, serviceAccount).ConfigureAwait(false));
}