Package com.tivoli.am.fim.trustserver.sts.utilities

Class KubernetesUtils

  • public class KubernetesUtils
extends java.lang.Object
    Implementation of Java API for accessing Kubernetes API via HTTPS. Implementation relies on certificate authentication to verify the Kubernetes API server.

    • Constructor Summary

      Constructors 
      Constructor Description
      KubernetesUtils()  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String getSecret​(java.lang.String name)
      Make a request to Kubernetes API to retreive a secret.
      static java.lang.String getSecret​(java.lang.String name, java.lang.String namespace)
      Make a request to Kubernetes API to retreive a secret.
      static java.lang.String getSecret​(java.lang.String name, java.lang.String namespace, long ttl, long timeout)
      Make a request to Kubernetes API to retreive a secret.
      static boolean isKubernetesAPIServerAlive()
      API to test if the Kubernetes API server is responding.
      static boolean isKubernetesAPIServerAlive​(long timeout)
      API to test if the Kubernetes API server is responding.
      boolean isKubernetesEnv()
      Test to se if Verify-Access is deployed in a kubernetes environment.

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • KubernetesUtils

        public KubernetesUtils()

    • Method Detail

      • isKubernetesEnv

        public boolean isKubernetesEnv()
        Test to se if Verify-Access is deployed in a kubernetes environment. This is determined by the service acount's API token file existing on the file system.
        Returns:
        true if tokenfile exists and is a file; otherwise false

      • isKubernetesAPIServerAlive

        public static boolean isKubernetesAPIServerAlive()
        API to test if the Kubernetes API server is responding. Verify Access will use a connection timeout of 5 seconds.
        Returns:
        true if part of a kubernetes cluster; otherwise false.

      • isKubernetesAPIServerAlive

        public static boolean isKubernetesAPIServerAlive​(long timeout)
        API to test if the Kubernetes API server is responding.
        Parameters:
        timeout - Length of time, in milliseconds, that Verify Access will wait for a response from the Kubernetes API Server.
        Returns:
        true if part of a kubernetes cluster; otherwise false.

      • getSecret

        public static java.lang.String getSecret​(java.lang.String name)
        Make a request to Kubernetes API to retreive a secret. Secret returned is selected by the name and namespace specified. Secret must be in the "default" namespace. If a secret is found it will be cached locally for 5 seconds. Verify Access will use a connection timeout of 5 seconds.
        Parameters:
        name - Name of secret who's value will be returned
        Returns:
        kubernets secret as a string. If secret is not found, return null.

      • getSecret

        public static java.lang.String getSecret​(java.lang.String name,
                                         java.lang.String namespace)
        Make a request to Kubernetes API to retreive a secret. Secret returned is selected by the name and namespace specified. If a secret is found it will be cached locally for 5 seconds. Verify Access will use a connection timeout of 5 seconds.
        Parameters:
        name - Name of secret who's value will be returned
        namespace - Kubernetes namespace where secret is stored.
        Returns:
        kubernets secret as a string. If secret is not found, return null.

      • getSecret

        public static java.lang.String getSecret​(java.lang.String name,
                                         java.lang.String namespace,
                                         long ttl,
                                         long timeout)
        Make a request to Kubernetes API to retreive a secret. Secret returned is selected by the name and namespace specified. To retreive a secret, Verify Access will use the authorization information provided by the Kubernetes service account used to deoloy the runtime container. If this account does not have permission to read the specified namespace or secret, then this will fail.
        Parameters:
        name - Name of secret who's value will be returned
        namespace - Kubernetes namespace where secret is stored.
        ttl - Length of time, in milliseconds, that secret will be locally cached for.
        timeout - Length of time, in milliseconds, that Verify Access will wait for a response from the Kubernetes API Server.
        Returns:
        kubernets secret as a string. If secret is not found, return null.