kubeclient 4.9.3 → 4.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/actions.yml +3 -2
- data/CHANGELOG.md +25 -1
- data/README.md +5 -6
- data/RELEASING.md +8 -8
- data/kubeclient.gemspec +3 -1
- data/lib/kubeclient/common.rb +22 -17
- data/lib/kubeclient/version.rb +1 -1
- data/lib/kubeclient/watch_stream.rb +1 -0
- metadata +20 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 287033950a2bdc37a0d5829270cffa4c6db6802e315cd54db01d91a98961964b
|
4
|
+
data.tar.gz: c469d2d8a274bafb576f876d9f62a6e8384ef20943a0aa1b93f4f05dbeb721e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ccb85f7481dc3b20db30c919a94182e92fdab97e70e5f14f621449006d40a7626ff87351fbcb97e5affa5a1fab9207c7b6401c37d6c5b1cb1c4f68dc12ed25ce
|
7
|
+
data.tar.gz: 04fe6ad1089bc48590923fcae56274733c1063d5ece677bca85d97c1602c252c86bed15d067099ef1a618e475f95a387fcf58a75f58f70fe1152b4181bf43127
|
@@ -16,7 +16,9 @@ jobs:
|
|
16
16
|
matrix:
|
17
17
|
ruby: [ '2.5', '2.6', '2.7', '3.0', '3.1', 'ruby-head', 'truffleruby-head' ]
|
18
18
|
os_and_command:
|
19
|
-
- os:
|
19
|
+
- os: macos-latest
|
20
|
+
command: 'env TESTOPTS="--verbose" bundle exec rake test'
|
21
|
+
- os: windows-latest
|
20
22
|
command: 'env TESTOPTS="--verbose" bundle exec rake test'
|
21
23
|
- os: ubuntu-latest
|
22
24
|
# Sometimes minitest starts and then just hangs printing nothing.
|
@@ -35,7 +37,6 @@ jobs:
|
|
35
37
|
with:
|
36
38
|
ruby-version: ${{ matrix.ruby }}
|
37
39
|
bundler-cache: false # disable running 'bundle install' and caching installed gems see https://github.com/httprb/http/issues/572
|
38
|
-
- run: gem install rake bundler
|
39
40
|
- run: bundle install
|
40
41
|
- run: ${{ matrix.os_and_command.command }}
|
41
42
|
timeout-minutes: 10
|
data/CHANGELOG.md
CHANGED
@@ -4,7 +4,27 @@ Notable changes to this project will be documented in this file.
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
5
5
|
Kubeclient release versioning follows [SemVer](https://semver.org/).
|
6
6
|
|
7
|
-
## 4.
|
7
|
+
## 4.10.1 — 2022-10-01
|
8
|
+
|
9
|
+
### Removed
|
10
|
+
|
11
|
+
- Dropped debug logging about bearer token options that was added in 4.10.0. (#577)
|
12
|
+
|
13
|
+
## 4.10.0 — 2022-08-29
|
14
|
+
|
15
|
+
### Added
|
16
|
+
|
17
|
+
- When using `:bearer_token_file`, re-read the file on every request. (#566 closed #561)
|
18
|
+
|
19
|
+
Kubernetes version 1.21 graduated [BoundServiceAccountTokenVolume feature][] to beta
|
20
|
+
and enabled it by default, so standard in-cluster auth now uses short-lived tokens.
|
21
|
+
|
22
|
+
This changes allows a long-lived `Client` object to keep working when the token file gets
|
23
|
+
rotated. It's not optimized at all, if you feel the performance overhead, please report!
|
24
|
+
|
25
|
+
[BoundServiceAccountTokenVolume feature]: https://github.com/kubernetes/enhancements/issues/542
|
26
|
+
|
27
|
+
## 4.9.3 — 2022-03-23
|
8
28
|
|
9
29
|
### Fixed
|
10
30
|
|
@@ -23,12 +43,16 @@ Kubeclient release versioning follows [SemVer](https://semver.org/).
|
|
23
43
|
This was broken IN ALL RELEASES MADE BEFORE 2022, ever since
|
24
44
|
[`Kubeclient::Config` was created](https://github.com/ManageIQ/kubeclient/pull/127/files#diff-32e70f2f6781a9e9c7b83ae5e7eaf5ffd068a05649077fa38f6789e72f3de837R41-R48).
|
25
45
|
|
46
|
+
[#554](https://github.com/ManageIQ/kubeclient/issues/554).
|
47
|
+
|
26
48
|
- Bug fix: kubeconfig `insecure-skip-tls-verify` field was ignored.
|
27
49
|
When kubeconfig did define custom CA, `Config` was returning hard-coded `VERIFY_PEER`.
|
28
50
|
|
29
51
|
Now we honor it, return `VERIFY_NONE` iff kubeconfig has explicit
|
30
52
|
`insecure-skip-tls-verify: true`, otherwise `VERIFY_PEER`.
|
31
53
|
|
54
|
+
[#555](https://github.com/ManageIQ/kubeclient/issues/555).
|
55
|
+
|
32
56
|
- `Config`: fixed parsing of `certificate-authority` file containing concatenation of
|
33
57
|
several certificates. Previously, server's cert was checked against only first CA cert,
|
34
58
|
resulting in possible "certificate verify failed" errors.
|
data/README.md
CHANGED
@@ -13,8 +13,7 @@ To learn more about groups and versions in kubernetes refer to [k8s docs](https:
|
|
13
13
|
|
14
14
|
If you use `Kubeclient::Config`, all gem versions released before 2022 could return incorrect `ssl_options[:verify_ssl]`,
|
15
15
|
endangering your connection and cluster credentials.
|
16
|
-
See
|
17
|
-
Open an issue if you want a backport to another version.
|
16
|
+
See https://github.com/ManageIQ/kubeclient/issues/554 for details and which versions got a fix.
|
18
17
|
|
19
18
|
## Installation
|
20
19
|
|
@@ -105,8 +104,8 @@ client = Kubeclient::Client.new(
|
|
105
104
|
### Authentication
|
106
105
|
|
107
106
|
If you are using basic authentication or bearer tokens as described
|
108
|
-
[here](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authentication.md)
|
109
|
-
of the following:
|
107
|
+
[here](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authentication.md)
|
108
|
+
then you can specify one of the following:
|
110
109
|
|
111
110
|
```ruby
|
112
111
|
auth_options = {
|
@@ -118,7 +117,7 @@ client = Kubeclient::Client.new(
|
|
118
117
|
)
|
119
118
|
```
|
120
119
|
|
121
|
-
or
|
120
|
+
or (fixed token, if it expires it's up to you to create a new `Client` object):
|
122
121
|
|
123
122
|
```ruby
|
124
123
|
auth_options = {
|
@@ -129,7 +128,7 @@ client = Kubeclient::Client.new(
|
|
129
128
|
)
|
130
129
|
```
|
131
130
|
|
132
|
-
or
|
131
|
+
or (will automatically re-read the token if file is updated):
|
133
132
|
|
134
133
|
```ruby
|
135
134
|
auth_options = {
|
data/RELEASING.md
CHANGED
@@ -4,10 +4,6 @@
|
|
4
4
|
Kubeclient release versioning follows [SemVer](https://semver.org/).
|
5
5
|
At some point in time it is decided to release version x.y.z.
|
6
6
|
|
7
|
-
```bash
|
8
|
-
RELEASE_BRANCH="master"
|
9
|
-
```
|
10
|
-
|
11
7
|
## 0. (once) Install gem-release, needed for several commands here:
|
12
8
|
|
13
9
|
```bash
|
@@ -16,13 +12,17 @@ gem install gem-release
|
|
16
12
|
|
17
13
|
## 1. PR(s) for changelog & bump
|
18
14
|
|
19
|
-
Edit `CHANGELOG.md` as necessary. Even if all included changes remembered to update it, you should replace "Unreleased" section header with appropriate "x.y.z — 20yy-mm-dd" header.
|
20
|
-
|
21
|
-
Bump `lib/kubeclient/version.rb` manually, or by using:
|
22
15
|
```bash
|
16
|
+
RELEASE_BRANCH="master"
|
23
17
|
RELEASE_VERSION=x.y.z
|
24
18
|
|
25
19
|
git checkout -b "release-$RELEASE_VERSION" $RELEASE_BRANCH
|
20
|
+
```
|
21
|
+
|
22
|
+
Edit `CHANGELOG.md` as necessary. Even if all included changes remembered to update it, you should replace "Unreleased" section header with appropriate "x.y.z — 20yy-mm-dd" header.
|
23
|
+
|
24
|
+
Bump `lib/kubeclient/version.rb` manually, or by using:
|
25
|
+
```bash
|
26
26
|
# Won't work with uncommitted changes, you have to commit the changelog first.
|
27
27
|
gem bump --version $RELEASE_VERSION
|
28
28
|
git show # View version bump change.
|
@@ -46,7 +46,7 @@ Make sure we're locally after the bump PR *merge commit*:
|
|
46
46
|
```bash
|
47
47
|
git checkout $RELEASE_BRANCH
|
48
48
|
git status # Make sure there are no local changes
|
49
|
-
git pull --ff-only https://github.com/
|
49
|
+
git pull --ff-only https://github.com/ManageIQ/kubeclient $RELEASE_BRANCH
|
50
50
|
git log -n1
|
51
51
|
```
|
52
52
|
|
data/kubeclient.gemspec
CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
|
|
23
23
|
|
24
24
|
spec.add_development_dependency 'bundler', '>= 1.6'
|
25
25
|
spec.add_development_dependency 'rake', '~> 12.0'
|
26
|
-
spec.add_development_dependency 'minitest'
|
26
|
+
spec.add_development_dependency 'minitest', '~> 5.15.0'
|
27
27
|
spec.add_development_dependency 'minitest-rg'
|
28
28
|
spec.add_development_dependency 'webmock', '~> 3.0'
|
29
29
|
spec.add_development_dependency 'vcr'
|
@@ -32,6 +32,8 @@ Gem::Specification.new do |spec|
|
|
32
32
|
spec.add_development_dependency('mocha', '~> 1.5')
|
33
33
|
spec.add_development_dependency 'openid_connect', '~> 1.1'
|
34
34
|
spec.add_development_dependency 'net-smtp'
|
35
|
+
# needed on Windows, at least for openid_connect
|
36
|
+
spec.add_development_dependency 'tzinfo-data'
|
35
37
|
|
36
38
|
spec.add_dependency 'jsonpath', '~> 1.0'
|
37
39
|
spec.add_dependency 'rest-client', '~> 2.0'
|
data/lib/kubeclient/common.rb
CHANGED
@@ -78,7 +78,7 @@ module Kubeclient
|
|
78
78
|
@api_version = version
|
79
79
|
@headers = {}
|
80
80
|
@ssl_options = ssl_options
|
81
|
-
@auth_options = auth_options
|
81
|
+
@auth_options = auth_options.dup
|
82
82
|
@socket_options = socket_options
|
83
83
|
# Allow passing partial timeouts hash, without unspecified
|
84
84
|
# @timeouts[:foo] == nil resulting in infinite timeout.
|
@@ -87,11 +87,11 @@ module Kubeclient
|
|
87
87
|
@http_max_redirects = http_max_redirects
|
88
88
|
@as = as
|
89
89
|
|
90
|
-
if auth_options[:
|
91
|
-
bearer_token(@auth_options[:bearer_token])
|
92
|
-
elsif auth_options[:bearer_token_file]
|
90
|
+
if auth_options[:bearer_token_file]
|
93
91
|
validate_bearer_token_file
|
94
92
|
bearer_token(File.read(@auth_options[:bearer_token_file]))
|
93
|
+
elsif auth_options[:bearer_token]
|
94
|
+
bearer_token(@auth_options[:bearer_token])
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
@@ -136,6 +136,11 @@ module Kubeclient
|
|
136
136
|
@discovered = true
|
137
137
|
end
|
138
138
|
|
139
|
+
def get_headers
|
140
|
+
bearer_token(File.read(@auth_options[:bearer_token_file])) if @auth_options[:bearer_token_file]
|
141
|
+
@headers
|
142
|
+
end
|
143
|
+
|
139
144
|
def self.parse_definition(kind, name)
|
140
145
|
# Kubernetes gives us 3 inputs:
|
141
146
|
# kind: "ComponentStatus", "NetworkPolicy", "Endpoints"
|
@@ -349,7 +354,7 @@ module Kubeclient
|
|
349
354
|
ns_prefix = build_namespace_prefix(options[:namespace])
|
350
355
|
response = handle_exception do
|
351
356
|
rest_client[ns_prefix + resource_name]
|
352
|
-
.get({ 'params' => params }.merge(
|
357
|
+
.get({ 'params' => params }.merge(get_headers))
|
353
358
|
end
|
354
359
|
format_response(options[:as] || @as, response.body, entity_type)
|
355
360
|
end
|
@@ -362,7 +367,7 @@ module Kubeclient
|
|
362
367
|
ns_prefix = build_namespace_prefix(namespace)
|
363
368
|
response = handle_exception do
|
364
369
|
rest_client[ns_prefix + resource_name + "/#{name}"]
|
365
|
-
.get(
|
370
|
+
.get(get_headers)
|
366
371
|
end
|
367
372
|
format_response(options[:as] || @as, response.body)
|
368
373
|
end
|
@@ -378,7 +383,7 @@ module Kubeclient
|
|
378
383
|
rs.options.merge(
|
379
384
|
method: :delete,
|
380
385
|
url: rs.url,
|
381
|
-
headers: { 'Content-Type' => 'application/json' }.merge(
|
386
|
+
headers: { 'Content-Type' => 'application/json' }.merge(get_headers),
|
382
387
|
payload: payload
|
383
388
|
)
|
384
389
|
)
|
@@ -400,7 +405,7 @@ module Kubeclient
|
|
400
405
|
hash[:apiVersion] = @api_group + @api_version
|
401
406
|
response = handle_exception do
|
402
407
|
rest_client[ns_prefix + resource_name]
|
403
|
-
.post(hash.to_json, { 'Content-Type' => 'application/json' }.merge(
|
408
|
+
.post(hash.to_json, { 'Content-Type' => 'application/json' }.merge(get_headers))
|
404
409
|
end
|
405
410
|
format_response(@as, response.body)
|
406
411
|
end
|
@@ -410,7 +415,7 @@ module Kubeclient
|
|
410
415
|
ns_prefix = build_namespace_prefix(entity_config[:metadata][:namespace])
|
411
416
|
response = handle_exception do
|
412
417
|
rest_client[ns_prefix + resource_name + "/#{name}"]
|
413
|
-
.put(entity_config.to_h.to_json, { 'Content-Type' => 'application/json' }.merge(
|
418
|
+
.put(entity_config.to_h.to_json, { 'Content-Type' => 'application/json' }.merge(get_headers))
|
414
419
|
end
|
415
420
|
format_response(@as, response.body)
|
416
421
|
end
|
@@ -421,7 +426,7 @@ module Kubeclient
|
|
421
426
|
rest_client[ns_prefix + resource_name + "/#{name}"]
|
422
427
|
.patch(
|
423
428
|
patch.to_json,
|
424
|
-
{ 'Content-Type' => "application/#{strategy}+json" }.merge(
|
429
|
+
{ 'Content-Type' => "application/#{strategy}+json" }.merge(get_headers)
|
425
430
|
)
|
426
431
|
end
|
427
432
|
format_response(@as, response.body)
|
@@ -434,7 +439,7 @@ module Kubeclient
|
|
434
439
|
rest_client[ns_prefix + resource_name + "/#{name}"]
|
435
440
|
.patch(
|
436
441
|
resource.to_json,
|
437
|
-
{ 'Content-Type' => 'application/apply-patch+yaml' }.merge(
|
442
|
+
{ 'Content-Type' => 'application/apply-patch+yaml' }.merge(get_headers)
|
438
443
|
)
|
439
444
|
end
|
440
445
|
format_response(@as, response.body)
|
@@ -468,7 +473,7 @@ module Kubeclient
|
|
468
473
|
ns = build_namespace_prefix(namespace)
|
469
474
|
handle_exception do
|
470
475
|
rest_client[ns + "pods/#{pod_name}/log"]
|
471
|
-
.get({ 'params' => params }.merge(
|
476
|
+
.get({ 'params' => params }.merge(get_headers))
|
472
477
|
end
|
473
478
|
end
|
474
479
|
|
@@ -506,7 +511,7 @@ module Kubeclient
|
|
506
511
|
ns_prefix = build_namespace_prefix(template[:metadata][:namespace])
|
507
512
|
response = handle_exception do
|
508
513
|
rest_client[ns_prefix + 'processedtemplates']
|
509
|
-
.post(template.to_h.to_json, { 'Content-Type' => 'application/json' }.merge(
|
514
|
+
.post(template.to_h.to_json, { 'Content-Type' => 'application/json' }.merge(get_headers))
|
510
515
|
end
|
511
516
|
JSON.parse(response)
|
512
517
|
end
|
@@ -519,7 +524,7 @@ module Kubeclient
|
|
519
524
|
end
|
520
525
|
|
521
526
|
def api
|
522
|
-
response = handle_exception { create_rest_client.get(
|
527
|
+
response = handle_exception { create_rest_client.get(get_headers) }
|
523
528
|
JSON.parse(response)
|
524
529
|
end
|
525
530
|
|
@@ -593,7 +598,7 @@ module Kubeclient
|
|
593
598
|
end
|
594
599
|
|
595
600
|
def fetch_entities
|
596
|
-
JSON.parse(handle_exception { rest_client.get(
|
601
|
+
JSON.parse(handle_exception { rest_client.get(get_headers) })
|
597
602
|
end
|
598
603
|
|
599
604
|
def bearer_token(bearer_token)
|
@@ -638,11 +643,11 @@ module Kubeclient
|
|
638
643
|
options = {
|
639
644
|
basic_auth_user: @auth_options[:username],
|
640
645
|
basic_auth_password: @auth_options[:password],
|
641
|
-
headers:
|
646
|
+
headers: get_headers,
|
642
647
|
http_proxy_uri: @http_proxy_uri,
|
643
648
|
http_max_redirects: http_max_redirects
|
644
649
|
}
|
645
|
-
|
650
|
+
options[:bearer_token_file] = @auth_options[:bearer_token_file] if @auth_options[:bearer_token_file]
|
646
651
|
if uri.scheme == 'https'
|
647
652
|
options[:ssl] = {
|
648
653
|
ca_file: @ssl_options[:ca_file],
|
data/lib/kubeclient/version.rb
CHANGED
@@ -79,6 +79,7 @@ module Kubeclient
|
|
79
79
|
end
|
80
80
|
|
81
81
|
def build_client_options
|
82
|
+
@http_options[:headers][:Authorization] = "Bearer #{File.read(@http_options[:bearer_token_file])}" if @http_options[:bearer_token_file]
|
82
83
|
client_options = {
|
83
84
|
headers: @http_options[:headers],
|
84
85
|
proxy: using_proxy
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kubeclient
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alissa Bonas
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -42,16 +42,16 @@ dependencies:
|
|
42
42
|
name: minitest
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
47
|
+
version: 5.15.0
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
54
|
+
version: 5.15.0
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: minitest-rg
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -164,6 +164,20 @@ dependencies:
|
|
164
164
|
- - ">="
|
165
165
|
- !ruby/object:Gem::Version
|
166
166
|
version: '0'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: tzinfo-data
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0'
|
174
|
+
type: :development
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - ">="
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
167
181
|
- !ruby/object:Gem::Dependency
|
168
182
|
name: jsonpath
|
169
183
|
requirement: !ruby/object:Gem::Requirement
|