feat (kubernetes-client) : Add DSL entrypoints for Kubernetes 1.28.2 resources (#5401)

Add KubernetesClient DSL entrypoints for these resources:
- admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicy `client.admissionRegistration().v1beta1().validatingAdmissionPolicies()`
- admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicyBinding `client.admissionRegistration().v1beta1().validatingAdmissionPolicyBindings()`
- authentication.k8s.io/v1 SelfSubjectReview `client.authentication().v1().selfSubjectReviews()`

Signed-off-by: Rohan Kumar <rohaan@redhat.com>

Author: rohanKanojia

CHANGELOG.md

@@ -23,6 +23,7 @@
 
 #### Dependency Upgrade
 * Fix #5373: Gradle base API based on v8.2.1
+* Fix #5401: Upgrade Fabric8 Kubernetes Model to Kubernetes v1.28.2
 
 #### New Features
 * Fix #5430: Mock Web Server migrated to this repository

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1AuthenticationAPIGroupDSL.java

@@ -15,6 +15,7 @@
  */
 package io.fabric8.kubernetes.client;
 
+import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview;
 import io.fabric8.kubernetes.api.model.authentication.TokenReview;
 import io.fabric8.kubernetes.client.dsl.InOutCreateable;
 
@@ -25,4 +26,16 @@ public interface V1AuthenticationAPIGroupDSL extends Client {
    * @return InOutCreateable instance for creating TokenReview object
    */
   InOutCreateable<TokenReview, TokenReview> tokenReviews();
+
+  /**
+   * API for creating authentication.k8s.io/v1 SelfSubjectReview
+   * <p>
+   * SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
+   * When using impersonation, users will receive the user info of the user being impersonated. If impersonation or
+   * request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+   * </p>
+   * 
+   * @return InOutCreateable instance for creating SelfSubjectReview object
+   */
+  InOutCreateable<SelfSubjectReview, SelfSubjectReview> selfSubjectReviews();
 }

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/V1beta1AdmissionRegistrationAPIGroupDSL.java

@@ -17,6 +17,10 @@
 
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfiguration;
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfigurationList;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList;
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration;
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfigurationList;
 import io.fabric8.kubernetes.client.dsl.MixedOperation;
@@ -27,4 +31,26 @@ public interface V1beta1AdmissionRegistrationAPIGroupDSL extends Client {
   MixedOperation<ValidatingWebhookConfiguration, ValidatingWebhookConfigurationList, Resource<ValidatingWebhookConfiguration>> validatingWebhookConfigurations();
 
   NonNamespaceOperation<MutatingWebhookConfiguration, MutatingWebhookConfigurationList, Resource<MutatingWebhookConfiguration>> mutatingWebhookConfigurations();
+
+  /**
+   * API entrypoint for admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicy
+   * <p>
+   * ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or
+   * rejects an object without changing it.
+   * </p>
+   * 
+   * @return NonNamespaceOperation for ValidatingAdmissionPolicy
+   */
+  NonNamespaceOperation<ValidatingAdmissionPolicy, ValidatingAdmissionPolicyList, Resource<ValidatingAdmissionPolicy>> validatingAdmissionPolicies();
+
+  /**
+   * API entrypoint for admissionregistration.k8s.io/v1beta1 ValidatingAdmissionPolicyBinding
+   * <p>
+   * ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for
+   * clusters.
+   * </p>
+   * 
+   * @return NonNamespaceOperation for ValidatingAdmissionPolicyBinding
+   */
+  NonNamespaceOperation<ValidatingAdmissionPolicyBinding, ValidatingAdmissionPolicyBindingList, Resource<ValidatingAdmissionPolicyBinding>> validatingAdmissionPolicyBindings();
 }

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1AuthenticationAPIGroupClient.java

@@ -15,6 +15,7 @@
  */
 package io.fabric8.kubernetes.client.impl;
 
+import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview;
 import io.fabric8.kubernetes.api.model.authentication.TokenReview;
 import io.fabric8.kubernetes.client.V1AuthenticationAPIGroupDSL;
 import io.fabric8.kubernetes.client.dsl.InOutCreateable;
@@ -27,6 +28,11 @@ public InOutCreateable<TokenReview, TokenReview> tokenReviews() {
     return getClient().adapt(BaseClient.class).getHandlers().getNonListingOperation(TokenReview.class, this);
   }
 
+  @Override
+  public InOutCreateable<SelfSubjectReview, SelfSubjectReview> selfSubjectReviews() {
+    return getClient().adapt(BaseClient.class).getHandlers().getNonListingOperation(SelfSubjectReview.class, this);
+  }
+
   @Override
   public V1AuthenticationAPIGroupClient newInstance() {
     return new V1AuthenticationAPIGroupClient();

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/impl/V1beta1AdmissionRegistrationAPIGroupClient.java

@@ -17,6 +17,10 @@
 
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfiguration;
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.MutatingWebhookConfigurationList;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyList;
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfiguration;
 import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingWebhookConfigurationList;
 import io.fabric8.kubernetes.client.V1beta1AdmissionRegistrationAPIGroupDSL;
@@ -38,6 +42,16 @@ public NonNamespaceOperation<MutatingWebhookConfiguration, MutatingWebhookConfig
     return resources(MutatingWebhookConfiguration.class, MutatingWebhookConfigurationList.class);
   }
 
+  @Override
+  public NonNamespaceOperation<ValidatingAdmissionPolicy, ValidatingAdmissionPolicyList, Resource<io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicy>> validatingAdmissionPolicies() {
+    return resources(ValidatingAdmissionPolicy.class, ValidatingAdmissionPolicyList.class);
+  }
+
+  @Override
+  public NonNamespaceOperation<ValidatingAdmissionPolicyBinding, ValidatingAdmissionPolicyBindingList, Resource<ValidatingAdmissionPolicyBinding>> validatingAdmissionPolicyBindings() {
+    return resources(ValidatingAdmissionPolicyBinding.class, ValidatingAdmissionPolicyBindingList.class);
+  }
+
   @Override
   public V1beta1AdmissionRegistrationAPIGroupClient newInstance() {
     return new V1beta1AdmissionRegistrationAPIGroupClient();

kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1SelfSubjectReviewTest.java

@@ -0,0 +1,65 @@
+/**
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.fabric8.kubernetes.client.mock;
+
+import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReview;
+import io.fabric8.kubernetes.api.model.authentication.SelfSubjectReviewBuilder;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient;
+import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer;
+import org.junit.jupiter.api.Test;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static java.net.HttpURLConnection.HTTP_CREATED;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+@EnableKubernetesMockClient
+class V1SelfSubjectReviewTest {
+  private KubernetesClient client;
+  private KubernetesMockServer server;
+
+  @Test
+  void create_whenInvoked_shouldReturnObjectWithUpdatedStatus() {
+    // Given
+    SelfSubjectReview ssr = new SelfSubjectReview();
+    server.expect().post()
+        .withPath("/apis/authentication.k8s.io/v1/selfsubjectreviews")
+        .andReturn(HTTP_CREATED, createNewSelfSubjectReview(Arrays.asList("system:masters", "system:authenticated")))
+        .once();
+
+    // When
+    SelfSubjectReview result = client.authentication().v1().selfSubjectReviews().create(ssr);
+
+    // Then
+    assertThat(result)
+        .isNotNull()
+        .hasFieldOrPropertyWithValue("status.userInfo.username", "kubernetes-admin")
+        .hasFieldOrPropertyWithValue("status.userInfo.groups", Arrays.asList("system:masters", "system:authenticated"));
+  }
+
+  private SelfSubjectReview createNewSelfSubjectReview(List<String> groups) {
+    return new SelfSubjectReviewBuilder()
+        .withNewStatus()
+        .withNewUserInfo()
+        .withUsername("kubernetes-admin")
+        .withGroups(groups)
+        .endUserInfo()
+        .endStatus()
+        .build();
+  }
+}

kubernetes-tests/src/test/java/io/fabric8/kubernetes/client/mock/V1beta1ValidatingAdmissionPolicyBindingTest.java

@@ -0,0 +1,140 @@
+/**
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.fabric8.kubernetes.client.mock;
+
+import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingBuilder;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList;
+import io.fabric8.kubernetes.api.model.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingListBuilder;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.server.mock.EnableKubernetesMockClient;
+import io.fabric8.kubernetes.client.server.mock.KubernetesMockServer;
+import org.assertj.core.api.AssertionsForClassTypes;
+import org.junit.jupiter.api.Test;
+
+import java.net.HttpURLConnection;
+import java.util.List;
+
+import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
+
+@EnableKubernetesMockClient
+class V1beta1ValidatingAdmissionPolicyBindingTest {
+
+  private KubernetesMockServer server;
+  private KubernetesClient client;
+
+  @Test
+  void load() {
+    List<HasMetadata> items = client.load(getClass().getResourceAsStream("/test-v1beta1-validatingadmissionpolicybinding.yml"))
+        .items();
+    assertThat(items).isNotNull().hasSize(1);
+    AssertionsForClassTypes.assertThat(items.get(0))
+        .isInstanceOf(ValidatingAdmissionPolicyBinding.class)
+        .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
+  }
+
+  @Test
+  void get() {
+    // Given
+    server.expect().get()
+        .withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings/demo-binding-test.example.com")
+        .andReturn(HttpURLConnection.HTTP_OK, createValidatingAdmissionPolicyBinding())
+        .once();
+
+    // When
+    ValidatingAdmissionPolicyBinding validatingAdmissionPolicyBinding = client.admissionRegistration().v1beta1()
+        .validatingAdmissionPolicyBindings().withName("demo-binding-test.example.com").get();
+
+    // Then
+    AssertionsForClassTypes.assertThat(validatingAdmissionPolicyBinding)
+        .isNotNull()
+        .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
+  }
+
+  @Test
+  void list() {
+    // Given
+    server.expect().get().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings")
+        .andReturn(HttpURLConnection.HTTP_OK, new ValidatingAdmissionPolicyBindingListBuilder()
+            .addToItems(createValidatingAdmissionPolicyBinding())
+            .build())
+        .once();
+
+    // When
+    ValidatingAdmissionPolicyBindingList flowSchemas = client.admissionRegistration().v1beta1()
+        .validatingAdmissionPolicyBindings().list();
+
+    // Then
+    AssertionsForClassTypes.assertThat(flowSchemas).isNotNull();
+    assertThat(flowSchemas.getItems()).hasSize(1);
+    AssertionsForClassTypes.assertThat(flowSchemas.getItems().get(0))
+        .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
+  }
+
+  @Test
+  void create() {
+    // Given
+    ValidatingAdmissionPolicyBinding validatingAdmissionPolicyBinding = createValidatingAdmissionPolicyBinding();
+    server.expect().post().withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings")
+        .andReturn(HttpURLConnection.HTTP_OK, validatingAdmissionPolicyBinding)
+        .once();
+
+    // When
+    ValidatingAdmissionPolicyBinding createdValidatingAdmissionPolicyBinding = client.admissionRegistration().v1beta1()
+        .validatingAdmissionPolicyBindings().resource(validatingAdmissionPolicyBinding).create();
+
+    // Then
+    AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicyBinding).isNotNull();
+    AssertionsForClassTypes.assertThat(createdValidatingAdmissionPolicyBinding)
+        .hasFieldOrPropertyWithValue("metadata.name", "demo-binding-test.example.com");
+  }
+
+  @Test
+  void delete() {
+    // Given
+    ValidatingAdmissionPolicyBinding flowSchema = createValidatingAdmissionPolicyBinding();
+    server.expect().delete()
+        .withPath("/apis/admissionregistration.k8s.io/v1beta1/validatingadmissionpolicybindings/demo-binding-test.example.com")
+        .andReturn(HttpURLConnection.HTTP_OK, flowSchema)
+        .once();
+
+    // When
+    boolean isDeleted = client.admissionRegistration().v1beta1().validatingAdmissionPolicyBindings()
+        .withName("demo-binding-test.example.com").delete().size() == 1;
+
+    // Then
+    AssertionsForClassTypes.assertThat(isDeleted).isTrue();
+  }
+
+  private ValidatingAdmissionPolicyBinding createValidatingAdmissionPolicyBinding() {
+    return new ValidatingAdmissionPolicyBindingBuilder()
+        .withNewMetadata().withName("demo-binding-test.example.com").endMetadata()
+        .withNewSpec()
+        .withPolicyName("demo-policy.example.com")
+        .withNewMatchResources()
+        .withNewNamespaceSelector()
+        .addNewMatchExpression()
+        .withKey("environment")
+        .withOperator("In")
+        .withValues("test")
+        .endMatchExpression()
+        .endNamespaceSelector()
+        .endMatchResources()
+        .endSpec()
+        .build();
+  }
+}