public void ResourceSerializesToJson()
{
// arrange
var resource = new V1Role(
apiVersion: $"{V1Role.KubeGroup}/{V1Role.KubeApiVersion}",
kind: V1Role.KubeKind,
metadata: new V1ObjectMeta(
namespaceProperty: "the-namespace",
name: "the-name"),
rules: new[]
{
new V1PolicyRule(
resourceNames: new [] { "*" },
verbs: new [] { "*" }),
});
// act
var json = Serializers.SerializeJson(resource);
// assert
json.ShouldContain(@"""kind"":""Role""");
json.ShouldContain(@"""apiVersion"":""rbac.authorization.k8s.io/v1""");
json.ShouldContain(@"""name"":""the-name""");
json.ShouldContain(@"""namespace"":""the-namespace""");
json.ShouldContain(@"""resourceNames"":[""*""]");
json.ShouldContain(@"""verbs"":[""*""]");
}
public void GroupKindAndNamespacedNameFromResource()
{
var resource = new V1Role(
apiVersion: $"{V1Role.KubeGroup}/{V1Role.KubeApiVersion}",
kind: V1Role.KubeKind,
metadata: new V1ObjectMeta(
name: "the-name",
namespaceProperty: "the-namespace"));
var key = GroupKindNamespacedName.From(resource);
Assert.Equal("rbac.authorization.k8s.io", key.Group);
Assert.Equal("Role", key.Kind);
Assert.Equal("the-namespace", key.NamespacedName.Namespace);
Assert.Equal("the-name", key.NamespacedName.Name);
}
public void GroupKindAndNamespacedNameFromResource()
{
// arrange
var resource = new V1Role(
apiVersion: $"{V1Role.KubeGroup}/{V1Role.KubeApiVersion}",
kind: V1Role.KubeKind,
metadata: new V1ObjectMeta(
name: "the-name",
namespaceProperty: "the-namespace"));
// act
var key = GroupKindNamespacedName.From(resource);
// assert
key.Group.ShouldBe("rbac.authorization.k8s.io");
key.Kind.ShouldBe("Role");
key.NamespacedName.Namespace.ShouldBe("the-namespace");
key.NamespacedName.Name.ShouldBe("the-name");
}
public void ResourceSerializesToJson()
{
var resource = new V1Role(
apiVersion: $"{V1Role.KubeGroup}/{V1Role.KubeApiVersion}",
kind: V1Role.KubeKind,
metadata: new V1ObjectMeta(
namespaceProperty: "the-namespace",
name: "the-name"),
rules: new[]
{
new V1PolicyRule(
resourceNames: new [] { "*" },
verbs: new [] { "*" }),
});
var json = Serializers.SerializeJson(resource);
Assert.Contains(@"""kind"":""Role""", json, StringComparison.Ordinal);
Assert.Contains(@"""apiVersion"":""rbac.authorization.k8s.io/v1""", json, StringComparison.Ordinal);
Assert.Contains(@"""name"":""the-name""", json, StringComparison.Ordinal);
Assert.Contains(@"""namespace"":""the-namespace""", json, StringComparison.Ordinal);
Assert.Contains(@"""resourceNames"":[""*""]", json, StringComparison.Ordinal);
Assert.Contains(@"""verbs"":[""*""]", json, StringComparison.Ordinal);
}
public async Task <string> CreateNamespaceFullAccessRole(string namespaceName)
{
var roleName = $"{namespaceName}-fullaccess";
var role = new V1Role
{
Metadata = new V1ObjectMeta
{
Name = roleName,
NamespaceProperty = namespaceName
},
Rules = new List <V1PolicyRule>
{
new V1PolicyRule
{
ApiGroups = new List <string>
{
"extensions",
"networking.k8s.io"
},
Resources = new List <string>
{
"*"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"apps",
},
Resources = new List <string>
{
"controllerrevisions",
"deployments",
"deployments/scale",
"replicasets",
"statefulsets",
"statefulsets/scale",
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"apps",
},
Resources = new List <string>
{
"daemonsets"
},
Verbs = new List <string>
{
"get",
"list",
"watch"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"batch"
},
Resources = new List <string>
{
"jobs",
"cronjobs"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"rbac.authorization.k8s.io"
},
Resources = new List <string>
{
"rolebindings",
"roles"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
""
},
Resources = new List <string>
{
"bindings",
"componentstatuses",
"configmaps",
"endpoints",
"events",
"limitranges",
"nodes",
"nodes/proxy",
"nodes/status",
"persistentvolumeclaims",
"persistentvolumeclaims/status",
"persistentvolumes",
"persistentvolumes/status",
"pods",
"pods/attach",
"pods/binding",
"pods/eviction",
"pods/exec",
"pods/log",
"pods/portforward",
"pods/proxy",
"pods/status",
"podtemplates",
"replicationcontrollers",
"replicationcontrollers/scale",
"replicationcontrollers/status",
"resourcequotas",
"resourcequotas/status",
"secrets",
"serviceaccounts",
"services",
"services/proxy",
"services/status"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
""
},
Resources = new List <string>
{
"namespaces",
"namespaces/finalize",
"namespaces/status"
},
Verbs = new List <string>
{
"get",
"list",
"watch"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"metrics.k8s.io"
},
Resources = new List <string>
{
"pods"
},
Verbs = new List <string>
{
"get",
"list",
"watch"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"traefik.containo.us",
},
Resources = new List <string>
{
"*"
},
Verbs = new List <string>
{
"*"
}
},
}
};
try
{
var result = await _client.CreateNamespacedRoleAsync(role, namespaceName);
return(result?.Metadata?.Name);
}
catch (HttpOperationException e) when(e.Response.StatusCode == HttpStatusCode.Conflict)
{
throw new RoleAlreadyExistException($"Role with name {roleName} already exist in kubernetes. Not creating.", roleName);
}
catch (HttpOperationException e) when(e.Response.Content.Length != 0)
{
throw new Exception(
"Error occured while communicating with k8s:" + Environment.NewLine +
e.Response.Content
, e
);
}
}
public Task <V1Role> CreateNamespacedRoleAsync(V1Role body, string namespaceParameter, bool?pretty = null,
CancellationToken cancellationToken = default(CancellationToken))
{
return(Task.FromResult(body));
}
public Task <V1Role> CreateNamespacedRoleAsync(V1Role body, string namespaceParameter, string pretty = null,
CancellationToken cancellationToken = default(CancellationToken))
{
return(_kubernetes.CreateNamespacedRoleAsync(body, namespaceParameter, pretty, cancellationToken));
}
private async Task <string> DescribeObject(Kubernetes client, V1Namespace ns, V1Role o, StringBuilder buffer)
{
var fetched = await client.ReadNamespacedRoleAsync(o.Metadata.Name, ns.Metadata.Name).ConfigureAwait(false);
buffer.AppendLine($"API Veresion: {fetched.ApiVersion}");
buffer.AppendLine($"Kind: {fetched.Kind}");
buffer.AppendLine(DescribeMetadata(fetched.Metadata));
return($"Role - {fetched.Metadata.Name}");
}
public async Task <string> CreateNamespaceFullAccessRole(string namespaceName)
{
var role = new V1Role
{
Metadata = new V1ObjectMeta
{
Name = $"{namespaceName}-fullaccess",
NamespaceProperty = namespaceName
},
Rules = new List <V1PolicyRule>
{
new V1PolicyRule
{
ApiGroups = new List <string>
{
"extensions",
"apps"
},
Resources = new List <string>
{
"*"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
"batch"
},
Resources = new List <string>
{
"jobs",
"cronjobs"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
""
},
Resources = new List <string>
{
"bindings",
"componentstatuses",
"configmaps",
"endpoints",
"events",
"limitranges",
"nodes",
"nodes/proxy",
"nodes/status",
"persistentvolumeclaims",
"persistentvolumeclaims/status",
"persistentvolumes",
"persistentvolumes/status",
"pods",
"pods/attach",
"pods/binding",
"pods/eviction",
"pods/exec",
"pods/log",
"pods/portforward",
"pods/proxy",
"pods/status",
"podtemplates",
"replicationcontrollers",
"replicationcontrollers/scale",
"replicationcontrollers/status",
"resourcequotas",
"resourcequotas/status",
"secrets",
"serviceaccounts",
"services",
"services/proxy",
"services/status"
},
Verbs = new List <string>
{
"*"
}
},
new V1PolicyRule
{
ApiGroups = new List <string>
{
""
},
Resources = new List <string>
{
"namespaces",
"namespaces/finalize",
"namespaces/status"
},
Verbs = new List <string>
{
"get",
"list",
"watch"
}
}
}
};
try
{
var result = await _client.CreateNamespacedRoleAsync(role, namespaceName);
return(result?.Metadata?.Name);
}
catch (HttpOperationException e) when(e.Response.Content.Length != 0)
{
throw new Exception(
"Error occured while communicating with k8s:" + Environment.NewLine +
e.Response.Content
, e
);
}
}
