k8y 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3eff2fb332ede35caba339504a2c23ef9fb860b0741bcaaa89186f7e6e66af42
-  data.tar.gz: 39f451e5d2966311dd688efd8f3b8c14a7e8a84caf37038de8446dd4f46f954b
+  metadata.gz: a5320e2541c6887f3f654b04d76121467d4b80328164cb6489a2c47496291d65
+  data.tar.gz: 6ad43159e2bc56e4dfd96bf06fc279781789e48c342bffb11122ffa6d4ae97f2
 SHA512:
-  metadata.gz: 408213ee541f715a98fa1c2905110e94a41aea9f6cfa1b88a2908874c766d84264973ecf0c704bd7f4a05e0bc87e3f52dbea618a959a6a07ffec1c3a92155cad
-  data.tar.gz: 43ddd9865d31d1b33b5c954b7afbadf2f2d8aae39862a980a2005c78b9b6de97bf69d1cd7ac770444a86783f1a437cb1563a58af20049d90ef5edb544a67ce4a
+  metadata.gz: 6092e6243c294e24404993c891749d653623cc161b609003f12f5ae0d6c2665c2775902394ead30519d4761bce3c8dd11713132251dbecadcde4697698c5eb4b
+  data.tar.gz: 7820369a97588da212de66325c3879a59d5ad49e3baca6a1405eebcd0f397cadb33c3cb100cd85e9a10339038e71c4a9da2700e85535f7cd84ce482c21cc4b91

data/.gitignore

@@ -8,8 +8,8 @@
 /tmp/
 /.DS_Store
 
-# Rake-able scratch working directory
-/scratch
+# Debug sessions
+debug_session.rb
 
 # Ignore lockfile for gem
 Gemfile.lock

data/DECISIONLOG.md

@@ -0,0 +1,14 @@
+# Purpose of this document
+
+This document serves as a historical record of certain design decisions as they're made, in the hope that, down the line, it will be clear why certain implementations were chosen over others, and to inform future development. Any new feature or architectural change that relies on careful judgement of tradeoffs and/or assumptions should be documented.
+
+# Authorization
+
+For `auth-provider` based authorization, K8y exposes the `ProviderBase` class which all concrete provider implementations should implement. Subclasses should implement a single method: `#token`. The `#token` method is used in 3 instances:
+
+- To generate a token if one doesn't exist
+- To store generated tokens in the token store
+- To regenerate expired tokens
+
+This approach makes it easy to design new `auth-providers`: they just need to implement a single method and token configuration, regeneration, and reuse, occurs transparently. The tradeoff is slightly less fine-grained control over global (e.g process-wide) client settings. Another complicating factor is that the authorization config (for the `REST`) client is not context-aware. Instead, `TokenStore` keys tokens to the `REST::Client`s host (e.g. `https://1.2.3.4`). This makes it effectively impossible for the same process to use different tokens between clients targeting the same API server host. For now, this seems like a decent tradeoff: I'm having trouble imagining when/where such a case might be useful.
+

data/Rakefile

@@ -5,19 +5,36 @@ require "rake/testtask"
 
 task default: ["test"]
 
-desc("Run test suite")
+desc("Run unit/integration test suite")
 Rake::TestTask.new(:test) do |task|
+  task.libs << "test"
+  task.libs << "lib"
+  task.test_files = FileList[
+    "test/unit/**/*_test.rb",
+    "test/integration/**/*_test.rb",
+  ]
+end
+
+desc("Run unit test suite")
+Rake::TestTask.new(:test_unit) do |task|
   task.libs << "test"
   task.libs << "lib"
   task.test_files = FileList["test/unit/**/*_test.rb"]
 end
 
-desc("Run in-cluster integrations tests")
+desc("Run integration test suite")
 Rake::TestTask.new(:test_integration) do |task|
+  task.libs << "test"
+  task.libs << "lib"
+  task.test_files = FileList["test/integration/**/*_test.rb"]
+end
+
+desc("Run in-cluster integrations tests")
+Rake::TestTask.new(:test_cluster) do |task|
   ENV["PARALLELIZE_ME"] = ENV.fetch("PARALLELIZE_ME", "1")
   ENV["MT_CPU"] = ENV.fetch("MT_CPU", "8")
   task.libs << "test"
   task.libs << "lib"
-  task.test_files = FileList["test/integration/**/*_test.rb"]
+  task.test_files = FileList["test/cluster_integration/**/*_test.rb"]
   task.warning = false
 end

data/k8y.gemspec

@@ -27,10 +27,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency("activesupport", "~> 6.0")
-  spec.add_dependency("faraday", "~> 1.6")
+  spec.add_dependency("faraday", "~> 1.8")
+  spec.add_dependency("googleauth")
   spec.add_dependency("railties", "~> 6.0")
   spec.add_dependency("recursive-open-struct", "~>1.1")
-  spec.add_dependency("googleauth")
 
   spec.add_development_dependency("byebug", "~> 11")
   spec.add_development_dependency("minitest", "~> 5")

data/lib/k8y/client/api_builder.rb

@@ -27,7 +27,7 @@ module K8y
       end
 
       def build!
-        rest_config = REST::Config.from_kubeconfig(config, path: api.path)
+        rest_config = REST::Config.from_kubeconfig(config, context: context, path: api.path)
         rest_client = REST::Client.new(connection: REST::Connection.from_config(rest_config))
 
         response = rest_client.get(as: :raw)

data/lib/k8y/client.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "client/client"
 
 module K8y

data/lib/k8y/error.rb

@@ -1,2 +1,3 @@
 # frozen_string_literal: true
+
 class Error < StandardError; end

data/lib/k8y/group_version.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module K8y
   class GroupVersion
     attr_reader :group, :version

data/lib/k8y/kubeconfig/auth_info.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
+
+require_relative "auth_provider"
+
 module K8y
   module Kubeconfig
     class AuthInfo
       attr_reader :client_certificate, :client_certificate_data, :client_key, :client_key_data, :token, :token_file,
         :as, :as_groups, :as_user_extra, :username, :password, :auth_provider, :exec_options, :extensions,
-
         def self.from_hash(hash)
           new(
             client_certificate: hash.fetch("client-certificate", nil),
@@ -18,7 +20,7 @@ module K8y
             as_user_extra: hash.fetch("as-user-extra", nil),
             username: hash.fetch("username", nil),
             password: hash.fetch("password", nil),
-            auth_provider: hash.fetch("auth-provider", nil),
+            auth_provider: AuthProvider.new(hash.fetch("auth-provider", nil)),
             exec_options: hash.fetch("exec", nil),
             extensions: hash.fetch("extensions", nil)
           )
@@ -42,6 +44,18 @@ module K8y
         @exec_options = exec_options
         @extensions = extensions
       end
+
+      def strategy
+        if username && password
+          :basic
+        elsif token
+          :token
+        elsif auth_provider.present?
+          :auth_provider
+        else
+          :default
+        end
+      end
     end
   end
 end

data/lib/k8y/kubeconfig/auth_provider.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "recursive-open-struct"
+
+module K8y
+  module Kubeconfig
+    class AuthProvider < RecursiveOpenStruct
+      def present?
+        to_h.present?
+      end
+    end
+  end
+end

data/lib/k8y/kubeconfig/user.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "auth_info"
 
 module K8y

data/lib/k8y/resource.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "recursive-open-struct"
+
+module K8y
+  class Resource < RecursiveOpenStruct
+    def initialize(hash, args = {})
+      args[:recurse_over_arrays] = true
+      super(hash, args)
+    end
+  end
+end

data/lib/k8y/rest/auth/auth_base.rb

@@ -4,8 +4,7 @@ module K8y
   module REST
     module Auth
       class AuthBase
-        def configure_connection(connection)
-        end
+        def configure_connection(connection); end
       end
     end
   end

data/lib/k8y/rest/auth/factory.rb

@@ -9,11 +9,12 @@ module K8y
     module Auth
       class Factory
         def from_auth_info(auth_info)
-          if auth_info.username && auth_info.password
+          case auth_info.strategy
+          when :basic
             Basic.new(username: auth_info.username, password: auth_info.password)
-          elsif auth_info.token
+          when :token
             Token.new(token: auth_info.token)
-          elsif auth_info.auth_provider
+          when :auth_provider
             Providers::Factory.new.from_auth_provider(auth_info.auth_provider)
           else
             AuthBase.new

data/lib/k8y/rest/auth/providers/factory.rb

@@ -11,7 +11,7 @@ module K8y
         class Factory
           UnnamedProviderError = Class.new(Error)
           def from_auth_provider(provider)
-            case provider[:name]
+            case provider.name
             when "gcp"
               GCP::Factory.new.from_auth_provider(provider)
             when nil

data/lib/k8y/rest/auth/providers/gcp/application_default_provider.rb

@@ -15,14 +15,12 @@ module K8y
               "https://www.googleapis.com/auth/userinfo.email",
             ]
 
-            # #get_application_default actually returns a full oauth2 token payload
-            # This gives us, among other things, a refresh token, that we should be
-            # able to hold on to transparently keep client connections alive and
-            # healthy.
+            private
+
             def token
               creds = Google::Auth.get_application_default(SCOPES)
               creds.apply({})
-              creds.access_token
+              @token = creds.access_token
             end
           end
         end

data/lib/k8y/rest/auth/providers/gcp/command_provider.rb

@@ -25,6 +25,8 @@ module K8y
               @token_key = token_key
             end
 
+            private
+
             def token
               out, err, st = Open3.capture3(cmd, *args.split)
 
@@ -33,12 +35,10 @@ module K8y
               extract_token(out, token_key)
             end
 
-            private
-
             def extract_token(output, key)
               path =
                 key
-                  .gsub(/\A{(.*)}\z/, '\\1') # {.foo.bar} -> .foo.bar
+                  .gsub(/\A{(.*)}\z/, "\\1") # {.foo.bar} -> .foo.bar
                   .sub(/\A\./, "") # .foo.bar -> foo.bar
                   .split(".")
               JSON.parse(output).dig(*path)

data/lib/k8y/rest/auth/providers/gcp/factory.rb

@@ -11,21 +11,17 @@ module K8y
           Error = Class.new(Error)
 
           class Factory
-            MissingConfigError = Class.new(Error)
-
             def from_auth_provider(provider)
-              config = provider[:config]
-              raise MissingConfigError unless config
-
+              config = provider.config
               # see https://github.com/kubernetes/client-go/blob/master/plugin/pkg/client/auth/gcp/gcp.go#L58
-              if config[:"cmd-path"]
+              if config&.public_send(:"cmd-path")
                 CommandProvider.new(
-                  access_token: config[:"access-token"],
-                  cmd_args: config[:"cmd-args"],
-                  cmd_path: config[:"cmd-path"],
-                  expiry: config[:expiry],
-                  expiry_key: config[:"expiry-key"],
-                  token_key: config[:"token-key"]
+                  access_token: config.public_send(:"access-token"),
+                  cmd_args: config.public_send(:"cmd-args"),
+                  cmd_path: config.public_send(:"cmd-path"),
+                  expiry: config.expiry,
+                  expiry_key: config.public_send(:"expiry-key"),
+                  token_key: config.public_send(:"token-key"),
                 )
               else
                 ApplicationDefaultProvider.new

data/lib/k8y/rest/auth/providers/provider_base.rb

@@ -4,10 +4,19 @@ module K8y
   module REST
     module Auth
       module Providers
-        class ProviderBase
-          # TODO: public API not finalized; subject to change
+        class ProviderBase < AuthBase
+          def configure_connection(connection)
+            connection.request(:authorization, "Bearer", -> { TokenStore[connection.host] ||= token })
+          end
+
+          def generate_token!(connection)
+            TokenStore[connection.host] = token
+          end
+
+          private
+
           def token
-            raise NotImplementedError
+            raise NotImplementedError, "subclasses of ProviderBase must implement #token"
           end
         end
       end

data/lib/k8y/rest/auth/token_store.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module K8y
+  module REST
+    module Auth
+      class TokenStore
+        class << self
+          def [](hostname)
+            lock.synchronize { store[hostname] }
+          end
+
+          def []=(hostname, token)
+            lock.synchronize { store[hostname] = token }
+          end
+
+          private
+
+          def store
+            @store ||= {}
+          end
+
+          def lock
+            @lock ||= Mutex.new
+          end
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/client.rb

@@ -1,23 +1,27 @@
 # frozen_string_literal: true
 
-require "faraday"
 require "base64"
-require "recursive_open_struct"
+require "faraday"
+require "forwardable"
 
 require_relative "config"
 require_relative "connection"
+require_relative "request_wrapper"
 require_relative "response_formatter"
 
 module K8y
   module REST
     class Client
+      extend Forwardable
       attr_reader :connection
 
+      def_delegators(:connection, :base_path)
+
       class << self
         def from_config(config)
           new(
             connection: Connection.new(
-              host: config.host,
+              base_path: config.base_path,
               ssl: config.transport.to_faraday_options,
               auth: config.auth
             )
@@ -25,48 +29,75 @@ module K8y
         end
       end
 
-      def host
-        connection.host
-      end
-
       def initialize(connection:)
         @connection = connection
+        @request_wrapper = RequestWrapper.new
       end
 
       def get(path = "", headers: {}, as: :ros)
-        response = connection.get(formatted_uri(path))
-        format_response(response, as: as)
+        with_wrapper do
+          response = connection.get(formatted_uri(path))
+          format_response(response, as: as)
+        end
       end
 
       def post(path = "", data:, headers: {}, as: :ros)
-        response = connection.post(formatted_uri(path), data, headers)
-        format_response(response, as: as)
+        with_wrapper do
+          response = connection.post(formatted_uri(path), data, headers)
+          format_response(response, as: as)
+        end
       end
 
       def put(path = "", data:, headers: {}, as: :ros)
-        response = connection.put(formatted_uri(path), data, headers)
-        format_response(response, as: as)
+        with_wrapper do
+          response = connection.put(formatted_uri(path), data, headers)
+          format_response(response, as: as)
+        end
       end
 
       def patch(path = "", strategy:, data:, headers: {}, as: :ros)
-        response = connection.patch(formatted_uri(path), data, headers)
-        format_response(response, as: as)
+        with_wrapper do
+          response = connection.patch(formatted_uri(path), data, headers)
+          format_response(response, as: as)
+        end
       end
 
       def delete(path = "", headers: {}, as: :ros)
-        response = connection.delete(formatted_uri(path))
-        format_response(response, as: as)
+        with_wrapper do
+          response = connection.delete(formatted_uri(path))
+          format_response(response, as: as)
+        end
       end
 
       private
 
+      attr_reader :request_wrapper
+
       def formatted_uri(path = "")
-        File.join(connection.host, path)
+        File.join(connection.base_path, path)
       end
 
       def format_response(response, as: :ros)
         ResponseFormatter.new(response).format(as: as)
       end
+
+      # I apologize for the ugly code, but it's relatively straightforward.
+      # If the request returns an Unauthorized response, try generating a new token and retry the request.
+      # If that fails, raise the error to the caller as normal.
+      def with_wrapper(&block)
+        begin
+          begin
+            yield
+          rescue Faraday::Error => e
+            request_wrapper.handle(e, retry_unauthorized: true)
+          end
+        rescue RetriableUnauthorizedError
+          connection.generate_token!
+          yield
+        end
+      rescue Faraday::Error => e
+        request_wrapper.handle(e)
+      end
     end
   end
 end

data/lib/k8y/rest/config.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "config_validator"
 require_relative "transport"
 require_relative "auth"
@@ -6,29 +7,29 @@ require_relative "auth"
 module K8y
   module REST
     class Config
-      attr_reader :host, :transport, :auth
+      attr_reader :base_path, :transport, :auth
 
       class << self
-        def from_kubeconfig(kubeconfig, path:)
+        def from_kubeconfig(kubeconfig, context: nil, path: "/")
           context = context ? context : kubeconfig.current_context
           ConfigValidator.new(kubeconfig, context: context).validate!
 
           cluster = kubeconfig.cluster_for_context(context)
-          host = File.join(cluster.server, path)
-          transport = if URI(host).scheme == "https"
+          base_path = File.join(cluster.server, path)
+          transport = if URI(base_path).scheme == "https"
             Transport.from_kubeconfig(kubeconfig, context: context)
           end
           auth = Auth.from_kubeconfig(kubeconfig, context: context)
           new(
-            host: host,
+            base_path: base_path,
             transport: transport,
             auth: auth
           )
         end
       end
 
-      def initialize(host:, transport:, auth:)
-        @host = host
+      def initialize(base_path:, transport:, auth:)
+        @base_path = base_path
         @transport = transport
         @auth = auth
       end

data/lib/k8y/rest/config_validator.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module K8y
   module REST
     class ConfigValidator

data/lib/k8y/rest/connection.rb

@@ -2,12 +2,15 @@
 
 require "forwardable"
 
+require_relative "auth/token_store"
+
 module K8y
   module REST
     class Connection
       extend Forwardable
 
-      attr_reader :host, :connection
+      attr_reader :base_path, :connection
+      attr_accessor :token_store
 
       VERBS = [:get, :post, :put, :patch, :delete]
       def_delegators(:connection, *VERBS)
@@ -15,17 +18,31 @@ module K8y
       class << self
         # Initialize a Connection object using a provided REST::Config instance
         def from_config(config)
-          new(host: config.host, ssl: config.transport.to_faraday_options, auth: config.auth)
+          new(base_path: config.base_path, ssl: config.transport.to_faraday_options, auth: config.auth)
         end
       end
 
-      def initialize(host:, ssl:, auth:, &conn_options)
-        @host = host
-        @connection = Faraday.new(host, ssl: ssl) do |connection|
+      def initialize(base_path:, ssl:, auth:, &conn_options)
+        @base_path = base_path
+        @auth = auth
+        @connection = Faraday.new(base_path, ssl: ssl) do |connection|
+          connection.use(Faraday::Response::RaiseError)
           auth.configure_connection(connection)
           yield connection if block_given?
         end
       end
+
+      def generate_token!
+        auth.generate_token!(self) if auth.respond_to?(:generate_token!)
+      end
+
+      def host
+        URI(base_path).host
+      end
+
+      private
+
+      attr_reader :auth
     end
   end
 end

data/lib/k8y/rest/error.rb

@@ -1,6 +1,14 @@
 # frozen_string_literal: true
+
 module K8y
   module REST
     Error = Class.new(Error)
+
+    HTTPError = Class.new(Error)
+    ClientError = Class.new(HTTPError)
+    NotFoundError = Class.new(ClientError)
+    RetriableUnauthorizedError = Class.new(ClientError)
+    UnauthorizedError = Class.new(ClientError)
+    ServerError = Class.new(HTTPError)
   end
 end

data/lib/k8y/rest/request_wrapper.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module K8y
+  module REST
+    class RequestWrapper
+      def handle(exception, retry_unauthorized: false)
+        code = exception.response_status
+        if code == 401 && retry_unauthorized
+          raise RetriableUnauthorizedError, exception
+        elsif code == 401
+          raise UnauthorizedError, exception
+        elsif code == 404
+          raise NotFoundError, exception
+        elsif code >= 500
+          raise ServerError, exception
+        else
+          raise HTTPError, exception
+        end
+      end
+    end
+  end
+end

data/lib/k8y/rest/response_formatter.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module K8y
   module REST
     class ResponseFormatter
@@ -13,7 +14,7 @@ module K8y
       def format(as: :ros)
         case as
         when :ros
-          build_recursive_open_struct_response(response.body)
+          build_k8y_resource_response(response.body)
         when :raw
           response
         else
@@ -23,14 +24,14 @@ module K8y
 
       private
 
-      def build_recursive_open_struct_response(body)
+      def build_k8y_resource_response(body)
         data = JSON.parse(body)
         if item_list?(data)
-          data.fetch("items").map { |item| RecursiveOpenStruct.new(item, recurse_over_arrays: true) }
+          data.fetch("items").map { |item| Resource.new(item) }
         elsif resources_list?(data)
-          data.fetch("resources").map { |item| RecursiveOpenStruct.new(item, recurse_over_arrays: true) }
+          data.fetch("resources").map { |item| Resource.new(item) }
         else
-          RecursiveOpenStruct.new(data, recurse_over_arrays: true)
+          Resource.new(data)
         end
       end
 

data/lib/k8y/rest/transport.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module K8y
   module REST
     class Transport

data/lib/k8y/rest.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "rest/error"
 require_relative "rest/client"
 

data/lib/k8y/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module K8y
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

data/lib/k8y.rb

@@ -4,6 +4,7 @@ require "active_support/core_ext/object/blank"
 
 require_relative "k8y/error"
 require_relative "k8y/version"
+require_relative "k8y/resource"
 require_relative "k8y/kubeconfig"
 require_relative "k8y/group_version"
 require_relative "k8y/client"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: k8y
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Timothy Smith
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-10-03 00:00:00.000000000 Z
+date: 2021-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -30,56 +30,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: railties
+  name: googleauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: recursive-open-struct
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
-  name: googleauth
+  name: recursive-open-struct
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -203,6 +203,7 @@ files:
 - ".gitignore"
 - ".rubocop.yml"
 - CHANGELOG.md
+- DECISIONLOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -221,10 +222,12 @@ files:
 - lib/k8y/group_version.rb
 - lib/k8y/kubeconfig.rb
 - lib/k8y/kubeconfig/auth_info.rb
+- lib/k8y/kubeconfig/auth_provider.rb
 - lib/k8y/kubeconfig/cluster.rb
 - lib/k8y/kubeconfig/config.rb
 - lib/k8y/kubeconfig/context.rb
 - lib/k8y/kubeconfig/user.rb
+- lib/k8y/resource.rb
 - lib/k8y/rest.rb
 - lib/k8y/rest/auth.rb
 - lib/k8y/rest/auth/auth_base.rb
@@ -236,11 +239,13 @@ files:
 - lib/k8y/rest/auth/providers/gcp/factory.rb
 - lib/k8y/rest/auth/providers/provider_base.rb
 - lib/k8y/rest/auth/token.rb
+- lib/k8y/rest/auth/token_store.rb
 - lib/k8y/rest/client.rb
 - lib/k8y/rest/config.rb
 - lib/k8y/rest/config_validator.rb
 - lib/k8y/rest/connection.rb
 - lib/k8y/rest/error.rb
+- lib/k8y/rest/request_wrapper.rb
 - lib/k8y/rest/response_formatter.rb
 - lib/k8y/rest/transport.rb
 - lib/k8y/version.rb