Package com.tivoli.am.fim.trustserver.sts.utilities

Class KubernetesUtils

java.lang.Object
com.tivoli.am.fim.trustserver.sts.utilities.KubernetesUtils
public class KubernetesUtils extends Object
Implementation of Java API for accessing Kubernetes API via HTTPS. Implementation relies on certificate authentication to verify the Kubernetes API server.

  • Constructor Details

    • KubernetesUtils

      public KubernetesUtils()

  • Method Details

    • isKubernetesEnv

      public boolean isKubernetesEnv()
      Test to se if Verify-Access is deployed in a kubernetes environment. This is determined by the service acount's API token file existing on the file system.
      Returns:
      true if tokenfile exists and is a file; otherwise false

    • isKubernetesAPIServerAlive

      public static boolean isKubernetesAPIServerAlive()
      API to test if the Kubernetes API server is responding. Verify Identity Access will use a connection timeout of 5 seconds.
      Returns:
      true if part of a kubernetes cluster; otherwise false.

    • isKubernetesAPIServerAlive

      public static boolean isKubernetesAPIServerAlive(long timeout)
      API to test if the Kubernetes API server is responding.
      Parameters:
      timeout - Length of time, in milliseconds, that Verify Identity Access will wait for a response from the Kubernetes API Server.
      Returns:
      true if part of a kubernetes cluster; otherwise false.

    • getSecret

      public static String getSecret(String name)
      Make a request to Kubernetes API to retreive a secret. Secret returned is selected by the name and namespace specified. Secret must be in the "default" namespace. If a secret is found it will be cached locally for 5 seconds. Verify Identity Access will use a connection timeout of 5 seconds.
      Parameters:
      name - Name of secret who's value will be returned
      Returns:
      kubernets secret as a string. If secret is not found, return null.

    • getSecret

      public static String getSecret(String name, String namespace)
      Make a request to Kubernetes API to retreive a secret. Secret returned is selected by the name and namespace specified. If a secret is found it will be cached locally for 5 seconds. Verify Identity Access will use a connection timeout of 5 seconds.
      Parameters:
      name - Name of secret who's value will be returned
      namespace - Kubernetes namespace where secret is stored.
      Returns:
      kubernets secret as a string. If secret is not found, return null.

    • getSecret

      public static String getSecret(String name, String namespace, long ttl, long timeout)
      Make a request to Kubernetes API to retreive a secret. Secret returned is selected by the name and namespace specified. To retreive a secret, Verify Identity Access will use the authorization information provided by the Kubernetes service account used to deoloy the runtime container. If this account does not have permission to read the specified namespace or secret, then this will fail.
      Parameters:
      name - Name of secret who's value will be returned
      namespace - Kubernetes namespace where secret is stored.
      ttl - Length of time, in milliseconds, that secret will be locally cached for.
      timeout - Length of time, in milliseconds, that Verify Identity Access will wait for a response from the Kubernetes API Server.
      Returns:
      kubernets secret as a string. If secret is not found, return null.