kubeclient 0.1.14 → 0.1.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4683f1e62a19fc625503044618924b1af4ff86e3
-  data.tar.gz: c00b7d81ef2ddf4e0989a41ac672d6d60b9ce7c4
+  metadata.gz: 57b03781d0875698e18791018710eb4c84dce1bf
+  data.tar.gz: bff15e091daf39f5663b3cac73a28f92a3ed0cc2
 SHA512:
-  metadata.gz: 0f59df446d480eae9100131ed724d33b1b575668a93418c5cb9846e4f41c4cabea36517231ab127b6cdb14540d8b1389b0f4eedc405bfc2fe21a75d16b63ae28
-  data.tar.gz: 3ab1f5980bd52ef68eb2b6e47d8a5d28e10f02a005e89f4f83f6df93933050462e766f872971dc0419f05f4b30c2e465f6a2573750e8fdc19a63e35aa70f64a8
+  metadata.gz: f7f8e2ae7884ea7afbca1725905c764b5858d25dce119115b610e4707ec82312fc4e9f710466754fac05edf6da9a2e771422d254162ce7764dce5375e1ce35c2
+  data.tar.gz: 3041056407fdc8d777bd7e5c32c55298d1c54919c3a10d5daa4e17d6aeb04069f9b12ba74680558768aac2a783bb4d110c77e4aa7cd35bddc4fbbb7c97ffd2ee

data/README.md

@@ -27,96 +27,154 @@ Or install it yourself as:
 
 ## Usage
 
-Initialize the client: <br>
-`client = Kubeclient::Client.new 'http://localhost:8080/api/' , "v1beta3"`
+Initialize the client:
+```ruby
+client = Kubeclient::Client.new 'http://localhost:8080/api/' , "v1beta3"
+```
 
 Or without specifying version (it will be set by default to "v1beta3"
 
-`client = Kubeclient::Client.new 'http://localhost:8080/api/' `
+```ruby
+client = Kubeclient::Client.new 'http://localhost:8080/api/'
+```
 
 Another option is to initialize the client with URI object:
 
-`uri = URI::HTTP.build(host: "somehostname", port: 8080)`
-`client = Kubeclient::Client.new uri`
+```ruby
+uri = URI::HTTP.build(host: "somehostname", port: 8080)
+client = Kubeclient::Client.new uri
+```
 
 
 It is also possible to use https and configure ssl with:
 
-`client = Kubeclient::Client.new 'https://localhost:8443/api/' , "v1beta3"`
-`client.ssl_options(` <br>
-`  client_cert: OpenSSL::X509::Certificate.new(File.read('/path/to/client.crt')),` <br>
-`  client_key:  OpenSSL::PKey::RSA.new(File.read('/path/to/client.key')),` <br>
-`  ca_file:     '/path/to/ca.crt', ` <br>
-`  verify_ssl:  OpenSSL::SSL::VERIFY_PEER` <br>
-`)` <br>
+```ruby
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , "v1beta3"
+client.ssl_options(
+  client_cert: OpenSSL::X509::Certificate.new(File.read('/path/to/client.crt')),
+  client_key:  OpenSSL::PKey::RSA.new(File.read('/path/to/client.key')),
+  ca_file:     '/path/to/ca.crt',
+  verify_ssl:  OpenSSL::SSL::VERIFY_PEER
+)
+```
 
 For testing and development purpose you can disable the ssl check with:
 
-`client.ssl_options(verify_ssl: OpenSSL::SSL::VERIFY_NONE)`
+```ruby
+client.ssl_options(verify_ssl: OpenSSL::SSL::VERIFY_NONE)
+```
+
+If you are using bearer tokens for authentication as described
+[here](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authentication.md) then you can specify the
+bearer token to use for authentication:
+
+```ruby
+client.bearer_token('MDExMWJkMjItOWY1Ny00OGM5LWJlNDEtMjBiMzgxODkxYzYz')
+```
 
+If you are running your app using kubeclient inside a Kubernetes cluster, then you can have a bearer token file
+mounted inside your pod by using a
+[Service Account](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/service_accounts.md). This
+will mount a bearer token [secret](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md)
+a/ `/var/run/secrets/kubernetes.io/serviceaccount/token` (see [here](https://github.com/GoogleCloudPlatform/kubernetes/pull/7101)
+for more details).
 
-Examples:
+## Examples:
 
-1. Get all pods (and respectively: get_services, get_nodes, get_replication_controllers)
-<br>
-`pods = client.get_pods`
-<br>
-You can get entities which have specific labels by specifying a parameter named `label_selector` (named `labelSelector` in Kubernetes server): <br>
-`pods = client.get_pods(label_selector: 'name=redis-master')` <br>
-You can specify multiple labels (that option will return entities which have both labels:  <br>
-`pods = client.get_pods(label_selector: 'name=redis-master,app=redis')`
+#### Get all pods
+And respectively: `get_services`, `get_nodes`, `get_replication_controllers`
+
+```ruby
+pods = client.get_pods
+```
+
+You can get entities which have specific labels by specifying a parameter named `label_selector` (named `labelSelector` in Kubernetes server):
+```ruby
+pods = client.get_pods(label_selector: 'name=redis-master')
+```
+You can specify multiple labels (that option will return entities which have both labels:
+```ruby
+pods = client.get_pods(label_selector: 'name=redis-master,app=redis')
+```
+
+#### Get a specific node
+And respectively: `get_service "service name"` , `get_pod "pod name"` , `get_replication_controller "rc name"`
 
-2. Get a specific node (and respectively: get_service "service name" , get_pod "pod name" , get_replication_controller "rc name" )
-<br>
 The GET request should include the namespace name, except for nodes and namespaces entities.
-<br>
-`node = client.get_node "127.0.0.1"`
-<br>
-`service = client.get_service "guestbook", 'development'`
-<br>
+
+```ruby
+node = client.get_node "127.0.0.1"
+```
+
+```ruby
+service = client.get_service "guestbook", 'development'
+```
+
 Note - Kubernetes doesn't work with the uid, but rather with the 'name' property.
 Querying with uid causes 404.
 
-3. Delete a service (and respectively delete_pod "pod id" , delete_replication_controller "rc id", delete node "node id") <br>
+#### Delete a service
+
+And respectively `delete_pod "pod id"` , `delete_replication_controller "rc id"`, `delete node "node id"`
+
 Input parameter - id (string) specifying service id, pod id, replication controller id.
-<br>
-`client.delete_service "redis-service"`
-<br>
+```ruby
+client.delete_service "redis-service"
+```
+
+#### Create a service
+And respectively: `create_pod pod_object`, `create_replication_controller rc_obj`
+
+Input parameter - object of type `Service`, `Pod`, `ReplicationController`.
 
-4. Create a service (and respectively: create_pod pod_object, create_replication_controller rc_obj) <br>
-Input parameter - object of type Service, Pod, ReplicationController. <br>
 The below example is for v1beta3
-<br>
-`service = Service.new` <br>
-`service.metadata.name = "redis-master"`<br>
-`service.spec.port = 6379`<br>
-`service.spec.containerPort  = "redis-server"`<br>
-`service.spec.selector = {}`<br>
-`service.spec.selector.name = "redis"`<br>
-`service.spec.selector.role = "master"`<br>
-`client.create_service service`<br>
-<br>
-
-5. Update entity (update pod, service, replication controller) <br>
-Input parameter - object of type Service, Pod, ReplicationController <br>
-The below example is for v1beta3 <br>
-`client.update_service service1`
-<br>
-
-6. all_entities - Returns a hash with 7 keys (node, service, pod, replication_controller, namespace, endpoint and event). Each key points to an EntityList of same type. This method
- is a convenience method instead of calling each entity's get method separately. <br>
-`client.all_entities`
-
-7. Receive entity updates <br>
+
+```ruby
+service = Service.new
+service.metadata.name = "redis-master"
+service.spec.port = 6379
+service.spec.containerPort  = "redis-server"
+service.spec.selector = {}
+service.spec.selector.name = "redis"
+service.spec.selector.role = "master"
+client.create_service service`
+```
+
+#### Update entity
+And respectively `update_pod`, `update_service`, `update_replication_controller`
+
+Input parameter - object of type `Service`, `Pod`, `ReplicationController`
+
+The below example is for v1beta3
+
+```ruby
+client.update_service service1
+```
+
+#### all_entities
+Returns a hash with 7 keys (node, service, pod, replication_controller, namespace, endpoint and event). Each key points to an EntityList of same type.
+
+This method is a convenience method instead of calling each entity's get method separately.
+
+```ruby
+client.all_entities
+```
+
+#### Receive entity updates
 It is possible to receive live update notices watching the relevant entities:
-<br>
-`watcher = client.watch_pods` <br>
-`watcher.each do |notice|` <br>
-`  # process notice data` <br>
-`end` <br>
+
+```ruby
+watcher = client.watch_pods
+watcher.each do |notice|
+  # process notice data
+end
+```
+
 It is possible to interrupt the watcher from another thread with:
-<br>
-`watcher.finish` <br>
+
+```ruby
+watcher.finish
+```
 
 ## Contributing
 
@@ -133,5 +191,7 @@ It is possible to interrupt the watcher from another thread with:
 This client is tested with Minitest.
 Please run all tests before submitting a Pull Request, and add new tests for new functionality.
 
-Running tests: <br>
-`rake test`
+Running tests:
+```ruby
+rake test
+```

data/lib/kubeclient/common.rb

@@ -70,7 +70,8 @@ module Kubeclient
           ssl_ca_file: @ssl_options[:ca_file],
           verify_ssl: @ssl_options[:verify_ssl],
           ssl_client_cert: @ssl_options[:client_cert],
-          ssl_client_key: @ssl_options[:client_key]
+          ssl_client_key: @ssl_options[:client_key],
+          bearer_token: @bearer_token
         }
         RestClient::Resource.new(@api_endpoint.merge(path).to_s, options)
       end
@@ -97,8 +98,9 @@ module Kubeclient
           # ruby Net::HTTP uses verify_mode instead of verify_ssl
           # http://ruby-doc.org/stdlib-1.9.3/libdoc/net/http/rdoc/Net/HTTP.html
           verify_mode: @ssl_options[:verify_ssl],
-          client_cert: @ssl_options[:client_cert],
-          client_key: @ssl_options[:client_key]
+          cert: @ssl_options[:client_cert],
+          key: @ssl_options[:client_key],
+          bearer_token: @bearer_token
         }
 
         WatchStream.new(uri, options)
@@ -215,6 +217,13 @@ module Kubeclient
           client_key: client_key
         }
       end
+
+      def bearer_token(bearer_token)
+        @bearer_token = bearer_token
+        RestClient.add_before_execution_proc do |req|
+          req['authorization'] = "Bearer #{@bearer_token}"
+        end
+      end
     end
   end
 end

data/lib/kubeclient/version.rb

@@ -1,4 +1,4 @@
 # Kubernetes REST-API Client
 module Kubeclient
-  VERSION = '0.1.14'
+  VERSION = '0.1.15'
 end

data/lib/kubeclient/watch_stream.rb

@@ -17,6 +17,10 @@ module Kubeclient
         buffer = ''
         request = Net::HTTP::Get.new(@uri)
 
+        if @options[:bearer_token]
+          request['authorization'] = "Bearer #{@options[:bearer_token]}"
+        end
+
         @http.request(request) do |response|
           unless response.is_a? Net::HTTPSuccess
             fail KubeException.new(response.code, response.message)

data/test/test_kubeclient.rb

@@ -232,6 +232,37 @@ class KubeClientTest < MiniTest::Test
     assert_instance_of(Kubeclient::Namespace, result['namespace'][0])
   end
 
+  def test_api_bearer_token_success
+    stub_request(:get, 'http://localhost:8080/api/v1beta3/pods')
+      .with(headers: { Authorization: 'Bearer valid_token' })
+      .to_return(body: open_test_json_file('pod_list_b3.json'),
+                 status: 200)
+
+    client = Kubeclient::Client.new 'http://localhost:8080/api/'
+    client.bearer_token('valid_token')
+
+    pods = client.get_pods
+
+    assert_equal('Pod', pods.kind)
+    assert_equal(1, pods.size)
+  end
+
+  def test_api_bearer_token_failure
+    error_message = '"/api/v1beta3/pods" is forbidden because ' \
+                    'system:anonymous cannot list on pods in'
+
+    stub_request(:get, 'http://localhost:8080/api/v1beta3/pods')
+      .with(headers: { Authorization: 'Bearer invalid_token' })
+      .to_raise(KubeException.new(403, error_message))
+
+    client = Kubeclient::Client.new 'http://localhost:8080/api/'
+    client.bearer_token('invalid_token')
+
+    exception = assert_raises(KubeException) { client.get_pods }
+    assert_equal(403, exception.error_code)
+    assert_equal(error_message, exception.message)
+  end
+
   private
 
   # dup method creates a shallow copy which is not good in this case

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubeclient
 version: !ruby/object:Gem::Version
-  version: 0.1.14
+  version: 0.1.15
 platform: ruby
 authors:
 - Alissa Bonas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-11 00:00:00.000000000 Z
+date: 2015-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler