kubeclient 4.4.0 → 4.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 688623a12e9f3e68f6573b39d0d8e58ddee8848154d72670848d05096453a827
-  data.tar.gz: fa3432fed8c342a2686a9f0f1ba599f7e87fa85ac42aa410f39b61674754e6ca
+  metadata.gz: 3c8f79b61300006829c55c6b13715e6073a1cf9517ad8334959ff64706bee4ca
+  data.tar.gz: 04ae220b4f78422992e34538e5b47a0dbf0a832aa2eb9f1ac86d3f1c221cd088
 SHA512:
-  metadata.gz: c6543f0f8494b64d3d56342dab4dc7ff70eeeb97f6a18cfa2915885c56c5e9051e0cd8df6eba330129330b8ba3e3e4088838f8b06cc10093f40a280e52e870b9
-  data.tar.gz: 7df2f38d1b116a137446935c4c166236c7ce04027cd17bc038047bdfee817c4b4a734d6a5775dafc1e1d02ed1ad3ec15843d5fcb59d0ca62c459dfe0de1848cb
+  metadata.gz: b7c9ab202ff3e30f5884fd2f80987fe87a3a65a86fa1a3ecdba16383cbb958fdb98f02dd48a00a5ac50fac828b335a33b33f634f7e2cbe7913883e5aa9a81fa4
+  data.tar.gz: 52078faf6ec204c2b08658d83604fb84c7e68ad409d754ada7ae9d0d989fbce01ae53b2c33993dc71a6bed5851904fe22b6cd3688f67fa1c4bf9cd7704c43f71

data/.travis.yml

@@ -1,13 +1,29 @@
 language: ruby
+sudo: false
+cache: bundler
+script: bundle exec rake $TASK
+
+os:
+  - linux
+  - osx
 rvm:
-  - "2.2"
+  - "2.2.0"
   - "2.3.0"
   - "2.4.0"
   - "2.5.0"
-  - "2.6.0-preview1"
-sudo: false
-cache: bundler
-script: bundle exec rake $TASK
+  - "2.6.0"
+  - "2.7.0"
 env:
  - TASK=test
- - TASK=rubocop
+matrix:
+  exclude:
+    - os: osx
+      rvm: "2.2.0"
+    - os: osx
+      rvm: "2.3.0"
+  # No point running Rubocop on different rubies, results will be same.
+  # The rubies it expects the code to target are controlled in .rubocop.yml.
+  include:
+    - os: linux
+      rvm: "2.5.0"
+      env: TASK=rubocop

data/CHANGELOG.md

@@ -4,7 +4,44 @@ Notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 Kubeclient release versioning follows [SemVer](https://semver.org/).
 
-## Unreleased
+## 4.9.0 - 2020-08-03
+### Added
+- Support for `user: exec` credential plugins using TLS client auth (#453)
+
+## 4.8.0 — 2020-07-03
+
+### Added
+- Support for server-side apply (#448).
+
+### Fixed
+- Declared forgotten dependency on jsonpath, needed for `gcp` provider with `cmd-path` (#450).
+
+## 4.7.0 — 2020-06-14
+
+### Fixed
+- Ruby 2.7 compatibility: bumped minimum recursive-open-struct to one that works on 2.7 (#439).
+- Ruby 2.7 warnings (#433, #438).
+- Improved watch documentation, including behavior planned to change in 5.0.0 (#436).
+
+### Added
+- Google Application Default Credentials: Added `userinfo.email` to requested scopes, which is necessary for RBAC policies (#441).
+
+## 4.6.0 — 2019-12-30
+
+### Fixed
+- AmazonEksCredentials was sometimes leaving base64 padding that IAM auth of the EKS cluster rejects.  Now padding is always stripped. (#424, #423)
+
+### Added
+- Allow calling `watch_foos` methods with a block, simpler to use and guarantees closing the connection. (#425)
+
+- Support `limitBytes` query parameter for `get_pod_log`. (#426)
+
+## 4.5.0 — 2019-09-27
+
+### Added
+- Support `:resourceVersion` parameter in `get_foos` methods (similar to existing support in `watch_foos` methods). (#420)
+
+- Relax dependency on `http` gem to allow both 3.x and 4.x. (#413)
 
 ## 4.4.0 — 2019-05-03
 

data/README.md

@@ -207,7 +207,7 @@ client = Kubeclient::Client.new(
 
 ### Timeouts
 
-Watching never times out.
+Watching configures the socket to never time out (however, sooner or later all watches terminate).
 
 One-off actions like `.get_*`, `.delete_*` have a configurable timeout:
 ```ruby
@@ -420,16 +420,48 @@ We try to support the last 3 minor versions, matching the [official support poli
 Kubernetes 1.2 and below have known issues and are unsupported.
 Kubernetes 1.3 presumed to still work although nobody is really testing on such old versions...
 
-## Examples:
+## Supported actions & examples:
 
-#### Get all instances of a specific entity type
+Summary of main CRUD actions:
+
+```
+get_foos(namespace: 'namespace', **opts)  # namespaced collection
+get_foos(**opts)                          # all namespaces or global collection
+
+get_foo('name', 'namespace', opts)  # namespaced
+get_foo('name', nil, opts)          # global
+
+watch_foos(namespace: ns, **opts)   # namespaced collection
+watch_foos(**opts)                  # all namespaces or global collection
+watch_foos(namespace: ns, name: 'name', **opts)   # namespaced single object
+watch_foos(name: 'name', **opts)                  # global single object
+
+delete_foo('name', 'namespace', opts)    # namespaced
+delete_foo('name', nil, opts)            # global
+
+create_foo(Kubeclient::Resource.new({metadata: {name: 'name', namespace: 'namespace', ...}, ...}))
+create_foo(Kubeclient::Resource.new({metadata: {name: 'name', ...}, ...}))  # global
+
+update_foo(Kubeclient::Resource.new({metadata: {name: 'name', namespace: 'namespace', ...}, ...}))
+update_foo(Kubeclient::Resource.new({metadata: {name: 'name', ...}, ...}))  # global
+
+patch_foo('name', patch, 'namespace')    # namespaced
+patch_foo('name', patch)                 # global
+
+apply_foo(Kubeclient::Resource.new({metadata: {name: 'name', namespace: 'namespace', ...}, ...}), field_manager: 'myapp', **opts)
+apply_foo(Kubeclient::Resource.new({metadata: {name: 'name', ...}, ...}), field_manager: 'myapp', **opts)  # global
+```
+
+These grew to be quite inconsistent :confounded:, see https://github.com/abonas/kubeclient/issues/312 and https://github.com/abonas/kubeclient/issues/332 for improvement plans.
+
+### Get all instances of a specific entity type
 Such as: `get_pods`, `get_secrets`, `get_services`, `get_nodes`, `get_replication_controllers`, `get_resource_quotas`, `get_limit_ranges`, `get_persistent_volumes`, `get_persistent_volume_claims`, `get_component_statuses`, `get_service_accounts`
 
 ```ruby
 pods = client.get_pods
 ```
 
-Get all entities of a specific type in a namespace:<br>
+Get all entities of a specific type in a namespace:
 
 ```ruby
 services = client.get_services(namespace: 'development')
@@ -447,7 +479,22 @@ You can specify multiple labels (that option will return entities which have bot
 pods = client.get_pods(label_selector: 'name=redis-master,app=redis')
 ```
 
-Get all entities of a specific type in chunks:
+There is also [a limited ability to filter by *some* fields](https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/).  Which fields are supported is not documented, you can try and see if you get an error...
+```ruby
+client.get_pods(field_selector: 'spec.nodeName=master-0')
+```
+
+You can ask for entities at a specific version by specifying a parameter named `resource_version`:
+```ruby
+pods = client.get_pods(resource_version: '0')
+```
+but it's not guaranteed you'll get it.  See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions to understand the semantics.
+
+With default (`as: :ros`) return format, the returned object acts like an array of the individual pods, but also supports a `.resourceVersion` method.
+
+With `:parsed` and `:parsed_symbolized` formats, the returned data structure matches kubernetes list structure: it's a hash containing  `metadata` and `items` keys, the latter containing the individual pods.
+
+#### Get all entities of a specific type in chunks
 
 ```ruby
 continue = nil
@@ -502,7 +549,87 @@ Other formats are:
  - `:parsed` for `JSON.parse`
  - `:parsed_symbolized` for `JSON.parse(..., symbolize_names: true)`
 
-#### Delete an entity (by name)
+### Watch — Receive entities updates
+
+See https://kubernetes.io/docs/reference/using-api/api-concepts/#efficient-detection-of-changes for an overview.
+
+It is possible to receive live update notices watching the relevant entities:
+
+```ruby
+client.watch_pods do |notice|
+  # process notice data
+end
+```
+
+The notices have `.type` field which may be `'ADDED'`, `'MODIFIED'`, `'DELETED'`, or currently `'ERROR'`, and an `.object` field containing the object.  **UPCOMING CHANGE**: In next major version, we plan to raise exceptions instead of passing on ERROR into the block.
+
+For namespaced entities, the default watches across all namespaces, and you can specify `client.watch_secrets(namespace: 'foo')` to only watch in a single namespace.
+
+You can narrow down using `label_selector:` and `field_selector:` params, like with `get_pods` methods.
+
+You can also watch a single object by specifying `name:` e.g. `client.watch_nodes(name: 'gandalf')` (not namespaced so a name is enough) or `client.watch_pods(namespace: 'foo', name: 'bar')` (namespaced, need both params).
+Note the method name is still plural!  There is no `watch_pod`, only `watch_pods`.  The yielded "type" remains the same — watch notices, it's just they'll always refer to the same object.
+
+You can use `as:` param to control the format of the yielded notices.
+
+#### All watches come to an end!
+
+While nominally the watch block *looks* like an infinite loop, that's unrealistic.  Network connections eventually get severed, and kubernetes apiserver is known to terminate watches.
+
+Unfortunately, this sometimes raises an exception and sometimes the loop just exits.  **UPCOMING CHANGE**: In next major version, non-deliberate termination will always raise an exception; the block will only exit silenty if stopped deliberately.
+
+#### Deliberately stopping a watch
+
+You can use `break` or `return` inside the watch block.
+
+It is possible to interrupt the watcher from another thread with:
+
+```ruby
+watcher = client.watch_pods
+
+watcher.each do |notice|
+  # process notice data
+end
+# <- control will pass here after .finish is called
+
+### In another thread ###
+watcher.finish
+```
+
+#### Starting watch version
+
+You can specify version to start from, commonly used in "List+Watch" pattern:
+```
+list = client.get_pods
+collection_version = list.resourceVersion
+# or with other return formats:
+list = client.get_pods(as: :parsed)
+collection_version = list['metadata']['resourceVersion']
+
+# note spelling resource_version vs resourceVersion.
+client.watch_pods(resource_version: collection_version) do |notice|
+  # process notice data
+end
+```
+It's important to understand [the effects of unset/0/specific resource_version](https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions) as it modifies the behavior of the watch — in some modes you'll first see a burst of synthetic 'ADDED' notices for all existing objects.
+
+If you re-try a terminated watch again without specific resourceVersion, you might see previously seen notices again, and might miss some events.
+
+To attempt resuming a watch from same point, you can try using last resourceVersion observed during the watch.  Or do list+watch again.
+
+Whenever you ask for a specific version, you must be prepared for an 410 "Gone" error if the server no longer recognizes it.
+
+#### Watch events about a particular object
+Events are [entities in their own right](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#event-v1-core).
+You can use the `field_selector` option as part of the watch methods.
+
+```ruby
+client.watch_events(namespace: 'development', field_selector: 'involvedObject.name=redis-master') do |notice|
+  # process notice date
+end
+```
+
+### Delete an entity (by name)
 
 For example: `delete_pod "pod name"` , `delete_replication_controller "rc name"`, `delete_node "node name"`, `delete_secret "secret name"`
 
@@ -526,7 +653,7 @@ delete_options = Kubeclient::Resource.new(
 client.delete_deployment(deployment_name, namespace, delete_options: delete_options)
 ```
 
-#### Create an entity
+### Create an entity
 For example: `create_pod pod_object`, `create_replication_controller rc_obj`, `create_secret secret_object`, `create_resource_quota resource_quota_object`, `create_limit_range limit_range_object`, `create_persistent_volume persistent_volume_object`, `create_persistent_volume_claim persistent_volume_claim_object`, `create_service_account service_account_object`
 
 Input parameter - object of type `Service`, `Pod`, `ReplicationController`.
@@ -552,7 +679,7 @@ service.metadata.labels.role = 'slave'
 client.create_service(service)
 ```
 
-#### Update an entity
+### Update an entity
 For example: `update_pod`, `update_service`, `update_replication_controller`, `update_secret`, `update_resource_quota`, `update_limit_range`, `update_persistent_volume`, `update_persistent_volume_claim`, `update_service_account`
 
 Input parameter - object of type `Pod`, `Service`, `ReplicationController` etc.
@@ -563,7 +690,7 @@ The below example is for v1
 updated = client.update_service(service1)
 ```
 
-#### Patch an entity (by name)
+### Patch an entity (by name)
 For example: `patch_pod`, `patch_service`, `patch_secret`, `patch_resource_quota`, `patch_persistent_volume`
 
 Input parameters - name (string) specifying the entity name, patch (hash) to be applied to the resource, optional: namespace name (string)
@@ -578,41 +705,41 @@ patched = client.patch_pod("docker-registry", {metadata: {annotations: {key: 'va
 
 `patch_#{entity}` is called using a [strategic merge patch](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#notes-on-the-strategic-merge-patch). `json_patch_#{entity}` and `merge_patch_#{entity}` are also available that use JSON patch and JSON merge patch, respectively. These strategies are useful for resources that do not support strategic merge patch, such as Custom Resources. Consult the [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment) for more information about the different patch strategies.
 
-#### Get all entities of all types : all_entities
-Returns a hash with the following keys (node, secret, service, pod, replication_controller, namespace, resource_quota, limit_range, endpoint, event, persistent_volume, persistent_volume_claim, component_status and service_account). Each key points to an EntityList of same type.
-This method is a convenience method instead of calling each entity's get method separately.
+### Apply an entity
 
-```ruby
-client.all_entities
-```
+This is similar to `kubectl apply --server-side` (kubeclient doesn't implement logic for client-side apply). See https://kubernetes.io/docs/reference/using-api/api-concepts/#server-side-apply
 
-#### Receive entity updates
-It is possible to receive live update notices watching the relevant entities:
+For example: `apply_pod`
 
-```ruby
-watcher = client.watch_pods
-watcher.each do |notice|
-  # process notice data
-end
-```
+Input parameters - resource (Kubeclient::Resource) representing the desired state of the resource, field_manager (String) to identify the system managing the state of the resource, force (Boolean) whether or not to override a field managed by someone else.
 
-It is possible to interrupt the watcher from another thread with:
+Example:
 
 ```ruby
-watcher.finish
+service = Kubeclient::Resource.new(
+  metadata: {
+    name: 'redis-master',
+    namespace: 'staging',
+  },
+  spec: {
+    ...
+  }
+)
+
+client.apply_service(service, field_manager: 'myapp')
 ```
 
-#### Watch events for a particular object
-You can use the `field_selector` option as part of the watch methods.
+### Get all entities of all types : all_entities
+
+Makes requests for all entities of each discovered kind (in this client's API group).  This method is a convenience method instead of calling each entity's get method separately.
+
+Returns a hash with keys being the *singular* entity kind, in lowercase underscore style.  For example for core API group may return keys `"node'`, `"secret"`, `"service"`, `"pod"`, `"replication_controller"`, `"namespace"`, `"resource_quota"`, `"limit_range"`, `"endpoint"`, `"event"`, `"persistent_volume"`, `"persistent_volume_claim"`, `"component_status"`, `"service_account"`. Each key points to an EntityList of same type.
 
 ```ruby
-watcher = client.watch_events(namespace: 'development', field_selector: 'involvedObject.name=redis-master')
-watcher.each do |notice|
-  # process notice date
-end
+client.all_entities
 ```
 
-#### Get a proxy URL
+### Get a proxy URL
 You can get a complete URL for connecting a kubernetes entity via the proxy.
 
 ```ruby
@@ -627,7 +754,7 @@ client.proxy_url('pod', 'podname', 5001, 'ns')
 # => "https://localhost.localdomain:8443/api/v1/namespaces/ns/pods/podname:5001/proxy"
 ```
 
-#### Get the logs of a pod
+### Get the logs of a pod
 You can get the logs of a running pod, specifying the name of the pod and the
 namespace where the pod is running:
 
@@ -664,16 +791,21 @@ client.get_pod_log('pod-name', 'default', tail_lines: 10)
 # => "..."
 ```
 
+Kubernetes can fetch a specific number of bytes from the log, but the exact size is not guaranteed and last line may not be terminated:
+```ruby
+client.get_pod_log('pod-name', 'default', limit_bytes: 10)
+# => "..."
+```
+
 You can also watch the logs of a pod to get a stream of data:
 
 ```ruby
-watcher = client.watch_pod_log('pod-name', 'default', container: 'ruby')
-watcher.each do |line|
+client.watch_pod_log('pod-name', 'default', container: 'ruby') do |line|
   puts line
 end
 ```
 
-#### Process a template
+### OpenShift: Process a template
 Returns a processed template containing a list of objects to create.
 Input parameter - template (hash)
 Besides its metadata, the template should include a list of objects to be processed and a list of parameters

data/RELEASING.md

@@ -20,7 +20,9 @@ Edit `CHANGELOG.md` as necessary.  Even if all included changes remembered to up
 
 Bump `lib/kubeclient/version.rb` manually, or by using:
 ```bash
-git checkout -b release-$RELEASE_VERSION
+RELEASE_VERSION=x.y.z
+
+git checkout -b "release-$RELEASE_VERSION" $RELEASE_BRANCH
 # Won't work with uncommitted changes, you have to commit the changelog first.
 gem bump --version $RELEASE_VERSION
 git show # View version bump change.

data/kubeclient.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'bundler', '>= 1.6'
   spec.add_development_dependency 'rake', '~> 12.0'
   spec.add_development_dependency 'minitest'
   spec.add_development_dependency 'minitest-rg'
@@ -30,9 +30,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'googleauth', '~> 0.5.1'
   spec.add_development_dependency('mocha', '~> 1.5')
   spec.add_development_dependency 'openid_connect', '~> 1.1'
-  spec.add_development_dependency 'jsonpath', '~> 1.0'
 
+  spec.add_dependency 'jsonpath', '~> 1.0'
   spec.add_dependency 'rest-client', '~> 2.0'
-  spec.add_dependency 'recursive-open-struct', '~> 1.0', '>= 1.0.4'
-  spec.add_dependency 'http', '~> 3.0'
+  spec.add_dependency 'recursive-open-struct', '~> 1.1', '>= 1.1.1'
+  spec.add_dependency 'http', '>= 3.0', '< 5.0'
 end

data/lib/kubeclient.rb

@@ -28,7 +28,7 @@ module Kubeclient
         uri,
         '/api',
         version,
-        options
+        **options
       )
     end
   end

data/lib/kubeclient/aws_eks_credentials.rb

@@ -38,7 +38,7 @@ module Kubeclient
             'X-K8s-Aws-Id' => eks_cluster
           }
         )
-        kube_token = 'k8s-aws-v1.' + Base64.urlsafe_encode64(presigned_url_string.to_s).chomp('==')
+        kube_token = 'k8s-aws-v1.' + Base64.urlsafe_encode64(presigned_url_string.to_s).sub(/=*$/, '') # rubocop:disable Metrics/LineLength
         kube_token
       end
     end

data/lib/kubeclient/common.rb

@@ -5,7 +5,7 @@ module Kubeclient
   # Common methods
   # this is mixed in by other gems
   module ClientMixin
-    ENTITY_METHODS = %w[get watch delete create update patch json_patch merge_patch].freeze
+    ENTITY_METHODS = %w[get watch delete create update patch json_patch merge_patch apply].freeze
 
     DEFAULT_SSL_OPTIONS = {
       client_cert: nil,
@@ -37,10 +37,11 @@ module Kubeclient
     DEFAULT_HTTP_MAX_REDIRECTS = 10
 
     SEARCH_ARGUMENTS = {
-      'labelSelector' => :label_selector,
-      'fieldSelector' => :field_selector,
-      'limit'         => :limit,
-      'continue'      => :continue
+      'labelSelector'   => :label_selector,
+      'fieldSelector'   => :field_selector,
+      'resourceVersion' => :resource_version,
+      'limit'           => :limit,
+      'continue'        => :continue
     }.freeze
 
     WATCH_ARGUMENTS = {
@@ -212,12 +213,12 @@ module Kubeclient
         end
 
         # watch all entities of a type e.g. watch_nodes, watch_pods, etc.
-        define_singleton_method("watch_#{entity.method_names[1]}") do |options = {}|
+        define_singleton_method("watch_#{entity.method_names[1]}") do |options = {}, &block|
           # This method used to take resource_version as a param, so
           # this conversion is to keep backwards compatibility
           options = { resource_version: options } unless options.is_a?(Hash)
 
-          watch_entities(entity.resource_name, options)
+          watch_entities(entity.resource_name, options, &block)
         end
 
         # get a single entity of a specific type by name
@@ -228,7 +229,7 @@ module Kubeclient
 
         define_singleton_method("delete_#{entity.method_names[0]}") \
         do |name, namespace = nil, opts = {}|
-          delete_entity(entity.resource_name, name, namespace, opts)
+          delete_entity(entity.resource_name, name, namespace, **opts)
         end
 
         define_singleton_method("create_#{entity.method_names[0]}") do |entity_config|
@@ -253,6 +254,10 @@ module Kubeclient
         do |name, patch, namespace = nil|
           patch_entity(entity.resource_name, name, patch, 'merge-patch', namespace)
         end
+
+        define_singleton_method("apply_#{entity.method_names[0]}") do |*args|
+          apply_entity(entity.resource_name, *args)
+        end
       end
     end
     # rubocop:enable  Metrics/BlockLength
@@ -294,7 +299,9 @@ module Kubeclient
     #   :as (:raw|:ros) - defaults to :ros
     #     :raw - return the raw response body as a string
     #     :ros - return a collection of RecursiveOpenStruct objects
-    def watch_entities(resource_name, options = {})
+    # Accepts an optional block, that will be called with each entity,
+    # otherwise returns a WatchStream
+    def watch_entities(resource_name, options = {}, &block)
       ns = build_namespace_prefix(options[:namespace])
 
       path = "watch/#{ns}#{resource_name}"
@@ -305,11 +312,13 @@ module Kubeclient
       WATCH_ARGUMENTS.each { |k, v| params[k] = options[v] if options[v] }
       uri.query = URI.encode_www_form(params) if params.any?
 
-      Kubeclient::Common::WatchStream.new(
+      watcher = Kubeclient::Common::WatchStream.new(
         uri,
         http_options(uri),
         formatter: ->(value) { format_response(options[:as] || @as, value) }
       )
+
+      return_or_yield_to_watcher(watcher, &block)
     end
 
     # Accepts the following options:
@@ -406,6 +415,19 @@ module Kubeclient
       format_response(@as, response.body)
     end
 
+    def apply_entity(resource_name, resource, field_manager:, force: true)
+      name = "#{resource[:metadata][:name]}?fieldManager=#{field_manager}&force=#{force}"
+      ns_prefix = build_namespace_prefix(resource[:metadata][:namespace])
+      response = handle_exception do
+        rest_client[ns_prefix + resource_name + "/#{name}"]
+          .patch(
+            resource.to_json,
+            { 'Content-Type' => 'application/apply-patch+yaml' }.merge(@headers)
+          )
+      end
+      format_response(@as, response.body)
+    end
+
     def all_entities(options = {})
       discover unless @discovered
       @entities.values.each_with_object({}) do |entity, result_hash|
@@ -422,13 +444,14 @@ module Kubeclient
 
     def get_pod_log(pod_name, namespace,
                     container: nil, previous: false,
-                    timestamps: false, since_time: nil, tail_lines: nil)
+                    timestamps: false, since_time: nil, tail_lines: nil, limit_bytes: nil)
       params = {}
       params[:previous] = true if previous
       params[:container] = container if container
       params[:timestamps] = timestamps if timestamps
       params[:sinceTime] = format_datetime(since_time) if since_time
       params[:tailLines] = tail_lines if tail_lines
+      params[:limitBytes] = limit_bytes if limit_bytes
 
       ns = build_namespace_prefix(namespace)
       handle_exception do
@@ -437,7 +460,7 @@ module Kubeclient
       end
     end
 
-    def watch_pod_log(pod_name, namespace, container: nil)
+    def watch_pod_log(pod_name, namespace, container: nil, &block)
       # Adding the "follow=true" query param tells the Kubernetes API to keep
       # the connection open and stream updates to the log.
       params = { follow: true }
@@ -449,7 +472,10 @@ module Kubeclient
       uri.path += "/#{@api_version}/#{ns}pods/#{pod_name}/log"
       uri.query = URI.encode_www_form(params)
 
-      Kubeclient::Common::WatchStream.new(uri, http_options(uri), formatter: ->(value) { value })
+      watcher = Kubeclient::Common::WatchStream.new(
+        uri, http_options(uri), formatter: ->(value) { value }
+      )
+      return_or_yield_to_watcher(watcher, &block)
     end
 
     def proxy_url(kind, name, port, namespace = '')
@@ -586,6 +612,16 @@ module Kubeclient
       raise ArgumentError, msg unless File.readable?(@auth_options[:bearer_token_file])
     end
 
+    def return_or_yield_to_watcher(watcher, &block)
+      return watcher unless block_given?
+
+      begin
+        watcher.each(&block)
+      ensure
+        watcher.finish
+      end
+    end
+
     def http_options(uri)
       options = {
         basic_auth_user: @auth_options[:username],

data/lib/kubeclient/config.rb

@@ -41,6 +41,11 @@ module Kubeclient
     def context(context_name = nil)
       cluster, user, namespace = fetch_context(context_name || @kcfg['current-context'])
 
+      if user.key?('exec')
+        exec_opts = expand_command_option(user['exec'], 'command')
+        user['exec_result'] = ExecCredentials.run(exec_opts)
+      end
+
       ca_cert_data     = fetch_cluster_ca_data(cluster)
       client_cert_data = fetch_user_cert_data(user)
       client_key_data  = fetch_user_key_data(user)
@@ -134,6 +139,8 @@ module Kubeclient
         File.read(ext_file_path(user['client-certificate']))
       elsif user.key?('client-certificate-data')
         Base64.decode64(user['client-certificate-data'])
+      elsif user.key?('exec_result') && user['exec_result'].key?('clientCertificateData')
+        user['exec_result']['clientCertificateData']
       end
     end
 
@@ -142,6 +149,8 @@ module Kubeclient
         File.read(ext_file_path(user['client-key']))
       elsif user.key?('client-key-data')
         Base64.decode64(user['client-key-data'])
+      elsif user.key?('exec_result') && user['exec_result'].key?('clientKeyData')
+        user['exec_result']['clientKeyData']
       end
     end
 
@@ -149,9 +158,8 @@ module Kubeclient
       options = {}
       if user.key?('token')
         options[:bearer_token] = user['token']
-      elsif user.key?('exec')
-        exec_opts = expand_command_option(user['exec'], 'command')
-        options[:bearer_token] = Kubeclient::ExecCredentials.token(exec_opts)
+      elsif user.key?('exec_result') && user['exec_result'].key?('token')
+        options[:bearer_token] = user['exec_result']['token']
       elsif user.key?('auth-provider')
         options[:bearer_token] = fetch_token_from_provider(user['auth-provider'])
       else

data/lib/kubeclient/exec_credentials.rb

@@ -6,7 +6,7 @@ module Kubeclient
   # Inspired by https://github.com/kubernetes/client-go/blob/master/plugin/pkg/client/auth/exec/exec.go
   class ExecCredentials
     class << self
-      def token(opts)
+      def run(opts)
         require 'open3'
         require 'json'
 
@@ -25,7 +25,7 @@ module Kubeclient
 
         creds = JSON.parse(out)
         validate_credentials(opts, creds)
-        creds['status']['token']
+        creds['status']
       end
 
       private
@@ -34,6 +34,36 @@ module Kubeclient
         raise KeyError, 'exec command is required' unless opts['command']
       end
 
+      def validate_client_credentials_status(status)
+        has_client_cert_data = status.key?('clientCertificateData')
+        has_client_key_data = status.key?('clientKeyData')
+
+        if has_client_cert_data && !has_client_key_data
+          raise 'exec plugin didn\'t return client key data'
+        end
+
+        if !has_client_cert_data && has_client_key_data
+          raise 'exec plugin didn\'t return client certificate data'
+        end
+
+        has_client_cert_data && has_client_key_data
+      end
+
+      def validate_credentials_status(status)
+        raise 'exec plugin didn\'t return a status field' if status.nil?
+
+        has_client_credentials = validate_client_credentials_status(status)
+        has_token = status.key?('token')
+
+        if has_client_credentials && has_token
+          raise 'exec plugin returned both token and client data'
+        end
+
+        return if has_client_credentials || has_token
+
+        raise 'exec plugin didn\'t return a token or client data' unless has_token
+      end
+
       def validate_credentials(opts, creds)
         # out should have ExecCredential structure
         raise 'invalid credentials' if creds.nil?
@@ -45,8 +75,7 @@ module Kubeclient
             "plugin returned version #{creds['apiVersion']}"
         end
 
-        raise 'exec plugin didn\'t return a status field' if creds['status'].nil?
-        raise 'exec plugin didn\'t return a token' if creds['status']['token'].nil?
+        validate_credentials_status(creds['status'])
       end
 
       # Transform name/value pairs to hash

data/lib/kubeclient/google_application_default_credentials.rb

@@ -16,7 +16,12 @@ module Kubeclient
                 'googleauth gem. To support auth-provider gcp, you must include it in your ' \
                 "calling application. Failed with: #{e.message}"
         end
-        scopes = ['https://www.googleapis.com/auth/cloud-platform']
+
+        scopes = [
+          'https://www.googleapis.com/auth/cloud-platform',
+          'https://www.googleapis.com/auth/userinfo.email'
+        ]
+
         authorization = Google::Auth.get_application_default(scopes)
         authorization.apply({})
         authorization.access_token

data/lib/kubeclient/version.rb

@@ -1,4 +1,4 @@
 # Kubernetes REST-API Client
 module Kubeclient
-  VERSION = '4.4.0'.freeze
+  VERSION = '4.9.0'.freeze
 end

data/test/test_exec_credentials.rb

@@ -1,13 +1,13 @@
 require_relative 'test_helper'
 require 'open3'
 
-# Unit tests for the ExecCredentials token provider
+# Unit tests for the ExecCredentials provider
 class ExecCredentialsTest < MiniTest::Test
   def test_exec_opts_missing
     expected_msg =
       'exec options are required'
     exception = assert_raises(ArgumentError) do
-      Kubeclient::ExecCredentials.token(nil)
+      Kubeclient::ExecCredentials.run(nil)
     end
     assert_equal(expected_msg, exception.message)
   end
@@ -16,7 +16,7 @@ class ExecCredentialsTest < MiniTest::Test
     expected_msg =
       'exec command is required'
     exception = assert_raises(KeyError) do
-      Kubeclient::ExecCredentials.token({})
+      Kubeclient::ExecCredentials.run({})
     end
     assert_equal(expected_msg, exception.message)
   end
@@ -33,34 +33,134 @@ class ExecCredentialsTest < MiniTest::Test
 
     Open3.stub(:capture3, [nil, err, st]) do
       exception = assert_raises(RuntimeError) do
-        Kubeclient::ExecCredentials.token(opts)
+        Kubeclient::ExecCredentials.run(opts)
       end
       assert_equal(expected_msg, exception.message)
     end
   end
 
-  def test_token
+  def test_run_with_token_credentials
     opts = { 'command' => 'dummy' }
 
+    credentials = {
+      'token' => '0123456789ABCDEF0123456789ABCDEF'
+    }
+
+    creds = JSON.dump(
+      'apiVersion' => 'client.authentication.k8s.io/v1alpha1',
+      'status' => credentials
+    )
+
+    st = Minitest::Mock.new
+    st.expect(:success?, true)
+
+    Open3.stub(:capture3, [creds, nil, st]) do
+      assert_equal(credentials, Kubeclient::ExecCredentials.run(opts))
+    end
+  end
+
+  def test_run_with_client_credentials
+    opts = { 'command' => 'dummy' }
+
+    credentials = {
+      'clientCertificateData' => '0123456789ABCDEF0123456789ABCDEF',
+      'clientKeyData' => '0123456789ABCDEF0123456789ABCDEF'
+    }
+
+    creds = JSON.dump(
+      'apiVersion' => 'client.authentication.k8s.io/v1alpha1',
+      'status' => credentials
+    )
+
+    st = Minitest::Mock.new
+    st.expect(:success?, true)
+
+    Open3.stub(:capture3, [creds, nil, st]) do
+      assert_equal(credentials, Kubeclient::ExecCredentials.run(opts))
+    end
+  end
+
+  def test_run_with_missing_client_certificate_data
+    opts = { 'command' => 'dummy' }
+
+    credentials = {
+      'clientKeyData' => '0123456789ABCDEF0123456789ABCDEF'
+    }
+
+    creds = JSON.dump(
+      'apiVersion' => 'client.authentication.k8s.io/v1alpha1',
+      'status' => credentials
+    )
+
+    st = Minitest::Mock.new
+    st.expect(:success?, true)
+
+    expected_msg = 'exec plugin didn\'t return client certificate data'
+
+    Open3.stub(:capture3, [creds, nil, st]) do
+      exception = assert_raises(RuntimeError) do
+        Kubeclient::ExecCredentials.run(opts)
+      end
+      assert_equal(expected_msg, exception.message)
+    end
+  end
+
+  def test_run_with_missing_client_key_data
+    opts = { 'command' => 'dummy' }
+
+    credentials = {
+      'clientCertificateData' => '0123456789ABCDEF0123456789ABCDEF'
+    }
+
     creds = JSON.dump(
-      'apiVersion': 'client.authentication.k8s.io/v1alpha1',
-      'status': {
-        'token': '0123456789ABCDEF0123456789ABCDEF'
-      }
+      'apiVersion' => 'client.authentication.k8s.io/v1alpha1',
+      'status' => credentials
     )
 
     st = Minitest::Mock.new
     st.expect(:success?, true)
 
+    expected_msg = 'exec plugin didn\'t return client key data'
+
     Open3.stub(:capture3, [creds, nil, st]) do
-      assert_equal('0123456789ABCDEF0123456789ABCDEF', Kubeclient::ExecCredentials.token(opts))
+      exception = assert_raises(RuntimeError) do
+        Kubeclient::ExecCredentials.run(opts)
+      end
+      assert_equal(expected_msg, exception.message)
+    end
+  end
+
+  def test_run_with_client_data_and_token
+    opts = { 'command' => 'dummy' }
+
+    credentials = {
+      'clientCertificateData' => '0123456789ABCDEF0123456789ABCDEF',
+      'clientKeyData' => '0123456789ABCDEF0123456789ABCDEF',
+      'token' => '0123456789ABCDEF0123456789ABCDEF'
+    }
+
+    creds = JSON.dump(
+      'apiVersion' => 'client.authentication.k8s.io/v1alpha1',
+      'status' => credentials
+    )
+
+    st = Minitest::Mock.new
+    st.expect(:success?, true)
+
+    expected_msg = 'exec plugin returned both token and client data'
+
+    Open3.stub(:capture3, [creds, nil, st]) do
+      exception = assert_raises(RuntimeError) do
+        Kubeclient::ExecCredentials.run(opts)
+      end
+      assert_equal(expected_msg, exception.message)
     end
   end
 
   def test_status_missing
     opts = { 'command' => 'dummy' }
 
-    creds = JSON.dump('apiVersion': 'client.authentication.k8s.io/v1alpha1')
+    creds = JSON.dump('apiVersion' => 'client.authentication.k8s.io/v1alpha1')
 
     st = Minitest::Mock.new
     st.expect(:success?, true)
@@ -69,28 +169,28 @@ class ExecCredentialsTest < MiniTest::Test
 
     Open3.stub(:capture3, [creds, nil, st]) do
       exception = assert_raises(RuntimeError) do
-        Kubeclient::ExecCredentials.token(opts)
+        Kubeclient::ExecCredentials.run(opts)
       end
       assert_equal(expected_msg, exception.message)
     end
   end
 
-  def test_token_missing
+  def test_credentials_missing
     opts = { 'command' => 'dummy' }
 
     creds = JSON.dump(
-      'apiVersion': 'client.authentication.k8s.io/v1alpha1',
-      'status': {}
+      'apiVersion' => 'client.authentication.k8s.io/v1alpha1',
+      'status' => {}
     )
 
     st = Minitest::Mock.new
     st.expect(:success?, true)
 
-    expected_msg = 'exec plugin didn\'t return a token'
+    expected_msg = 'exec plugin didn\'t return a token or client data'
 
     Open3.stub(:capture3, [creds, nil, st]) do
       exception = assert_raises(RuntimeError) do
-        Kubeclient::ExecCredentials.token(opts)
+        Kubeclient::ExecCredentials.run(opts)
       end
       assert_equal(expected_msg, exception.message)
     end
@@ -106,7 +206,7 @@ class ExecCredentialsTest < MiniTest::Test
     }
 
     creds = JSON.dump(
-      'apiVersion': api_version
+      'apiVersion' => api_version
     )
 
     st = Minitest::Mock.new
@@ -117,7 +217,7 @@ class ExecCredentialsTest < MiniTest::Test
 
     Open3.stub(:capture3, [creds, nil, st]) do
       exception = assert_raises(RuntimeError) do
-        Kubeclient::ExecCredentials.token(opts)
+        Kubeclient::ExecCredentials.run(opts)
       end
       assert_equal(expected_msg, exception.message)
     end

data/test/test_kubeclient.rb

@@ -296,6 +296,22 @@ class KubeclientTest < MiniTest::Test
     )
   end
 
+  def test_entities_with_resource_version
+    version = '329'
+
+    stub_core_api_list
+    stub_get_services
+
+    services = client.get_services(resource_version: version)
+
+    assert_instance_of(Kubeclient::Common::EntityList, services)
+    assert_requested(
+      :get,
+      "http://localhost:8080/api/v1/services?resourceVersion=#{version}",
+      times: 1
+    )
+  end
+
   def test_entities_with_field_selector
     selector = 'involvedObject.name=redis-master'
 

data/test/test_pod_log.rb

@@ -69,12 +69,31 @@ class TestPodLog < MiniTest::Test
                      times: 1)
   end
 
+  def test_get_pod_limit_bytes
+    selected_bytes = open_test_file('pod_log.txt').read(10)
+
+    stub_request(:get, %r{/namespaces/default/pods/[a-z0-9-]+/log})
+      .to_return(body: selected_bytes,
+                 status: 200)
+
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
+    retrieved_log = client.get_pod_log('redis-master-pod',
+                                       'default',
+                                       limit_bytes: 10)
+
+    assert_equal(selected_bytes, retrieved_log)
+
+    assert_requested(:get,
+                     'http://localhost:8080/api/v1/namespaces/default/pods/redis-master-pod/log?limitBytes=10',
+                     times: 1)
+  end
+
   def test_watch_pod_log
-    expected_lines = open_test_file('pod_log.txt').read.split("\n")
+    file = open_test_file('pod_log.txt')
+    expected_lines = file.read.split("\n")
 
     stub_request(:get, %r{/namespaces/default/pods/[a-z0-9-]+/log\?.*follow})
-      .to_return(body: open_test_file('pod_log.txt'),
-                 status: 200)
+      .to_return(body: file, status: 200)
 
     client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
 
@@ -85,6 +104,21 @@ class TestPodLog < MiniTest::Test
     end
   end
 
+  def test_watch_pod_log_with_block
+    file = open_test_file('pod_log.txt')
+    first = file.readlines.first.chomp
+
+    stub_request(:get, %r{/namespaces/default/pods/[a-z0-9-]+/log\?.*follow})
+      .to_return(body: file, status: 200)
+
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
+
+    client.watch_pod_log('redis-master-pod', 'default') do |line|
+      assert_equal first, line
+      break
+    end
+  end
+
   def test_watch_pod_log_follow_redirect
     expected_lines = open_test_file('pod_log.txt').read.split("\n")
     redirect = 'http://localhost:1234/api/namespaces/default/pods/redis-master-pod/log'

data/test/test_service.rb

@@ -274,6 +274,33 @@ class TestService < MiniTest::Test
     end
   end
 
+  def test_apply_service
+    service = Kubeclient::Resource.new
+    name = 'my_service'
+
+    service.metadata = {}
+    service.metadata.name      = name
+    service.metadata.namespace = 'development'
+    service.metadata.annotations = {}
+    service.metadata.annotations['key'] = 'value'
+
+    stub_core_api_list
+    resource_name = "#{name}?fieldManager=myapp&force=true"
+    expected_url = "http://localhost:8080/api/v1/namespaces/development/services/#{resource_name}"
+    stub_request(:patch, expected_url)
+      .to_return(body: open_test_file('service_patch.json'), status: 200)
+
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
+    service = client.apply_service(service, field_manager: 'myapp')
+    assert_kind_of(RecursiveOpenStruct, service)
+
+    assert_requested(:patch, expected_url, times: 1) do |req|
+      data = JSON.parse(req.body)
+      req.headers['Content-Type'] == 'application/apply-patch+yaml' &&
+        data['metadata']['annotations']['key'] == 'value'
+    end
+  end
+
   def test_json_patch_service
     service = Kubeclient::Resource.new
     name = 'my-service'

data/test/test_watch.rb

@@ -27,6 +27,19 @@ class TestWatch < MiniTest::Test
     end
   end
 
+  def test_watch_pod_block
+    stub_core_api_list
+    stub_request(:get, %r{/watch/pods})
+      .to_return(body: open_test_file('watch_stream.json'),
+                 status: 200)
+
+    client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
+    yielded = []
+    client.watch_pods { |notice| yielded << notice.type }
+
+    assert_equal %w[ADDED MODIFIED DELETED], yielded
+  end
+
   def test_watch_pod_raw
     stub_core_api_list
 

metadata

@@ -1,27 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: kubeclient
 version: !ruby/object:Gem::Version
-  version: 4.4.0
+  version: 4.9.0
 platform: ruby
 authors:
 - Alissa Bonas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-03 00:00:00.000000000 Z
+date: 2020-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.6'
 - !ruby/object:Gem::Dependency
@@ -157,7 +157,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -184,34 +184,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.4
+        version: 1.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.4
+        version: 1.1.1
 - !ruby/object:Gem::Dependency
   name: http
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
 description: A client for Kubernetes REST api
 email:
 - abonas@redhat.com
@@ -366,8 +372,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: A client for Kubernetes REST api