k8s-client 0.8.3 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: e30589d8a941cba5fe15409309b397741c358db599d015b1fa9d45050d1d3c11
-  data.tar.gz: d1d03c0bf3e3c3d14cbe584a0afa21138cb4db74dac9757b7719260fd7b823a3
+SHA1:
+  metadata.gz: f0648161976a34f538f314a5f5ac7509779c1df4
+  data.tar.gz: e771af2d29bf02f3abaad33cb4ac6be17854bf07
 SHA512:
-  metadata.gz: 125c4ac9d5e805c32ea22ab0a69c99fbe731322563c22dbfd9fc36524a525e48032a9ff3fb19c88af26c38d04b197caef9590a1adffd2a74dc1e4b7c19664a3f
-  data.tar.gz: eb575b7854be11694d5e58458e291f9bbbbc053b5f6a54bbdd4f5f248cfb505f0a843b9ff876d14c8cd72f4c7995b7da98dd7e4f39a55e46ab2a0da6e4ee020e
+  metadata.gz: 1ca57fc419c30157b69392a63df5ca8ef5dd64600124ad2c292f2e58ae4b08a0ab89219e5fb732dd5472cb1d70ebbe22309a168051d88b8cb1e676da807db537
+  data.tar.gz: 3591b8d176c5423cb5f2ed78f24feb571e2bf9f33e0b295296097edfb41ba8cd4a4942f2603d917afc995c464f115fb3dae690b59ed39bbe3937fe84e83c6362

data/.travis.yml

@@ -8,7 +8,8 @@ rvm:
 matrix:
   allow_failures:
   - rvm: ruby-head
-before_install: gem install bundler -v 1.16.2
+before_install: gem install bundler
+script: bundle exec rspec spec/
 deploy:
   provider: rubygems
   gem: k8s-client

data/bin/k8s-client

@@ -313,8 +313,8 @@ options.delete_resources.each do |resource|
     resource = client.delete_resource(resource)
 
     logger.info "Deleted #{resource.apiVersion} resource #{resource.kind} #{resource.metadata.name} in namespace #{resource.metadata.namespace}:\n#{JSON.pretty_generate(resource)}"
-  rescue K8s::Error::NotFound => exc
-    logger.info "Skip #{resource.apiVersion} resource #{resource.kind} #{resource.metadata.name} in namespace #{resource.metadata.namespace}: #{exc}"
+  rescue K8s::Error::NotFound => e
+    logger.info "Skip #{resource.apiVersion} resource #{resource.kind} #{resource.metadata.name} in namespace #{resource.metadata.namespace}: #{e}"
   end
 end
 

data/k8s-client.gemspec

@@ -25,13 +25,14 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency "excon", "~> 0.62.0"
   spec.add_runtime_dependency "dry-struct", "~> 0.5.0"
+  spec.add_runtime_dependency "dry-types", "~> 0.13.0"
   spec.add_runtime_dependency "recursive-open-struct", "~> 1.1.0"
   spec.add_runtime_dependency 'hashdiff', '~> 0.3.7'
   spec.add_runtime_dependency 'jsonpath', '~> 0.9.5'
   spec.add_runtime_dependency 'yajl-ruby', '~> 1.4.0'
   spec.add_runtime_dependency "yaml-safe_load_stream", "~> 0.1"
 
-  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.7"
   spec.add_development_dependency "webmock", "~> 3.4.2"

data/lib/k8s/api.rb

@@ -23,7 +23,7 @@ module K8s
       end
 
       # @return [String]
-      def to_json
+      def to_json(*_args)
         to_hash.to_json
       end
     end

data/lib/k8s/api/metav1/api_resource.rb

@@ -12,8 +12,8 @@ module K8s
         attribute :version, Types::Strict::String.optional.default(nil)
         attribute :kind, Types::Strict::String
         attribute :verbs, Types::Strict::Array.of(Types::Strict::String)
-        attribute :shortNames, Types::Strict::Array.of(Types::Strict::String).optional.default([])
-        attribute :categories, Types::Strict::Array.of(Types::Strict::String).optional.default([])
+        attribute :shortNames, Types::Strict::Array.of(Types::Strict::String).optional.default(proc { [] })
+        attribute :categories, Types::Strict::Array.of(Types::Strict::String).optional.default(proc { [] })
       end
 
       # @see https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#APIResourceList

data/lib/k8s/client.rb

@@ -68,7 +68,17 @@ module K8s
     # @return [K8s::Client]
     def self.autoconfig(namespace: nil, **options)
       if ENV.values_at('KUBE_TOKEN', 'KUBE_CA', 'KUBE_SERVER').none? { |v| v.nil? || v.empty? }
-        configuration = K8s::Config.build(server: ENV['KUBE_SERVER'], ca: ENV['KUBE_CA'], auth_token: options[:auth_token] || ENV['KUBE_TOKEN'])
+        unless Base64.decode64(ENV['KUBE_CA']).match?(/CERTIFICATE/)
+          raise ArgumentError, 'KUBE_CA does not seem to be base64 encoded'
+        end
+
+        begin
+          token = options[:auth_token] || Base64.strict_decode64(ENV['KUBE_TOKEN'])
+        rescue ArgumentError
+          raise ArgumentError, 'KUBE_TOKEN does not seem to be base64 encoded'
+        end
+
+        configuration = K8s::Config.build(server: ENV['KUBE_SERVER'], ca: ENV['KUBE_CA'], auth_token: token)
       elsif !ENV['KUBECONFIG'].to_s.empty?
         configuration = K8s::Config.from_kubeconfig_env(ENV['KUBECONFIG'])
       elsif File.exist?(File.join(Dir.home, '.kube', 'config'))

data/lib/k8s/client/version.rb

@@ -3,6 +3,6 @@
 module K8s
   class Client
     # Updated on releases using semver.
-    VERSION = "0.8.3"
+    VERSION = "0.9.0"
   end
 end

data/lib/k8s/config.rb

@@ -49,6 +49,14 @@ module K8s
       attribute :config, Types::Strict::Hash
     end
 
+    # structured user exec
+    class UserExec < ConfigStruct
+      attribute :command, Types::String
+      attribute :apiVersion, Types::String
+      attribute :env, Types::Strict::Array.of(Types::Hash).optional.default(nil)
+      attribute :args, Types::Strict::Array.of(Types::String).optional.default(nil)
+    end
+
     # structured user
     class User < ConfigStruct
       attribute :client_certificate, Types::String.optional.default(nil)
@@ -63,7 +71,7 @@ module K8s
       attribute :username, Types::String.optional.default(nil)
       attribute :password, Types::String.optional.default(nil)
       attribute :auth_provider, UserAuthProvider.optional.default(nil)
-      attribute :exec, Types::Strict::Hash.optional.default(nil)
+      attribute :exec, UserExec.optional.default(nil)
       attribute :extensions, Types::Strict::Array.optional.default(nil)
     end
 
@@ -103,19 +111,18 @@ module K8s
     # @param path [String]
     # @return [K8s::Config]
     def self.load_file(path)
-      new(YAML.safe_load(File.read(path), [Time, DateTime, Date]))
+      new(YAML.safe_load(File.read(File.expand_path(path)), [Time, DateTime, Date], [], true))
     end
 
     # Loads configuration files listed in KUBE_CONFIG environment variable and
-    # merged using the configuration merge rules, @see K8s::Config.merge
+    # merge using the configuration merge rules, @see K8s::Config.merge
     #
     # @param kubeconfig [String] by default read from ENV['KUBECONFIG']
     def self.from_kubeconfig_env(kubeconfig = nil)
       kubeconfig ||= ENV.fetch('KUBECONFIG', '')
-      return if kubeconfig.empty?
+      raise ArgumentError, "KUBECONFIG not set" if kubeconfig.empty?
 
       paths = kubeconfig.split(/(?!\\):/)
-      return load_file(paths.first) if paths.size == 1
 
       paths.inject(load_file(paths.shift)) do |memo, other_cfg|
         memo.merge(load_file(other_cfg))
@@ -125,23 +132,17 @@ module K8s
     # Build a minimal configuration from at least a server address, server certificate authority data and an access token.
     #
     # @param server [String] kubernetes server address
-    # @param ca [String] server certificate authority data
-    # @param token [String] access token (optionally base64 encoded)
+    # @param ca [String] server certificate authority data (base64 encoded)
+    # @param token [String] access token
     # @param cluster_name [String] cluster name
     # @param user [String] user name
     # @param context [String] context name
     # @param options [Hash] (see #initialize)
     def self.build(server:, ca:, auth_token:, cluster_name: 'kubernetes', user: 'k8s-client', context: 'k8s-client', **options)
-      begin
-        decoded_token = Base64.strict_decode64(auth_token)
-      rescue ArgumentError
-        decoded_token = nil
-      end
-
       new(
         {
           clusters: [{ name: cluster_name, cluster: { server: server, certificate_authority_data: ca } }],
-          users: [{ name: user, user: { token: decoded_token || auth_token } }],
+          users: [{ name: user, user: { token: auth_token } }],
           contexts: [{ name: context, context: { cluster: cluster_name, user: user } }],
           current_context: context
         }.merge(options)
@@ -174,7 +175,7 @@ module K8s
           when NilClass
             new_value
           else
-            STDERR.puts "key is #{key} old val is #{old_value.inspect} and new val is #{new_value.inspect}"
+            warn "key is #{key} old val is #{old_value.inspect} and new val is #{new_value.inspect}"
             old_value
           end
         end
@@ -184,10 +185,13 @@ module K8s
     end
 
     # @param name [String]
-    # TODO: raise error if not found
+    # @raise [K8s::Error::Configuration]
     # @return [K8s::Config::Context]
     def context(name = current_context)
-      contexts.find{ |context| context.name == name }.context
+      found = contexts.find{ |context| context.name == name }
+      raise K8s::Error::Configuration, "context not found: #{name.inspect}" unless found
+
+      found.context
     end
 
     # @param name [String]

data/lib/k8s/stack.rb

@@ -163,10 +163,10 @@ module K8s
           logger.info "Delete resource #{resource.apiVersion}:#{resource.kind}/#{resource.metadata.name} in namespace #{resource.metadata.namespace}"
           begin
             client.delete_resource(resource, propagationPolicy: 'Background')
-          rescue K8s::Error::NotFound => ex
+          rescue K8s::Error::NotFound => e
             # assume aliased objects in multiple API groups, like for Deployments
             # alternatively, a custom resource whose definition was already deleted earlier
-            logger.debug { "Ignoring #{ex} : #{ex.message}" }
+            logger.debug { "Ignoring #{e} : #{e.message}" }
           end
         end
       end

data/lib/k8s/transport.rb

@@ -75,14 +75,15 @@ module K8s
         options[:auth_token] = token
       elsif config.user.auth_provider && auth_provider = config.user.auth_provider.config
         logger.debug "Using config with .user.auth-provider.name=#{config.user.auth_provider.name}"
-
-        auth_data = `#{auth_provider['cmd-path']} #{auth_provider['cmd-args']}`.strip
-        if auth_provider['token-key']
-          json_path = JsonPath.new(auth_provider['token-key'][1...-1])
-          options[:auth_token] = json_path.first(auth_data)
-        else
-          options[:auth_token] = auth_data
-        end
+        options[:auth_token] = token_from_auth_provider(auth_provider)
+      elsif exec_conf = config.user.exec
+        logger.debug "Using config with .user.exec.command=#{exec_conf.command}"
+        options[:auth_token] = token_from_exec(exec_conf)
+      elsif config.user.username && config.user.password
+        logger.debug "Using config with .user.password=..."
+
+        options[:auth_username] = config.user.username
+        options[:auth_password] = config.user.password
       end
 
       logger.info "Using config with server=#{server}"
@@ -90,6 +91,35 @@ module K8s
       new(server, **options, **overrides)
     end
 
+    # @param auth_provider [K8s::Config::UserAuthProvider]
+    # @return [String]
+    def self.token_from_auth_provider(auth_provider)
+      auth_data = `#{auth_provider['cmd-path']} #{auth_provider['cmd-args']}`.strip
+      if auth_provider['token-key']
+        json_path = JsonPath.new(auth_provider['token-key'][1...-1])
+        json_path.first(auth_data)
+      else
+        auth_data
+      end
+    end
+
+    # @param exec_conf [K8s::Config::UserExec]
+    # @return [String]
+    def self.token_from_exec(exec_conf)
+      cmd = [exec_conf.command]
+      cmd += exec_conf.args if exec_conf.args
+      orig_env = ENV.to_h
+      if envs = exec_conf.env
+        envs.each do |env|
+          ENV[env['name']] = env['value']
+        end
+      end
+      auth_json = `#{cmd.join(' ')}`.strip
+      ENV.replace(orig_env)
+
+      JSON.parse(auth_json).dig('status', 'token')
+    end
+
     # In-cluster config within a kube pod, using the kubernetes service envs and serviceaccount secrets
     #
     # @param options [Hash] see #new
@@ -116,10 +146,14 @@ module K8s
 
     # @param server [String] URL with protocol://host:port - any /path is ignored
     # @param auth_token [String] optional Authorization: Bearer token
+    # @param auth_username [String] optional Basic authentication username
+    # @param auth_password [String] optional Basic authentication password
     # @param options [Hash] @see Excon.new
-    def initialize(server, auth_token: nil, **options)
+    def initialize(server, auth_token: nil, auth_username: nil, auth_password: nil, **options)
       @server = server
       @auth_token = auth_token
+      @auth_username = auth_username
+      @auth_password = auth_password
       @options = options
 
       logger! progname: @server
@@ -127,7 +161,12 @@ module K8s
 
     # @return [Excon::Connection]
     def excon
-      @excon ||= Excon.new(
+      @excon ||= build_excon
+    end
+
+    # @return [Excon::Connection]
+    def build_excon
+      Excon.new(
         @server,
         persistent: true,
         middlewares: EXCON_MIDDLEWARES,
@@ -151,6 +190,8 @@ module K8s
 
       if @auth_token
         options[:headers]['Authorization'] = "Bearer #{@auth_token}"
+      elsif @auth_username && @auth_password
+        options[:headers]['Authorization'] = "Basic #{Base64.strict_encode64("#{@auth_username}:#{@auth_password}")}"
       end
 
       if request_object
@@ -236,12 +277,13 @@ module K8s
       excon_options = request_options(**options)
 
       start = Time.now
-      response = excon.request(**excon_options)
+      excon_client = options[:response_block] ? build_excon : excon
+      response = excon_client.request(**excon_options)
       t = Time.now - start
 
       obj = options[:response_block] ? {} : parse_response(response, options, response_class: response_class)
-    rescue K8s::Error::API => exc
-      logger.warn { "#{format_request(options)} => HTTP #{exc.code} #{exc.reason} in #{'%.3f' % t}s" }
+    rescue K8s::Error::API => e
+      logger.warn { "#{format_request(options)} => HTTP #{e.code} #{e.reason} in #{'%.3f' % t}s" }
       logger.debug { "Request: #{excon_options[:body]}" } if excon_options[:body]
       logger.debug { "Response: #{response.body}" }
       raise
@@ -281,17 +323,17 @@ module K8s
           raise unless skip_forbidden
 
           nil
-        rescue K8s::Error::ServiceUnavailable => exc
+        rescue K8s::Error::ServiceUnavailable => e
           raise unless retry_errors
 
-          logger.warn { "Retry #{format_request(request_options)} => HTTP #{exc.code} #{exc.reason} in #{'%.3f' % t}s" }
+          logger.warn { "Retry #{format_request(request_options)} => HTTP #{e.code} #{e.reason} in #{'%.3f' % t}s" }
 
           # only retry the failed request, not the entire pipeline
           request(response_class: response_class, **common_options.merge(request_options))
         end
       }
-    rescue K8s::Error => exc
-      logger.warn { "[#{options.map{ |o| format_request(o) }.join ', '}] => HTTP #{exc.code} #{exc.reason} in #{'%.3f' % t}s" }
+    rescue K8s::Error => e
+      logger.warn { "[#{options.map{ |o| format_request(o) }.join ', '}] => HTTP #{e.code} #{e.reason} in #{'%.3f' % t}s" }
       raise
     else
       logger.info { "[#{options.map{ |o| format_request(o) }.join ', '}] => HTTP [#{responses.map(&:status).join ', '}] in #{'%.3f' % t}s" }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: k8s-client
 version: !ruby/object:Gem::Version
-  version: 0.8.3
+  version: 0.9.0
 platform: ruby
 authors:
 - Kontena, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-14 00:00:00.000000000 Z
+date: 2019-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: excon
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: dry-types
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
   name: recursive-open-struct
   requirement: !ruby/object:Gem::Requirement
@@ -112,16 +126,22 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.17'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -239,7 +259,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 2.6.14.4
 signing_key: 
 specification_version: 4
 summary: Kubernetes client library