From ed08377b7c9b83e7a4528892eab57457d846b83a Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Mon, 17 May 2021 21:11:57 +0530 Subject: [PATCH] Add missing OpenShift Resources in `authorization.openshift.io` apiGroup Add DSL support for the following resources: - ResourceAccessReview : `client.resourceAccessReviews()` - LocalSubjectAccessReview : `client.localSubjectAccessReviews()` - ClusterRole : `client.cluserRoles()` - LocalResourceAccessReview : `client.localResourceAccessReviews()` - SubjectRulesReview : `client.subjectRulesReviews()` - SelfSubjectRulesReview : `client.selfSubjectRulesReviews()` - RoleBindingRestrictions: `client.roleBindingRestrictions()` Related to https://github.com/fabric8io/kubernetes-client/issues/2949 --- CHANGELOG.md | 1 + .../openshift-model/cmd/generate/generate.go | 2 + .../kubernetes/api/model/KubeSchema.java | 34 ++- .../model/ResourceAccessReviewResponse.java | 198 ++++++++++++++++++ .../api/model/RoleBindingRestriction.java | 11 + .../api/model/RoleBindingRestrictionList.java | 175 ++++++++++++++++ .../main/resources/schema/kube-schema.json | 78 +++++++ .../resources/schema/validation-schema.json | 137 ++++++++++++ .../pkg/schemagen/generate.go | 2 + .../client/server/mock/ClusterRoleTest.java | 94 +++++++++ .../mock/RoleBindingRestrictionTest.java | 94 +++++++++ .../server/mock/SubjectAccessReviewTest.java | 109 ++++++++++ .../client/DefaultOpenShiftClient.java | 49 ++++- .../openshift/client/OpenShiftClient.java | 60 +++++- ...ocalSubjectAccessReviewOperationsImpl.java | 37 ++-- ...hiftSubjectAccessReviewOperationsImpl.java | 29 ++- .../client/osgi/ManagedOpenShiftClient.java | 42 +++- 17 files changed, 1107 insertions(+), 45 deletions(-) create mode 100644 kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/ResourceAccessReviewResponse.java create mode 100644 kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestrictionList.java create mode 100644 kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/ClusterRoleTest.java create mode 100644 kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/RoleBindingRestrictionTest.java diff --git a/CHANGELOG.md b/CHANGELOG.md index dfa092f101d..d8666a5e089 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ #### Dependency Upgrade #### New Features +* Fix #3133: Add DSL Support for `authorization.openshift.io/v1` resources in OpenShiftClient ### 5.4.0 (2021-05-19) diff --git a/kubernetes-model-generator/openshift-model/cmd/generate/generate.go b/kubernetes-model-generator/openshift-model/cmd/generate/generate.go index 469775179f8..a6b81611c91 100644 --- a/kubernetes-model-generator/openshift-model/cmd/generate/generate.go +++ b/kubernetes-model-generator/openshift-model/cmd/generate/generate.go @@ -105,10 +105,12 @@ type Schema struct { OpenshiftRoleBinding authapi.RoleBinding OpenshiftRoleBindingList authapi.RoleBindingList OpenshiftRoleBindingRestriction authapi.RoleBindingRestriction + OpenShiftRoleBindingRestrictionList authapi.RoleBindingRestrictionList OpenshiftRoleBindingRestrictionSpec authapi.RoleBindingRestrictionSpec LocalSubjectAccessReview authapi.LocalSubjectAccessReview LocalResourceAccessReview authapi.LocalResourceAccessReview ResourceAccessReview authapi.ResourceAccessReview + ResourceAccessReviewResponse authapi.ResourceAccessReviewResponse SubjectAccessReview authapi.SubjectAccessReview SubjectAccessReviewResponse authapi.SubjectAccessReviewResponse SubjectRulesReview authapi.SubjectRulesReview diff --git a/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/kubernetes/api/model/KubeSchema.java b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/kubernetes/api/model/KubeSchema.java index bf2f3e28827..85d1811a451 100644 --- a/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/kubernetes/api/model/KubeSchema.java +++ b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/kubernetes/api/model/KubeSchema.java @@ -100,10 +100,12 @@ import io.fabric8.openshift.api.model.RangeAllocation; import io.fabric8.openshift.api.model.RangeAllocationList; import io.fabric8.openshift.api.model.ResourceAccessReview; +import io.fabric8.openshift.api.model.ResourceAccessReviewResponse; import io.fabric8.openshift.api.model.Role; import io.fabric8.openshift.api.model.RoleBinding; import io.fabric8.openshift.api.model.RoleBindingList; import io.fabric8.openshift.api.model.RoleBindingRestriction; +import io.fabric8.openshift.api.model.RoleBindingRestrictionList; import io.fabric8.openshift.api.model.RoleBindingRestrictionSpec; import io.fabric8.openshift.api.model.RoleList; import io.fabric8.openshift.api.model.Route; @@ -206,6 +208,7 @@ "OAuthClientList", "OAuthList", "ObjectMeta", + "OpenShiftRoleBindingRestrictionList", "OpenshiftClusterRole", "OpenshiftClusterRoleBinding", "OpenshiftClusterRoleBindingList", @@ -233,6 +236,7 @@ "RangeAllocation", "RangeAllocationList", "ResourceAccessReview", + "ResourceAccessReviewResponse", "RootPaths", "Route", "RouteList", @@ -416,6 +420,8 @@ public class KubeSchema { private OAuthList oAuthList; @JsonProperty("ObjectMeta") private io.fabric8.kubernetes.api.model.ObjectMeta objectMeta; + @JsonProperty("OpenShiftRoleBindingRestrictionList") + private RoleBindingRestrictionList openShiftRoleBindingRestrictionList; @JsonProperty("OpenshiftClusterRole") private ClusterRole openshiftClusterRole; @JsonProperty("OpenshiftClusterRoleBinding") @@ -470,6 +476,8 @@ public class KubeSchema { private RangeAllocationList rangeAllocationList; @JsonProperty("ResourceAccessReview") private ResourceAccessReview resourceAccessReview; + @JsonProperty("ResourceAccessReviewResponse") + private ResourceAccessReviewResponse resourceAccessReviewResponse; @JsonProperty("RootPaths") private RootPaths rootPaths; @JsonProperty("Route") @@ -597,6 +605,7 @@ public KubeSchema() { * @param openshiftClusterRoleScopeRestriction * @param project * @param oAuth + * @param openShiftRoleBindingRestrictionList * @param clusterOperator * @param podSecurityPolicyReview * @param authenticationList @@ -615,6 +624,7 @@ public KubeSchema() { * @param oAuthClientAuthorization * @param localResourceAccessReview * @param imageStreamTagList + * @param resourceAccessReviewResponse * @param openshiftRoleList * @param dNSZone * @param buildConfigList @@ -651,7 +661,7 @@ public KubeSchema() { * @param imageTag * @param user */ - public KubeSchema(APIGroup aPIGroup, APIGroupList aPIGroupList, APIServer aPIServer, APIServerList aPIServerList, AggregationRule aggregationRule, AppliedClusterResourceQuota appliedClusterResourceQuota, AppliedClusterResourceQuotaList appliedClusterResourceQuotaList, Authentication authentication, AuthenticationList authenticationList, BaseKubernetesList baseKubernetesList, BuildConfigList buildConfigList, BuildList buildList, BuildRequest buildRequest, ClusterNetwork clusterNetwork, ClusterNetworkList clusterNetworkList, ClusterOperator clusterOperator, ClusterOperatorList clusterOperatorList, ClusterResourceQuota clusterResourceQuota, ClusterResourceQuotaList clusterResourceQuotaList, ClusterVersion clusterVersion, ClusterVersionList clusterVersionList, Config config, ConfigMapFileReference configMapFileReference, Console console, ConsoleList consoleList, CreateOptions createOptions, DNS dns, DNSList dNSList, DNSZone dNSZone, DeleteOptions deleteOptions, DeploymentConfig deploymentConfig, DeploymentConfigList deploymentConfigList, EgressNetworkPolicy egressNetworkPolicy, EgressNetworkPolicyList egressNetworkPolicyList, FeatureGate featureGate, FeatureGateList featureGateList, GetOptions getOptions, Group group, GroupList groupList, Identity identity, IdentityList identityList, ImageList imageList, ImageStreamImage imageStreamImage, ImageStreamImport imageStreamImport, ImageStreamList imageStreamList, ImageStreamMapping imageStreamMapping, ImageStreamTagList imageStreamTagList, ImageTag imageTag, ImageTagList imageTagList, Info info, Infrastructure infrastructure, InfrastructureList infrastructureList, Ingress ingress, IngressList ingressList, ListOptions listOptions, LocalResourceAccessReview localResourceAccessReview, LocalSubjectAccessReview localSubjectAccessReview, NetNamespace netNamespace, NetNamespaceList netNamespaceList, Network network, NetworkList networkList, OAuth oAuth, OAuthAccessToken oAuthAccessToken, OAuthAccessTokenList oAuthAccessTokenList, OAuthAuthorizeToken oAuthAuthorizeToken, OAuthAuthorizeTokenList oAuthAuthorizeTokenList, OAuthClient oAuthClient, OAuthClientAuthorization oAuthClientAuthorization, OAuthClientAuthorizationList oAuthClientAuthorizationList, OAuthClientList oAuthClientList, OAuthList oAuthList, io.fabric8.kubernetes.api.model.ObjectMeta objectMeta, ClusterRole openshiftClusterRole, ClusterRoleBinding openshiftClusterRoleBinding, ClusterRoleBindingList openshiftClusterRoleBindingList, ClusterRoleList openshiftClusterRoleList, ClusterRoleScopeRestriction openshiftClusterRoleScopeRestriction, Role openshiftRole, RoleBinding openshiftRoleBinding, RoleBindingList openshiftRoleBindingList, RoleBindingRestriction openshiftRoleBindingRestriction, RoleBindingRestrictionSpec openshiftRoleBindingRestrictionSpec, RoleList openshiftRoleList, OperatorHub operatorHub, OperatorHubList operatorHubList, Patch patch, PatchOptions patchOptions, PodSecurityPolicyReview podSecurityPolicyReview, PodSecurityPolicySelfSubjectReview podSecurityPolicySelfSubjectReview, PodSecurityPolicySubjectReview podSecurityPolicySubjectReview, Project project, ProjectList projectList, ProjectRequest projectRequest, Proxy proxy, ProxyList proxyList, Quantity quantity, RangeAllocation rangeAllocation, RangeAllocationList rangeAllocationList, ResourceAccessReview resourceAccessReview, RootPaths rootPaths, Route route, RouteList routeList, Scheduler scheduler, SchedulerList schedulerList, SecretNameReference secretNameReference, SecurityContextConstraints securityContextConstraints, SecurityContextConstraintsList securityContextConstraintsList, SelfSubjectRulesReview selfSubjectRulesReview, Status status, SubjectAccessReview subjectAccessReview, SubjectAccessReviewResponse subjectAccessReviewResponse, SubjectRulesReview subjectRulesReview, TLSProfileSpec tLSProfileSpec, TagEvent tagEvent, Template template, TemplateList templateList, String time, TokenReview tokenReview, TypeMeta typeMeta, UpdateOptions updateOptions, User user, UserList userList) { + public KubeSchema(APIGroup aPIGroup, APIGroupList aPIGroupList, APIServer aPIServer, APIServerList aPIServerList, AggregationRule aggregationRule, AppliedClusterResourceQuota appliedClusterResourceQuota, AppliedClusterResourceQuotaList appliedClusterResourceQuotaList, Authentication authentication, AuthenticationList authenticationList, BaseKubernetesList baseKubernetesList, BuildConfigList buildConfigList, BuildList buildList, BuildRequest buildRequest, ClusterNetwork clusterNetwork, ClusterNetworkList clusterNetworkList, ClusterOperator clusterOperator, ClusterOperatorList clusterOperatorList, ClusterResourceQuota clusterResourceQuota, ClusterResourceQuotaList clusterResourceQuotaList, ClusterVersion clusterVersion, ClusterVersionList clusterVersionList, Config config, ConfigMapFileReference configMapFileReference, Console console, ConsoleList consoleList, CreateOptions createOptions, DNS dns, DNSList dNSList, DNSZone dNSZone, DeleteOptions deleteOptions, DeploymentConfig deploymentConfig, DeploymentConfigList deploymentConfigList, EgressNetworkPolicy egressNetworkPolicy, EgressNetworkPolicyList egressNetworkPolicyList, FeatureGate featureGate, FeatureGateList featureGateList, GetOptions getOptions, Group group, GroupList groupList, Identity identity, IdentityList identityList, ImageList imageList, ImageStreamImage imageStreamImage, ImageStreamImport imageStreamImport, ImageStreamList imageStreamList, ImageStreamMapping imageStreamMapping, ImageStreamTagList imageStreamTagList, ImageTag imageTag, ImageTagList imageTagList, Info info, Infrastructure infrastructure, InfrastructureList infrastructureList, Ingress ingress, IngressList ingressList, ListOptions listOptions, LocalResourceAccessReview localResourceAccessReview, LocalSubjectAccessReview localSubjectAccessReview, NetNamespace netNamespace, NetNamespaceList netNamespaceList, Network network, NetworkList networkList, OAuth oAuth, OAuthAccessToken oAuthAccessToken, OAuthAccessTokenList oAuthAccessTokenList, OAuthAuthorizeToken oAuthAuthorizeToken, OAuthAuthorizeTokenList oAuthAuthorizeTokenList, OAuthClient oAuthClient, OAuthClientAuthorization oAuthClientAuthorization, OAuthClientAuthorizationList oAuthClientAuthorizationList, OAuthClientList oAuthClientList, OAuthList oAuthList, io.fabric8.kubernetes.api.model.ObjectMeta objectMeta, RoleBindingRestrictionList openShiftRoleBindingRestrictionList, ClusterRole openshiftClusterRole, ClusterRoleBinding openshiftClusterRoleBinding, ClusterRoleBindingList openshiftClusterRoleBindingList, ClusterRoleList openshiftClusterRoleList, ClusterRoleScopeRestriction openshiftClusterRoleScopeRestriction, Role openshiftRole, RoleBinding openshiftRoleBinding, RoleBindingList openshiftRoleBindingList, RoleBindingRestriction openshiftRoleBindingRestriction, RoleBindingRestrictionSpec openshiftRoleBindingRestrictionSpec, RoleList openshiftRoleList, OperatorHub operatorHub, OperatorHubList operatorHubList, Patch patch, PatchOptions patchOptions, PodSecurityPolicyReview podSecurityPolicyReview, PodSecurityPolicySelfSubjectReview podSecurityPolicySelfSubjectReview, PodSecurityPolicySubjectReview podSecurityPolicySubjectReview, Project project, ProjectList projectList, ProjectRequest projectRequest, Proxy proxy, ProxyList proxyList, Quantity quantity, RangeAllocation rangeAllocation, RangeAllocationList rangeAllocationList, ResourceAccessReview resourceAccessReview, ResourceAccessReviewResponse resourceAccessReviewResponse, RootPaths rootPaths, Route route, RouteList routeList, Scheduler scheduler, SchedulerList schedulerList, SecretNameReference secretNameReference, SecurityContextConstraints securityContextConstraints, SecurityContextConstraintsList securityContextConstraintsList, SelfSubjectRulesReview selfSubjectRulesReview, Status status, SubjectAccessReview subjectAccessReview, SubjectAccessReviewResponse subjectAccessReviewResponse, SubjectRulesReview subjectRulesReview, TLSProfileSpec tLSProfileSpec, TagEvent tagEvent, Template template, TemplateList templateList, String time, TokenReview tokenReview, TypeMeta typeMeta, UpdateOptions updateOptions, User user, UserList userList) { super(); this.aPIGroup = aPIGroup; this.aPIGroupList = aPIGroupList; @@ -725,6 +735,7 @@ public KubeSchema(APIGroup aPIGroup, APIGroupList aPIGroupList, APIServer aPISer this.oAuthClientList = oAuthClientList; this.oAuthList = oAuthList; this.objectMeta = objectMeta; + this.openShiftRoleBindingRestrictionList = openShiftRoleBindingRestrictionList; this.openshiftClusterRole = openshiftClusterRole; this.openshiftClusterRoleBinding = openshiftClusterRoleBinding; this.openshiftClusterRoleBindingList = openshiftClusterRoleBindingList; @@ -752,6 +763,7 @@ public KubeSchema(APIGroup aPIGroup, APIGroupList aPIGroupList, APIServer aPISer this.rangeAllocation = rangeAllocation; this.rangeAllocationList = rangeAllocationList; this.resourceAccessReview = resourceAccessReview; + this.resourceAccessReviewResponse = resourceAccessReviewResponse; this.rootPaths = rootPaths; this.route = route; this.routeList = routeList; @@ -1497,6 +1509,16 @@ public void setObjectMeta(io.fabric8.kubernetes.api.model.ObjectMeta objectMeta) this.objectMeta = objectMeta; } + @JsonProperty("OpenShiftRoleBindingRestrictionList") + public RoleBindingRestrictionList getOpenShiftRoleBindingRestrictionList() { + return openShiftRoleBindingRestrictionList; + } + + @JsonProperty("OpenShiftRoleBindingRestrictionList") + public void setOpenShiftRoleBindingRestrictionList(RoleBindingRestrictionList openShiftRoleBindingRestrictionList) { + this.openShiftRoleBindingRestrictionList = openShiftRoleBindingRestrictionList; + } + @JsonProperty("OpenshiftClusterRole") public ClusterRole getOpenshiftClusterRole() { return openshiftClusterRole; @@ -1767,6 +1789,16 @@ public void setResourceAccessReview(ResourceAccessReview resourceAccessReview) { this.resourceAccessReview = resourceAccessReview; } + @JsonProperty("ResourceAccessReviewResponse") + public ResourceAccessReviewResponse getResourceAccessReviewResponse() { + return resourceAccessReviewResponse; + } + + @JsonProperty("ResourceAccessReviewResponse") + public void setResourceAccessReviewResponse(ResourceAccessReviewResponse resourceAccessReviewResponse) { + this.resourceAccessReviewResponse = resourceAccessReviewResponse; + } + @JsonProperty("RootPaths") public RootPaths getRootPaths() { return rootPaths; diff --git a/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/ResourceAccessReviewResponse.java b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/ResourceAccessReviewResponse.java new file mode 100644 index 00000000000..278b9fa8df1 --- /dev/null +++ b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/ResourceAccessReviewResponse.java @@ -0,0 +1,198 @@ + +package io.fabric8.openshift.api.model; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import io.fabric8.kubernetes.api.model.Container; +import io.fabric8.kubernetes.api.model.IntOrString; +import io.fabric8.kubernetes.api.model.KubernetesResource; +import io.fabric8.kubernetes.api.model.LabelSelector; +import io.fabric8.kubernetes.api.model.LocalObjectReference; +import io.fabric8.kubernetes.api.model.ObjectMeta; +import io.fabric8.kubernetes.api.model.ObjectReference; +import io.fabric8.kubernetes.api.model.PersistentVolumeClaim; +import io.fabric8.kubernetes.api.model.PodTemplateSpec; +import io.fabric8.kubernetes.api.model.ResourceRequirements; +import io.sundr.builder.annotations.Buildable; +import io.sundr.builder.annotations.BuildableReference; +import lombok.EqualsAndHashCode; +import lombok.ToString; + +@JsonDeserialize(using = com.fasterxml.jackson.databind.JsonDeserializer.None.class) +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({ + "apiVersion", + "kind", + "metadata", + "evalutionError", + "groups", + "namespace", + "users" +}) +@ToString +@EqualsAndHashCode +@Buildable(editableEnabled = false, validationEnabled = false, generateBuilderPackage = false, lazyCollectionInitEnabled = false, builderPackage = "io.fabric8.kubernetes.api.builder", refs = { + @BuildableReference(ObjectMeta.class), + @BuildableReference(LabelSelector.class), + @BuildableReference(Container.class), + @BuildableReference(PodTemplateSpec.class), + @BuildableReference(ResourceRequirements.class), + @BuildableReference(IntOrString.class), + @BuildableReference(ObjectReference.class), + @BuildableReference(LocalObjectReference.class), + @BuildableReference(PersistentVolumeClaim.class) +}) +public class ResourceAccessReviewResponse implements KubernetesResource +{ + + /** + * + * (Required) + * + */ + @JsonProperty("apiVersion") + private String apiVersion = "authorization.openshift.io/v1"; + @JsonProperty("evalutionError") + private String evalutionError; + @JsonProperty("groups") + private List groups = new ArrayList(); + /** + * + * (Required) + * + */ + @JsonProperty("kind") + private String kind = "ResourceAccessReviewResponse"; + @JsonProperty("namespace") + private String namespace; + @JsonProperty("users") + private List users = new ArrayList(); + @JsonIgnore + private Map additionalProperties = new HashMap(); + + /** + * No args constructor for use in serialization + * + */ + public ResourceAccessReviewResponse() { + } + + /** + * + * @param evalutionError + * @param apiVersion + * @param kind + * @param namespace + * @param groups + * @param users + */ + public ResourceAccessReviewResponse(String apiVersion, String evalutionError, List groups, String kind, String namespace, List users) { + super(); + this.apiVersion = apiVersion; + this.evalutionError = evalutionError; + this.groups = groups; + this.kind = kind; + this.namespace = namespace; + this.users = users; + } + + /** + * + * (Required) + * + */ + @JsonProperty("apiVersion") + public String getApiVersion() { + return apiVersion; + } + + /** + * + * (Required) + * + */ + @JsonProperty("apiVersion") + public void setApiVersion(String apiVersion) { + this.apiVersion = apiVersion; + } + + @JsonProperty("evalutionError") + public String getEvalutionError() { + return evalutionError; + } + + @JsonProperty("evalutionError") + public void setEvalutionError(String evalutionError) { + this.evalutionError = evalutionError; + } + + @JsonProperty("groups") + public List getGroups() { + return groups; + } + + @JsonProperty("groups") + public void setGroups(List groups) { + this.groups = groups; + } + + /** + * + * (Required) + * + */ + @JsonProperty("kind") + public String getKind() { + return kind; + } + + /** + * + * (Required) + * + */ + @JsonProperty("kind") + public void setKind(String kind) { + this.kind = kind; + } + + @JsonProperty("namespace") + public String getNamespace() { + return namespace; + } + + @JsonProperty("namespace") + public void setNamespace(String namespace) { + this.namespace = namespace; + } + + @JsonProperty("users") + public List getUsers() { + return users; + } + + @JsonProperty("users") + public void setUsers(List users) { + this.users = users; + } + + @JsonAnyGetter + public Map getAdditionalProperties() { + return this.additionalProperties; + } + + @JsonAnySetter + public void setAdditionalProperty(String name, Object value) { + this.additionalProperties.put(name, value); + } + +} diff --git a/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestriction.java b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestriction.java index 68e4e1e11a5..53a3662e22d 100644 --- a/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestriction.java +++ b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestriction.java @@ -20,8 +20,13 @@ import io.fabric8.kubernetes.api.model.PersistentVolumeClaim; import io.fabric8.kubernetes.api.model.PodTemplateSpec; import io.fabric8.kubernetes.api.model.ResourceRequirements; +import io.fabric8.kubernetes.model.annotation.Group; +import io.fabric8.kubernetes.model.annotation.PackageSuffix; +import io.fabric8.kubernetes.model.annotation.Version; import io.sundr.builder.annotations.Buildable; import io.sundr.builder.annotations.BuildableReference; +import io.sundr.transform.annotations.VelocityTransformation; +import io.sundr.transform.annotations.VelocityTransformations; import lombok.EqualsAndHashCode; import lombok.ToString; @@ -46,6 +51,12 @@ @BuildableReference(LocalObjectReference.class), @BuildableReference(PersistentVolumeClaim.class) }) +@Version("v1") +@Group("authorization.openshift.io") +@PackageSuffix(".openshift.v1") +@VelocityTransformations({ + @VelocityTransformation(value = "/manifest.vm", outputPath = "openshift.properties", gather = true) +}) public class RoleBindingRestriction implements HasMetadata, Namespaced { diff --git a/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestrictionList.java b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestrictionList.java new file mode 100644 index 00000000000..4e03c1f8d6a --- /dev/null +++ b/kubernetes-model-generator/openshift-model/src/generated/java/io/fabric8/openshift/api/model/RoleBindingRestrictionList.java @@ -0,0 +1,175 @@ + +package io.fabric8.openshift.api.model; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import io.fabric8.kubernetes.api.model.Container; +import io.fabric8.kubernetes.api.model.IntOrString; +import io.fabric8.kubernetes.api.model.KubernetesResource; +import io.fabric8.kubernetes.api.model.KubernetesResourceList; +import io.fabric8.kubernetes.api.model.LabelSelector; +import io.fabric8.kubernetes.api.model.ListMeta; +import io.fabric8.kubernetes.api.model.LocalObjectReference; +import io.fabric8.kubernetes.api.model.ObjectMeta; +import io.fabric8.kubernetes.api.model.ObjectReference; +import io.fabric8.kubernetes.api.model.PersistentVolumeClaim; +import io.fabric8.kubernetes.api.model.PodTemplateSpec; +import io.fabric8.kubernetes.api.model.ResourceRequirements; +import io.fabric8.kubernetes.model.annotation.Group; +import io.fabric8.kubernetes.model.annotation.PackageSuffix; +import io.fabric8.kubernetes.model.annotation.Version; +import io.sundr.builder.annotations.Buildable; +import io.sundr.builder.annotations.BuildableReference; +import lombok.EqualsAndHashCode; +import lombok.ToString; + +@JsonDeserialize(using = com.fasterxml.jackson.databind.JsonDeserializer.None.class) +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({ + "apiVersion", + "kind", + "metadata", + "items" +}) +@ToString +@EqualsAndHashCode +@Buildable(editableEnabled = false, validationEnabled = false, generateBuilderPackage = false, lazyCollectionInitEnabled = false, builderPackage = "io.fabric8.kubernetes.api.builder", refs = { + @BuildableReference(ObjectMeta.class), + @BuildableReference(LabelSelector.class), + @BuildableReference(Container.class), + @BuildableReference(PodTemplateSpec.class), + @BuildableReference(ResourceRequirements.class), + @BuildableReference(IntOrString.class), + @BuildableReference(ObjectReference.class), + @BuildableReference(LocalObjectReference.class), + @BuildableReference(PersistentVolumeClaim.class) +}) +@Version("v1") +@Group("authorization.openshift.io") +@PackageSuffix(".openshift.v1") +public class RoleBindingRestrictionList implements KubernetesResource, KubernetesResourceList +{ + + /** + * + * (Required) + * + */ + @JsonProperty("apiVersion") + private String apiVersion = "authorization.openshift.io/v1"; + @JsonProperty("items") + private List items = new ArrayList(); + /** + * + * (Required) + * + */ + @JsonProperty("kind") + private String kind = "RoleBindingRestrictionList"; + @JsonProperty("metadata") + private ListMeta metadata; + @JsonIgnore + private Map additionalProperties = new HashMap(); + + /** + * No args constructor for use in serialization + * + */ + public RoleBindingRestrictionList() { + } + + /** + * + * @param metadata + * @param apiVersion + * @param kind + * @param items + */ + public RoleBindingRestrictionList(String apiVersion, List items, String kind, ListMeta metadata) { + super(); + this.apiVersion = apiVersion; + this.items = items; + this.kind = kind; + this.metadata = metadata; + } + + /** + * + * (Required) + * + */ + @JsonProperty("apiVersion") + public String getApiVersion() { + return apiVersion; + } + + /** + * + * (Required) + * + */ + @JsonProperty("apiVersion") + public void setApiVersion(String apiVersion) { + this.apiVersion = apiVersion; + } + + @JsonProperty("items") + public List getItems() { + return items; + } + + @JsonProperty("items") + public void setItems(List items) { + this.items = items; + } + + /** + * + * (Required) + * + */ + @JsonProperty("kind") + public String getKind() { + return kind; + } + + /** + * + * (Required) + * + */ + @JsonProperty("kind") + public void setKind(String kind) { + this.kind = kind; + } + + @JsonProperty("metadata") + public ListMeta getMetadata() { + return metadata; + } + + @JsonProperty("metadata") + public void setMetadata(ListMeta metadata) { + this.metadata = metadata; + } + + @JsonAnyGetter + public Map getAdditionalProperties() { + return this.additionalProperties; + } + + @JsonAnySetter + public void setAdditionalProperty(String name, Object value) { + this.additionalProperties.put(name, value); + } + +} diff --git a/kubernetes-model-generator/openshift-model/src/main/resources/schema/kube-schema.json b/kubernetes-model-generator/openshift-model/src/main/resources/schema/kube-schema.json index 3ea317ee46e..140162e3391 100644 --- a/kubernetes-model-generator/openshift-model/src/main/resources/schema/kube-schema.json +++ b/kubernetes-model-generator/openshift-model/src/main/resources/schema/kube-schema.json @@ -4605,6 +4605,44 @@ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, + "os_authorization_ResourceAccessReviewResponse": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "default": "authorization.openshift.io/v1", + "required": true + }, + "evalutionError": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "type": "string" + } + }, + "kind": { + "type": "string", + "default": "ResourceAccessReviewResponse", + "required": true + }, + "namespace": { + "type": "string" + }, + "users": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.openshift.api.model.ResourceAccessReviewResponse", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, "os_authorization_Role": { "type": "object", "properties": { @@ -4746,6 +4784,38 @@ "io.fabric8.kubernetes.api.model.Namespaced" ] }, + "os_authorization_RoleBindingRestrictionList": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "default": "authorization.openshift.io/v1", + "required": true + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/os_authorization_RoleBindingRestriction", + "existingJavaType": "io.fabric8.openshift.api.model.RoleBindingRestriction" + } + }, + "kind": { + "type": "string", + "default": "RoleBindingRestrictionList", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ListMeta", + "existingJavaType": "io.fabric8.kubernetes.api.model.ListMeta" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.openshift.api.model.RoleBindingRestrictionList", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource", + "io.fabric8.kubernetes.api.model.KubernetesResourceList\u003cio.fabric8.openshift.api.model.RoleBindingRestriction\u003e" + ] + }, "os_authorization_RoleBindingRestrictionSpec": { "type": "object", "properties": { @@ -13129,6 +13199,10 @@ "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", "existingJavaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, + "OpenShiftRoleBindingRestrictionList": { + "$ref": "#/definitions/os_authorization_RoleBindingRestrictionList", + "existingJavaType": "io.fabric8.openshift.api.model.RoleBindingRestrictionList" + }, "OpenshiftClusterRole": { "$ref": "#/definitions/os_authorization_ClusterRole", "existingJavaType": "io.fabric8.openshift.api.model.ClusterRole" @@ -13237,6 +13311,10 @@ "$ref": "#/definitions/os_authorization_ResourceAccessReview", "existingJavaType": "io.fabric8.openshift.api.model.ResourceAccessReview" }, + "ResourceAccessReviewResponse": { + "$ref": "#/definitions/os_authorization_ResourceAccessReviewResponse", + "existingJavaType": "io.fabric8.openshift.api.model.ResourceAccessReviewResponse" + }, "RootPaths": { "$ref": "#/definitions/kubernetes_apimachinery_RootPaths", "existingJavaType": "io.fabric8.kubernetes.api.model.RootPaths" diff --git a/kubernetes-model-generator/openshift-model/src/main/resources/schema/validation-schema.json b/kubernetes-model-generator/openshift-model/src/main/resources/schema/validation-schema.json index 51d76829b05..e5d2b3e528d 100644 --- a/kubernetes-model-generator/openshift-model/src/main/resources/schema/validation-schema.json +++ b/kubernetes-model-generator/openshift-model/src/main/resources/schema/validation-schema.json @@ -4605,6 +4605,44 @@ "io.fabric8.kubernetes.api.model.KubernetesResource" ] }, + "os_authorization_ResourceAccessReviewResponse": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "default": "authorization.openshift.io/v1", + "required": true + }, + "evalutionError": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "type": "string" + } + }, + "kind": { + "type": "string", + "default": "ResourceAccessReviewResponse", + "required": true + }, + "namespace": { + "type": "string" + }, + "users": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.openshift.api.model.ResourceAccessReviewResponse", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource" + ] + }, "os_authorization_Role": { "type": "object", "properties": { @@ -4746,6 +4784,38 @@ "io.fabric8.kubernetes.api.model.Namespaced" ] }, + "os_authorization_RoleBindingRestrictionList": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "default": "authorization.openshift.io/v1", + "required": true + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/os_authorization_RoleBindingRestriction", + "existingJavaType": "io.fabric8.openshift.api.model.RoleBindingRestriction" + } + }, + "kind": { + "type": "string", + "default": "RoleBindingRestrictionList", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ListMeta", + "existingJavaType": "io.fabric8.kubernetes.api.model.ListMeta" + } + }, + "additionalProperties": true, + "javaType": "io.fabric8.openshift.api.model.RoleBindingRestrictionList", + "javaInterfaces": [ + "io.fabric8.kubernetes.api.model.KubernetesResource", + "io.fabric8.kubernetes.api.model.KubernetesResourceList\u003cio.fabric8.openshift.api.model.RoleBindingRestriction\u003e" + ] + }, "os_authorization_RoleBindingRestrictionSpec": { "type": "object", "properties": { @@ -13129,6 +13199,10 @@ "$ref": "#/definitions/kubernetes_apimachinery_ObjectMeta", "existingJavaType": "io.fabric8.kubernetes.api.model.ObjectMeta" }, + "OpenShiftRoleBindingRestrictionList": { + "$ref": "#/definitions/os_authorization_RoleBindingRestrictionList", + "existingJavaType": "io.fabric8.openshift.api.model.RoleBindingRestrictionList" + }, "OpenshiftClusterRole": { "$ref": "#/definitions/os_authorization_ClusterRole", "existingJavaType": "io.fabric8.openshift.api.model.ClusterRole" @@ -13237,6 +13311,10 @@ "$ref": "#/definitions/os_authorization_ResourceAccessReview", "existingJavaType": "io.fabric8.openshift.api.model.ResourceAccessReview" }, + "ResourceAccessReviewResponse": { + "$ref": "#/definitions/os_authorization_ResourceAccessReviewResponse", + "existingJavaType": "io.fabric8.openshift.api.model.ResourceAccessReviewResponse" + }, "RootPaths": { "$ref": "#/definitions/kubernetes_apimachinery_RootPaths", "existingJavaType": "io.fabric8.kubernetes.api.model.RootPaths" @@ -21275,6 +21353,39 @@ }, "additionalProperties": true }, + "resourceaccessreviewresponse": { + "properties": { + "apiVersion": { + "type": "string", + "default": "authorization.openshift.io/v1", + "required": true + }, + "evalutionError": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "type": "string" + } + }, + "kind": { + "type": "string", + "default": "ResourceAccessReviewResponse", + "required": true + }, + "namespace": { + "type": "string" + }, + "users": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": true + }, "resourcefieldselector": { "properties": { "containerName": { @@ -21485,6 +21596,32 @@ }, "additionalProperties": true }, + "rolebindingrestrictionlist": { + "properties": { + "apiVersion": { + "type": "string", + "default": "authorization.openshift.io/v1", + "required": true + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/os_authorization_RoleBindingRestriction", + "existingJavaType": "io.fabric8.openshift.api.model.RoleBindingRestriction" + } + }, + "kind": { + "type": "string", + "default": "RoleBindingRestrictionList", + "required": true + }, + "metadata": { + "$ref": "#/definitions/kubernetes_apimachinery_ListMeta", + "existingJavaType": "io.fabric8.kubernetes.api.model.ListMeta" + } + }, + "additionalProperties": true + }, "rolebindingrestrictionspec": { "properties": { "grouprestriction": { diff --git a/kubernetes-model-generator/pkg/schemagen/generate.go b/kubernetes-model-generator/pkg/schemagen/generate.go index 15c048b4e40..e9cb187ebdf 100644 --- a/kubernetes-model-generator/pkg/schemagen/generate.go +++ b/kubernetes-model-generator/pkg/schemagen/generate.go @@ -633,6 +633,8 @@ func (g *schemaGenerator) isClusterScopedResource(t reflect.Type) bool { "k8s.io/api/flowcontrol/v1beta1/PriorityLevelConfiguration", "github.com/openshift/api/authorization/v1/ClusterRole", "github.com/openshift/api/authorization/v1/ClusterRoleBinding", + "github.com/openshift/api/authorization/v1/ResourceAccessReview", + "github.com/openshift/api/authorization/v1/SubjectAccessReview", "github.com/openshift/api/config/v1/Authentication", "github.com/openshift/api/config/v1/Console", "github.com/openshift/api/config/v1/DNS", diff --git a/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/ClusterRoleTest.java b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/ClusterRoleTest.java new file mode 100644 index 00000000000..3eb1cfa1a26 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/ClusterRoleTest.java @@ -0,0 +1,94 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.openshift.client.server.mock; + +import io.fabric8.openshift.api.model.ClusterRole; +import io.fabric8.openshift.api.model.ClusterRoleBuilder; +import io.fabric8.openshift.api.model.ClusterRoleList; +import io.fabric8.openshift.api.model.ClusterRoleListBuilder; +import io.fabric8.openshift.client.OpenShiftClient; +import org.junit.jupiter.api.Test; + +import java.net.HttpURLConnection; + +import static org.assertj.core.api.Assertions.assertThat; + +@EnableOpenShiftMockClient +class ClusterRoleTest { + private OpenShiftClient client; + private OpenShiftMockServer server; + + @Test + void get() { + // Given + server.expect().get().withPath("/apis/authorization.openshift.io/v1/clusterroles/test-get") + .andReturn(HttpURLConnection.HTTP_OK, createNewClusterRole("test-get")) + .once(); + + // When + ClusterRole clusterRole = client.clusterRoles().withName("test-get").get(); + + // Then + assertThat(clusterRole) + .isNotNull() + .hasFieldOrPropertyWithValue("metadata.name", "test-get"); + } + + @Test + void list() { + // Given + server.expect().get().withPath("/apis/authorization.openshift.io/v1/clusterroles") + .andReturn(HttpURLConnection.HTTP_OK, new ClusterRoleListBuilder() + .addToItems(createNewClusterRole("test-list")) + .build()) + .once(); + + // When + ClusterRoleList clusterRoleList = client.clusterRoles().list(); + + // Then + assertThat(clusterRoleList).isNotNull(); + assertThat(clusterRoleList.getItems()).hasSize(1); + assertThat(clusterRoleList.getItems().get(0)) + .hasFieldOrPropertyWithValue("metadata.name", "test-list"); + } + + @Test + void delete() { + // Given + server.expect().delete().withPath("/apis/authorization.openshift.io/v1/clusterroles/cluster") + .andReturn(HttpURLConnection.HTTP_OK, createNewClusterRole("cluster")) + .once(); + + // When + Boolean isDeleted = client.clusterRoles().withName("cluster").delete(); + + // Then + assertThat(isDeleted).isTrue(); + } + + private ClusterRole createNewClusterRole(String name) { + return new ClusterRoleBuilder() + .withNewMetadata().withName(name).endMetadata() + .addNewRule() + .addNewApiGroup("template.openshift.io") + .addToResources("templates", "processedtemplates", "templateauthorizations", "templateinstances") + .withVerbs("*") + .endRule() + .build(); + } + +} diff --git a/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/RoleBindingRestrictionTest.java b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/RoleBindingRestrictionTest.java new file mode 100644 index 00000000000..c9b97dad348 --- /dev/null +++ b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/RoleBindingRestrictionTest.java @@ -0,0 +1,94 @@ +/** + * Copyright (C) 2015 Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.fabric8.openshift.client.server.mock; + +import io.fabric8.openshift.api.model.RoleBindingRestriction; +import io.fabric8.openshift.api.model.RoleBindingRestrictionBuilder; +import io.fabric8.openshift.api.model.RoleBindingRestrictionList; +import io.fabric8.openshift.api.model.RoleBindingRestrictionListBuilder; +import io.fabric8.openshift.client.OpenShiftClient; +import org.junit.jupiter.api.Test; + +import java.net.HttpURLConnection; + +import static org.assertj.core.api.Assertions.assertThat; + +@EnableOpenShiftMockClient +class RoleBindingRestrictionTest { + private OpenShiftClient client; + private OpenShiftMockServer server; + + @Test + void get() { + // Given + server.expect().get().withPath("/apis/authorization.openshift.io/v1/namespaces/ns1/rolebindingrestrictions/test-get") + .andReturn(HttpURLConnection.HTTP_OK, createNewRoleBindingRestriction("test-get")) + .once(); + + // When + RoleBindingRestriction roleBindingRestriction = client.roleBindingRestrictions().inNamespace("ns1").withName("test-get").get(); + + // Then + assertThat(roleBindingRestriction) + .isNotNull() + .hasFieldOrPropertyWithValue("metadata.name", "test-get"); + } + + @Test + void list() { + // Given + server.expect().get().withPath("/apis/authorization.openshift.io/v1/namespaces/ns1/rolebindingrestrictions") + .andReturn(HttpURLConnection.HTTP_OK, new RoleBindingRestrictionListBuilder() + .addToItems(createNewRoleBindingRestriction("test-list")) + .build()) + .once(); + + // When + RoleBindingRestrictionList roleBindingRestrictionList = client.roleBindingRestrictions().inNamespace("ns1").list(); + + // Then + assertThat(roleBindingRestrictionList).isNotNull(); + assertThat(roleBindingRestrictionList.getItems()).hasSize(1); + assertThat(roleBindingRestrictionList.getItems().get(0)) + .hasFieldOrPropertyWithValue("metadata.name", "test-list"); + } + + @Test + void delete() { + // Given + server.expect().delete().withPath("/apis/authorization.openshift.io/v1/namespaces/ns1/rolebindingrestrictions/cluster") + .andReturn(HttpURLConnection.HTTP_OK, createNewRoleBindingRestriction("cluster")) + .once(); + + // When + Boolean isDeleted = client.roleBindingRestrictions().inNamespace("ns1").withName("cluster").delete(); + + // Then + assertThat(isDeleted).isTrue(); + } + + private RoleBindingRestriction createNewRoleBindingRestriction(String name) { + return new RoleBindingRestrictionBuilder() + .withNewMetadata().withName(name).endMetadata() + .withNewSpec() + .withNewGrouprestriction() + .addNewGroup("groups-rolebindingrestriction") + .endGrouprestriction() + .endSpec() + .build(); + } + +} diff --git a/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java index 8ac3d1c4b88..ea81a723d89 100644 --- a/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java +++ b/kubernetes-tests/src/test/java/io/fabric8/openshift/client/server/mock/SubjectAccessReviewTest.java @@ -16,14 +16,24 @@ package io.fabric8.openshift.client.server.mock; +import io.fabric8.openshift.api.model.LocalResourceAccessReviewBuilder; import io.fabric8.openshift.api.model.LocalSubjectAccessReviewBuilder; +import io.fabric8.openshift.api.model.ResourceAccessReviewBuilder; +import io.fabric8.openshift.api.model.ResourceAccessReviewResponse; +import io.fabric8.openshift.api.model.ResourceAccessReviewResponseBuilder; +import io.fabric8.openshift.api.model.SelfSubjectRulesReview; +import io.fabric8.openshift.api.model.SelfSubjectRulesReviewBuilder; import io.fabric8.openshift.api.model.SubjectAccessReviewBuilder; import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; import io.fabric8.openshift.api.model.SubjectAccessReviewResponseBuilder; +import io.fabric8.openshift.api.model.SubjectRulesReview; +import io.fabric8.openshift.api.model.SubjectRulesReviewBuilder; import io.fabric8.openshift.client.NamespacedOpenShiftClient; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import static java.net.HttpURLConnection.HTTP_CREATED; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; @@ -93,4 +103,103 @@ void testCreateLocalInLine() { assertEquals("r2", response.getReason()); } + @Test + void createResourceAccessReview() { + // Given + server.expect().post().withPath("/apis/authorization.openshift.io/v1/resourceaccessreviews") + .andReturn( HTTP_CREATED, new ResourceAccessReviewResponseBuilder() + .addToGroups("system:cluster-admins", "system:masters") + .addToUsers("kubeadmin", "system:admin") + .build()).once(); + + // When + ResourceAccessReviewResponse response = client.resourceAccessReviews().create(new ResourceAccessReviewBuilder() + .withVerb("create") + .withResourceName("ConfigMap") + .build()); + + // Then + assertNotNull(response); + assertArrayEquals(new String[] {"kubeadmin", "system:admin"}, response.getUsers().toArray()); + assertArrayEquals(new String[] {"system:cluster-admins", "system:masters"}, response.getGroups().toArray()); + } + + @Test + void createLocalResourceAccessReview() { + // Given + server.expect().post().withPath("/apis/authorization.openshift.io/v1/namespaces/ns1/localresourceaccessreviews") + .andReturn( HTTP_CREATED, new ResourceAccessReviewResponseBuilder() + .withNamespace("ns1") + .addToGroups("system:cluster-admins", "system:masters") + .addToUsers("kubeadmin", "system:admin") + .build()).once(); + + // When + ResourceAccessReviewResponse response = client.localResourceAccessReviews().inNamespace("ns1").create(new LocalResourceAccessReviewBuilder() + .withVerb("create") + .withResourceName("ConfigMap") + .build()); + + // Then + assertNotNull(response); + assertArrayEquals(new String[] {"kubeadmin", "system:admin"}, response.getUsers().toArray()); + assertArrayEquals(new String[] {"system:cluster-admins", "system:masters"}, response.getGroups().toArray()); + } + + @Test + void createSelfSubjectRulesReviews() { + // Given + server.expect().post().withPath("/apis/authorization.openshift.io/v1/namespaces/test/selfsubjectrulesreviews") + .andReturn( HTTP_CREATED, new SelfSubjectRulesReviewBuilder() + .withNewSpec() + .endSpec() + .withNewStatus() + .addNewRule() + .withVerbs("create", "get") + .withApiGroups("") + .withResources("buildconfigs/webhooks") + .endRule() + .endStatus() + .build()).once(); + + // When + SelfSubjectRulesReview response = client.selfSubjectRulesReviews().inNamespace("test").create(new SelfSubjectRulesReviewBuilder() + .withNewSpec().endSpec() + .build()); + + // Then + assertNotNull(response); + assertNotNull(response.getStatus()); + assertEquals(1, response.getStatus().getRules().size()); + } + + @Test + void createSubjectRulesReviews() { + // Given + server.expect().post().withPath("/apis/authorization.openshift.io/v1/namespaces/test/subjectrulesreviews") + .andReturn( HTTP_CREATED, new SubjectRulesReviewBuilder() + .withNewSpec() + .endSpec() + .withNewStatus() + .addNewRule() + .withVerbs("create","delete","deletecollection","get","list","patch","update","watch") + .withApiGroups("") + .withResources("imagestreams") + .endRule() + .endStatus() + .build()).once(); + + // When + SubjectRulesReview response = client.subjectRulesReviews().inNamespace("test").create(new SubjectRulesReviewBuilder() + .withNewSpec() + .withUser("developer") + .endSpec() + .build()); + + // Then + assertNotNull(response); + assertNotNull(response.getStatus()); + assertEquals(1, response.getStatus().getRules().size()); + } + } diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java index efca254df31..fc4037718ba 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/DefaultOpenShiftClient.java @@ -131,8 +131,10 @@ import io.fabric8.openshift.api.model.BuildList; import io.fabric8.openshift.api.model.ClusterNetwork; import io.fabric8.openshift.api.model.ClusterNetworkList; +import io.fabric8.openshift.api.model.ClusterRole; import io.fabric8.openshift.api.model.ClusterRoleBinding; import io.fabric8.openshift.api.model.ClusterRoleBindingList; +import io.fabric8.openshift.api.model.ClusterRoleList; import io.fabric8.openshift.api.model.DeploymentConfig; import io.fabric8.openshift.api.model.DeploymentConfigList; import io.fabric8.openshift.api.model.EgressNetworkPolicy; @@ -147,6 +149,7 @@ import io.fabric8.openshift.api.model.ImageStreamTagList; import io.fabric8.openshift.api.model.ImageTag; import io.fabric8.openshift.api.model.ImageTagList; +import io.fabric8.openshift.api.model.LocalResourceAccessReview; import io.fabric8.openshift.api.model.LocalSubjectAccessReview; import io.fabric8.openshift.api.model.NetNamespace; import io.fabric8.openshift.api.model.NetNamespaceList; @@ -158,16 +161,22 @@ import io.fabric8.openshift.api.model.OAuthClientList; import io.fabric8.openshift.api.model.RangeAllocation; import io.fabric8.openshift.api.model.RangeAllocationList; +import io.fabric8.openshift.api.model.ResourceAccessReview; +import io.fabric8.openshift.api.model.ResourceAccessReviewResponse; import io.fabric8.openshift.api.model.Role; import io.fabric8.openshift.api.model.RoleBinding; import io.fabric8.openshift.api.model.RoleBindingList; +import io.fabric8.openshift.api.model.RoleBindingRestriction; +import io.fabric8.openshift.api.model.RoleBindingRestrictionList; import io.fabric8.openshift.api.model.RoleList; import io.fabric8.openshift.api.model.Route; import io.fabric8.openshift.api.model.RouteList; import io.fabric8.openshift.api.model.SecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraintsList; +import io.fabric8.openshift.api.model.SelfSubjectRulesReview; import io.fabric8.openshift.api.model.SubjectAccessReview; import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; +import io.fabric8.openshift.api.model.SubjectRulesReview; import io.fabric8.openshift.api.model.Template; import io.fabric8.openshift.api.model.TemplateList; import io.fabric8.openshift.api.model.User; @@ -184,6 +193,8 @@ import io.fabric8.openshift.client.dsl.ProjectOperation; import io.fabric8.openshift.client.dsl.ProjectRequestOperation; import io.fabric8.openshift.client.dsl.TemplateResource; +import io.fabric8.openshift.client.dsl.internal.authorization.ClusterRoleOperationsImpl; +import io.fabric8.openshift.client.dsl.internal.authorization.RoleBindingRestrictionOperationsImpl; import io.fabric8.openshift.client.dsl.internal.build.BuildConfigOperationsImpl; import io.fabric8.openshift.client.dsl.internal.build.BuildOperationsImpl; import io.fabric8.openshift.client.dsl.internal.network.ClusterNetworkOperationsImpl; @@ -233,6 +244,8 @@ public class DefaultOpenShiftClient extends BaseClient implements NamespacedOpenShiftClient { private static final Map API_GROUPS_ENABLED_PER_URL = new HashMap<>(); + public static final String AUTHORIZATION_OPENSHIFT_IO = "authorization.openshift.io"; + public static final String V1_APIVERSION = "v1"; private final URL openShiftUrl; private final NamespacedKubernetesClient delegate; @@ -624,6 +637,11 @@ public MixedOperation> roleBindingRestrictions() { + return new RoleBindingRestrictionOperationsImpl(httpClient, OpenShiftConfig.wrap(getConfiguration())); + } + @Override public NamespacedOpenShiftClient inNamespace(String namespace) { OpenShiftConfig updated = new OpenShiftConfigBuilder(new OpenShiftConfig(getConfiguration())) @@ -711,12 +729,37 @@ public MixedOperation subjectAccessReviews() { - return new OpenShiftSubjectAccessReviewOperationsImpl(httpClient, getConfiguration(), "authorization.openshift.io", "v1", HasMetadata.getPlural(SubjectAccessReview.class)); + return new OpenShiftSubjectAccessReviewOperationsImpl<>(httpClient, getConfiguration(), AUTHORIZATION_OPENSHIFT_IO, V1_APIVERSION, HasMetadata.getPlural(SubjectAccessReview.class), SubjectAccessReviewResponse.class); + } + + @Override + public InOutCreateable resourceAccessReviews() { + return new OpenShiftSubjectAccessReviewOperationsImpl<>(httpClient, getConfiguration(), AUTHORIZATION_OPENSHIFT_IO, V1_APIVERSION, HasMetadata.getPlural(ResourceAccessReview.class), ResourceAccessReviewResponse.class); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews() { + return new OpenShiftLocalSubjectAccessReviewOperationsImpl<>(httpClient, getConfiguration(), AUTHORIZATION_OPENSHIFT_IO, V1_APIVERSION, HasMetadata.getPlural(LocalSubjectAccessReview.class), SubjectAccessReviewResponse.class); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl localResourceAccessReviews() { + return new OpenShiftLocalSubjectAccessReviewOperationsImpl<>(httpClient, getConfiguration(), AUTHORIZATION_OPENSHIFT_IO, V1_APIVERSION, HasMetadata.getPlural(LocalResourceAccessReview.class), ResourceAccessReviewResponse.class); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl selfSubjectRulesReviews() { + return new OpenShiftLocalSubjectAccessReviewOperationsImpl<>(httpClient, getConfiguration(), AUTHORIZATION_OPENSHIFT_IO, V1_APIVERSION, HasMetadata.getPlural(SelfSubjectRulesReview.class), SelfSubjectRulesReview.class); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl subjectRulesReviews() { + return new OpenShiftLocalSubjectAccessReviewOperationsImpl<>(httpClient, getConfiguration(), AUTHORIZATION_OPENSHIFT_IO, V1_APIVERSION, HasMetadata.getPlural(SubjectRulesReview.class), SubjectRulesReview.class); } @Override - public OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews() { - return new OpenShiftLocalSubjectAccessReviewOperationsImpl(httpClient, getConfiguration(), "authorization.openshift.io", "v1", HasMetadata.getPlural(LocalSubjectAccessReview.class)); + public NonNamespaceOperation> clusterRoles() { + return new ClusterRoleOperationsImpl(httpClient, OpenShiftConfig.wrap(getConfiguration())); } @Override diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java index 126d3b0bff0..15cb83db150 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftClient.java @@ -284,9 +284,60 @@ public interface OpenShiftClient extends KubernetesClient { */ NonNamespaceOperation> securityContextConstraints(); + /** + * API entrypoint for SubjectAccessReview (authorization.openshift.io/v1) + * This only supports create operation. SubjectAccessReviewResponse from server is returned as output + * + * @return {@link InOutCreateable} for SubjectAccessReview + */ InOutCreateable subjectAccessReviews(); - OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews(); + /** + * API entrypoint for ResourceAccessReview (authorization.openshift.io/v1) + * This only supports create operation. ResourceAccessReviewResponse from server is returned as output + * + * @return {@link InOutCreateable} for ResourceAccessReview + */ + InOutCreateable resourceAccessReviews(); + + /** + * API entrypoint for LocalSubjectAccessReview (authorization.openshift.io/v1) + * This only supports create operation. SubjectAccessReviewResponse from server is returned as output + * + * @return {@link OpenShiftLocalSubjectAccessReviewOperationsImpl} for LocalSubjectAccessReview + */ + OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews(); + + /** + * API entrypoint for LocalResourceAccessReview (authorization.openshift.io/v1) + * This only supports create operation. ResourceAccessReviewResponse from server is returned as output + * + * @return {@link OpenShiftLocalSubjectAccessReviewOperationsImpl} for LocalResourceAccessReview + */ + OpenShiftLocalSubjectAccessReviewOperationsImpl localResourceAccessReviews(); + + /** + * API entrypoint for SelfSubjectRulesReview (authorization.openshift.io/v1) + * This only supports create operation. SelfSubjectRulesReview from server is returned as output + * + * @return {@link OpenShiftLocalSubjectAccessReviewOperationsImpl} for SelfSubjectRulesReview + */ + OpenShiftLocalSubjectAccessReviewOperationsImpl selfSubjectRulesReviews(); + + /** + * API entrypoint for SubjectRulesReview (authorization.openshift.io/v1) + * This only supports create operation. SubjectRulesReview from server is returned as output + * + * @return {@link OpenShiftLocalSubjectAccessReviewOperationsImpl} for SubjectRulesReview + */ + OpenShiftLocalSubjectAccessReviewOperationsImpl subjectRulesReviews(); + + /** + * API entrypoint for ClusterRole (authorization.openshift.io/v1) + * + * @return {@link NonNamespaceOperation} for ClusterRole + */ + NonNamespaceOperation> clusterRoles(); /** * API entrypoint for accessing ClusterRoleBinding(authorization.openshift.io/v1) @@ -295,6 +346,13 @@ public interface OpenShiftClient extends KubernetesClient { */ MixedOperation> clusterRoleBindings(); + /** + * API entrypoint for RoleBindingRestriction (authorization.openshift.io/v1) + * + * @return {@link MixedOperation} for RoleBindingRestriction + */ + MixedOperation> roleBindingRestrictions(); + /** * Configure Request Config * diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java index 575676b7a63..1856298349c 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/OpenShiftLocalSubjectAccessReviewOperationsImpl.java @@ -21,42 +21,42 @@ import io.fabric8.kubernetes.client.dsl.Namespaceable; import io.fabric8.kubernetes.client.dsl.base.OperationContext; import io.fabric8.kubernetes.client.dsl.base.OperationSupport; -import io.fabric8.openshift.api.model.LocalSubjectAccessReview; -import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; import okhttp3.OkHttpClient; import java.io.IOException; import java.util.concurrent.ExecutionException; -public class OpenShiftLocalSubjectAccessReviewOperationsImpl extends OperationSupport implements InOutCreateable, Namespaceable { +public class OpenShiftLocalSubjectAccessReviewOperationsImpl extends OperationSupport implements InOutCreateable, Namespaceable> { private final String subjectAccessApiGroupName; private final String subjectAccessApiGroupVersion; private final String plural; + private final Class responseClass; - public OpenShiftLocalSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural) { - this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural); + public OpenShiftLocalSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural, Class responseClass) { + this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural, responseClass); } - public OpenShiftLocalSubjectAccessReviewOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural) { + public OpenShiftLocalSubjectAccessReviewOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural, Class responseClass) { super(context.withApiGroupName(apiGroupName) .withApiGroupVersion(apiGroupVersion) .withPlural(plural)); this.subjectAccessApiGroupName = apiGroupName; this.subjectAccessApiGroupVersion = apiGroupVersion; this.plural = plural; + this.responseClass = responseClass; } @Override - public SubjectAccessReviewResponse create(LocalSubjectAccessReview... resources) { + public O create(I... resources) { try { if (resources.length > 1) { throw new IllegalArgumentException("Too many items to create."); } else if (resources.length == 1) { - return handleCreate(updateApiVersion(resources[0]), SubjectAccessReviewResponse.class); + return handleCreate(resources[0], responseClass); } else if (getItem() == null) { throw new IllegalArgumentException("Nothing to create."); } else { - return handleCreate(updateApiVersion(getItem()), SubjectAccessReviewResponse.class); + return handleCreate(getItem(), responseClass); } } catch (ExecutionException | IOException e) { throw KubernetesClientException.launderThrowable(e); @@ -67,9 +67,9 @@ public SubjectAccessReviewResponse create(LocalSubjectAccessReview... resources) } @Override - public SubjectAccessReviewResponse create(LocalSubjectAccessReview item) { + public O create(I item) { try { - return handleCreate(item, SubjectAccessReviewResponse.class); + return handleCreate(item, responseClass); } catch (ExecutionException | IOException e) { throw KubernetesClientException.launderThrowable(e); } catch (InterruptedException ie) { @@ -79,20 +79,13 @@ public SubjectAccessReviewResponse create(LocalSubjectAccessReview item) { } @Override - public OpenShiftLocalSubjectAccessReviewOperationsImpl inNamespace(String namespace) { + public OpenShiftLocalSubjectAccessReviewOperationsImpl inNamespace(String namespace) { this.namespace = namespace; - return new OpenShiftLocalSubjectAccessReviewOperationsImpl(context.withNamespace(namespace), subjectAccessApiGroupName, subjectAccessApiGroupVersion, this.plural); + return new OpenShiftLocalSubjectAccessReviewOperationsImpl<>(context.withNamespace(namespace), subjectAccessApiGroupName, subjectAccessApiGroupVersion, this.plural, responseClass); } - private LocalSubjectAccessReview updateApiVersion(LocalSubjectAccessReview p) { - if (p.getApiVersion() == null) { - p.setApiVersion(this.apiGroupVersion); - } - return p; - } - - public LocalSubjectAccessReview getItem() { - return (LocalSubjectAccessReview) context.getItem(); + public I getItem() { + return (I) context.getItem(); } } diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java index e77f1f9993e..c1d24ded3e5 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/dsl/internal/OpenShiftSubjectAccessReviewOperationsImpl.java @@ -21,36 +21,38 @@ import io.fabric8.kubernetes.client.dsl.base.OperationContext; import io.fabric8.kubernetes.client.dsl.base.OperationSupport; import io.fabric8.openshift.api.model.SubjectAccessReview; -import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; import okhttp3.OkHttpClient; import java.io.IOException; import java.util.concurrent.ExecutionException; -public class OpenShiftSubjectAccessReviewOperationsImpl extends OperationSupport implements InOutCreateable { +public class OpenShiftSubjectAccessReviewOperationsImpl extends OperationSupport implements InOutCreateable { + private final Class responseType; - public OpenShiftSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural) { - this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural); + public OpenShiftSubjectAccessReviewOperationsImpl(OkHttpClient client, Config config, String apiGroupName, String apiGroupVersion, String plural, Class responseType) { + this(new OperationContext().withOkhttpClient(client).withConfig(config), apiGroupName, apiGroupVersion, plural, responseType); } - public OpenShiftSubjectAccessReviewOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural) { + public OpenShiftSubjectAccessReviewOperationsImpl(OperationContext context, String apiGroupName, String apiGroupVersion, String plural, Class responseType) { super(context.withApiGroupName(apiGroupName) .withApiGroupVersion(apiGroupVersion) .withPlural(plural)); + this.responseType = responseType; } + @SafeVarargs @Override - public SubjectAccessReviewResponse create(SubjectAccessReview... resources) { + public final O create(I... resources) { try { if (resources.length > 1) { throw new IllegalArgumentException("Too many items to create."); } else if (resources.length == 1) { - return handleCreate(updateApiVersion(resources[0]), SubjectAccessReviewResponse.class); + return handleCreate(resources[0], responseType); } else if (getItem() == null) { throw new IllegalArgumentException("Nothing to create."); } else { - return handleCreate(updateApiVersion(getItem()), SubjectAccessReviewResponse.class); + return handleCreate(getItem(), responseType); } } catch (ExecutionException | IOException e) { throw KubernetesClientException.launderThrowable(e); @@ -61,9 +63,9 @@ public SubjectAccessReviewResponse create(SubjectAccessReview... resources) { } @Override - public SubjectAccessReviewResponse create(SubjectAccessReview item) { + public O create(I item) { try { - return handleCreate(item, SubjectAccessReviewResponse.class); + return handleCreate(item, responseType); } catch (ExecutionException | IOException e) { throw KubernetesClientException.launderThrowable(e); } catch (InterruptedException ie) { @@ -77,13 +79,6 @@ public boolean isResourceNamespaced() { return false; } - private SubjectAccessReview updateApiVersion(SubjectAccessReview p) { - if (p.getApiVersion() == null) { - p.setApiVersion(this.apiGroupVersion); - } - return p; - } - public SubjectAccessReview getItem() { return (SubjectAccessReview) context.getItem(); } diff --git a/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java b/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java index 9ac6ac9ba40..26e81585cf8 100644 --- a/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java +++ b/openshift-client/src/main/java/io/fabric8/openshift/client/osgi/ManagedOpenShiftClient.java @@ -107,8 +107,10 @@ import io.fabric8.openshift.api.model.BuildList; import io.fabric8.openshift.api.model.ClusterNetwork; import io.fabric8.openshift.api.model.ClusterNetworkList; +import io.fabric8.openshift.api.model.ClusterRole; import io.fabric8.openshift.api.model.ClusterRoleBinding; import io.fabric8.openshift.api.model.ClusterRoleBindingList; +import io.fabric8.openshift.api.model.ClusterRoleList; import io.fabric8.openshift.api.model.DeploymentConfig; import io.fabric8.openshift.api.model.DeploymentConfigList; import io.fabric8.openshift.api.model.EgressNetworkPolicy; @@ -123,6 +125,8 @@ import io.fabric8.openshift.api.model.ImageStreamTagList; import io.fabric8.openshift.api.model.ImageTag; import io.fabric8.openshift.api.model.ImageTagList; +import io.fabric8.openshift.api.model.LocalResourceAccessReview; +import io.fabric8.openshift.api.model.LocalSubjectAccessReview; import io.fabric8.openshift.api.model.NetNamespace; import io.fabric8.openshift.api.model.NetNamespaceList; import io.fabric8.openshift.api.model.OAuthAccessToken; @@ -133,16 +137,22 @@ import io.fabric8.openshift.api.model.OAuthClientList; import io.fabric8.openshift.api.model.RangeAllocation; import io.fabric8.openshift.api.model.RangeAllocationList; +import io.fabric8.openshift.api.model.ResourceAccessReview; +import io.fabric8.openshift.api.model.ResourceAccessReviewResponse; import io.fabric8.openshift.api.model.Role; import io.fabric8.openshift.api.model.RoleBinding; import io.fabric8.openshift.api.model.RoleBindingList; +import io.fabric8.openshift.api.model.RoleBindingRestriction; +import io.fabric8.openshift.api.model.RoleBindingRestrictionList; import io.fabric8.openshift.api.model.RoleList; import io.fabric8.openshift.api.model.Route; import io.fabric8.openshift.api.model.RouteList; import io.fabric8.openshift.api.model.SecurityContextConstraints; import io.fabric8.openshift.api.model.SecurityContextConstraintsList; +import io.fabric8.openshift.api.model.SelfSubjectRulesReview; import io.fabric8.openshift.api.model.SubjectAccessReview; import io.fabric8.openshift.api.model.SubjectAccessReviewResponse; +import io.fabric8.openshift.api.model.SubjectRulesReview; import io.fabric8.openshift.api.model.Template; import io.fabric8.openshift.api.model.TemplateList; import io.fabric8.openshift.api.model.User; @@ -429,6 +439,11 @@ public MixedOperation> roleBindingRestrictions() { + return null; + } + @Override public ParameterNamespaceListVisitFromServerGetDeleteRecreateWaitApplicable load(InputStream is) { return delegate.load(is); @@ -736,10 +751,35 @@ public InOutCreateable subject } @Override - public OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews() { + public InOutCreateable resourceAccessReviews() { + return delegate.resourceAccessReviews(); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl localSubjectAccessReviews() { return delegate.localSubjectAccessReviews(); } + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl localResourceAccessReviews() { + return delegate.localResourceAccessReviews(); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl selfSubjectRulesReviews() { + return delegate.selfSubjectRulesReviews(); + } + + @Override + public OpenShiftLocalSubjectAccessReviewOperationsImpl subjectRulesReviews() { + return delegate.subjectRulesReviews(); + } + + @Override + public NonNamespaceOperation> clusterRoles() { + return delegate.clusterRoles(); + } + @Override public SharedInformerFactory informers() { return delegate.informers(); }