kubeclient 4.0.0 → 4.1.0

data/test/json/security_context_constraint_list.json

@@ -0,0 +1,375 @@
+{
+  "kind": "SecurityContextConstraintsList",
+  "apiVersion": "security.openshift.io/v1",
+  "metadata": {
+    "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints",
+    "resourceVersion": "5751"
+  },
+  "items": [
+    {
+      "metadata": {
+        "name": "anyuid",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/anyuid",
+        "uid": "12ba8540-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "71",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "anyuid provides all features of the restricted SCC but allows users to run with any UID and any GID."
+        }
+      },
+      "priority": 10,
+      "allowPrivilegedContainer": false,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": [
+        "MKNOD"
+      ],
+      "allowedCapabilities": null,
+      "allowHostDirVolumePlugin": false,
+      "volumes": [
+        "configMap",
+        "downwardAPI",
+        "emptyDir",
+        "persistentVolumeClaim",
+        "projected",
+        "secret"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": false,
+      "allowHostPorts": false,
+      "allowHostPID": false,
+      "allowHostIPC": false,
+      "seLinuxContext": {
+        "type": "MustRunAs"
+      },
+      "runAsUser": {
+        "type": "RunAsAny"
+      },
+      "supplementalGroups": {
+        "type": "RunAsAny"
+      },
+      "fsGroup": {
+        "type": "RunAsAny"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [],
+      "groups": [
+        "system:cluster-admins"
+      ]
+    },
+    {
+      "metadata": {
+        "name": "hostaccess",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/hostaccess",
+        "uid": "12b5b3a2-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "69",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "hostaccess allows access to all host namespaces but still requires pods to be run with a UID and SELinux context that are allocated to the namespace. WARNING: this SCC allows host access to namespaces, file systems, and PIDS.  It should only be used by trusted pods.  Grant with caution."
+        }
+      },
+      "priority": null,
+      "allowPrivilegedContainer": false,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": [
+        "KILL",
+        "MKNOD",
+        "SETUID",
+        "SETGID"
+      ],
+      "allowedCapabilities": null,
+      "allowHostDirVolumePlugin": true,
+      "volumes": [
+        "configMap",
+        "downwardAPI",
+        "emptyDir",
+        "hostPath",
+        "persistentVolumeClaim",
+        "projected",
+        "secret"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": true,
+      "allowHostPorts": true,
+      "allowHostPID": true,
+      "allowHostIPC": true,
+      "seLinuxContext": {
+        "type": "MustRunAs"
+      },
+      "runAsUser": {
+        "type": "MustRunAsRange"
+      },
+      "supplementalGroups": {
+        "type": "RunAsAny"
+      },
+      "fsGroup": {
+        "type": "MustRunAs"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [],
+      "groups": []
+    },
+    {
+      "metadata": {
+        "name": "hostmount-anyuid",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/hostmount-anyuid",
+        "uid": "12b512c0-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "68",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "hostmount-anyuid provides all the features of the restricted SCC but allows host mounts and any UID by a pod.  This is primarily used by the persistent volume recycler. WARNING: this SCC allows host file system access as any UID, including UID 0.  Grant with caution."
+        }
+      },
+      "priority": null,
+      "allowPrivilegedContainer": false,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": [
+        "MKNOD"
+      ],
+      "allowedCapabilities": null,
+      "allowHostDirVolumePlugin": true,
+      "volumes": [
+        "configMap",
+        "downwardAPI",
+        "emptyDir",
+        "hostPath",
+        "nfs",
+        "persistentVolumeClaim",
+        "projected",
+        "secret"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": false,
+      "allowHostPorts": false,
+      "allowHostPID": false,
+      "allowHostIPC": false,
+      "seLinuxContext": {
+        "type": "MustRunAs"
+      },
+      "runAsUser": {
+        "type": "RunAsAny"
+      },
+      "supplementalGroups": {
+        "type": "RunAsAny"
+      },
+      "fsGroup": {
+        "type": "RunAsAny"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [
+        "system:serviceaccount:openshift-infra:pv-recycler-controller"
+      ],
+      "groups": []
+    },
+    {
+      "metadata": {
+        "name": "hostnetwork",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/hostnetwork",
+        "uid": "12bb0984-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "72",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "hostnetwork allows using host networking and host ports but still requires pods to be run with a UID and SELinux context that are allocated to the namespace."
+        }
+      },
+      "priority": null,
+      "allowPrivilegedContainer": false,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": [
+        "KILL",
+        "MKNOD",
+        "SETUID",
+        "SETGID"
+      ],
+      "allowedCapabilities": null,
+      "allowHostDirVolumePlugin": false,
+      "volumes": [
+        "configMap",
+        "downwardAPI",
+        "emptyDir",
+        "persistentVolumeClaim",
+        "projected",
+        "secret"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": true,
+      "allowHostPorts": true,
+      "allowHostPID": false,
+      "allowHostIPC": false,
+      "seLinuxContext": {
+        "type": "MustRunAs"
+      },
+      "runAsUser": {
+        "type": "MustRunAsRange"
+      },
+      "supplementalGroups": {
+        "type": "MustRunAs"
+      },
+      "fsGroup": {
+        "type": "MustRunAs"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [],
+      "groups": []
+    },
+    {
+      "metadata": {
+        "name": "nonroot",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/nonroot",
+        "uid": "12b37c59-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "67",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "nonroot provides all features of the restricted SCC but allows users to run with any non-root UID.  The user must specify the UID or it must be specified on the by the manifest of the container runtime."
+        }
+      },
+      "priority": null,
+      "allowPrivilegedContainer": false,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": [
+        "KILL",
+        "MKNOD",
+        "SETUID",
+        "SETGID"
+      ],
+      "allowedCapabilities": null,
+      "allowHostDirVolumePlugin": false,
+      "volumes": [
+        "configMap",
+        "downwardAPI",
+        "emptyDir",
+        "persistentVolumeClaim",
+        "projected",
+        "secret"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": false,
+      "allowHostPorts": false,
+      "allowHostPID": false,
+      "allowHostIPC": false,
+      "seLinuxContext": {
+        "type": "MustRunAs"
+      },
+      "runAsUser": {
+        "type": "MustRunAsNonRoot"
+      },
+      "supplementalGroups": {
+        "type": "RunAsAny"
+      },
+      "fsGroup": {
+        "type": "RunAsAny"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [],
+      "groups": []
+    },
+    {
+      "metadata": {
+        "name": "privileged",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/privileged",
+        "uid": "12b18f4a-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "300",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context.  WARNING: this is the most relaxed SCC and should be used only for cluster administration. Grant with caution."
+        }
+      },
+      "priority": null,
+      "allowPrivilegedContainer": true,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": null,
+      "allowedCapabilities": [
+        "*"
+      ],
+      "allowHostDirVolumePlugin": true,
+      "volumes": [
+        "*"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": true,
+      "allowHostPorts": true,
+      "allowHostPID": true,
+      "allowHostIPC": true,
+      "seLinuxContext": {
+        "type": "RunAsAny"
+      },
+      "runAsUser": {
+        "type": "RunAsAny"
+      },
+      "supplementalGroups": {
+        "type": "RunAsAny"
+      },
+      "fsGroup": {
+        "type": "RunAsAny"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [
+        "system:admin",
+        "system:serviceaccount:openshift-infra:build-controller",
+        "system:serviceaccount:default:pvinstaller",
+        "system:serviceaccount:default:registry",
+        "system:serviceaccount:default:router"
+      ],
+      "groups": [
+        "system:cluster-admins",
+        "system:nodes",
+        "system:masters"
+      ],
+      "seccompProfiles": [
+        "*"
+      ]
+    },
+    {
+      "metadata": {
+        "name": "restricted",
+        "selfLink": "/apis/security.openshift.io/v1/securitycontextconstraints/restricted",
+        "uid": "12b9a842-ef00-11e8-b4c0-68f728fac3ab",
+        "resourceVersion": "70",
+        "creationTimestamp": "2018-11-23T09:13:42Z",
+        "annotations": {
+          "kubernetes.io/description": "restricted denies access to all host features and requires pods to be run with a UID, and SELinux context that are allocated to the namespace.  This is the most restrictive SCC and it is used by default for authenticated users."
+        }
+      },
+      "priority": null,
+      "allowPrivilegedContainer": false,
+      "defaultAddCapabilities": null,
+      "requiredDropCapabilities": [
+        "KILL",
+        "MKNOD",
+        "SETUID",
+        "SETGID"
+      ],
+      "allowedCapabilities": null,
+      "allowHostDirVolumePlugin": false,
+      "volumes": [
+        "configMap",
+        "downwardAPI",
+        "emptyDir",
+        "persistentVolumeClaim",
+        "projected",
+        "secret"
+      ],
+      "allowedFlexVolumes": null,
+      "allowHostNetwork": false,
+      "allowHostPorts": false,
+      "allowHostPID": false,
+      "allowHostIPC": false,
+      "seLinuxContext": {
+        "type": "MustRunAs"
+      },
+      "runAsUser": {
+        "type": "MustRunAsRange"
+      },
+      "supplementalGroups": {
+        "type": "RunAsAny"
+      },
+      "fsGroup": {
+        "type": "MustRunAs"
+      },
+      "readOnlyRootFilesystem": false,
+      "users": [],
+      "groups": [
+        "system:authenticated"
+      ]
+    }
+  ]
+}

data/test/test_common.rb

@@ -1,3 +1,4 @@
+
 require_relative 'test_helper'
 
 # Unit tests for the common module
@@ -33,8 +34,26 @@ class CommonTest < MiniTest::Test
       BuildConfig build_config
       Image image
       ImageStream image_stream
-    ].each_slice(2) do |singular, plural|
-      assert_equal(Kubeclient::ClientMixin.underscore_entity(singular), plural)
+      dogstatsd dogstatsd
+      lowerCamelUPPERCase lower_camel_uppercase
+      HTTPAPISpecBinding httpapispec_binding
+      APIGroup apigroup
+      APIGroupList apigroup_list
+      APIResourceList apiresource_list
+      APIService apiservice
+      APIServiceList apiservice_list
+      APIVersions apiversions
+      OAuthAccessToken oauth_access_token
+      OAuthAccessTokenList oauth_access_token_list
+      OAuthAuthorizeToken oauth_authorize_token
+      OAuthAuthorizeTokenList oauth_authorize_token_list
+      OAuthClient oauth_client
+      OAuthClientAuthorization oauth_client_authorization
+      OAuthClientAuthorizationList oauth_client_authorization_list
+      OAuthClientList oauth_client_list
+    ].each_slice(2) do |kind, expected_underscore|
+      underscore = Kubeclient::ClientMixin.underscore_entity(kind)
+      assert_equal(underscore, expected_underscore)
     end
   end
 

data/test/test_component_status.rb

@@ -3,10 +3,9 @@ require_relative 'test_helper'
 # ComponentStatus tests
 class TestComponentStatus < MiniTest::Test
   def test_get_from_json_v3
+    stub_core_api_list
     stub_request(:get, %r{/componentstatuses})
       .to_return(body: open_test_file('component_status.json'), status: 200)
-    stub_request(:get, %r{/api/v1$})
-      .to_return(body: open_test_file('core_api_resource_list.json'), status: 200)
 
     client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
     component_status = client.get_component_status('etcd-0', 'default')

data/test/test_config.rb

@@ -91,10 +91,10 @@ class KubeclientConfigTest < MiniTest::Test
       #
       # At the time of this writing the files to be updated are:
       #
-      #   test/config/allinone.kubeconfig
-      #   test/config/external-ca.pem
-      #   test/config/external-cert.pem
-      #   test/config/external-key.rsa
+      #   cp openshift.local.config/master/admin.kubeconfig test/config/allinone.kubeconfig
+      #   cp openshift.local.config/master/ca.crt           test/config/external-ca.pem
+      #   cp openshift.local.config/master/admin.crt        test/config/external-cert.pem
+      #   cp openshift.local.config/master/admin.key        test/config/external-key.rsa
       assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert]))
     else
       assert_equal(OpenSSL::SSL::VERIFY_NONE, context.ssl_options[:verify_ssl])

data/test/test_endpoint.rb

@@ -1,15 +1,12 @@
 require_relative 'test_helper'
 
-# Endpoint entity tests
+# kind: 'Endpoints' entity tests.
+# This is one of the unusual `kind`s that are already plural (https://github.com/kubernetes/kubernetes/issues/8115).
+# We force singular in method names like 'create_endpoint',
+# but `kind` should remain plural as in kubernetes.
 class TestEndpoint < MiniTest::Test
   def test_create_endpoint
-    stub_request(:get, %r{/api/v1$})
-      .to_return(
-        body: open_test_file('core_api_resource_list.json'),
-        status: 200
-      )
-
-    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
+    stub_core_api_list
     testing_ep = Kubeclient::Resource.new
     testing_ep.metadata = {}
     testing_ep.metadata.name = 'myendpoint'
@@ -29,7 +26,29 @@ class TestEndpoint < MiniTest::Test
       .with(body: req_body)
       .to_return(body: open_test_file('created_endpoint.json'), status: 201)
 
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
     created_ep = client.create_endpoint(testing_ep)
     assert_equal('Endpoints', created_ep.kind)
+    assert_equal('v1', created_ep.apiVersion)
+
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1', as: :parsed_symbolized)
+    created_ep = client.create_endpoint(testing_ep)
+    assert_equal('Endpoints', created_ep[:kind])
+    assert_equal('v1', created_ep[:apiVersion])
+  end
+
+  def test_get_endpoints
+    stub_core_api_list
+    stub_request(:get, %r{/endpoints})
+      .to_return(body: open_test_file('endpoint_list.json'), status: 200)
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
+
+    collection = client.get_endpoints(as: :parsed_symbolized)
+    assert_equal('EndpointsList', collection[:kind])
+    assert_equal('v1', collection[:apiVersion])
+
+    # Stripping of 'List' in collection.kind RecursiveOpenStruct mode only is historic.
+    collection = client.get_endpoints
+    assert_equal('Endpoints', collection.kind)
   end
 end