def fake_k8s_client_dict(): k8s_client_dict = { 'v1': client.CoreV1Api(), 'apiregistration.k8s.io/v1': client.ApiregistrationV1Api(), 'apps/v1': client.AppsV1Api(), 'authentication.k8s.io/v1': client.AuthenticationV1Api(), 'authorization.k8s.io/v1': client.AuthorizationV1Api(), 'autoscaling/v1': client.AutoscalingV1Api(), 'batch/v1': client.BatchV1Api(), 'coordination.k8s.io/v1': client.CoordinationV1Api(), 'networking.k8s.io/v1': client.NetworkingV1Api(), 'rbac.authorization.k8s.io/v1': client.RbacAuthorizationV1Api(), 'scheduling.k8s.io/v1': client.SchedulingV1Api(), 'storage.k8s.io/v1': client.StorageV1Api() } return k8s_client_dict
def can_create_clusterrolebindings(configuration): try: api_instance = kube_client.AuthorizationV1Api( kube_client.ApiClient(configuration)) access_review = kube_client.V1SelfSubjectAccessReview( spec={ "resourceAttributes": { "verb": "create", "resource": "clusterrolebindings", "group": "rbac.authorization.k8s.io" } }) response = api_instance.create_self_subject_access_review( access_review) return response.status.allowed except Exception as ex: logger.warning( "Couldn't check for the permission to create clusterrolebindings on this k8s cluster. Error: {}" .format(str(ex))) return "Unknown"
from kubernetes.config import ConfigException from kubernetes.client.rest import ApiException from . import utils from . import settings logger = utils.create_logger(__name__) try: # Load configuration inside the Pod config.load_incluster_config() except ConfigException: # Load configuration for testing config.load_kube_config() # The API object for submitting SubjecAccessReviews api = client.AuthorizationV1Api() def create_subject_access_review(user, verb, namespace, group, version, resource): ''' Create the SubjecAccessReview object which we will use to determine if the user is authorized. ''' return client.V1SubjectAccessReview(spec=client.V1SubjectAccessReviewSpec( user=user, resource_attributes=client.V1ResourceAttributes(group=group, namespace=namespace, verb=verb, resource=resource, version=version)))
def get_authorization_v1_api_client(self, auth): k8s_client = self.get_k8s_client(auth_plugin=auth) return client.AuthorizationV1Api(api_client=k8s_client)