RubyGems - kubernetes-deploy - Versions diffs - 0.24.0 → 0.25.0 - Mend

kubernetes-deploy 0.24.0 → 0.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8e6aa3c405f95c085c79e274915275e1d2a225803c4abf21813c11543bdfa8f
-  data.tar.gz: ae315a1ce265d03205bd39972303d54d015a32210b43151c8f5d541377946143
+  metadata.gz: 2f35ca56d7b0ec844c55ff82157238409f2c21db3a9d83f870a73cc3305ee0b8
+  data.tar.gz: a9d9e566c21f699e9f066cd5bd505cd9c9ef9466a0180bb7563e9004211a8184
 SHA512:
-  metadata.gz: 0111a5ab0e4959ff3e135311ed879f284cb9db70b5a510f0fa0e667385f35ab2c0c0323167f3ac30378d032e2daddeeab2f3afeacf6c36b5f0d3e7a5f5a21754
-  data.tar.gz: 182840922280570f41aa6bff6918b24f8c0a34da631d01fe97c3b078a3ef376346118c0026ef3d4f6f1c96cc1d96e9789f483b00fb0ea35d19044129ea0830e2
+  metadata.gz: 2c3e2b2a8267d997e7d8859d6238d70f8a052bb423c8526f6e0f0490efe9de97da54ec1de0737f229f2682b04ba0b385ed2cc54caea3cc8276536026abb660cd
+  data.tar.gz: 98a21af1679cec75a00a6f81981b5a092888113c81f74d03eb967ba07da8b722db06c1394202a2de0fb943df5d784b3e95de15f653682e9c4555a4b595018a45

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,16 @@
-## next
+## 0.25.0
+*Features*
+- Support timeout overrides on deployments ([#414](https://github.com/Shopify/kubernetes-deploy/pull/414))
+*Bug fixes*
+- Attempting to deploy from a directory that only contains `secrets.ejson` will no longer fail deploy ([#416](https://github.com/Shopify/kubernetes-deploy/pull/416))
+- Remove the risk of sending decrypted EJSON secrets to output([#431](https://github.com/Shopify/kubernetes-deploy/pull/431))
+*Other*
+- Update kubeclient gem to 4.2.2. Note this replaces the `KubeclientBuilder::GoogleFriendlyConfig` class with `KubeclientBuilder::KubeConfig` ([#418](https://github.com/Shopify/kubernetes-deploy/pull/418)). This resolves [#396](https://github.com/Shopify/kubernetes-deploy/issues/396) and should allow us to support more authentication methods (e.g. `exec` for EKS).
+- Invalid context when using `kubernetes-run` gives more descriptive error([#423](https://github.com/Shopify/kubernetes-deploy/pull/423))
+- When resources are not found, instead of being `Unknown`, they are now labelled as `Not Found`([#427](https://github.com/Shopify/kubernetes-deploy/pull/427))
 ## 0.24.0

data/README.md CHANGED Viewed

@@ -227,7 +227,7 @@ This is a limitation of the current implementation.
 ### Customizing behaviour with annotations
 - `kubernetes-deploy.shopify.io/timeout-override`: Override the tool's hard timeout for one specific resource. Both full ISO8601 durations and the time portion of ISO8601 durations are valid. Value must be between 1 second and 24 hours.
   - _Example values_: 45s / 3m / 1h / PT0.25H
-  - _Compatibility_: all resource types (Note: `Deployment` timeouts are based on `spec.progressDeadlineSeconds` if present, and that field has a default value as of the `apps/v1beta1` group version. Using this annotation will have no effect on `Deployment`s that time out with "Timeout reason: ProgressDeadlineExceeded".)
+  - _Compatibility_: all resource types
 - `kubernetes-deploy.shopify.io/required-rollout`: Modifies how much of the rollout needs to finish
 before the deployment is considered successful.
   - _Compatibility_: Deployment

data/kubernetes-deploy.gemspec CHANGED Viewed

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.3.0'
   spec.add_dependency("activesupport", ">= 5.0")
-  spec.add_dependency("kubeclient", "~> 3.0")
+  spec.add_dependency("kubeclient", "~> 4.0")
   spec.add_dependency("googleauth", "~> 0.6.6") # https://github.com/google/google-auth-library-ruby/issues/153
   spec.add_dependency("ejson", "~> 1.0")
   spec.add_dependency("colorize", "~> 0.8")

data/lib/kubernetes-deploy/deploy_task.rb CHANGED Viewed

@@ -324,8 +324,8 @@ module KubernetesDeploy
       if !File.directory?(@template_dir)
         errors << "Template directory `#{@template_dir}` doesn't exist"
-      elsif Dir.entries(@template_dir).none? { |file| file =~ /\.ya?ml(\.erb)?$/ }
-        errors << "`#{@template_dir}` doesn't contain valid templates (postfix .yml or .yml.erb)"
+      elsif Dir.entries(@template_dir).none? { |file| file =~ /(\.ya?ml(\.erb)?)$|(secrets\.ejson)$/ }
+        errors << "`#{@template_dir}` doesn't contain valid templates (secrets.ejson or postfix .yml, .yml.erb)"
       end
       if @namespace.blank?

data/lib/kubernetes-deploy/ejson_secret_provisioner.rb CHANGED Viewed

@@ -74,7 +74,7 @@ module KubernetesDeploy
         prune_count += 1
         out, err, st = @kubectl.run("delete", "secret", secret_name)
         @logger.debug(out)
-        raise EjsonSecretError, err unless st.success?
+        raise EjsonSecretError, "Failed to prune secrets" unless st.success?
       end
       @logger.summary.add_action("pruned #{prune_count} #{'secret'.pluralize(prune_count)}") if prune_count > 0
     end
@@ -121,7 +121,7 @@ module KubernetesDeploy
       out, err, st = @kubectl.run("apply", "--filename=#{file.path}")
       @logger.debug(out)
-      raise EjsonSecretError, err unless st.success?
+      raise EjsonSecretError, "Failed to create or update secrets" unless st.success?
     ensure
       file&.unlink
     end
@@ -181,7 +181,7 @@ module KubernetesDeploy
       raise EjsonSecretError, out_err unless st.success?
       JSON.parse(out_err)
     rescue JSON::ParserError => e
-      raise EjsonSecretError, "Failed to parse decrypted ejson:\n  #{e}"
+      raise EjsonSecretError, "Failed to parse decrypted ejson"
     end
     def fetch_private_key_from_secret

data/lib/kubernetes-deploy/kubeclient_builder/kube_config.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require 'googleauth'
+module KubernetesDeploy
+  module KubeclientBuilder
+    class KubeConfig < Kubeclient::Config
+      def self.read(filename)
+        parsed = YAML.safe_load(File.read(filename), [Date, Time])
+        new(parsed, File.dirname(filename))
+      end
+      def fetch_user_auth_options(user)
+        if user.dig('auth-provider', 'name') == 'gcp'
+          { bearer_token: Kubeclient::GoogleApplicationDefaultCredentials.token }
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/lib/kubernetes-deploy/kubeclient_builder.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 require 'kubeclient'
-require 'kubernetes-deploy/kubeclient_builder/google_friendly_config'
+require 'kubernetes-deploy/kubeclient_builder/kube_config'
 module KubernetesDeploy
   module KubeclientBuilder
@@ -86,13 +86,12 @@ module KubernetesDeploy
     def _build_kubeclient(api_version:, context:, endpoint_path: nil)
       # Find a context defined in kube conf files that matches the input context by name
-      friendly_configs = config_files.map { |f| GoogleFriendlyConfig.read(f) }
-      config = friendly_configs.find { |c| c.contexts.include?(context) }
+      configs = config_files.map { |f| KubeConfig.read(f) }
+      config = configs.find { |c| c.contexts.include?(context) }
       raise ContextMissingError, context unless config
       kube_context = config.context(context)
       client = Kubeclient::Client.new(
         "#{kube_context.api_endpoint}#{endpoint_path}",
         api_version,

data/lib/kubernetes-deploy/kubernetes_resource/config_map.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module KubernetesDeploy
     end
     def status
-      exists? ? "Available" : "Unknown"
+      exists? ? "Available" : "Not Found"
     end
     def deploy_failed?

data/lib/kubernetes-deploy/kubernetes_resource/deployment.rb CHANGED Viewed

@@ -63,7 +63,9 @@ module KubernetesDeploy
     end
     def timeout_message
-      reason_msg = if progress_condition.present?
+      reason_msg = if timeout_override
+        STANDARD_TIMEOUT_MESSAGE
+      elsif progress_condition.present?
         "Timeout reason: #{progress_condition['reason']}"
       else
         "Timeout reason: hard deadline for #{type}"
@@ -73,11 +75,19 @@ module KubernetesDeploy
     end
     def pretty_timeout_type
-      progress_deadline.present? ? "progress deadline: #{progress_deadline}s" : super
+      if timeout_override
+        "timeout override: #{timeout_override}s"
+      elsif progress_deadline.present?
+        "progress deadline: #{progress_deadline}s"
+      else
+        super
+      end
     end
     def deploy_timed_out?
       return false if deploy_failed?
+      return super if timeout_override
       # Do not use the hard timeout if progress deadline is set
       progress_condition.present? ? deploy_failing_to_progress? : super
     end

data/lib/kubernetes-deploy/kubernetes_resource/ingress.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/persistent_volume_claim.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 5.minutes
     def status
-      exists? ? @instance_data["status"]["phase"] : "Unknown"
+      exists? ? @instance_data["status"]["phase"] : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/pod_disruption_budget.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 10.seconds
     def status
-      exists? ? "Available" : "Unknown"
+      exists? ? "Available" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/pod_template.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module KubernetesDeploy
   class PodTemplate < KubernetesResource
     def status
-      exists? ? "Available" : "Unknown"
+      exists? ? "Available" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/resource_quota.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "In effect" : "Unknown"
+      exists? ? "In effect" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/role.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/role_binding.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/service_account.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource.rb CHANGED Viewed

@@ -179,7 +179,7 @@ module KubernetesDeploy
     end
     def status
-      exists? ? "Exists" : "Unknown"
+      exists? ? "Exists" : "Not Found"
     end
     def type

data/lib/kubernetes-deploy/restart_task.rb CHANGED Viewed

@@ -112,12 +112,8 @@ module KubernetesDeploy
     def verify_namespace
       kubeclient.get_namespace(@namespace)
       @logger.info("Namespace #{@namespace} found in context #{@context}")
-    rescue KubeException => error
-      if error.error_code == 404
-        raise NamespaceNotFoundError.new(@namespace, @context)
-      else
-        raise
-      end
+    rescue Kubeclient::ResourceNotFoundError
+      raise NamespaceNotFoundError.new(@namespace, @context)
     end
     def patch_deployment_with_restart(record)
@@ -133,7 +129,7 @@ module KubernetesDeploy
         begin
           patch_deployment_with_restart(record)
           @logger.info("Triggered `#{record.metadata.name}` restart")
-        rescue Kubeclient::ResourceNotFoundError, Kubeclient::HttpError => e
+        rescue Kubeclient::HttpError => e
           raise RestartAPIError.new(record.metadata.name, e.message)
         end
       end
@@ -144,12 +140,8 @@ module KubernetesDeploy
         record = nil
         begin
           record = v1beta1_kubeclient.get_deployment(name, @namespace)
-        rescue KubeException => error
-          if error.error_code == 404
-            raise FatalRestartError, "Deployment `#{name}` not found in namespace `#{@namespace}`"
-          else
-            raise
-          end
+        rescue Kubeclient::ResourceNotFoundError
+          raise FatalRestartError, "Deployment `#{name}` not found in namespace `#{@namespace}`"
         end
         record
       end

data/lib/kubernetes-deploy/runner_task.rb CHANGED Viewed

@@ -64,7 +64,7 @@ module KubernetesDeploy
       kubeclient.create_pod(pod.to_kubeclient_resource)
       @pod_name = pod.name
       @logger.info("Pod creation succeeded")
-    rescue KubeException => e
+    rescue Kubeclient::HttpError => e
       msg = "Failed to create pod: #{e.class.name}: #{e.message}"
       @logger.summary.add_paragraph(msg)
       raise FatalDeploymentError, msg
@@ -122,9 +122,13 @@ module KubernetesDeploy
       begin
         kubeclient.get_namespace(@namespace) if @namespace.present?
         @logger.info("Using namespace '#{@namespace}' in context '#{@context}'")
-      rescue KubeException => e
-        msg = e.error_code == 404 ? "Namespace was not found" : "Could not connect to kubernetes cluster"
-        errors << msg
+      rescue Kubeclient::ResourceNotFoundError
+        errors << "Namespace was not found"
+      rescue Kubeclient::HttpError
+        errors << "Could not connect to kubernetes cluster"
+      rescue KubernetesDeploy::KubeclientBuilder::ContextMissingError
+        errors << "Could not connect to kubernetes cluster - context invalid"
       end
       unless errors.empty?
@@ -140,16 +144,13 @@ module KubernetesDeploy
     def get_template(template_name)
       pod_template = kubeclient.get_pod_template(template_name, @namespace)
       pod_template.template
-    rescue KubeException => error
-      if error.error_code == 404
-        msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
-        @logger.summary.add_paragraph(msg)
-        raise TaskTemplateMissingError, msg
-      else
-        raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
-      end
+    rescue Kubeclient::ResourceNotFoundError
+      msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
+      @logger.summary.add_paragraph(msg)
+      raise TaskTemplateMissingError, msg
+    rescue Kubeclient::HttpError => error
+      raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
     end
     def build_pod_definition(base_template)

data/lib/kubernetes-deploy/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module KubernetesDeploy
-  VERSION = "0.24.0"
+  VERSION = "0.25.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kubernetes-deploy
 version: !ruby/object:Gem::Version
-  version: 0.24.0
+  version: 0.25.0
 platform: ruby
 authors:
 - Katrina Verey
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-01-23 00:00:00.000000000 Z
+date: 2019-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: googleauth
   requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ files:
 - lib/kubernetes-deploy/errors.rb
 - lib/kubernetes-deploy/formatted_logger.rb
 - lib/kubernetes-deploy/kubeclient_builder.rb
-- lib/kubernetes-deploy/kubeclient_builder/google_friendly_config.rb
+- lib/kubernetes-deploy/kubeclient_builder/kube_config.rb
 - lib/kubernetes-deploy/kubectl.rb
 - lib/kubernetes-deploy/kubernetes_resource.rb
 - lib/kubernetes-deploy/kubernetes_resource/cloudsql.rb

data/lib/kubernetes-deploy/kubeclient_builder/google_friendly_config.rb DELETED Viewed

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-require 'googleauth'
-module KubernetesDeploy
-  module KubeclientBuilder
-    class GoogleFriendlyConfig < Kubeclient::Config
-      def fetch_user_auth_options(user)
-        if user.dig('auth-provider', 'name') == 'gcp'
-          { bearer_token: new_token }
-        else
-          super
-        end
-      end
-      def self.read(filename)
-        new(YAML.safe_load(File.read(filename), [Time]), File.dirname(filename))
-      end
-      def new_token
-        scopes = ['https://www.googleapis.com/auth/cloud-platform']
-        authorization = Google::Auth.get_application_default(scopes)
-        authorization.apply({})
-        authorization.access_token
-      rescue Signet::AuthorizationError => e
-        err_message = json_error_message(e.response.body) || e.message
-        raise KubeException.new(e.response.status, err_message, e.response.body)
-      end
-      private
-      def json_error_message(body)
-        err = JSON.parse(body || '') || {}
-        err['message']
-      rescue JSON::ParserError
-        nil
-      end
-    end
-  end
-end