kubeclient 4.6.0 → 4.9.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of kubeclient might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/workflows/actions.yml +35 -0
- data/CHANGELOG.md +37 -0
- data/README.md +155 -37
- data/RELEASING.md +3 -1
- data/kubeclient.gemspec +5 -4
- data/lib/kubeclient.rb +1 -1
- data/lib/kubeclient/common.rb +35 -6
- data/lib/kubeclient/config.rb +17 -4
- data/lib/kubeclient/exec_credentials.rb +33 -4
- data/lib/kubeclient/google_application_default_credentials.rb +6 -1
- data/lib/kubeclient/version.rb +1 -1
- metadata +13 -217
- data/.travis.yml +0 -26
- data/test/cassettes/kubernetes_guestbook.yml +0 -879
- data/test/config/allinone.kubeconfig +0 -20
- data/test/config/execauth.kubeconfig +0 -62
- data/test/config/external-ca.pem +0 -18
- data/test/config/external-cert.pem +0 -19
- data/test/config/external-key.rsa +0 -27
- data/test/config/external.kubeconfig +0 -20
- data/test/config/gcpauth.kubeconfig +0 -22
- data/test/config/gcpcmdauth.kubeconfig +0 -26
- data/test/config/nouser.kubeconfig +0 -16
- data/test/config/oidcauth.kubeconfig +0 -25
- data/test/config/timestamps.kubeconfig +0 -25
- data/test/config/userauth.kubeconfig +0 -28
- data/test/json/bindings_list.json +0 -10
- data/test/json/component_status.json +0 -17
- data/test/json/component_status_list.json +0 -52
- data/test/json/config.istio.io_api_resource_list.json +0 -679
- data/test/json/config_map_list.json +0 -9
- data/test/json/core_api_resource_list.json +0 -181
- data/test/json/core_api_resource_list_without_kind.json +0 -129
- data/test/json/core_oapi_resource_list_without_kind.json +0 -197
- data/test/json/created_endpoint.json +0 -28
- data/test/json/created_namespace.json +0 -20
- data/test/json/created_secret.json +0 -16
- data/test/json/created_security_context_constraint.json +0 -65
- data/test/json/created_service.json +0 -31
- data/test/json/empty_pod_list.json +0 -9
- data/test/json/endpoint_list.json +0 -48
- data/test/json/entity_list.json +0 -56
- data/test/json/event_list.json +0 -35
- data/test/json/extensions_v1beta1_api_resource_list.json +0 -217
- data/test/json/limit_range.json +0 -23
- data/test/json/limit_range_list.json +0 -31
- data/test/json/namespace.json +0 -13
- data/test/json/namespace_exception.json +0 -8
- data/test/json/namespace_list.json +0 -32
- data/test/json/node.json +0 -29
- data/test/json/node_list.json +0 -37
- data/test/json/node_notice.json +0 -160
- data/test/json/persistent_volume.json +0 -37
- data/test/json/persistent_volume_claim.json +0 -32
- data/test/json/persistent_volume_claim_list.json +0 -40
- data/test/json/persistent_volume_claims_nil_items.json +0 -8
- data/test/json/persistent_volume_list.json +0 -45
- data/test/json/pod.json +0 -92
- data/test/json/pod_list.json +0 -79
- data/test/json/pod_template_list.json +0 -9
- data/test/json/pods_1.json +0 -265
- data/test/json/pods_2.json +0 -102
- data/test/json/pods_410.json +0 -9
- data/test/json/processed_template.json +0 -27
- data/test/json/replication_controller.json +0 -57
- data/test/json/replication_controller_list.json +0 -66
- data/test/json/resource_quota.json +0 -46
- data/test/json/resource_quota_list.json +0 -54
- data/test/json/secret_list.json +0 -44
- data/test/json/security.openshift.io_api_resource_list.json +0 -69
- data/test/json/security_context_constraint_list.json +0 -375
- data/test/json/service.json +0 -33
- data/test/json/service_account.json +0 -25
- data/test/json/service_account_list.json +0 -82
- data/test/json/service_illegal_json_404.json +0 -1
- data/test/json/service_json_patch.json +0 -26
- data/test/json/service_list.json +0 -97
- data/test/json/service_merge_patch.json +0 -26
- data/test/json/service_patch.json +0 -25
- data/test/json/service_update.json +0 -22
- data/test/json/template.json +0 -27
- data/test/json/template.openshift.io_api_resource_list.json +0 -75
- data/test/json/template_list.json +0 -35
- data/test/json/versions_list.json +0 -6
- data/test/json/watch_stream.json +0 -3
- data/test/test_common.rb +0 -95
- data/test/test_component_status.rb +0 -29
- data/test/test_config.rb +0 -222
- data/test/test_endpoint.rb +0 -54
- data/test/test_exec_credentials.rb +0 -125
- data/test/test_gcp_command_credentials.rb +0 -27
- data/test/test_google_application_default_credentials.rb +0 -15
- data/test/test_guestbook_go.rb +0 -235
- data/test/test_helper.rb +0 -18
- data/test/test_kubeclient.rb +0 -881
- data/test/test_limit_range.rb +0 -25
- data/test/test_missing_methods.rb +0 -80
- data/test/test_namespace.rb +0 -59
- data/test/test_node.rb +0 -70
- data/test/test_oidc_auth_provider.rb +0 -103
- data/test/test_persistent_volume.rb +0 -29
- data/test/test_persistent_volume_claim.rb +0 -28
- data/test/test_pod.rb +0 -81
- data/test/test_pod_log.rb +0 -157
- data/test/test_process_template.rb +0 -80
- data/test/test_replication_controller.rb +0 -47
- data/test/test_resource_list_without_kind.rb +0 -78
- data/test/test_resource_quota.rb +0 -23
- data/test/test_secret.rb +0 -62
- data/test/test_security_context_constraint.rb +0 -62
- data/test/test_service.rb +0 -330
- data/test/test_service_account.rb +0 -26
- data/test/test_watch.rb +0 -195
- data/test/txt/pod_log.txt +0 -6
- data/test/valid_token_file +0 -1
@@ -1,29 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
|
3
|
-
# ComponentStatus tests
|
4
|
-
class TestComponentStatus < MiniTest::Test
|
5
|
-
def test_get_from_json_v3
|
6
|
-
stub_core_api_list
|
7
|
-
stub_request(:get, %r{/componentstatuses})
|
8
|
-
.to_return(body: open_test_file('component_status.json'), status: 200)
|
9
|
-
|
10
|
-
client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
|
11
|
-
component_status = client.get_component_status('etcd-0', 'default')
|
12
|
-
|
13
|
-
assert_instance_of(Kubeclient::Resource, component_status)
|
14
|
-
assert_equal('etcd-0', component_status.metadata.name)
|
15
|
-
assert_equal('Healthy', component_status.conditions[0].type)
|
16
|
-
assert_equal('True', component_status.conditions[0].status)
|
17
|
-
|
18
|
-
assert_requested(
|
19
|
-
:get,
|
20
|
-
'http://localhost:8080/api/v1',
|
21
|
-
times: 1
|
22
|
-
)
|
23
|
-
assert_requested(
|
24
|
-
:get,
|
25
|
-
'http://localhost:8080/api/v1/namespaces/default/componentstatuses/etcd-0',
|
26
|
-
times: 1
|
27
|
-
)
|
28
|
-
end
|
29
|
-
end
|
data/test/test_config.rb
DELETED
@@ -1,222 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
require 'yaml'
|
3
|
-
require 'open3'
|
4
|
-
|
5
|
-
# Testing Kubernetes client configuration
|
6
|
-
class KubeclientConfigTest < MiniTest::Test
|
7
|
-
def test_allinone
|
8
|
-
config = Kubeclient::Config.read(config_file('allinone.kubeconfig'))
|
9
|
-
assert_equal(['default/localhost:8443/system:admin'], config.contexts)
|
10
|
-
check_context(config.context, ssl: true)
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_external
|
14
|
-
config = Kubeclient::Config.read(config_file('external.kubeconfig'))
|
15
|
-
assert_equal(['default/localhost:8443/system:admin'], config.contexts)
|
16
|
-
check_context(config.context, ssl: true)
|
17
|
-
end
|
18
|
-
|
19
|
-
def test_allinone_nopath
|
20
|
-
yaml = File.read(config_file('allinone.kubeconfig'))
|
21
|
-
# A self-contained config shouldn't depend on kcfg_path.
|
22
|
-
config = Kubeclient::Config.new(YAML.safe_load(yaml), nil)
|
23
|
-
assert_equal(['default/localhost:8443/system:admin'], config.contexts)
|
24
|
-
check_context(config.context, ssl: true)
|
25
|
-
end
|
26
|
-
|
27
|
-
def test_external_nopath
|
28
|
-
yaml = File.read(config_file('external.kubeconfig'))
|
29
|
-
# kcfg_path = nil should prevent file access
|
30
|
-
config = Kubeclient::Config.new(YAML.safe_load(yaml), nil)
|
31
|
-
assert_raises(StandardError) do
|
32
|
-
config.context
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_external_nopath_absolute
|
37
|
-
yaml = File.read(config_file('external.kubeconfig'))
|
38
|
-
# kcfg_path = nil should prevent file access, even if absolute path specified
|
39
|
-
ca_absolute_path = File.absolute_path(config_file('external-'))
|
40
|
-
yaml = yaml.gsub('external-', ca_absolute_path)
|
41
|
-
config = Kubeclient::Config.new(YAML.safe_load(yaml), nil)
|
42
|
-
assert_raises(StandardError) do
|
43
|
-
config.context
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_nouser
|
48
|
-
config = Kubeclient::Config.read(config_file('nouser.kubeconfig'))
|
49
|
-
assert_equal(['default/localhost:8443/nouser'], config.contexts)
|
50
|
-
check_context(config.context, ssl: false)
|
51
|
-
end
|
52
|
-
|
53
|
-
def test_user_token
|
54
|
-
config = Kubeclient::Config.read(config_file('userauth.kubeconfig'))
|
55
|
-
assert_equal(['localhost/system:admin:token', 'localhost/system:admin:userpass'],
|
56
|
-
config.contexts)
|
57
|
-
context = config.context('localhost/system:admin:token')
|
58
|
-
check_context(context, ssl: false)
|
59
|
-
assert_equal('0123456789ABCDEF0123456789ABCDEF', context.auth_options[:bearer_token])
|
60
|
-
end
|
61
|
-
|
62
|
-
def test_user_password
|
63
|
-
config = Kubeclient::Config.read(config_file('userauth.kubeconfig'))
|
64
|
-
assert_equal(['localhost/system:admin:token', 'localhost/system:admin:userpass'],
|
65
|
-
config.contexts)
|
66
|
-
context = config.context('localhost/system:admin:userpass')
|
67
|
-
check_context(context, ssl: false)
|
68
|
-
assert_equal('admin', context.auth_options[:username])
|
69
|
-
assert_equal('pAssw0rd123', context.auth_options[:password])
|
70
|
-
end
|
71
|
-
|
72
|
-
def test_timestamps
|
73
|
-
# Test YAML parsing doesn't crash on YAML timestamp syntax.
|
74
|
-
Kubeclient::Config.read(config_file('timestamps.kubeconfig'))
|
75
|
-
end
|
76
|
-
|
77
|
-
def test_user_exec
|
78
|
-
token = '0123456789ABCDEF0123456789ABCDEF'
|
79
|
-
creds = {
|
80
|
-
'apiVersion': 'client.authentication.k8s.io/v1beta1',
|
81
|
-
'status': {
|
82
|
-
'token': token
|
83
|
-
}
|
84
|
-
}
|
85
|
-
|
86
|
-
config = Kubeclient::Config.read(config_file('execauth.kubeconfig'))
|
87
|
-
assert_equal(['localhost/system:admin:exec-search-path',
|
88
|
-
'localhost/system:admin:exec-relative-path',
|
89
|
-
'localhost/system:admin:exec-absolute-path'],
|
90
|
-
config.contexts)
|
91
|
-
|
92
|
-
# A bare command name in config means search PATH, so it's executed as bare command.
|
93
|
-
stub_exec(%r{^example-exec-plugin$}, creds) do
|
94
|
-
context = config.context('localhost/system:admin:exec-search-path')
|
95
|
-
check_context(context, ssl: false)
|
96
|
-
assert_equal(token, context.auth_options[:bearer_token])
|
97
|
-
end
|
98
|
-
|
99
|
-
# A relative path is taken relative to the dir of the kubeconfig.
|
100
|
-
stub_exec(%r{.*config/dir/example-exec-plugin$}, creds) do
|
101
|
-
context = config.context('localhost/system:admin:exec-relative-path')
|
102
|
-
check_context(context, ssl: false)
|
103
|
-
assert_equal(token, context.auth_options[:bearer_token])
|
104
|
-
end
|
105
|
-
|
106
|
-
# An absolute path is taken as-is.
|
107
|
-
stub_exec(%r{^/abs/path/example-exec-plugin$}, creds) do
|
108
|
-
context = config.context('localhost/system:admin:exec-absolute-path')
|
109
|
-
check_context(context, ssl: false)
|
110
|
-
assert_equal(token, context.auth_options[:bearer_token])
|
111
|
-
end
|
112
|
-
end
|
113
|
-
|
114
|
-
def test_user_exec_nopath
|
115
|
-
yaml = File.read(config_file('execauth.kubeconfig'))
|
116
|
-
config = Kubeclient::Config.new(YAML.safe_load(yaml), nil)
|
117
|
-
config.contexts.each do |context_name|
|
118
|
-
Open3.stub(:capture3, proc { flunk 'should not execute command' }) do
|
119
|
-
assert_raises(StandardError) do
|
120
|
-
config.context(context_name)
|
121
|
-
end
|
122
|
-
end
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
|
-
def test_gcp_default_auth
|
127
|
-
Kubeclient::GoogleApplicationDefaultCredentials.expects(:token).returns('token1').once
|
128
|
-
parsed = YAML.safe_load(File.read(config_file('gcpauth.kubeconfig')), [Date, Time])
|
129
|
-
config = Kubeclient::Config.new(parsed, nil)
|
130
|
-
config.context(config.contexts.first)
|
131
|
-
end
|
132
|
-
|
133
|
-
# Each call to .context() obtains a new token, calling .auth_options doesn't change anything.
|
134
|
-
# NOTE: this is not a guarantee, may change, just testing current behavior.
|
135
|
-
def test_gcp_default_auth_renew
|
136
|
-
Kubeclient::GoogleApplicationDefaultCredentials.expects(:token).returns('token1').once
|
137
|
-
parsed = YAML.safe_load(File.read(config_file('gcpauth.kubeconfig')), [Date, Time])
|
138
|
-
config = Kubeclient::Config.new(parsed, nil)
|
139
|
-
context = config.context(config.contexts.first)
|
140
|
-
assert_equal({ bearer_token: 'token1' }, context.auth_options)
|
141
|
-
assert_equal({ bearer_token: 'token1' }, context.auth_options)
|
142
|
-
|
143
|
-
Kubeclient::GoogleApplicationDefaultCredentials.expects(:token).returns('token2').once
|
144
|
-
context2 = config.context(config.contexts.first)
|
145
|
-
assert_equal({ bearer_token: 'token2' }, context2.auth_options)
|
146
|
-
assert_equal({ bearer_token: 'token1' }, context.auth_options)
|
147
|
-
end
|
148
|
-
|
149
|
-
def test_gcp_command_auth
|
150
|
-
Kubeclient::GCPCommandCredentials.expects(:token)
|
151
|
-
.with('access-token' => '<fake_token>',
|
152
|
-
'cmd-args' => 'config config-helper --format=json',
|
153
|
-
'cmd-path' => '/path/to/gcloud',
|
154
|
-
'expiry' => '2019-04-09 19:26:18 UTC',
|
155
|
-
'expiry-key' => '{.credential.token_expiry}',
|
156
|
-
'token-key' => '{.credential.access_token}')
|
157
|
-
.returns('token1')
|
158
|
-
.once
|
159
|
-
config = Kubeclient::Config.read(config_file('gcpcmdauth.kubeconfig'))
|
160
|
-
config.context(config.contexts.first)
|
161
|
-
end
|
162
|
-
|
163
|
-
def test_oidc_auth_provider
|
164
|
-
Kubeclient::OIDCAuthProvider.expects(:token)
|
165
|
-
.with('client-id' => 'fake-client-id',
|
166
|
-
'client-secret' => 'fake-client-secret',
|
167
|
-
'id-token' => 'fake-id-token',
|
168
|
-
'idp-issuer-url' => 'https://accounts.google.com',
|
169
|
-
'refresh-token' => 'fake-refresh-token')
|
170
|
-
.returns('token1')
|
171
|
-
.once
|
172
|
-
parsed = YAML.safe_load(File.read(config_file('oidcauth.kubeconfig')))
|
173
|
-
config = Kubeclient::Config.new(parsed, nil)
|
174
|
-
config.context(config.contexts.first)
|
175
|
-
end
|
176
|
-
|
177
|
-
private
|
178
|
-
|
179
|
-
def check_context(context, ssl: true)
|
180
|
-
assert_equal('https://localhost:8443', context.api_endpoint)
|
181
|
-
assert_equal('v1', context.api_version)
|
182
|
-
assert_equal('default', context.namespace)
|
183
|
-
if ssl
|
184
|
-
assert_equal(OpenSSL::SSL::VERIFY_PEER, context.ssl_options[:verify_ssl])
|
185
|
-
assert_kind_of(OpenSSL::X509::Store, context.ssl_options[:cert_store])
|
186
|
-
assert_kind_of(OpenSSL::X509::Certificate, context.ssl_options[:client_cert])
|
187
|
-
assert_kind_of(OpenSSL::PKey::RSA, context.ssl_options[:client_key])
|
188
|
-
# When certificates expire the quickest way to recreate them is using
|
189
|
-
# an OpenShift tool (100% compatible with kubernetes):
|
190
|
-
#
|
191
|
-
# $ oc adm ca create-master-certs --hostnames=localhost
|
192
|
-
#
|
193
|
-
# At the time of this writing the files to be updated are:
|
194
|
-
#
|
195
|
-
# cp openshift.local.config/master/admin.kubeconfig test/config/allinone.kubeconfig
|
196
|
-
# cp openshift.local.config/master/ca.crt test/config/external-ca.pem
|
197
|
-
# cp openshift.local.config/master/admin.crt test/config/external-cert.pem
|
198
|
-
# cp openshift.local.config/master/admin.key test/config/external-key.rsa
|
199
|
-
assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert]))
|
200
|
-
else
|
201
|
-
assert_equal(OpenSSL::SSL::VERIFY_NONE, context.ssl_options[:verify_ssl])
|
202
|
-
end
|
203
|
-
end
|
204
|
-
|
205
|
-
def config_file(name)
|
206
|
-
File.join(File.dirname(__FILE__), 'config', name)
|
207
|
-
end
|
208
|
-
|
209
|
-
def stub_exec(command_regexp, creds)
|
210
|
-
st = Minitest::Mock.new
|
211
|
-
st.expect(:success?, true)
|
212
|
-
|
213
|
-
capture3_stub = lambda do |_env, command, *_args|
|
214
|
-
assert_match command_regexp, command
|
215
|
-
[JSON.dump(creds), nil, st]
|
216
|
-
end
|
217
|
-
|
218
|
-
Open3.stub(:capture3, capture3_stub) do
|
219
|
-
yield
|
220
|
-
end
|
221
|
-
end
|
222
|
-
end
|
data/test/test_endpoint.rb
DELETED
@@ -1,54 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
|
3
|
-
# kind: 'Endpoints' entity tests.
|
4
|
-
# This is one of the unusual `kind`s that are already plural (https://github.com/kubernetes/kubernetes/issues/8115).
|
5
|
-
# We force singular in method names like 'create_endpoint',
|
6
|
-
# but `kind` should remain plural as in kubernetes.
|
7
|
-
class TestEndpoint < MiniTest::Test
|
8
|
-
def test_create_endpoint
|
9
|
-
stub_core_api_list
|
10
|
-
testing_ep = Kubeclient::Resource.new
|
11
|
-
testing_ep.metadata = {}
|
12
|
-
testing_ep.metadata.name = 'myendpoint'
|
13
|
-
testing_ep.metadata.namespace = 'default'
|
14
|
-
testing_ep.subsets = [
|
15
|
-
{
|
16
|
-
'addresses' => [{ 'ip' => '172.17.0.25' }],
|
17
|
-
'ports' => [{ 'name' => 'https', 'port' => 6443, 'protocol' => 'TCP' }]
|
18
|
-
}
|
19
|
-
]
|
20
|
-
|
21
|
-
req_body = '{"metadata":{"name":"myendpoint","namespace":"default"},' \
|
22
|
-
'"subsets":[{"addresses":[{"ip":"172.17.0.25"}],"ports":[{"name":"https",' \
|
23
|
-
'"port":6443,"protocol":"TCP"}]}],"kind":"Endpoints","apiVersion":"v1"}'
|
24
|
-
|
25
|
-
stub_request(:post, 'http://localhost:8080/api/v1/namespaces/default/endpoints')
|
26
|
-
.with(body: req_body)
|
27
|
-
.to_return(body: open_test_file('created_endpoint.json'), status: 201)
|
28
|
-
|
29
|
-
client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
|
30
|
-
created_ep = client.create_endpoint(testing_ep)
|
31
|
-
assert_equal('Endpoints', created_ep.kind)
|
32
|
-
assert_equal('v1', created_ep.apiVersion)
|
33
|
-
|
34
|
-
client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1', as: :parsed_symbolized)
|
35
|
-
created_ep = client.create_endpoint(testing_ep)
|
36
|
-
assert_equal('Endpoints', created_ep[:kind])
|
37
|
-
assert_equal('v1', created_ep[:apiVersion])
|
38
|
-
end
|
39
|
-
|
40
|
-
def test_get_endpoints
|
41
|
-
stub_core_api_list
|
42
|
-
stub_request(:get, %r{/endpoints})
|
43
|
-
.to_return(body: open_test_file('endpoint_list.json'), status: 200)
|
44
|
-
client = Kubeclient::Client.new('http://localhost:8080/api/', 'v1')
|
45
|
-
|
46
|
-
collection = client.get_endpoints(as: :parsed_symbolized)
|
47
|
-
assert_equal('EndpointsList', collection[:kind])
|
48
|
-
assert_equal('v1', collection[:apiVersion])
|
49
|
-
|
50
|
-
# Stripping of 'List' in collection.kind RecursiveOpenStruct mode only is historic.
|
51
|
-
collection = client.get_endpoints
|
52
|
-
assert_equal('Endpoints', collection.kind)
|
53
|
-
end
|
54
|
-
end
|
@@ -1,125 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
require 'open3'
|
3
|
-
|
4
|
-
# Unit tests for the ExecCredentials token provider
|
5
|
-
class ExecCredentialsTest < MiniTest::Test
|
6
|
-
def test_exec_opts_missing
|
7
|
-
expected_msg =
|
8
|
-
'exec options are required'
|
9
|
-
exception = assert_raises(ArgumentError) do
|
10
|
-
Kubeclient::ExecCredentials.token(nil)
|
11
|
-
end
|
12
|
-
assert_equal(expected_msg, exception.message)
|
13
|
-
end
|
14
|
-
|
15
|
-
def test_exec_command_missing
|
16
|
-
expected_msg =
|
17
|
-
'exec command is required'
|
18
|
-
exception = assert_raises(KeyError) do
|
19
|
-
Kubeclient::ExecCredentials.token({})
|
20
|
-
end
|
21
|
-
assert_equal(expected_msg, exception.message)
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_exec_command_failure
|
25
|
-
err = 'Error'
|
26
|
-
expected_msg =
|
27
|
-
"exec command failed: #{err}"
|
28
|
-
|
29
|
-
st = Minitest::Mock.new
|
30
|
-
st.expect(:success?, false)
|
31
|
-
|
32
|
-
opts = { 'command' => 'dummy' }
|
33
|
-
|
34
|
-
Open3.stub(:capture3, [nil, err, st]) do
|
35
|
-
exception = assert_raises(RuntimeError) do
|
36
|
-
Kubeclient::ExecCredentials.token(opts)
|
37
|
-
end
|
38
|
-
assert_equal(expected_msg, exception.message)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
def test_token
|
43
|
-
opts = { 'command' => 'dummy' }
|
44
|
-
|
45
|
-
creds = JSON.dump(
|
46
|
-
'apiVersion': 'client.authentication.k8s.io/v1alpha1',
|
47
|
-
'status': {
|
48
|
-
'token': '0123456789ABCDEF0123456789ABCDEF'
|
49
|
-
}
|
50
|
-
)
|
51
|
-
|
52
|
-
st = Minitest::Mock.new
|
53
|
-
st.expect(:success?, true)
|
54
|
-
|
55
|
-
Open3.stub(:capture3, [creds, nil, st]) do
|
56
|
-
assert_equal('0123456789ABCDEF0123456789ABCDEF', Kubeclient::ExecCredentials.token(opts))
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
def test_status_missing
|
61
|
-
opts = { 'command' => 'dummy' }
|
62
|
-
|
63
|
-
creds = JSON.dump('apiVersion': 'client.authentication.k8s.io/v1alpha1')
|
64
|
-
|
65
|
-
st = Minitest::Mock.new
|
66
|
-
st.expect(:success?, true)
|
67
|
-
|
68
|
-
expected_msg = 'exec plugin didn\'t return a status field'
|
69
|
-
|
70
|
-
Open3.stub(:capture3, [creds, nil, st]) do
|
71
|
-
exception = assert_raises(RuntimeError) do
|
72
|
-
Kubeclient::ExecCredentials.token(opts)
|
73
|
-
end
|
74
|
-
assert_equal(expected_msg, exception.message)
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
def test_token_missing
|
79
|
-
opts = { 'command' => 'dummy' }
|
80
|
-
|
81
|
-
creds = JSON.dump(
|
82
|
-
'apiVersion': 'client.authentication.k8s.io/v1alpha1',
|
83
|
-
'status': {}
|
84
|
-
)
|
85
|
-
|
86
|
-
st = Minitest::Mock.new
|
87
|
-
st.expect(:success?, true)
|
88
|
-
|
89
|
-
expected_msg = 'exec plugin didn\'t return a token'
|
90
|
-
|
91
|
-
Open3.stub(:capture3, [creds, nil, st]) do
|
92
|
-
exception = assert_raises(RuntimeError) do
|
93
|
-
Kubeclient::ExecCredentials.token(opts)
|
94
|
-
end
|
95
|
-
assert_equal(expected_msg, exception.message)
|
96
|
-
end
|
97
|
-
end
|
98
|
-
|
99
|
-
def test_api_version_mismatch
|
100
|
-
api_version = 'client.authentication.k8s.io/v1alpha1'
|
101
|
-
expected_version = 'client.authentication.k8s.io/v1beta1'
|
102
|
-
|
103
|
-
opts = {
|
104
|
-
'command' => 'dummy',
|
105
|
-
'apiVersion' => expected_version
|
106
|
-
}
|
107
|
-
|
108
|
-
creds = JSON.dump(
|
109
|
-
'apiVersion': api_version
|
110
|
-
)
|
111
|
-
|
112
|
-
st = Minitest::Mock.new
|
113
|
-
st.expect(:success?, true)
|
114
|
-
|
115
|
-
expected_msg = "exec plugin is configured to use API version #{expected_version}," \
|
116
|
-
" plugin returned version #{api_version}"
|
117
|
-
|
118
|
-
Open3.stub(:capture3, [creds, nil, st]) do
|
119
|
-
exception = assert_raises(RuntimeError) do
|
120
|
-
Kubeclient::ExecCredentials.token(opts)
|
121
|
-
end
|
122
|
-
assert_equal(expected_msg, exception.message)
|
123
|
-
end
|
124
|
-
end
|
125
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
require 'open3'
|
3
|
-
|
4
|
-
# Unit tests for the GCPCommandCredentials token provider
|
5
|
-
class GCPCommandCredentialsTest < MiniTest::Test
|
6
|
-
def test_token
|
7
|
-
opts = { 'cmd-args' => 'config config-helper --format=json',
|
8
|
-
'cmd-path' => '/path/to/gcloud',
|
9
|
-
'expiry-key' => '{.credential.token_expiry}',
|
10
|
-
'token-key' => '{.credential.access_token}' }
|
11
|
-
|
12
|
-
creds = JSON.dump(
|
13
|
-
'credential' => {
|
14
|
-
'access_token' => '9A3A941836F2458175BE18AA1971EBBF47949B07',
|
15
|
-
'token_expiry' => '2019-04-12T15:02:51Z'
|
16
|
-
}
|
17
|
-
)
|
18
|
-
|
19
|
-
st = Minitest::Mock.new
|
20
|
-
st.expect(:success?, true)
|
21
|
-
|
22
|
-
Open3.stub(:capture3, [creds, nil, st]) do
|
23
|
-
assert_equal('9A3A941836F2458175BE18AA1971EBBF47949B07',
|
24
|
-
Kubeclient::GCPCommandCredentials.token(opts))
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|