kube_cluster 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/kube/cluster/middleware/set_namespace.rb +18 -2
  4. data/lib/kube/cluster/standard/role.rb +66 -0
  5. data/lib/kube/cluster/standard/role_binding.rb +53 -0
  6. data/lib/kube/cluster/standard/service_account.rb +40 -0
  7. data/lib/kube/cluster/standard/service_account_with_role.rb +52 -0
  8. data/lib/kube/cluster/version.rb +1 -1
  9. metadata +5 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29e455d15de0900af5bf1f941e9636c0e8a1d220a4e6a64dc433aac86d43e596
4
- data.tar.gz: 741e89bb988a9ed630b5d1b58e1ec95dcf85acb278e4045f936ad8803e0e7d82
3
+ metadata.gz: 2db1b928c5cf97c3b248b5d035bf071d719cc2387c3ceab02ab999dcf45febe2
4
+ data.tar.gz: 85fc1a4be926b518f7e3720d58308fbf8e3915f628d5058dcbfef26799918406
5
5
  SHA512:
6
- metadata.gz: 84041914a07f9bb7c21c1653d53781fefa350f54d0fe66b45e519bb6dbfbbd5788df10e49a347c33deebd779e9443348f577a36e787a7451841bd1812a7fc918
7
- data.tar.gz: 1ca89cc294ed092ba68bd28086bbd81c655896cea7d84a745d9974f93d093d71fe7d76e83ae1da0080179827d8c86274d40f05ecc66b102aa9fe27ad1c514631
6
+ metadata.gz: f5c41a08ad784585e5fc92bdb6de5107b031e04d31d8a3d0d04e8670b44496e15244704b82a6c4c6e1027cca5fdd1c0475dc2af61df40b146b23cab611224e68
7
+ data.tar.gz: 68e00e0750fc326881b61cbe3a705ae7341eab8ba37b68429387e0055bc5eb26fa2bfb38f9f59d2e53ac5d0f8220e5fe2bbb5edb507c9a750e5ece721e52276f
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- kube_cluster (0.15.0)
4
+ kube_cluster (0.16.0)
5
5
  activesupport (~> 8.0)
6
6
  kube_kubectl (~> 2.0)
7
7
  kube_schema (~> 1.7)
data/lib/kube/cluster/middleware/set_namespace.rb CHANGED
@@ -25,9 +25,25 @@ module Kube
25
25
 
26
26
  h = resource.to_h
27
27
  h[:metadata] ||= {}
28
- next resource if h[:metadata][:namespace] && h[:metadata][:namespace] != 'default'
29
28
 
30
- h[:metadata][:namespace] = @namespace
29
+ unless h[:metadata][:namespace] && h[:metadata][:namespace] != 'default'
30
+ h[:metadata][:namespace] = @namespace
31
+ end
32
+
33
+ # A RoleBinding's ServiceAccount subjects need an explicit
34
+ # namespace; fill in any left blank with the target namespace so
35
+ # same-namespace bindings (e.g. ServiceAccountWithRole) resolve.
36
+ if h[:kind] == 'RoleBinding' && h[:subjects].is_a?(Array)
37
+ h[:subjects] = h[:subjects].map { |subject|
38
+ if subject[:kind] == 'ServiceAccount' &&
39
+ (subject[:namespace].nil? || subject[:namespace].to_s.empty?)
40
+ subject.merge(namespace: @namespace)
41
+ else
42
+ subject
43
+ end
44
+ }
45
+ end
46
+
31
47
  resource.rebuild(h)
32
48
  }
33
49
  }
data/lib/kube/cluster/standard/role.rb ADDED
@@ -0,0 +1,66 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/setup"
4
+ require "kube/cluster"
5
+
6
+ module Kube
7
+ module Cluster
8
+ module Standard
9
+ # A Role with an ergonomic rules shorthand. Each rule maps a resource
10
+ # spec to its verbs; the spec is "resource" (core API group) or
11
+ # "group/resource":
12
+ #
13
+ # Role.new(rules: [
14
+ # "secrets" => %w[get list],
15
+ # "batch/cronjobs" => %w[get],
16
+ # ])
17
+ #
18
+ class Role < Kube::Cluster["Role"]
19
+ def initialize(rules:, name: nil, &block)
20
+ built = self.class.build_rules(rules)
21
+
22
+ super() do
23
+ metadata.name = name if name
24
+ self.rules = built
25
+ instance_exec(&block) if block
26
+ end
27
+ end
28
+
29
+ def name
30
+ to_h.dig(:metadata, :name)
31
+ end
32
+
33
+ def name=(value)
34
+ metadata.name = value
35
+ end
36
+
37
+ def self.build_rules(rules)
38
+ entries = rules.is_a?(Hash) ? [rules] : Array(rules)
39
+
40
+ entries.flat_map do |entry|
41
+ entry.map do |spec, verbs|
42
+ group, resource = spec.include?("/") ? spec.split("/", 2) : ["", spec]
43
+ { apiGroups: [group], resources: [resource], verbs: Array(verbs) }
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
51
+
52
+ test do
53
+ describe "Role" do
54
+ it "expands the rules shorthand" do
55
+ yaml = Kube::Cluster::Standard::Role
56
+ .new(name: "r", rules: [
57
+ "secrets" => %w[get list],
58
+ "batch/cronjobs" => %w[get],
59
+ ])
60
+ .to_yaml
61
+
62
+ yaml.include?("resources").should == true
63
+ yaml.include?("batch").should == true
64
+ end
65
+ end
66
+ end
data/lib/kube/cluster/standard/role_binding.rb ADDED
@@ -0,0 +1,53 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/setup"
4
+ require "kube/cluster"
5
+
6
+ module Kube
7
+ module Cluster
8
+ module Standard
9
+ # A RoleBinding that wires a Role to a ServiceAccount. This is just the
10
+ # binding resource -- the Role and ServiceAccount are defined separately
11
+ # (and emitted together by ServiceAccountWithRole):
12
+ #
13
+ # RoleBinding.new(role: MyRole, service_account: MyServiceAccount)
14
+ #
15
+ # The subject namespace is left blank when the ServiceAccount has none, so
16
+ # the SetNamespace middleware fills it with the target namespace.
17
+ class RoleBinding < Kube::Cluster["RoleBinding"]
18
+ def initialize(role:, service_account:, name: nil, &block)
19
+ name ||= role.name || service_account.name
20
+ role_name = role.name || name
21
+
22
+ subject = { kind: "ServiceAccount", name: service_account.name }
23
+ subject[:namespace] = service_account.namespace if service_account.namespace
24
+
25
+ super() do
26
+ metadata.name = name
27
+ self.roleRef = {
28
+ apiGroup: "rbac.authorization.k8s.io",
29
+ kind: "Role",
30
+ name: role_name,
31
+ }
32
+ self.subjects = [subject]
33
+ instance_exec(&block) if block
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
40
+
41
+ test do
42
+ describe "RoleBinding" do
43
+ it "references the role and service account" do
44
+ yaml = Kube::Cluster::Standard::RoleBinding.new(
45
+ role: Kube::Cluster::Standard::Role.new(name: "r", rules: ["secrets" => %w[get]]),
46
+ service_account: Kube::Cluster::Standard::ServiceAccount.new(name: "sa"),
47
+ ).to_yaml
48
+
49
+ yaml.include?("name: r").should == true
50
+ yaml.include?("name: sa").should == true
51
+ end
52
+ end
53
+ end
data/lib/kube/cluster/standard/service_account.rb ADDED
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/setup"
4
+ require "kube/cluster"
5
+
6
+ module Kube
7
+ module Cluster
8
+ module Standard
9
+ class ServiceAccount < Kube::Cluster["ServiceAccount"]
10
+ def initialize(name:, namespace: nil, &block)
11
+ super() do
12
+ metadata.name = name
13
+ metadata.namespace = namespace if namespace
14
+ instance_exec(&block) if block
15
+ end
16
+ end
17
+
18
+ def name
19
+ to_h.dig(:metadata, :name)
20
+ end
21
+
22
+ def namespace
23
+ to_h.dig(:metadata, :namespace)
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
29
+
30
+ test do
31
+ describe "ServiceAccount" do
32
+ it "initializes without error" do
33
+ Kube::Cluster::Standard::ServiceAccount
34
+ .new(name: "my-sa")
35
+ .to_yaml
36
+ .is_a?(String)
37
+ .should == true
38
+ end
39
+ end
40
+ end
data/lib/kube/cluster/standard/service_account_with_role.rb ADDED
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/setup"
4
+ require "kube/cluster"
5
+
6
+ module Kube
7
+ module Cluster
8
+ module Standard
9
+ # Bundles a ServiceAccount, a Role, and the RoleBinding that ties them
10
+ # together into one Manifest. The Role and RoleBinding take the
11
+ # ServiceAccount's name unless a name is given explicitly:
12
+ #
13
+ # ServiceAccountWithRole.new(
14
+ # service_account: ServiceAccount.new(name: "glauth-config-builder"),
15
+ # role: Role.new(rules: [
16
+ # "secrets" => %w[get list],
17
+ # "batch/cronjobs" => %w[get],
18
+ # ]),
19
+ # )
20
+ #
21
+ class ServiceAccountWithRole < Kube::Cluster::Manifest
22
+ def initialize(service_account:, role:, name: nil, &block)
23
+ name ||= service_account.name
24
+ role.name = name
25
+
26
+ role_binding = Kube::Cluster::Standard::RoleBinding.new(
27
+ role: role,
28
+ service_account: service_account,
29
+ name: name,
30
+ )
31
+
32
+ super(service_account, role, role_binding)
33
+
34
+ instance_exec(&block) if block
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
40
+
41
+ test do
42
+ describe "ServiceAccountWithRole" do
43
+ it "emits the service account, role, and binding" do
44
+ m = Kube::Cluster::Standard::ServiceAccountWithRole.new(
45
+ service_account: Kube::Cluster::Standard::ServiceAccount.new(name: "sa"),
46
+ role: Kube::Cluster::Standard::Role.new(rules: ["secrets" => %w[get list]]),
47
+ )
48
+
49
+ m.map { |r| r.to_h[:kind] }.sort.should == %w[Role RoleBinding ServiceAccount]
50
+ end
51
+ end
52
+ end
data/lib/kube/cluster/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Kube
4
4
  module Cluster
5
- VERSION = "0.15.0"
5
+ VERSION = "0.16.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kube_cluster
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.15.0
4
+ version: 0.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan K
@@ -232,8 +232,12 @@ files:
232
232
  - lib/kube/cluster/standard/perses/perses.rb
233
233
  - lib/kube/cluster/standard/perses/perses_datasource.rb
234
234
  - lib/kube/cluster/standard/persistent_volume_claim.rb
235
+ - lib/kube/cluster/standard/role.rb
236
+ - lib/kube/cluster/standard/role_binding.rb
235
237
  - lib/kube/cluster/standard/secret.rb
236
238
  - lib/kube/cluster/standard/service.rb
239
+ - lib/kube/cluster/standard/service_account.rb
240
+ - lib/kube/cluster/standard/service_account_with_role.rb
237
241
  - lib/kube/cluster/standard/victoria_metrics/vl_agent.rb
238
242
  - lib/kube/cluster/standard/victoria_metrics/vl_single.rb
239
243
  - lib/kube/cluster/standard/victoria_metrics/vm_agent.rb