kubeclient 0.1.17 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d22e1e45425956eb53bd9177f30d99985689a53f
-  data.tar.gz: 2027dcdc5c43ba8920792de49c5b35ead7e98e64
+  metadata.gz: 45dfb8861491dea98be3173a783b1438c6e4483b
+  data.tar.gz: fe9da34142a77fe2ac714e99e9498330476b1b00
 SHA512:
-  metadata.gz: e71f71efb21a87e7184ddc2415f950d82d931bfc2b02bac01af66c87b1a97afd8bad320918fcc602e80c710ebae67d411542686c1b6bb7e67cf8b77d126f52ac
-  data.tar.gz: 4f0a8c4b33a3871ec3a8c0f9e4f8de1628b9bf6dc9ce0fc12c23865037ec74e8cc47f7f6feb110370bbcc4c2c0eb1409e04f78fdfeda01a8482d381051d5f449
+  metadata.gz: 2bb7e57ecd253bcd201825abd3d2dbb3714f5b7109046ae04e0eb1fe6248cb7d0d96607bbf3533cf94ddc67d7c31ef6fb8dad2d30a5b9377ed9720d3c5339674
+  data.tar.gz: 0be89794e620ecd80e112ef8929c0eee1314277db6f8e30a9c053a1bf9db9b587e0f1754e57466b416285fabdb8319d757db6a481d36e06d5e4d9239727ea06c

data/README.md

@@ -45,23 +45,25 @@ uri = URI::HTTP.build(host: "somehostname", port: 8080)
 client = Kubeclient::Client.new uri
 ```
 
-
 It is also possible to use https and configure ssl with:
 
 ```ruby
-client = Kubeclient::Client.new 'https://localhost:8443/api/' , "v1beta3"
-client.ssl_options(
+ssl_options = {
   client_cert: OpenSSL::X509::Certificate.new(File.read('/path/to/client.crt')),
   client_key:  OpenSSL::PKey::RSA.new(File.read('/path/to/client.key')),
   ca_file:     '/path/to/ca.crt',
   verify_ssl:  OpenSSL::SSL::VERIFY_PEER
-)
+}
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , "v1beta3",
+                                ssl_options: ssl_options
 ```
 
 For testing and development purpose you can disable the ssl check with:
 
 ```ruby
-client.ssl_options(verify_ssl: OpenSSL::SSL::VERIFY_NONE)
+ssl_options = { verify_ssl: OpenSSL::SSL::VERIFY_NONE }
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , 'v1beta3',
+                                ssl_options: ssl_options
 ```
 
 If you are using basic authentication or bearer tokens as described
@@ -69,14 +71,32 @@ If you are using basic authentication or bearer tokens as described
 of the following:
 
 ```ruby
-client.basic_auth('username', 'password')
+auth_options = {
+  user: 'username',
+  password: 'password'
+}
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , 'v1beta3',
+                                auth_options: auth_options
+```
+
+or
+
+```ruby
+auth_options = {
+  bearer_token: 'MDExMWJkMjItOWY1Ny00OGM5LWJlNDEtMjBiMzgxODkxYzYz'
+}
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , 'v1beta3',
+                                auth_options: auth_options
 ```
 
-<br>
-or <br>
+or
 
 ```ruby
-client.bearer_token('MDExMWJkMjItOWY1Ny00OGM5LWJlNDEtMjBiMzgxODkxYzYz')
+auth_options = {
+  bearer_token_file: '/path/to/token_file'
+}
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , 'v1beta3',
+                                auth_options: auth_options
 ```
 
 If you are running your app using kubeclient inside a Kubernetes cluster, then you can have a bearer token file
@@ -84,7 +104,16 @@ mounted inside your pod by using a
 [Service Account](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/service_accounts.md). This
 will mount a bearer token [secret](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/design/secrets.md)
 a/ `/var/run/secrets/kubernetes.io/serviceaccount/token` (see [here](https://github.com/GoogleCloudPlatform/kubernetes/pull/7101)
-for more details).
+for more details). For example:
+
+```ruby
+auth_options = {
+  bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token'
+
+}
+client = Kubeclient::Client.new 'https://localhost:8443/api/' , 'v1beta3',
+                                auth_options: auth_options
+```
 
 ## Examples:
 

data/lib/kubeclient.rb

@@ -29,11 +29,35 @@ module Kubeclient
       [Kubeclient.const_set(et, clazz), et]
     end
 
-    def initialize(uri, version = 'v1beta3')
+    def initialize(uri,
+                   version = 'v1beta3',
+                   ssl_options: {
+                     client_cert: nil,
+                     client_key: nil,
+                     ca_file: nil,
+                     verify_ssl: OpenSSL::SSL::VERIFY_PEER
+                   },
+                   auth_options: {}
+                  )
+
+      fail ArgumentError, 'Missing uri' if uri.nil?
+
+      validate_auth_options(auth_options)
+
       handle_uri(uri, '/api')
       @api_version = version
       @headers = {}
-      ssl_options
+      @ssl_options = ssl_options
+
+      if auth_options[:user]
+        @basic_auth_user = auth_options[:user]
+        @basic_auth_password = auth_options[:password]
+      elsif auth_options[:bearer_token]
+        bearer_token(auth_options[:bearer_token])
+      elsif auth_options[:bearer_token_file]
+        validate_bearer_token_file(auth_options[:bearer_token_file])
+        bearer_token(File.read(auth_options[:bearer_token_file]))
+      end
     end
 
     def all_entities
@@ -41,5 +65,28 @@ module Kubeclient
     end
 
     define_entity_methods(ENTITY_TYPES)
+
+    private
+
+    def validate_auth_options(opts)
+      exclusive_keys = [:bearer_token, :bearer_token_file, :user]
+
+      return if exclusive_keys.none? { |s| opts.key?(s) }
+
+      msg = 'Invalid auth options: specify only one of user/password,' \
+            ' bearer_token or bearer_token_file'
+      fail ArgumentError, msg unless exclusive_keys.one? { |s| opts.key?(s)  }
+
+      msg = 'Basic auth requires both user & password'
+      fail ArgumentError, msg if opts.key?(:user) && !opts.key?(:password)
+    end
+
+    def validate_bearer_token_file(bearer_token_file)
+      msg = "Token file #{bearer_token_file} does not exist"
+      fail ArgumentError, msg unless File.file?(bearer_token_file)
+
+      msg = "Cannot read token file #{bearer_token_file}"
+      fail ArgumentError, msg unless File.readable?(bearer_token_file)
+    end
   end
 end

data/lib/kubeclient/common.rb

@@ -173,7 +173,7 @@ module Kubeclient
       end
 
       def update_entity(entity_type, entity_config)
-        name = entity_config.name
+        name = entity_config.metadata.name
         # to_hash should be called because of issue #9 in recursive open
         # struct
         hash = entity_config.to_hash
@@ -214,25 +214,12 @@ module Kubeclient
         JSON.parse(response)
       end
 
-      def ssl_options(client_cert: nil, client_key: nil, ca_file: nil,
-                      verify_ssl: OpenSSL::SSL::VERIFY_PEER)
-        @ssl_options = {
-          ca_file: ca_file,
-          verify_ssl: verify_ssl,
-          client_cert: client_cert,
-          client_key: client_key
-        }
-      end
+      private
 
       def bearer_token(bearer_token)
         @headers ||= {}
         @headers[:Authorization] = "Bearer #{bearer_token}"
       end
-
-      def basic_auth(user, password)
-        @basic_auth_user = user
-        @basic_auth_password = password
-      end
     end
   end
 end

data/lib/kubeclient/version.rb

@@ -1,4 +1,4 @@
 # Kubernetes REST-API Client
 module Kubeclient
-  VERSION = '0.1.17'
+  VERSION = '0.2.0'
 end

data/lib/kubeclient/watch_stream.rb

@@ -40,7 +40,7 @@ module Kubeclient
         end
 
         @options[:headers].each do |header, value|
-          request[header] = value
+          request[header.to_s] = value
         end
         request
       end

data/test/json/service_update_b3.json

@@ -0,0 +1,22 @@
+{
+   "status" : {},
+   "kind" : "Service",
+   "apiVersion" : "v1beta3",
+   "spec" : {
+      "ports" : [
+         {
+            "targetPort" : 80,
+            "nodePort" : 0,
+            "port" : 80,
+            "protocol" : "TCP"
+         }
+      ],
+      "portalIP" : "1.2.3.4"
+   },
+   "metadata" : {
+      "name" : "my_service",
+      "creationTimestamp" : null,
+      "namespace" : "default",
+      "resourceVersion" : "2"
+   }
+}

data/test/json/versions_list.json

@@ -1,7 +1,6 @@
 {
     "versions": [
-        "v1beta1",
-        "v1beta2",
-        "v1beta3"
+        "v1beta3",
+        "v1"
     ]
-}
+}

data/test/test_kubeclient.rb

@@ -94,7 +94,7 @@ class KubeClientTest < MiniTest::Test
 
     args = ['http://localhost:8080/api/']
 
-    [nil, 'v1beta1', 'v1beta2', 'v1beta3'].each do |version|
+    [nil, 'v1beta3', 'v1'].each do |version|
       client = Kubeclient::Client.new(*(version ? args + [version] : args))
       assert client.api_valid?
     end
@@ -238,8 +238,10 @@ class KubeClientTest < MiniTest::Test
       .to_return(body: open_test_json_file('pod_list_b3.json'),
                  status: 200)
 
-    client = Kubeclient::Client.new 'http://localhost:8080/api/'
-    client.bearer_token('valid_token')
+    client = Kubeclient::Client.new 'http://localhost:8080/api/',
+                                    auth_options: {
+                                      bearer_token: 'valid_token'
+                                    }
 
     pods = client.get_pods(label_selector: 'name=redis-master')
 
@@ -253,8 +255,10 @@ class KubeClientTest < MiniTest::Test
       .to_return(body: open_test_json_file('pod_list_b3.json'),
                  status: 200)
 
-    client = Kubeclient::Client.new 'http://localhost:8080/api/'
-    client.bearer_token('valid_token')
+    client = Kubeclient::Client.new 'http://localhost:8080/api/',
+                                    auth_options: {
+                                      bearer_token: 'valid_token'
+                                    }
 
     pods = client.get_pods
 
@@ -270,8 +274,10 @@ class KubeClientTest < MiniTest::Test
       .with(headers: { Authorization: 'Bearer invalid_token' })
       .to_raise(KubeException.new(403, error_message))
 
-    client = Kubeclient::Client.new 'http://localhost:8080/api/'
-    client.bearer_token('invalid_token')
+    client = Kubeclient::Client.new 'http://localhost:8080/api/',
+                                    auth_options: {
+                                      bearer_token: 'invalid_token'
+                                    }
 
     exception = assert_raises(KubeException) { client.get_pods }
     assert_equal(403, exception.error_code)
@@ -283,8 +289,11 @@ class KubeClientTest < MiniTest::Test
       .to_return(body: open_test_json_file('pod_list_b3.json'),
                  status: 200)
 
-    client = Kubeclient::Client.new 'http://localhost:8080/api/'
-    client.basic_auth('username', 'password')
+    client = Kubeclient::Client.new 'http://localhost:8080/api/',
+                                    auth_options: {
+                                      user: 'username',
+                                      password: 'password'
+                                    }
 
     pods = client.get_pods
 
@@ -301,8 +310,11 @@ class KubeClientTest < MiniTest::Test
     stub_request(:get, 'http://username:password@localhost:8080/api/v1beta3/pods')
       .to_raise(KubeException.new(401, error_message))
 
-    client = Kubeclient::Client.new 'http://localhost:8080/api/'
-    client.basic_auth('username', 'password')
+    client = Kubeclient::Client.new 'http://localhost:8080/api/',
+                                    auth_options: {
+                                      user: 'username',
+                                      password: 'password'
+                                    }
 
     exception = assert_raises(KubeException) { client.get_pods }
     assert_equal(401, exception.error_code)
@@ -312,6 +324,72 @@ class KubeClientTest < MiniTest::Test
                      times: 1)
   end
 
+  def test_init_user_no_password
+    expected_msg = 'Basic auth requires both user & password'
+    exception = assert_raises(ArgumentError) do
+      Kubeclient::Client.new 'http://localhost:8080',
+                             auth_options: {
+                               user: 'username'
+                             }
+    end
+    assert_equal expected_msg, exception.message
+  end
+
+  def test_init_user_and_bearer_token
+    expected_msg = 'Invalid auth options: specify only one of user/password,' \
+                   ' bearer_token or bearer_token_file'
+    exception = assert_raises(ArgumentError) do
+      Kubeclient::Client.new 'http://localhost:8080',
+                             auth_options: {
+                               user: 'username',
+                               bearer_token: 'token'
+                             }
+    end
+    assert_equal expected_msg, exception.message
+  end
+
+  def test_bearer_token_and_bearer_token_file
+    expected_msg = 'Invalid auth options: specify only one of user/password,' \
+                   ' bearer_token or bearer_token_file'
+    exception = assert_raises(ArgumentError) do
+      Kubeclient::Client.new 'http://localhost:8080',
+                             auth_options: {
+                               bearer_token: 'token',
+                               bearer_token_file: 'token-file'
+                             }
+    end
+    assert_equal expected_msg, exception.message
+  end
+
+  def test_bearer_token_file_not_exist
+    expected_msg = 'Token file token-file does not exist'
+    exception = assert_raises(ArgumentError) do
+      Kubeclient::Client.new 'http://localhost:8080',
+                             auth_options: {
+                               bearer_token_file: 'token-file'
+                             }
+    end
+    assert_equal expected_msg, exception.message
+  end
+
+  def test_api_bearer_token_file_success
+    stub_request(:get, 'http://localhost:8080/api/v1beta3/pods')
+      .with(headers: { Authorization: 'Bearer valid_token' })
+      .to_return(body: open_test_json_file('pod_list_b3.json'),
+                 status: 200)
+
+    file = File.join(File.dirname(__FILE__), 'valid_token_file')
+    client = Kubeclient::Client.new 'http://localhost:8080/api/',
+                                    auth_options: {
+                                      bearer_token_file: file
+                                    }
+
+    pods = client.get_pods
+
+    assert_equal('Pod', pods.kind)
+    assert_equal(1, pods.size)
+  end
+
   private
 
   # dup method creates a shallow copy which is not good in this case

data/test/test_service.rb

@@ -109,4 +109,28 @@ class TestService < MiniTest::Test
                      'http://localhost:8080/api/v1beta3/namespaces/development/services/redis-slave',
                      times: 1)
   end
+
+  def test_update_service
+    entity = 'service'
+    object = Kubeclient::Service.new
+    name = 'my_service'
+    object.metadata = {
+      'name' => name
+    }
+
+    stub_request(:put, %r{/services/#{name}})\
+      .to_return(
+        body: open_test_json_file('service_update_b3.json'),
+        status: 200
+      )
+
+    client = Kubeclient::Client.new 'http://localhost:8080/api/', 'v1beta3'
+    client.update_entity entity, object
+
+    assert_requested(
+      :put,
+      "http://localhost:8080/api/v1beta3/services/#{name}",
+      times: 1
+    )
+  end
 end

data/test/valid_token_file

@@ -0,0 +1 @@
+valid_token

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kubeclient
 version: !ruby/object:Gem::Version
-  version: 0.1.17
+  version: 0.2.0
 platform: ruby
 authors:
 - Alissa Bonas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-07 00:00:00.000000000 Z
+date: 2015-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -176,6 +176,7 @@ files:
 - test/json/service_b3.json
 - test/json/service_illegal_json_404.json
 - test/json/service_list_b3.json
+- test/json/service_update_b3.json
 - test/json/versions_list.json
 - test/json/watch_stream_b3.json
 - test/test_helper.rb
@@ -186,6 +187,7 @@ files:
 - test/test_replication_controller.rb
 - test/test_service.rb
 - test/test_watch.rb
+- test/valid_token_file
 homepage: https://github.com/abonas/kubeclient
 licenses:
 - MIT
@@ -229,6 +231,7 @@ test_files:
 - test/json/service_b3.json
 - test/json/service_illegal_json_404.json
 - test/json/service_list_b3.json
+- test/json/service_update_b3.json
 - test/json/versions_list.json
 - test/json/watch_stream_b3.json
 - test/test_helper.rb
@@ -239,3 +242,4 @@ test_files:
 - test/test_replication_controller.rb
 - test/test_service.rb
 - test/test_watch.rb
+- test/valid_token_file