From 69a10a01ee976b42cb87af7109f354532f51c900 Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Fri, 19 Jan 2018 21:28:20 +0530 Subject: [PATCH 1/8] Added support for PodSecurityPolicy --- .../client/DefaultKubernetesClient.java | 31 +++---- .../client/ExtensionsAPIGroupClient.java | 9 +++ .../kubernetes/client/KubernetesClient.java | 5 ++ .../client/dsl/ExtensionsAPIGroupDSL.java | 21 +---- .../PodSecurityPolicyOperationsImpl.java | 38 +++++++++ .../handlers/PodSecurityPolicyHandler.java | 80 +++++++++++++++++++ .../client/osgi/ManagedKubernetesClient.java | 7 ++ ....fabric8.kubernetes.client.ResourceHandler | 1 + .../client/DefaultOpenShiftClient.java | 9 +++ .../client/osgi/ManagedOpenShiftClient.java | 7 ++ 10 files changed, 168 insertions(+), 40 deletions(-) create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java create mode 100644 kubernetes-client/src/main/java/io/fabric8/kubernetes/client/handlers/PodSecurityPolicyHandler.java diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java index 3c783f1a26e..6ea6e129fff 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/DefaultKubernetesClient.java @@ -20,6 +20,9 @@ import io.fabric8.kubernetes.api.model.apiextensions.CustomResourceDefinition; import io.fabric8.kubernetes.api.model.apiextensions.CustomResourceDefinitionList; import io.fabric8.kubernetes.api.model.apiextensions.DoneableCustomResourceDefinition; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; import io.fabric8.kubernetes.client.dsl.AppsAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.AutoscalingAPIGroupDSL; import io.fabric8.kubernetes.client.dsl.ExtensionsAPIGroupDSL; @@ -33,28 +36,7 @@ import io.fabric8.kubernetes.client.dsl.PodResource; import io.fabric8.kubernetes.client.dsl.Resource; import io.fabric8.kubernetes.client.dsl.RollableScalableResource; -import io.fabric8.kubernetes.client.dsl.internal.ComponentStatusOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.ConfigMapOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.CustomResourceDefinitionOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.CustomResourceOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.EndpointsOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.EventOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.KubernetesListOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.LimitRangeOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.NamespaceOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableImpl; -import io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl; -import io.fabric8.kubernetes.client.dsl.internal.NodeOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.PersistentVolumeClaimOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.PersistentVolumeOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.PodOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.ReplicationControllerOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.ResourceQuotaOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.SecretOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.SecurityContextConstraintsOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.ServiceAccountOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.ServiceOperationsImpl; -import io.fabric8.kubernetes.client.dsl.internal.StorageClassOperationsImpl; +import io.fabric8.kubernetes.client.dsl.internal.*; import io.fabric8.kubernetes.client.utils.Serialization; import io.fabric8.openshift.api.model.DoneableSecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraints; @@ -223,6 +205,11 @@ public MixedOperation> podSecurityPolicies() { + return new PodSecurityPolicyOperationsImpl(httpClient, getConfiguration(), getNamespace()); + } + @Override public NonNamespaceOperation> customResourceDefinitions() { return new CustomResourceDefinitionOperationsImpl(httpClient, getConfiguration()); diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/ExtensionsAPIGroupClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/ExtensionsAPIGroupClient.java index 4cd5aae6006..caf93f871fd 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/ExtensionsAPIGroupClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/ExtensionsAPIGroupClient.java @@ -25,6 +25,9 @@ import io.fabric8.kubernetes.api.model.extensions.DoneableNetworkPolicy; import io.fabric8.kubernetes.api.model.extensions.NetworkPolicy; import io.fabric8.kubernetes.api.model.extensions.NetworkPolicyList; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; import io.fabric8.kubernetes.api.model.DoneableJob; import io.fabric8.kubernetes.api.model.extensions.DoneableReplicaSet; import io.fabric8.kubernetes.api.model.extensions.DoneableThirdPartyResource; @@ -43,6 +46,7 @@ import io.fabric8.kubernetes.client.dsl.internal.JobOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.NetworkPolicyOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.ReplicaSetOperationsImpl; +import io.fabric8.kubernetes.client.dsl.internal.PodSecurityPolicyOperationsImpl; import io.fabric8.kubernetes.client.dsl.internal.ThirdPartyResourceOperationsImpl; import okhttp3.OkHttpClient; @@ -82,6 +86,11 @@ public MixedOperation> podSecurityPolicies() { + return new PodSecurityPolicyOperationsImpl(httpClient, getConfiguration(), getNamespace()); + } + @Override public MixedOperation> daemonSets() { return new DaemonSetOperationsImpl(httpClient, getConfiguration(), getNamespace()); diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java index 53df69ec60c..844e2babdb7 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/KubernetesClient.java @@ -17,6 +17,9 @@ package io.fabric8.kubernetes.client; import io.fabric8.kubernetes.api.model.*; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; import io.fabric8.openshift.api.model.DoneableSecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraintsList; @@ -105,5 +108,7 @@ public interface KubernetesClient extends Client { MixedOperation> limitRanges(); MixedOperation> storageClasses(); + + MixedOperation> podSecurityPolicies(); } diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/ExtensionsAPIGroupDSL.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/ExtensionsAPIGroupDSL.java index 69baad11aa2..13f281b160b 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/ExtensionsAPIGroupDSL.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/ExtensionsAPIGroupDSL.java @@ -16,27 +16,10 @@ package io.fabric8.kubernetes.client.dsl; -import io.fabric8.kubernetes.api.model.extensions.DaemonSet; -import io.fabric8.kubernetes.api.model.extensions.DaemonSetList; -import io.fabric8.kubernetes.api.model.extensions.Deployment; -import io.fabric8.kubernetes.api.model.extensions.DeploymentList; -import io.fabric8.kubernetes.api.model.extensions.DoneableDaemonSet; -import io.fabric8.kubernetes.api.model.extensions.DoneableDeployment; -import io.fabric8.kubernetes.api.model.extensions.DoneableIngress; -import io.fabric8.kubernetes.api.model.extensions.DoneableNetworkPolicy; -import io.fabric8.kubernetes.api.model.extensions.NetworkPolicy; -import io.fabric8.kubernetes.api.model.extensions.NetworkPolicyList; +import io.fabric8.kubernetes.api.model.extensions.*; import io.fabric8.kubernetes.api.model.DoneableJob; -import io.fabric8.kubernetes.api.model.extensions.DoneableReplicaSet; -import io.fabric8.kubernetes.api.model.extensions.DoneableThirdPartyResource; -import io.fabric8.kubernetes.api.model.extensions.Ingress; -import io.fabric8.kubernetes.api.model.extensions.IngressList; import io.fabric8.kubernetes.api.model.Job; import io.fabric8.kubernetes.api.model.JobList; -import io.fabric8.kubernetes.api.model.extensions.ReplicaSet; -import io.fabric8.kubernetes.api.model.extensions.ReplicaSetList; -import io.fabric8.kubernetes.api.model.extensions.ThirdPartyResource; -import io.fabric8.kubernetes.api.model.extensions.ThirdPartyResourceList; import io.fabric8.kubernetes.client.Client; public interface ExtensionsAPIGroupDSL extends Client { @@ -54,6 +37,8 @@ public interface ExtensionsAPIGroupDSL extends Client { MixedOperation> daemonSets(); + MixedOperation> podSecurityPolicies(); + NonNamespaceOperation> thirdPartyResources(); MixedOperation> replicaSets(); diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java new file mode 100644 index 00000000000..36d31bc8e38 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java @@ -0,0 +1,38 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.dsl.internal; + +import io.fabric8.kubernetes.client.dsl.Resource; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; +import io.fabric8.kubernetes.client.Config; +import okhttp3.OkHttpClient; +import io.fabric8.kubernetes.client.dsl.base.HasMetadataOperation; + +import java.util.Map; +import java.util.TreeMap; + +public class PodSecurityPolicyOperationsImpl extends HasMetadataOperation>{ + + public PodSecurityPolicyOperationsImpl(OkHttpClient client, Config config, String namespace) { + this(client, config, null, namespace, null, true, null, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()); + } + + public PodSecurityPolicyOperationsImpl(OkHttpClient client, Config config, String apiVersion, String namespace, String name, Boolean cascading,PodSecurityPolicy item, String resourceVersion, Boolean reloadingFromServer, long gracePeriodSeconds, Map labels, Map labelsNot, Map labelsIn, Map labelsNotIn, Map fields) { + super(client, config, "extensions", apiVersion, "podsecuritypolicies", namespace, name, cascading, item, resourceVersion, reloadingFromServer, gracePeriodSeconds, labels, labelsNot, labelsIn, labelsNotIn, fields); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/handlers/PodSecurityPolicyHandler.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/handlers/PodSecurityPolicyHandler.java new file mode 100644 index 00000000000..49be68610a3 --- /dev/null +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/handlers/PodSecurityPolicyHandler.java @@ -0,0 +1,80 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.kubernetes.client.handlers; + +import io.fabric8.kubernetes.client.Watch; +import io.fabric8.kubernetes.client.Watcher; +import okhttp3.OkHttpClient; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyBuilder; +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.ResourceHandler; +import io.fabric8.kubernetes.client.dsl.internal.PodSecurityPolicyOperationsImpl; +import org.apache.felix.scr.annotations.Component; +import org.apache.felix.scr.annotations.Service; + +import java.util.TreeMap; +import java.util.concurrent.TimeUnit; + +@Component +@Service +public class PodSecurityPolicyHandler implements ResourceHandler { + + @Override + public String getKind() { + return PodSecurityPolicy.class.getSimpleName(); + } + + @Override + public PodSecurityPolicy create(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item) { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).create(); + } + + @Override + public PodSecurityPolicy replace(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item) { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, true, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).replace(item); + } + + @Override + public PodSecurityPolicy reload(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item) { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).fromServer().get(); + } + + @Override + public PodSecurityPolicyBuilder edit(PodSecurityPolicy item) { + return new PodSecurityPolicyBuilder(item); + } + + @Override + public Boolean delete(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item) { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).delete(item); + } + + @Override + public Watch watch(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item, Watcher watcher) { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).watch(watcher); + } + + @Override + public Watch watch(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item, String resourceVersion, Watcher watcher) { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).watch(resourceVersion, watcher); + } + + @Override + public PodSecurityPolicy waitUntilReady(OkHttpClient client, Config config, String namespace, PodSecurityPolicy item, long amount, TimeUnit timeUnit) throws InterruptedException { + return new PodSecurityPolicyOperationsImpl(client, config, null, namespace, null, true, item, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()).waitUntilReady(amount, timeUnit); + } +} diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java index 78936cf33d8..58db6d2bec9 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/osgi/ManagedKubernetesClient.java @@ -20,6 +20,9 @@ import io.fabric8.kubernetes.api.model.apiextensions.CustomResourceDefinition; import io.fabric8.kubernetes.api.model.apiextensions.CustomResourceDefinitionList; import io.fabric8.kubernetes.api.model.apiextensions.DoneableCustomResourceDefinition; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; import io.fabric8.kubernetes.client.Adapters; import io.fabric8.kubernetes.client.BaseClient; import io.fabric8.kubernetes.client.Config; @@ -276,6 +279,10 @@ public MixedOperation> podSecurityPolicies() { + return delegate.podSecurityPolicies(); + } + @Override public RootPaths rootPaths() { return delegate.rootPaths(); diff --git a/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler b/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler index 6d4196720c7..44c8609887f 100644 --- a/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler +++ b/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler @@ -29,6 +29,7 @@ io.fabric8.kubernetes.client.handlers.NodeHandler io.fabric8.kubernetes.client.handlers.PersistentVolumeClaimHandler io.fabric8.kubernetes.client.handlers.PersistentVolumeHandler io.fabric8.kubernetes.client.handlers.PodHandler +io.fabric8.kubernetes.client.handlers.PodSecurityPolicyHandler; io.fabric8.kubernetes.client.handlers.ReplicaSetHandler io.fabric8.kubernetes.client.handlers.ReplicationControllerHandler io.fabric8.kubernetes.client.handlers.ResourceQuotaHandler diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java index ac88a23e5ea..8a3307b737f 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java @@ -19,6 +19,9 @@ import io.fabric8.kubernetes.api.model.apiextensions.CustomResourceDefinition; import io.fabric8.kubernetes.api.model.apiextensions.CustomResourceDefinitionList; import io.fabric8.kubernetes.api.model.apiextensions.DoneableCustomResourceDefinition; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; import io.fabric8.kubernetes.client.AppsAPIGroupClient; import io.fabric8.kubernetes.client.AutoscalingAPIGroupClient; import io.fabric8.kubernetes.client.RequestConfig; @@ -31,6 +34,7 @@ import io.fabric8.kubernetes.client.WithRequestCallable; import io.fabric8.kubernetes.client.dsl.ParameterNamespaceListVisitFromServerGetDeleteRecreateWaitApplicable; import io.fabric8.kubernetes.client.dsl.internal.CustomResourceOperationsImpl; +import io.fabric8.kubernetes.client.dsl.internal.PodSecurityPolicyOperationsImpl; import io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor; import io.fabric8.kubernetes.client.utils.Serialization; import io.fabric8.openshift.api.model.*; @@ -392,6 +396,11 @@ public MixedOperation> podSecurityPolicies() { + return new PodSecurityPolicyOperationsImpl(httpClient, getConfiguration(), getNamespace()); + } + @Override public NamespacedOpenShiftClient inNamespace(String namespace) { OpenShiftConfig updated = new OpenShiftConfigBuilder(new OpenShiftConfig(getConfiguration())) diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java index d6b8bc21ed1..9e2710d93fa 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java @@ -17,6 +17,9 @@ package io.fabric8.openshift.client.osgi; import io.fabric8.kubernetes.api.model.*; +import io.fabric8.kubernetes.api.model.extensions.DoneablePodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; import io.fabric8.openshift.api.model.DoneableSecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraintsList; @@ -441,6 +444,10 @@ public MixedOperation> podSecurityPolicies() { + return delegate.podSecurityPolicies(); + } + @Override public MixedOperation> services() { return delegate.services(); From fad278f5048658071816bdc670c84f9fbd2fb447 Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Sat, 20 Jan 2018 00:56:13 +0530 Subject: [PATCH 2/8] Added namespace details #969 --- .../dsl/internal/PodSecurityPolicyOperationsImpl.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java index 36d31bc8e38..fd632879b50 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java @@ -35,4 +35,10 @@ public PodSecurityPolicyOperationsImpl(OkHttpClient client, Config config, Strin public PodSecurityPolicyOperationsImpl(OkHttpClient client, Config config, String apiVersion, String namespace, String name, Boolean cascading,PodSecurityPolicy item, String resourceVersion, Boolean reloadingFromServer, long gracePeriodSeconds, Map labels, Map labelsNot, Map labelsIn, Map labelsNotIn, Map fields) { super(client, config, "extensions", apiVersion, "podsecuritypolicies", namespace, name, cascading, item, resourceVersion, reloadingFromServer, gracePeriodSeconds, labels, labelsNot, labelsIn, labelsNotIn, fields); } + + @Override + public boolean isResourceNamespaced() { + return false; + } + } From e48fe4561cfcc822de5bf78e79d9955a1cbedb0a Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Sat, 20 Jan 2018 02:17:37 +0530 Subject: [PATCH 3/8] Added Example and fixed the issue in PodSecurityPolicyOperationsImpl --- .../PodSecurityPolicyOperationsImpl.java | 2 +- .../examples/PodSecurityPolicyExample.java | 68 +++++++++++++++++++ .../src/main/resources/PodSecurityPolicy.yml | 17 +++++ 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java create mode 100644 kubernetes-examples/src/main/resources/PodSecurityPolicy.yml diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java index fd632879b50..b2e064d8c5a 100644 --- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java +++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PodSecurityPolicyOperationsImpl.java @@ -29,7 +29,7 @@ public class PodSecurityPolicyOperationsImpl extends HasMetadataOperation>{ public PodSecurityPolicyOperationsImpl(OkHttpClient client, Config config, String namespace) { - this(client, config, null, namespace, null, true, null, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()); + this(client, config, "v1beta1", namespace, null, true, null, null, false, -1, new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap(), new TreeMap()); } public PodSecurityPolicyOperationsImpl(OkHttpClient client, Config config, String apiVersion, String namespace, String name, Boolean cascading,PodSecurityPolicy item, String resourceVersion, Boolean reloadingFromServer, long gracePeriodSeconds, Map labels, Map labelsNot, Map labelsIn, Map labelsNotIn, Map fields) { diff --git a/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java b/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java new file mode 100644 index 00000000000..08def8da403 --- /dev/null +++ b/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java @@ -0,0 +1,68 @@ +package io.fabric8.kubernetes.examples; + +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyBuilder; +import io.fabric8.kubernetes.client.DefaultKubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientException; + +import java.io.FileInputStream; +import java.util.logging.Level; +import java.util.logging.Logger; + +public class PodSecurityPolicyExample { + + //You need to be login as admin on OpenShift for this Example + //command for that is + //oc login -u system:admin + + private static final Logger logger = Logger.getLogger(PodSecurityPolicyExample.class.getName()); + + public static void main(String args[]) throws InterruptedException { + + String sample = System.getProperty("user.dir") + "/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml"; + + try { + final KubernetesClient client = new DefaultKubernetesClient(); + + //Creating PodSecurityPolicy from Yaml file + + logger.log(Level.INFO, "Loading File : " + sample); + PodSecurityPolicy podSecurityPolicy = client.podSecurityPolicies().load(new FileInputStream(sample)).get(); + client.podSecurityPolicies().create(podSecurityPolicy); + logger.log(Level.INFO, "PodSecurityPolicy created with Name : " + + podSecurityPolicy.getMetadata().getName()); + + //Creating PodSecurityPolicy from Builder + + logger.log(Level.INFO, "Starting creating PodSecurityPolicy from Builder "); + + PodSecurityPolicy podSecurityPolicy1 = new PodSecurityPolicyBuilder().withNewMetadata() + .withName("example2") + .endMetadata() + .withNewSpec() + .withPrivileged(false) + .withNewRunAsUser().withRule("RunAsAny").endRunAsUser() + .withNewFsGroup().withRule("RunAsAny").endFsGroup() + .withNewSeLinux().withRule("RunAsAny").endSeLinux() + .withNewSupplementalGroups().withRule("RunAsAny").endSupplementalGroups() + .endSpec() + .build(); + + client.podSecurityPolicies().create(podSecurityPolicy1); + logger.log(Level.INFO, "PodSecurityPolicy created with Name : " + + podSecurityPolicy1.getMetadata().getName()); + + client.close(); + + } catch (KubernetesClientException ClientException) { + logger.log(Level.SEVERE, "Problem encountered with Kubernetes client!!"); + ClientException.printStackTrace(); + + } catch (Exception e) { + logger.log(Level.SEVERE, "Exception encountered : " + e.getMessage()); + } + + + } +} diff --git a/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml b/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml new file mode 100644 index 00000000000..d8359220e42 --- /dev/null +++ b/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml @@ -0,0 +1,17 @@ +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: example +spec: + privileged: false # Don't allow privileged pods! + # The rest fills in some required fields. + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' From 0914a4743a000da2e90c7bfd75c41e4dac5926d9 Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Sat, 20 Jan 2018 02:20:37 +0530 Subject: [PATCH 4/8] Added missing license --- .../examples/PodSecurityPolicyExample.java | 15 +++++++++++++++ .../src/main/resources/PodSecurityPolicy.yml | 16 ++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java b/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java index 08def8da403..a1cc6d30c88 100644 --- a/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java +++ b/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/PodSecurityPolicyExample.java @@ -1,3 +1,18 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.fabric8.kubernetes.examples; import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; diff --git a/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml b/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml index d8359220e42..4521eeda569 100644 --- a/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml +++ b/kubernetes-examples/src/main/resources/PodSecurityPolicy.yml @@ -1,3 +1,19 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: From e79fd7613e9dc6e75bf6b274c89a3e7d4d31c130 Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Sun, 21 Jan 2018 16:47:22 +0530 Subject: [PATCH 5/8] Added unit test for PodSecurityPolicy --- .../mock/KubernetesAttributesExtractor.java | 17 ++- .../mock/PodSecurityPolicyCrudTest.java | 101 ++++++++++++++++++ .../client/mock/StorageSpaceCrudTest.java | 14 ++- 3 files changed, 120 insertions(+), 12 deletions(-) create mode 100644 kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/PodSecurityPolicyCrudTest.java diff --git a/kubernetes-server-mock/src/main/java/io/fabric8/kubernetes/client/server/mock/KubernetesAttributesExtractor.java b/kubernetes-server-mock/src/main/java/io/fabric8/kubernetes/client/server/mock/KubernetesAttributesExtractor.java index 5b277dc20fe..ce1fb40fbe2 100644 --- a/kubernetes-server-mock/src/main/java/io/fabric8/kubernetes/client/server/mock/KubernetesAttributesExtractor.java +++ b/kubernetes-server-mock/src/main/java/io/fabric8/kubernetes/client/server/mock/KubernetesAttributesExtractor.java @@ -21,6 +21,8 @@ import io.fabric8.mockwebserver.crud.AttributeExtractor; import io.fabric8.mockwebserver.crud.AttributeSet; import io.fabric8.zjsonpatch.internal.guava.Strings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -28,9 +30,6 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - public class KubernetesAttributesExtractor implements AttributeExtractor { private static final Logger LOGGER = LoggerFactory.getLogger(KubernetesAttributesExtractor.class); @@ -126,9 +125,19 @@ private static AttributeSet extract(Matcher m) { if (!Strings.isNullOrEmpty(kind)) { //Poor mans to singular. + //Special Case for PodSecurityPolicies and NetworkPolicies because + //we need to return PodSecurityPolicy and NetworkPolicy respectively + //because it is returning PodSecurityPolicie and NetworkPolicie now + //Right now not adding generalised case of "ies" because it may break other resource not sure + if (kind.endsWith("ses")) { kind = kind.substring(0, kind.length() - 2); - } else if (kind.endsWith("s")) { + } + else if (kind.equalsIgnoreCase("PodSecurityPolicies") || + kind.equalsIgnoreCase("NetworkPolicies")){ + kind = kind.substring(0,kind.length() - 3) + "y"; + } + else if (kind.endsWith("s")) { kind = kind.substring(0, kind.length() - 1); } attributes = attributes.add(new Attribute(KIND, kind)); diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/PodSecurityPolicyCrudTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/PodSecurityPolicyCrudTest.java new file mode 100644 index 00000000000..1041bbc0197 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/PodSecurityPolicyCrudTest.java @@ -0,0 +1,101 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fabric8.kubernetes.client.mock; + +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyBuilder; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.server.mock.KubernetesServer; +import org.junit.Rule; +import org.junit.Test; +import org.slf4j.LoggerFactory; +import org.slf4j.Logger; + +import static org.junit.Assert.*; + +public class PodSecurityPolicyCrudTest { + + private static final Logger logger = LoggerFactory.getLogger(PodSecurityPolicyCrudTest.class); + + @Rule + public KubernetesServer kubernetesServer = new KubernetesServer(true,true); + + @Test + public void crudTest(){ + KubernetesClient client = kubernetesServer.getClient(); + + PodSecurityPolicy podSecurityPolicy = new PodSecurityPolicyBuilder() + .withNewMetadata() + .withName("test-example") + .endMetadata() + .withNewSpec() + .withPrivileged(false) + .withNewRunAsUser().withRule("RunAsAny").endRunAsUser() + .withNewFsGroup().withRule("RunAsAny").endFsGroup() + .withNewSeLinux().withRule("RunAsAny").endSeLinux() + .withNewSupplementalGroups().withRule("RunAsAny").endSupplementalGroups() + .endSpec() + .build(); + + //test of Creation + + podSecurityPolicy = client.podSecurityPolicies().create(podSecurityPolicy); + assertNotNull(podSecurityPolicy); + assertEquals("test-example",podSecurityPolicy.getMetadata().getName()); + assertFalse(podSecurityPolicy.getSpec().getPrivileged()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getRunAsUser().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getFsGroup().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getSeLinux().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getSupplementalGroups().getRule()); + + //test of list + PodSecurityPolicyList podSecurityPolicyList = client.podSecurityPolicies().list(); + logger.info(podSecurityPolicyList.toString()); + + assertNotNull(podSecurityPolicyList); + assertEquals(1,podSecurityPolicyList.getItems().size()); + assertEquals("test-example",podSecurityPolicyList.getItems().get(0).getMetadata().getName()); + assertFalse(podSecurityPolicyList.getItems().get(0).getSpec().getPrivileged()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getRunAsUser().getRule()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getFsGroup().getRule()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getSeLinux().getRule()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getSupplementalGroups().getRule()); + + //test of updation + podSecurityPolicy = client.podSecurityPolicies().withName("test-example").edit() + .editSpec().withPrivileged(true).endSpec() + .done(); + + logger.info("Updated PodSecurityPolicy : " + podSecurityPolicy.toString()); + + assertNotNull(podSecurityPolicy); + assertEquals("test-example",podSecurityPolicy.getMetadata().getName()); + assertTrue(podSecurityPolicy.getSpec().getPrivileged()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getRunAsUser().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getFsGroup().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getSeLinux().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getSupplementalGroups().getRule()); + + //test of deletion + boolean deleted = client.podSecurityPolicies().delete(podSecurityPolicy); + assertTrue(deleted); + podSecurityPolicyList = client.podSecurityPolicies().list(); + assertEquals(0,podSecurityPolicyList.getItems().size()); + + } +} diff --git a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/StorageSpaceCrudTest.java b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/StorageSpaceCrudTest.java index 0a83f0e5d4a..3f5a3c6a3d9 100644 --- a/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/StorageSpaceCrudTest.java +++ b/kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/StorageSpaceCrudTest.java @@ -16,25 +16,21 @@ package io.fabric8.kubernetes.client.mock; import io.fabric8.kubernetes.api.model.ObjectMeta; -import io.fabric8.kubernetes.api.model.Pod; -import io.fabric8.kubernetes.api.model.PodBuilder; -import io.fabric8.kubernetes.api.model.PodList; import io.fabric8.kubernetes.api.model.StorageClass; import io.fabric8.kubernetes.api.model.StorageClassBuilder; import io.fabric8.kubernetes.api.model.StorageClassList; import io.fabric8.kubernetes.client.KubernetesClient; import io.fabric8.kubernetes.client.server.mock.KubernetesServer; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; import org.junit.Rule; import org.junit.Test; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.Collections; import java.util.HashMap; import java.util.Map; -import java.util.UUID; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; public class StorageSpaceCrudTest { @@ -77,7 +73,9 @@ public void testCrud() { assertEquals(0, storageClassList.getItems().get(0).getMetadata().getLabels().size()); //test update - storageClass = client.storageClasses().withName(name).edit().editOrNewMetadata().addToLabels("key1", "value1").endMetadata().done(); + storageClass = client.storageClasses().withName(name).edit().editOrNewMetadata() + .addToLabels("key1", "value1") + .endMetadata().done(); logger.info("Updated Storage Class: {} ", storageClass.toString()); assertNotNull(storageClass); assertEquals(1, storageClass.getMetadata().getLabels().size()); From 20ace22f250d5440f3189ab1ee7da263d0797752 Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Sun, 21 Jan 2018 21:24:23 +0530 Subject: [PATCH 6/8] Added Regression Test for PodSecurityPolicy --- .../kubernetes/PodSecurityPolicyIT.java | 128 ++++++++++++++++++ .../test/resources/test-podsecuritypolicy.yml | 33 +++++ 2 files changed, 161 insertions(+) create mode 100644 kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java create mode 100644 kubernetes-itests/src/test/resources/test-podsecuritypolicy.yml diff --git a/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java b/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java new file mode 100644 index 00000000000..bc316fb1bcb --- /dev/null +++ b/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java @@ -0,0 +1,128 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fabric8.kubernetes; + + +import io.fabric8.kubernetes.api.model.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.PodSecurityPolicyBuilder; +import io.fabric8.kubernetes.api.model.PodSecurityPolicyList; +import io.fabric8.kubernetes.client.KubernetesClient; +import org.arquillian.cube.kubernetes.api.Session; +import org.arquillian.cube.kubernetes.impl.requirement.RequiresKubernetes; +import org.arquillian.cube.requirement.ArquillianConditionalRunner; +import org.jboss.arquillian.test.api.ArquillianResource; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(ArquillianConditionalRunner.class) +@RequiresKubernetes +public class PodSecurityPolicyIT { + + @ArquillianResource + KubernetesClient client; + + @ArquillianResource + Session session; + + private PodSecurityPolicy podSecurityPolicy; + + @Before + public void init(){ + + podSecurityPolicy = new PodSecurityPolicyBuilder().withNewMetadata() + .withName("test-example") + .endMetadata() + .withNewSpec() + .withPrivileged(false) + .withNewRunAsUser().withRule("RunAsAny").endRunAsUser() + .withNewFsGroup().withRule("RunAsAny").endFsGroup() + .withNewSeLinux().withRule("RunAsAny").endSeLinux() + .withNewSupplementalGroups().withRule("RunAsAny").endSupplementalGroups() + .endSpec() + .build(); + + client.podSecurityPolicies().create(podSecurityPolicy); + } + + @Test + public void load() { + + PodSecurityPolicy loadedPodSecurityPolicy = client.podSecurityPolicies() + .load(getClass().getResourceAsStream("/test-podsecuritypolicy.yml")).get(); + + assertNotNull(loadedPodSecurityPolicy); + assertEquals("example", loadedPodSecurityPolicy.getMetadata().getName()); + assertFalse(loadedPodSecurityPolicy.getSpec().getPrivileged()); + assertEquals("RunAsAny", loadedPodSecurityPolicy.getSpec().getRunAsUser().getRule()); + assertEquals("RunAsAny", loadedPodSecurityPolicy.getSpec().getFsGroup().getRule()); + assertEquals("RunAsAny", loadedPodSecurityPolicy.getSpec().getSeLinux().getRule()); + assertEquals("RunAsAny", loadedPodSecurityPolicy.getSpec().getSupplementalGroups().getRule()); + } + + @Test + public void get() { + + PodSecurityPolicy getPodSecurityPolicy = client.podSecurityPolicies() + .withName("test-example").get(); + assertNotNull(getPodSecurityPolicy); + assertEquals("test-example", getPodSecurityPolicy.getMetadata().getName()); + } + + @Test + public void list() { + + PodSecurityPolicyList podSecurityPolicyList = client.podSecurityPolicies().list(); + assertNotNull(podSecurityPolicyList); + assertEquals(1,podSecurityPolicyList.getItems().size()); + assertEquals("test-example",podSecurityPolicyList.getItems().get(0).getMetadata().getName()); + assertFalse(podSecurityPolicyList.getItems().get(0).getSpec().getPrivileged()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getRunAsUser().getRule()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getFsGroup().getRule()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getSeLinux().getRule()); + assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getSupplementalGroups().getRule()); + } + + @Test + public void update(){ + + podSecurityPolicy = client.podSecurityPolicies().withName("test-example").edit() + .editSpec().withPrivileged(true).endSpec() + .done(); + + assertNotNull(podSecurityPolicy); + assertEquals("test-example",podSecurityPolicy.getMetadata().getName()); + assertTrue(podSecurityPolicy.getSpec().getPrivileged()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getRunAsUser().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getFsGroup().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getSeLinux().getRule()); + assertEquals("RunAsAny",podSecurityPolicy.getSpec().getSupplementalGroups().getRule()); + } + + @Test + public void delete(){ + boolean deleted = client.podSecurityPolicies().delete(podSecurityPolicy); + assertTrue(deleted); + podSecurityPolicyList = client.podSecurityPolicies().list(); + assertEquals(0,podSecurityPolicyList.getItems().size()); + } + +} diff --git a/kubernetes-itests/src/test/resources/test-podsecuritypolicy.yml b/kubernetes-itests/src/test/resources/test-podsecuritypolicy.yml new file mode 100644 index 00000000000..4521eeda569 --- /dev/null +++ b/kubernetes-itests/src/test/resources/test-podsecuritypolicy.yml @@ -0,0 +1,33 @@ +# +# Copyright (C) 2015 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: example +spec: + privileged: false # Don't allow privileged pods! + # The rest fills in some required fields. + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' From 164fc7f4ca0369d31020e3b2509ed10c573d880a Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Mon, 22 Jan 2018 00:29:48 +0530 Subject: [PATCH 7/8] Fixed Regression Test --- .../fabric8/kubernetes/PodSecurityPolicyIT.java | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java b/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java index bc316fb1bcb..2ebfbdd1a6f 100644 --- a/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java +++ b/kubernetes-itests/src/test/java/io/fabric8/kubernetes/PodSecurityPolicyIT.java @@ -16,10 +16,9 @@ package io.fabric8.kubernetes; - -import io.fabric8.kubernetes.api.model.PodSecurityPolicy; -import io.fabric8.kubernetes.api.model.PodSecurityPolicyBuilder; -import io.fabric8.kubernetes.api.model.PodSecurityPolicyList; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicy; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyBuilder; +import io.fabric8.kubernetes.api.model.extensions.PodSecurityPolicyList; import io.fabric8.kubernetes.client.KubernetesClient; import org.arquillian.cube.kubernetes.api.Session; import org.arquillian.cube.kubernetes.impl.requirement.RequiresKubernetes; @@ -30,6 +29,7 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import org.junit.Before; +import org.junit.After; import org.junit.Test; import org.junit.runner.RunWith; @@ -94,7 +94,6 @@ public void list() { assertNotNull(podSecurityPolicyList); assertEquals(1,podSecurityPolicyList.getItems().size()); assertEquals("test-example",podSecurityPolicyList.getItems().get(0).getMetadata().getName()); - assertFalse(podSecurityPolicyList.getItems().get(0).getSpec().getPrivileged()); assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getRunAsUser().getRule()); assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getFsGroup().getRule()); assertEquals("RunAsAny",podSecurityPolicyList.getItems().get(0).getSpec().getSeLinux().getRule()); @@ -121,8 +120,12 @@ public void update(){ public void delete(){ boolean deleted = client.podSecurityPolicies().delete(podSecurityPolicy); assertTrue(deleted); - podSecurityPolicyList = client.podSecurityPolicies().list(); + PodSecurityPolicyList podSecurityPolicyList = client.podSecurityPolicies().list(); assertEquals(0,podSecurityPolicyList.getItems().size()); } + @After + public void cleanup() { + client.podSecurityPolicies().delete(); + } } From 75acef17e1af179d7bb9877e59b4281b486de210 Mon Sep 17 00:00:00 2001 From: Piyush Garg Date: Tue, 23 Jan 2018 11:56:55 +0530 Subject: [PATCH 8/8] Refactored and Added changes in CHANGELOG.md --- CHANGELOG.md | 3 ++- .../services/io.fabric8.kubernetes.client.ResourceHandler | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8ec6df9c52..ae5d530ea24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,8 @@ New Feature * Added support for StorageClass - https://github.com/fabric8io/kubernetes-client/pull/978 - + * Added support for PodSecurityPolicy - https://github.com/fabric8io/kubernetes-client/pull/992 + Improvements Dependencies Upgrade diff --git a/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler b/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler index 44c8609887f..d13fdf3cf03 100644 --- a/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler +++ b/kubernetes-client/src/main/resources/META-INF/services/io.fabric8.kubernetes.client.ResourceHandler @@ -29,7 +29,7 @@ io.fabric8.kubernetes.client.handlers.NodeHandler io.fabric8.kubernetes.client.handlers.PersistentVolumeClaimHandler io.fabric8.kubernetes.client.handlers.PersistentVolumeHandler io.fabric8.kubernetes.client.handlers.PodHandler -io.fabric8.kubernetes.client.handlers.PodSecurityPolicyHandler; +io.fabric8.kubernetes.client.handlers.PodSecurityPolicyHandler io.fabric8.kubernetes.client.handlers.ReplicaSetHandler io.fabric8.kubernetes.client.handlers.ReplicationControllerHandler io.fabric8.kubernetes.client.handlers.ResourceQuotaHandler