diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddClusterRoleResourceDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddClusterRoleResourceDecorator.java index 2074e4fd122f1..d13091514834b 100644 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddClusterRoleResourceDecorator.java +++ b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddClusterRoleResourceDecorator.java @@ -7,6 +7,7 @@ import java.util.List; import java.util.Map; +import io.dekorate.kubernetes.decorator.Decorator; import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator; import io.fabric8.kubernetes.api.model.KubernetesListBuilder; import io.fabric8.kubernetes.api.model.ObjectMeta; @@ -45,4 +46,9 @@ public void visit(KubernetesListBuilder list) { .endMetadata() .withRules(rules)); } + + @Override + public Class[] before() { + return new Class[] { AddRoleBindingResourceDecorator.class }; + } } diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleResourceDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleResourceDecorator.java index 752efe7fd2b03..632b3bca7bcef 100644 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleResourceDecorator.java +++ b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleResourceDecorator.java @@ -7,6 +7,7 @@ import java.util.List; import java.util.Map; +import io.dekorate.kubernetes.decorator.Decorator; import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator; import io.fabric8.kubernetes.api.model.KubernetesListBuilder; import io.fabric8.kubernetes.api.model.ObjectMeta; @@ -48,4 +49,9 @@ public void visit(KubernetesListBuilder list) { .endMetadata() .withRules(rules)); } + + @Override + public Class[] before() { + return new Class[] { AddRoleBindingResourceDecorator.class }; + } } diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddServiceAccountResourceDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddServiceAccountResourceDecorator.java index b8fb1f0eb8dc4..f6f90801b3608 100644 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddServiceAccountResourceDecorator.java +++ b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddServiceAccountResourceDecorator.java @@ -5,6 +5,7 @@ import java.util.HashMap; import java.util.Map; +import io.dekorate.kubernetes.decorator.Decorator; import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator; import io.fabric8.kubernetes.api.model.KubernetesListBuilder; import io.fabric8.kubernetes.api.model.ObjectMeta; @@ -43,4 +44,9 @@ public void visit(KubernetesListBuilder list) { .endMetadata() .endServiceAccountItem(); } + + @Override + public Class[] before() { + return new Class[] { AddRoleBindingResourceDecorator.class }; + } } diff --git a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java index 80ee1df06892c..3ff3de62fb547 100644 --- a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java +++ b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java @@ -5,9 +5,12 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.IOException; +import java.nio.file.Files; import java.nio.file.Path; import java.util.List; import java.util.Optional; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.RegisterExtension; @@ -40,9 +43,16 @@ public class KubernetesWithRbacFullTest { @Test public void assertGeneratedResources() throws IOException { - final Path kubernetesDir = prodModeTestResults.getBuildDir().resolve("kubernetes"); - List kubernetesList = DeserializationUtil - .deserializeAsList(kubernetesDir.resolve("kubernetes.yml")); + final Path kubernetesFile = prodModeTestResults.getBuildDir().resolve("kubernetes").resolve("kubernetes.yml"); + + // ensure rbac resources are generated in order: having the RoleBinding resource at the end: + String kubernetesFileContent = Files.readString(kubernetesFile); + int lastIndexOfRoleRefKind = lastIndexOfKind(kubernetesFileContent, "Role", "ClusterRole", "ServiceAccount"); + int firstIndexOfRoleBinding = kubernetesFileContent.indexOf("kind: RoleBinding"); + assertTrue(lastIndexOfRoleRefKind < firstIndexOfRoleBinding, "RoleBinding resource is created before " + + "the Role/ClusterRole/ServiceAccount resource!"); + + List kubernetesList = DeserializationUtil.deserializeAsList(kubernetesFile); Deployment deployment = getDeploymentByName(kubernetesList, APP_NAME); assertEquals(APP_NAMESPACE, deployment.getMetadata().getNamespace()); @@ -84,6 +94,21 @@ public void assertGeneratedResources() throws IOException { assertEquals("projectc", subject.getNamespace()); } + private int lastIndexOfKind(String content, String... kinds) { + int index = Integer.MIN_VALUE; + for (String kind : kinds) { + Matcher matcher = Pattern.compile("(?m)^kind: " + kind).matcher(content); + if (matcher.find()) { + int lastIndexOfKind = matcher.end(); + if (lastIndexOfKind > index) { + index = lastIndexOfKind; + } + } + } + + return index; + } + private Deployment getDeploymentByName(List kubernetesList, String name) { return getResourceByName(kubernetesList, Deployment.class, name); }