k8y 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 967e0fcf49dc5ff373df45925be7c14ee0d8da75d12f348373cc70c72621ff23
-  data.tar.gz: e02d82838c724f96557d3769421a2ba40557dba6501f012433b1be64ef4204f9
+  metadata.gz: 3eff2fb332ede35caba339504a2c23ef9fb860b0741bcaaa89186f7e6e66af42
+  data.tar.gz: 39f451e5d2966311dd688efd8f3b8c14a7e8a84caf37038de8446dd4f46f954b
 SHA512:
-  metadata.gz: 5937b19b84140f2a81c0935bce8892c92ae709eb8382ce658297911f65790b311e847c92ae71887d33a6920beca1f8f69d535ab32ce125d6f697cbad0dd99c51
-  data.tar.gz: c4635b0a99227890b7ef4dc7c88ab285771d83ea5926a53b599e90f6e5ff20965c5b51b72ad062f513716b598322422eea53825d908094c9441ae32eac54cc59
+  metadata.gz: 408213ee541f715a98fa1c2905110e94a41aea9f6cfa1b88a2908874c766d84264973ecf0c704bd7f4a05e0bc87e3f52dbea618a959a6a07ffec1c3a92155cad
+  data.tar.gz: 43ddd9865d31d1b33b5c954b7afbadf2f2d8aae39862a980a2005c78b9b6de97bf69d1cd7ac770444a86783f1a437cb1563a58af20049d90ef5edb544a67ce4a

data/CHANGELOG.md

@@ -1,10 +1,20 @@
 ## next
 
+## 0.3.0
+
+**Enhancements**
+
+- Auth configuration dynamically set according to provided config [#29](https://github.com/tsontario/k8y/pull/29)
+
+**Bug fixes**
+
+- `Client::Client` API methods (`get_resource`, `update_resource`, etc.) now respects the `as:` parameter [#28](https://github.com/tsontario/k8y/pull/28)
+
 ## 0.2.0
 
 **Enhancements**
 
-- K8y::Client::from_in_cluster for easily building in-cluster clients [#23](https://github.com/tsontario/k8y/pull/23)
+- `K8y::Client::from_in_cluster` for easily building in-cluster clients [#23](https://github.com/tsontario/k8y/pull/23)
 
 **Testing**
 

data/README.md

@@ -1 +1,88 @@
-Kubernetes client for Ruby
+# K8y
+
+K8y is (yet another) gem that allows you to talk to your kubernetes clusters!
+
+For users, this gem is intended to be simple to use, but with enough flexibility to handle a wide variety of use cases. This is acheived by providing a high-level Client API along with a lower-level REST implementation.
+
+For maintainers, the goal is to provide a highly testable, modular, and loosely coupled design to allow for easy change management and confidence in production worthiness.
+
+# Basic usage
+
+## From a Config file
+
+```ruby
+# basic client usage
+client = K8y::Client.from_config(K8y::Kubeconfig.from_file)
+client.discover!
+client.get_pods(namespace: "some-namespace")
+```
+
+## From in-cluster
+
+```ruby
+# basic in-cluster client
+client = K8y::Client.from_in_cluster
+client.discover!
+client.get_pods(namespace: "some-namespace")
+```
+
+## Client options
+
+By default, `Kubeconfig.from_file` will read the file pointed to by `ENV["KUBECONFIG"]`, but a separate filepath can be provided.
+
+```ruby
+# client with custom kubeconfig
+client = K8y::Client.from_config(K8y::Kubeconfig.from_file("path/to/file"))
+client.discover!
+client.get_pods(namespace: "my-namespace")
+```
+
+K8y will use whatever the current context your config is set to. To use a specific context, just supply the `context:` argument. This argument is not available for in-cluster clients.
+
+```ruby
+# explicit context
+client = K8y::Client.from_config(K8y::Kubeconfig.from_file, context: "my-context")
+client.discover!
+client.get_pods(namespace: "some-namespace")
+```
+
+K8y clients also support multiple group versions per instance. By default, clients are loaded with `core/v1` and `apps/v1` group versions. To use a different set, supply the `group_versions:` arg.
+
+```ruby
+# specify group versions
+group_versions = [
+  K8y::GroupVersion.new(group: "core", version: "v1"),
+  K8y::GroupVersion.new(group: "networking.k8s.io", version: "v1")
+]
+
+client = K8y::Client.from_config(K8y::Kubeconfig.from_file, group_versions: group_versions)
+client.discover!
+client.get_ingress(namespace: "some-namespace", name: "my-ingress")
+```
+
+If a conflict arises between group versions, a `K8y::Client::APINameConflictError` will be raised when trying to access a duplicate-named resource. **A future feature will allow fine-grained access to client group versions. E.g. `client.api_extensions_v1.get_ingresses**
+
+# Lower-level access
+
+Under the hood, `K8y::Client` makes its requests via a more generic REST client: `K8y::REST::Client`. REST clients can be instantiated much the same as top-level Clients. The `path:` argument will be used as a prefix for all requests made by the client. E.g. given a cluster server of `https://1.2.3.4`, and path `foo`, `rest_client.get("bar")` will make a request to `https://1.2.3.4/foo/bar`
+
+```ruby
+# basic rest client
+
+# generate a REST config from a kubeconfig
+rest_config = K8y::REST::Config.from_kubeconfig(Kubeconfig.from_file, path: "/")
+rest_client = K8y::REST::Client.from_config(rest_config)
+rest_client.get("healthz", as: :raw)
+```
+
+# Testing
+
+Basic test suite: `bundle exec rake`
+
+Integration test suite: `bundle exec rake test_integration` (requires a running cluster. Defaults to searching for a `kind` config, but can be overridden by setting `K8Y_TEST_CONFIG` and `K8Y_TEST_CONTEXT` environment variables)
+
+A future goal is to test in-cluster behaviour by running a custom Github action, but that hasn't been done yet.
+
+# Contributing
+
+Contributions are always welcome!

data/k8y.gemspec

@@ -30,6 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency("faraday", "~> 1.6")
   spec.add_dependency("railties", "~> 6.0")
   spec.add_dependency("recursive-open-struct", "~>1.1")
+  spec.add_dependency("googleauth")
 
   spec.add_development_dependency("byebug", "~> 11")
   spec.add_development_dependency("minitest", "~> 5")

data/lib/k8y/client/api_builder.rb

@@ -54,8 +54,9 @@ module K8y
             namespace = kwargs.fetch(:namespace) if resource_description.namespaced
             data = kwargs.fetch(:data)
             headers = kwargs.fetch(:headers, {}).merge(json_content_type)
+            as = kwargs.fetch(:as, :ros)
             rest_client.post(resource_description.path_for_resources(namespace: namespace),
-              data: JSON.dump(data), headers: headers)
+              data: JSON.dump(data), headers: headers, as: as)
           end
           register_method(method_name)
         end
@@ -68,8 +69,9 @@ module K8y
             namespace = kwargs.fetch(:namespace) if resource_description.namespaced
             name = kwargs.fetch(:name)
             headers = kwargs.fetch(:headers, {})
+            as = kwargs.fetch(:as, :ros)
             rest_client.delete(resource_description.path_for_resource(namespace: namespace, name: name),
-              headers: headers)
+              headers: headers, as: as)
           end
           register_method(method_name)
         end
@@ -82,7 +84,9 @@ module K8y
             namespace = kwargs.fetch(:namespace) if resource_description.namespaced
             name = kwargs.fetch(:name)
             headers = kwargs.fetch(:headers, {})
-            rest_client.get(resource_description.path_for_resource(namespace: namespace, name: name), headers: headers)
+            as = kwargs.fetch(:as, :ros)
+            rest_client.get(resource_description.path_for_resource(namespace: namespace, name: name),
+              headers: headers, as: as)
           end
           register_method(method_name)
         end
@@ -94,7 +98,8 @@ module K8y
           define_singleton_method(method_name) do |kwargs = {}|
             namespace = kwargs.fetch(:namespace) if resource_description.namespaced
             headers = kwargs.fetch(:headers, {})
-            rest_client.get(resource_description.path_for_resources(namespace: namespace), headers: headers)
+            as = kwargs.fetch(:as, :ros)
+            rest_client.get(resource_description.path_for_resources(namespace: namespace), headers: headers, as: as)
           end
           register_method(method_name)
         end
@@ -116,8 +121,9 @@ module K8y
             data = kwargs.fetch(:data)
             strategy = kwargs.fetch(:strategy)
             headers = kwargs.fetch(:headers, {}).merge(scoped_content_type_for_patch_strategy.call(strategy))
+            as = kwargs.fetch(:as, :ros)
             rest_client.patch(resource_description.path_for_resource(namespace: namespace, name: name),
-              strategy: strategy, data: JSON.dump(data), headers: headers)
+              strategy: strategy, data: JSON.dump(data), headers: headers, as: as)
           end
           register_method(method_name)
         end
@@ -138,8 +144,9 @@ module K8y
             name = kwargs.fetch(:name)
             data = kwargs.fetch(:data)
             headers = kwargs.fetch(:headers, {}).merge(json_content_type)
+            as = kwargs.fetch(:as, :ros)
             rest_client.put(resource_description.path_for_resource(namespace: namespace, name: name),
-              data: JSON.dump(data), headers: headers)
+              data: JSON.dump(data), headers: headers, as: as)
           end
           register_method(method_name)
         end

data/lib/k8y/client/client.rb

@@ -6,9 +6,6 @@ require_relative "apis"
 module K8y
   module Client
     class Client
-      ContextNotFoundError = Class.new(Error)
-      APINameConflictError = Class.new(Error)
-
       attr_reader :config, :context, :apis
 
       def initialize(config:, context:, group_versions: DEFAULT_GROUP_VERSIONS)

data/lib/k8y/client.rb

@@ -4,6 +4,8 @@ require_relative "client/client"
 module K8y
   module Client
     Error = Class.new(Error)
+    ContextNotFoundError = Class.new(Error)
+    APINameConflictError = Class.new(Error)
 
     DEFAULT_GROUP_VERSIONS = [
       GroupVersion.new(group: "core", version: "v1"),

data/lib/k8y/rest/auth/auth_base.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module K8y
+  module REST
+    module Auth
+      class AuthBase
+        def configure_connection(connection)
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/basic.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative "auth_base"
+
+module K8y
+  module REST
+    module Auth
+      class Basic < AuthBase
+        def initialize(username:, password:)
+          super()
+          @username = username
+          @password = password
+        end
+
+        def configure_connection(connection)
+          connection.request(:authorization, :basic, username, password)
+        end
+
+        private
+
+        attr_reader :username, :password
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/factory.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative "basic"
+require_relative "token"
+require_relative "providers/factory"
+
+module K8y
+  module REST
+    module Auth
+      class Factory
+        def from_auth_info(auth_info)
+          if auth_info.username && auth_info.password
+            Basic.new(username: auth_info.username, password: auth_info.password)
+          elsif auth_info.token
+            Token.new(token: auth_info.token)
+          elsif auth_info.auth_provider
+            Providers::Factory.new.from_auth_provider(auth_info.auth_provider)
+          else
+            AuthBase.new
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/providers/factory.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative "gcp/factory"
+
+module K8y
+  module REST
+    module Auth
+      module Providers
+        Error = Class.new(Error)
+
+        class Factory
+          UnnamedProviderError = Class.new(Error)
+          def from_auth_provider(provider)
+            case provider[:name]
+            when "gcp"
+              GCP::Factory.new.from_auth_provider(provider)
+            when nil
+              raise UnnamedProviderError
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/providers/gcp/application_default_provider.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "googleauth"
+
+require_relative "../provider_base"
+
+module K8y
+  module REST
+    module Auth
+      module Providers
+        module GCP
+          class ApplicationDefaultProvider < ProviderBase
+            SCOPES = [
+              "https://www.googleapis.com/auth/cloud-platform",
+              "https://www.googleapis.com/auth/userinfo.email",
+            ]
+
+            # #get_application_default actually returns a full oauth2 token payload
+            # This gives us, among other things, a refresh token, that we should be
+            # able to hold on to transparently keep client connections alive and
+            # healthy.
+            def token
+              creds = Google::Auth.get_application_default(SCOPES)
+              creds.apply({})
+              creds.access_token
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/providers/gcp/command_provider.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "googleauth"
+require "json"
+require "open3"
+require "shellwords"
+
+require_relative "../provider_base"
+
+module K8y
+  module REST
+    module Auth
+      module Providers
+        module GCP
+          class CommandProvider < ProviderBase
+            # TODO: this is a shameless copy of abonas/kubeclient. It's worth it to build this from scratch,
+            # if only for the better understanding that comes along with it
+            def initialize(cmd_path:, access_token: nil, cmd_args: nil, expiry: nil, expiry_key: nil, token_key: nil)
+              super
+              @access_token = access_token
+              @cmd_args = cmd_args
+              @cmd_path = cmd_path
+              @expiry = expiry
+              @expiry_key = expiry_key
+              @token_key = token_key
+            end
+
+            def token
+              out, err, st = Open3.capture3(cmd, *args.split)
+
+              raise "exec command failed: #{err}" unless st.success?
+
+              extract_token(out, token_key)
+            end
+
+            private
+
+            def extract_token(output, key)
+              path =
+                key
+                  .gsub(/\A{(.*)}\z/, '\\1') # {.foo.bar} -> .foo.bar
+                  .sub(/\A\./, "") # .foo.bar -> foo.bar
+                  .split(".")
+              JSON.parse(output).dig(*path)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/providers/gcp/factory.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative "application_default_provider"
+require_relative "command_provider"
+
+module K8y
+  module REST
+    module Auth
+      module Providers
+        module GCP
+          Error = Class.new(Error)
+
+          class Factory
+            MissingConfigError = Class.new(Error)
+
+            def from_auth_provider(provider)
+              config = provider[:config]
+              raise MissingConfigError unless config
+
+              # see https://github.com/kubernetes/client-go/blob/master/plugin/pkg/client/auth/gcp/gcp.go#L58
+              if config[:"cmd-path"]
+                CommandProvider.new(
+                  access_token: config[:"access-token"],
+                  cmd_args: config[:"cmd-args"],
+                  cmd_path: config[:"cmd-path"],
+                  expiry: config[:expiry],
+                  expiry_key: config[:"expiry-key"],
+                  token_key: config[:"token-key"]
+                )
+              else
+                ApplicationDefaultProvider.new
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/providers/provider_base.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module K8y
+  module REST
+    module Auth
+      module Providers
+        class ProviderBase
+          # TODO: public API not finalized; subject to change
+          def token
+            raise NotImplementedError
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth/token.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative "auth_base"
+
+module K8y
+  module REST
+    module Auth
+      class Token < AuthBase
+        def initialize(token:)
+          super()
+          @token = token
+        end
+
+        def configure_connection(connection)
+          connection.headers[:Authorization] = "Bearer #{token}"
+        end
+
+        private
+
+        attr_reader :token
+      end
+    end
+  end
+end

data/lib/k8y/rest/auth.rb

@@ -1,77 +1,21 @@
 # frozen_string_literal: true
+
+require_relative "auth/factory"
+
 module K8y
   module REST
-    class Auth
-      InvalidAuthTypeError = Class.new(Error)
-
+    module Auth
       class << self
         def from_kubeconfig(kubeconfig, context: nil)
           context = context ? context : kubeconfig.current_context
           auth_info = kubeconfig.user_for_context(context).auth_info
-
-          new(token: token(auth_info), username: auth_info.username, password: auth_info.password,
-            auth_provider: auth_provider(auth_info), exec_provider: exec_provider(auth_info))
-        end
-
-        private
-
-        def token(auth_info)
-          return auth_info.token if auth_info.token
-          File.read(auth_info.token_file) if auth_info.token_file
-        end
-
-        def auth_provider(auth_info)
-          # TODO
+          from_auth_info(auth_info)
         end
 
-        def exec_provider(auth_info)
-          # TODO
+        def from_auth_info(auth_info)
+          Factory.new.from_auth_info(auth_info)
         end
       end
-
-      def initialize(token: nil, username: nil, password: nil, auth_provider: nil, exec_provider: nil)
-        @token = token
-        @username = username
-        @password = password
-        @auth_provider = auth_provider
-        @exec_provider = exec_provider
-      end
-
-      def configure_connection(connection)
-        case auth_type
-        when :basic
-          connection.basic_auth(username, password)
-        when :token
-          connection.headers[:Authorization] = "Bearer #{token}"
-          # TODO...
-        end
-      end
-
-      private
-
-      attr_reader :token, :username, :password, :auth_provider, :exec_provider
-
-      def auth_type
-        if username && password
-          :basic
-        elsif token
-          :token
-        elsif auth_provider
-          :auth_provider
-        elsif exec_provider
-          :exec_provider
-        else
-          :none
-        end
-      end
-
-      def basic?
-        auth_type == :basic
-      end
-
-      def token?
-        auth_type == :token
-      end
     end
   end
 end

data/lib/k8y/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module K8y
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: k8y
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Timothy Smith
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-28 00:00:00.000000000 Z
+date: 2021-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -66,6 +66,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: googleauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -213,6 +227,15 @@ files:
 - lib/k8y/kubeconfig/user.rb
 - lib/k8y/rest.rb
 - lib/k8y/rest/auth.rb
+- lib/k8y/rest/auth/auth_base.rb
+- lib/k8y/rest/auth/basic.rb
+- lib/k8y/rest/auth/factory.rb
+- lib/k8y/rest/auth/providers/factory.rb
+- lib/k8y/rest/auth/providers/gcp/application_default_provider.rb
+- lib/k8y/rest/auth/providers/gcp/command_provider.rb
+- lib/k8y/rest/auth/providers/gcp/factory.rb
+- lib/k8y/rest/auth/providers/provider_base.rb
+- lib/k8y/rest/auth/token.rb
 - lib/k8y/rest/client.rb
 - lib/k8y/rest/config.rb
 - lib/k8y/rest/config_validator.rb