kubeclient 0.3.0 → 4.9.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of kubeclient might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.github/workflows/actions.yml +35 -0
- data/.gitignore +1 -0
- data/.rubocop.yml +29 -0
- data/CHANGELOG.md +208 -0
- data/Gemfile +3 -0
- data/README.md +706 -57
- data/RELEASING.md +69 -0
- data/Rakefile +3 -5
- data/kubeclient.gemspec +19 -11
- data/lib/kubeclient/aws_eks_credentials.rb +46 -0
- data/lib/kubeclient/common.rb +597 -161
- data/lib/kubeclient/config.rb +195 -0
- data/lib/kubeclient/entity_list.rb +7 -2
- data/lib/kubeclient/exec_credentials.rb +89 -0
- data/lib/kubeclient/gcp_auth_provider.rb +19 -0
- data/lib/kubeclient/gcp_command_credentials.rb +31 -0
- data/lib/kubeclient/google_application_default_credentials.rb +31 -0
- data/lib/kubeclient/http_error.rb +25 -0
- data/lib/kubeclient/missing_kind_compatibility.rb +68 -0
- data/lib/kubeclient/oidc_auth_provider.rb +52 -0
- data/lib/kubeclient/resource.rb +11 -0
- data/lib/kubeclient/resource_not_found_error.rb +4 -0
- data/lib/kubeclient/version.rb +1 -1
- data/lib/kubeclient/watch_stream.rb +71 -28
- data/lib/kubeclient.rb +25 -82
- metadata +140 -114
- data/.travis.yml +0 -6
- data/lib/kubeclient/kube_exception.rb +0 -13
- data/lib/kubeclient/watch_notice.rb +0 -7
- data/test/json/created_namespace_b3.json +0 -20
- data/test/json/created_secret.json +0 -16
- data/test/json/created_service_b3.json +0 -31
- data/test/json/empty_pod_list_b3.json +0 -9
- data/test/json/endpoint_list_b3.json +0 -48
- data/test/json/entity_list_b3.json +0 -56
- data/test/json/event_list_b3.json +0 -35
- data/test/json/namespace_b3.json +0 -13
- data/test/json/namespace_exception_b3.json +0 -8
- data/test/json/namespace_list_b3.json +0 -32
- data/test/json/node_b3.json +0 -29
- data/test/json/node_list_b3.json +0 -37
- data/test/json/pod_b3.json +0 -92
- data/test/json/pod_list_b3.json +0 -75
- data/test/json/replication_controller_b3.json +0 -57
- data/test/json/replication_controller_list_b3.json +0 -64
- data/test/json/secret_list_b3.json +0 -44
- data/test/json/service_b3.json +0 -33
- data/test/json/service_illegal_json_404.json +0 -1
- data/test/json/service_list_b3.json +0 -97
- data/test/json/service_update_b3.json +0 -22
- data/test/json/versions_list.json +0 -6
- data/test/json/watch_stream_b3.json +0 -3
- data/test/test_helper.rb +0 -4
- data/test/test_kubeclient.rb +0 -407
- data/test/test_namespace.rb +0 -53
- data/test/test_node.rb +0 -25
- data/test/test_pod.rb +0 -21
- data/test/test_replication_controller.rb +0 -24
- data/test/test_secret.rb +0 -58
- data/test/test_service.rb +0 -136
- data/test/test_watch.rb +0 -37
- data/test/valid_token_file +0 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 9220de071696f945ccb667a13ea89c697d935f97abaabad9350bf8d39596d0b3
|
4
|
+
data.tar.gz: 508742ac151675cc00e0dda915f5f44cb5622c90ad56aa97de06967880925297
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab7ec603082fd9c11089e721ebb7d98bdd4092b76f9d173f3075351db41c4ab76ca2e8cf2a54818bf0f6bc5d9749ed64dc51af262acc93c527ba0a4e1b1637cb
|
7
|
+
data.tar.gz: daaf00389fbd89a5eff46397e4a176de5fb540a292a706c093c289f476c250f1cdb7caaad3fa3a865841704c1a141be6861d189f8a59bda2dcff35581742e981
|
@@ -0,0 +1,35 @@
|
|
1
|
+
name: CI
|
2
|
+
on:
|
3
|
+
push:
|
4
|
+
branches:
|
5
|
+
- '**'
|
6
|
+
tags:
|
7
|
+
- '**'
|
8
|
+
pull_request:
|
9
|
+
branches:
|
10
|
+
- '**'
|
11
|
+
jobs:
|
12
|
+
build:
|
13
|
+
runs-on: ${{ matrix.os }}
|
14
|
+
strategy:
|
15
|
+
matrix:
|
16
|
+
ruby: [ '2.5', '2.6', '2.7', '3.0', 'truffleruby-head' ]
|
17
|
+
os: ['ubuntu-latest', 'macos-latest']
|
18
|
+
task: [test]
|
19
|
+
include:
|
20
|
+
# run rubocop against lowest supported ruby
|
21
|
+
- os: ubuntu-latest
|
22
|
+
ruby: '2.5'
|
23
|
+
task: rubocop
|
24
|
+
name: ${{ matrix.os }} ${{ matrix.ruby }} rake ${{ matrix.task }}
|
25
|
+
steps:
|
26
|
+
- uses: actions/checkout@v2
|
27
|
+
# actions/setup-ruby did not support truffle or bundler caching
|
28
|
+
- uses: ruby/setup-ruby@v1
|
29
|
+
with:
|
30
|
+
ruby-version: ${{ matrix.ruby }}
|
31
|
+
bundler-cache: false # disable running 'bundle install' and caching installed gems see https://github.com/httprb/http/issues/572
|
32
|
+
- run: gem install rake bundler
|
33
|
+
- run: bundle install
|
34
|
+
- run: bundle exec rake ${{ matrix.task }}
|
35
|
+
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,6 +1,35 @@
|
|
1
|
+
AllCops:
|
2
|
+
DisplayCopNames: true
|
3
|
+
TargetRubyVersion: 2.2 # Oldest version kubeclient supports
|
1
4
|
MethodLength:
|
2
5
|
Enabled: false
|
3
6
|
ClassLength:
|
4
7
|
Enabled: false
|
5
8
|
Metrics/AbcSize:
|
6
9
|
Enabled: false
|
10
|
+
Metrics/LineLength:
|
11
|
+
Max: 100
|
12
|
+
Metrics/ParameterLists:
|
13
|
+
Max: 5
|
14
|
+
CountKeywordArgs: false
|
15
|
+
Metrics/CyclomaticComplexity:
|
16
|
+
Max: 8
|
17
|
+
Metrics/PerceivedComplexity:
|
18
|
+
Max: 8
|
19
|
+
Metrics/ModuleLength:
|
20
|
+
Enabled: false
|
21
|
+
Style/MethodCallWithArgsParentheses:
|
22
|
+
Enabled: true
|
23
|
+
IgnoredMethods: [require, raise, include, attr_reader, refute, assert]
|
24
|
+
Exclude: [Gemfile, Rakefile, kubeclient.gemspec, Gemfile.dev.rb]
|
25
|
+
Metrics/BlockLength:
|
26
|
+
Exclude: [kubeclient.gemspec]
|
27
|
+
Security/MarshalLoad:
|
28
|
+
Exclude: [test/**/*]
|
29
|
+
Style/FileName:
|
30
|
+
Exclude: [Gemfile, Rakefile, Gemfile.dev.rb]
|
31
|
+
Style/MethodCallWithArgsParentheses:
|
32
|
+
IgnoredMethods:
|
33
|
+
- require_relative
|
34
|
+
Style/RegexpLiteral:
|
35
|
+
Enabled: false
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,208 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
Notable changes to this project will be documented in this file.
|
4
|
+
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
5
|
+
Kubeclient release versioning follows [SemVer](https://semver.org/).
|
6
|
+
|
7
|
+
## 4.9.2 — 2021-05-30
|
8
|
+
|
9
|
+
### Added
|
10
|
+
- Ruby 3.0 compatibility (#500, #505).
|
11
|
+
|
12
|
+
### Removed
|
13
|
+
- Reduce .gem size by dropping test/ directory, it's useless at run time (#502).
|
14
|
+
|
15
|
+
## 4.9.1 — 2020-08-31
|
16
|
+
### Fixed
|
17
|
+
- Now should work with apiserver deployed not at root of domain but a sub-path,
|
18
|
+
which is standard with Rancher.
|
19
|
+
Notably, `create_...` methods were sending bad apiVersion and getting 400 error.
|
20
|
+
(#457, hopefully fixes #318, #418 and https://gitlab.com/gitlab-org/gitlab/-/issues/22043)
|
21
|
+
|
22
|
+
## 4.9.0 - 2020-08-03
|
23
|
+
### Added
|
24
|
+
- Support for `user: exec` credential plugins using TLS client auth (#453)
|
25
|
+
|
26
|
+
## 4.8.0 — 2020-07-03
|
27
|
+
|
28
|
+
### Added
|
29
|
+
- Support for server-side apply (#448).
|
30
|
+
|
31
|
+
### Fixed
|
32
|
+
- Declared forgotten dependency on jsonpath, needed for `gcp` provider with `cmd-path` (#450).
|
33
|
+
|
34
|
+
## 4.7.0 — 2020-06-14
|
35
|
+
|
36
|
+
### Fixed
|
37
|
+
- Ruby 2.7 compatibility: bumped minimum recursive-open-struct to one that works on 2.7 (#439).
|
38
|
+
- Ruby 2.7 warnings (#433, #438).
|
39
|
+
- Improved watch documentation, including behavior planned to change in 5.0.0 (#436).
|
40
|
+
|
41
|
+
### Added
|
42
|
+
- Google Application Default Credentials: Added `userinfo.email` to requested scopes, which is necessary for RBAC policies (#441).
|
43
|
+
|
44
|
+
## 4.6.0 — 2019-12-30
|
45
|
+
|
46
|
+
### Fixed
|
47
|
+
- AmazonEksCredentials was sometimes leaving base64 padding that IAM auth of the EKS cluster rejects. Now padding is always stripped. (#424, #423)
|
48
|
+
|
49
|
+
### Added
|
50
|
+
- Allow calling `watch_foos` methods with a block, simpler to use and guarantees closing the connection. (#425)
|
51
|
+
|
52
|
+
- Support `limitBytes` query parameter for `get_pod_log`. (#426)
|
53
|
+
|
54
|
+
## 4.5.0 — 2019-09-27
|
55
|
+
|
56
|
+
### Added
|
57
|
+
- Support `:resourceVersion` parameter in `get_foos` methods (similar to existing support in `watch_foos` methods). (#420)
|
58
|
+
|
59
|
+
- Relax dependency on `http` gem to allow both 3.x and 4.x. (#413)
|
60
|
+
|
61
|
+
## 4.4.0 — 2019-05-03
|
62
|
+
|
63
|
+
### Added
|
64
|
+
- GCP configs with `user[auth-provider][name] == 'gcp'` will execute credential plugin (normally the `gcloud config config-helper` subcommand) when the config specifies it in `cmd-path`, `cmd-args` fields (similar to `exec` support). This code path works without `googleauth` gem. Otherwise, `GoogleApplicationDefaultCredentials` path will be tried as before. (#410)
|
65
|
+
- `AmazonEksCredentials` helper for obtaining a token to authenticate against Amazon EKS. This is not currently integrated in `Config`, you will need to invoke it yourself. You'll need some aws gems that Kubeclient _does not_ include. (#404, #406)
|
66
|
+
|
67
|
+
### Changed
|
68
|
+
- OpenID Connect tokens which cannot be validaded because we cannot identify the key they were signed with will be considered expired and refreshed as usual. (#407)
|
69
|
+
|
70
|
+
## 4.3.0 — 2019-03-03
|
71
|
+
|
72
|
+
### Changed
|
73
|
+
- `GoogleApplicationDefaultCredentials` will now automatically be used by `Config` if the `user[auth-provider][name] == 'gcp'` in the provided context. Note that `user[exec]` is checked first in anticipation of this functionality being added to GCP sometime in the future. Kubeclient _does not_ include the required `googleauth` gem, so you will need to include it in your calling application. (#394)
|
74
|
+
|
75
|
+
### Added
|
76
|
+
- OpenID Connect credentials will automatically be used if the `user[auth-provider][name] == 'oidc'` in the provided context. Note that `user[exec]` is checked first. Kubeclient _does not_ include the required `openid_connect` gem, so you will need to include it in your calling application. (#396)
|
77
|
+
|
78
|
+
- Support for `json_patch_#{entity}` and `merge_patch_#{entity}`. `patch_#{entity}` will continue to use strategic merge patch. (#390)
|
79
|
+
|
80
|
+
## 4.2.2 — 2019-01-09
|
81
|
+
|
82
|
+
### Added
|
83
|
+
- New `http_max_redirects` option (#374).
|
84
|
+
|
85
|
+
### Changed
|
86
|
+
- Default max redirects for watch increased from 4 to 10, to match other verbs (#374).
|
87
|
+
|
88
|
+
## 4.2.1 — 2018-12-26
|
89
|
+
|
90
|
+
### Fixed
|
91
|
+
- For resources that contain dashes in name, there will be an attempt to resolve the method name based on singular name prefix or by replacing the dash in names with underscores (#383).
|
92
|
+
|
93
|
+
## 4.2.0 — 2018-12-20
|
94
|
+
|
95
|
+
### Added
|
96
|
+
- Support `user: exec: ...` credential plugins like in Go client (#363, #375).
|
97
|
+
|
98
|
+
### Security
|
99
|
+
- Really made `Kubeclient::Config.new(data, nil)` prevent external file lookups. (#372)
|
100
|
+
README documented this since 3.1.1 (#334) but alas that was a lie — absolute paths always worked.
|
101
|
+
Now this also prevents credential plugin execution.
|
102
|
+
|
103
|
+
Even in this mode, using config from untrusted sources is not recommended.
|
104
|
+
|
105
|
+
This release included all changes up to 4.1.1, but NOT 4.1.2 which was branched off later (4.2.1 does include same fix).
|
106
|
+
|
107
|
+
## 4.1.2 — 2018-12-26
|
108
|
+
|
109
|
+
### Fixed
|
110
|
+
- For resources that contain dashes in name, there will be an attempt to resolve the method name based on singular name prefix or by replacing the dash in names with underscores (#382).
|
111
|
+
|
112
|
+
## 4.1.1 — 2018-12-17
|
113
|
+
|
114
|
+
### Fixed
|
115
|
+
- Fixed method names for non-suffix plurals such as y -> ies (#377).
|
116
|
+
|
117
|
+
## 4.1.0 — 2018-11-28 — REGRESSION
|
118
|
+
|
119
|
+
This version broke method names where plural is not just adding a suffix, notably y -> ies (bug #376).
|
120
|
+
|
121
|
+
### Fixed
|
122
|
+
- Support custom resources with lowercase `kind` (#361).
|
123
|
+
- `create_security_context_constraint` now works (#366).
|
124
|
+
- `get_security_context_constraints.kind`, `get_endpoints.kind` are now plural as in kubernetes (#366).
|
125
|
+
|
126
|
+
### Added
|
127
|
+
- Add support for retrieving large lists of objects in chunks (#356).
|
128
|
+
|
129
|
+
## 4.0.0 — 2018-07-23
|
130
|
+
|
131
|
+
### Removed
|
132
|
+
- Bumped officially supported kubernetes versions to >= 1.3.
|
133
|
+
- Specifically `proxy_url` no longer works for <= 1.2 (#323).
|
134
|
+
|
135
|
+
### Fixed
|
136
|
+
- `proxy_url` now works for kubernetes 1.10 and later (#323).
|
137
|
+
|
138
|
+
### Changed
|
139
|
+
- Switched `http` gem dependency from 2.y to 3.y (#321).
|
140
|
+
|
141
|
+
## 3.1.2 — 2018-06-11
|
142
|
+
|
143
|
+
### Fixed
|
144
|
+
- Fixed `Kubeclient::Config.read` regression, no longer crashes on YAML timestamps (#338).
|
145
|
+
|
146
|
+
## 3.1.1 - 2018-06-01 — REGRESSION
|
147
|
+
|
148
|
+
In this version `Kubeclient::Config.read` raises Psych::DisallowedClass on legal yaml configs containing a timestamp, for example gcp access-token expiry (bug #337).
|
149
|
+
|
150
|
+
### Security
|
151
|
+
- Changed `Kubeclient::Config.read` to use `YAML.safe_load` (#334).
|
152
|
+
|
153
|
+
Previously, could deserialize arbitrary ruby classes. The risk depends on ruby classes available in the application; sometimes a class may have side effects - up to arbitrary code execution - when instantiated and/or built up with `x[key] = value` during YAML parsing.
|
154
|
+
|
155
|
+
Despite this fix, using config from untrusted sources is not recommended.
|
156
|
+
|
157
|
+
## 3.1.0 - 2018-05-27
|
158
|
+
|
159
|
+
### Fixed
|
160
|
+
- Fixed watch `.finish` sometimes caused `HTTP::ConnectionError` exception from the reading loop (#315).
|
161
|
+
|
162
|
+
### Added
|
163
|
+
- `get_pod_log` now has `timestamps`, `since_time` (#319) and `tail_lines` (#326) params.
|
164
|
+
- `Kubeclient::Config::Context#namespace` now set, if present in kubeconfig file (#308).
|
165
|
+
- Improved README directions for authenticating within a kubernetes cluster (#316).
|
166
|
+
- `Kubeclient::GoogleApplicationDefaultCredentials` helper for Google application default credentials (#213). Needs `googleauth` gem.
|
167
|
+
- New `as: :parsed` and `as: :parsed_symbolized` formats (#306).
|
168
|
+
- Allow setting default `as:` format for the whole client (#299, #305).
|
169
|
+
- Relaxed `recursive-open-struct` dependency to allow 1.1+ as well (#313).
|
170
|
+
|
171
|
+
## 3.0.0 - 2018-02-04
|
172
|
+
### Removed
|
173
|
+
- Dropped entity classes (`Kubeclient::Pod` etc.), only `Kubeclient::Resource` exists now (#292, #288).
|
174
|
+
- Ruby 2.0, 2.1 no longer supported (#253, #291).
|
175
|
+
|
176
|
+
### Fixed
|
177
|
+
- Added missing singular `get_security_context_constraint`, fixed `get_security_context_constraints` to mean plural (#261).
|
178
|
+
- Fixed `@http_proxy_uri` undefined warning (#261).
|
179
|
+
- Documentation fixes & improvements (#225, #229, #243, #296).
|
180
|
+
|
181
|
+
### Added
|
182
|
+
- `delete_options:` parameter to `delete_*` methods, useful for cascade delete (#267).
|
183
|
+
- `as: :raw` option for watch (#285).
|
184
|
+
- Now raises `Kubeclient::HttpError`. Rescuing `KubeException` still works but is deprecated. (#195, #288)
|
185
|
+
- 404 error raise `Kubeclient::ResourceNotFoundError`, a subclass of `HttpError` (#233).
|
186
|
+
- Include request info in exception message (#221).
|
187
|
+
- Ruby 2.4 and 2.5 are now supported & tested (#247, #295).
|
188
|
+
|
189
|
+
### Changed
|
190
|
+
- `Kubeclient::Config#context(nonexistent_context_name)` raises `KeyError` instead of `RuntimeError`.
|
191
|
+
- `update_*`, `delete_*`, `patch_*` now all return `RecursiveOpenStruct` consistently (#290).
|
192
|
+
- Many dependencies bumped (#204, #231, #253, #269).
|
193
|
+
|
194
|
+
## 2.5.2 - 2018-02-04
|
195
|
+
- Watch results are now `RecursiveOpenStruct` inside arrays too (#279).
|
196
|
+
- Fixed watch `.finish` sometimes caused `Errno::EBADF` exception from the reading loop (#280).
|
197
|
+
- Easing dependency version (#287, #301)
|
198
|
+
|
199
|
+
## 2.5.1 - 2017-10-12
|
200
|
+
No changes since 2.5.0, fixed packaging mistake.
|
201
|
+
|
202
|
+
## [2.5.0 - 2017-10-12 was YANKED]
|
203
|
+
|
204
|
+
### Added
|
205
|
+
|
206
|
+
- `as: raw` option for `get_*` methods returning a string (#262 via #271).
|
207
|
+
|
208
|
+
## 2.4.0 - 2017-05-10
|