RubyGems - kubernetes-deploy - Versions diffs - 0.24.0 → 0.25.0 - Mend

kubernetes-deploy 0.24.0 → 0.25.0

Files changed (24) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8e6aa3c405f95c085c79e274915275e1d2a225803c4abf21813c11543bdfa8f
-  data.tar.gz: ae315a1ce265d03205bd39972303d54d015a32210b43151c8f5d541377946143
+  metadata.gz: 2f35ca56d7b0ec844c55ff82157238409f2c21db3a9d83f870a73cc3305ee0b8
+  data.tar.gz: a9d9e566c21f699e9f066cd5bd505cd9c9ef9466a0180bb7563e9004211a8184
 SHA512:
-  metadata.gz: 0111a5ab0e4959ff3e135311ed879f284cb9db70b5a510f0fa0e667385f35ab2c0c0323167f3ac30378d032e2daddeeab2f3afeacf6c36b5f0d3e7a5f5a21754
-  data.tar.gz: 182840922280570f41aa6bff6918b24f8c0a34da631d01fe97c3b078a3ef376346118c0026ef3d4f6f1c96cc1d96e9789f483b00fb0ea35d19044129ea0830e2
+  metadata.gz: 2c3e2b2a8267d997e7d8859d6238d70f8a052bb423c8526f6e0f0490efe9de97da54ec1de0737f229f2682b04ba0b385ed2cc54caea3cc8276536026abb660cd
+  data.tar.gz: 98a21af1679cec75a00a6f81981b5a092888113c81f74d03eb967ba07da8b722db06c1394202a2de0fb943df5d784b3e95de15f653682e9c4555a4b595018a45

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,16 @@
-## next
+## 0.25.0
+*Features*
+- Support timeout overrides on deployments ([#414](https://github.com/Shopify/kubernetes-deploy/pull/414))
+*Bug fixes*
+- Attempting to deploy from a directory that only contains `secrets.ejson` will no longer fail deploy ([#416](https://github.com/Shopify/kubernetes-deploy/pull/416))
+- Remove the risk of sending decrypted EJSON secrets to output([#431](https://github.com/Shopify/kubernetes-deploy/pull/431))
+*Other*
+- Update kubeclient gem to 4.2.2. Note this replaces the `KubeclientBuilder::GoogleFriendlyConfig` class with `KubeclientBuilder::KubeConfig` ([#418](https://github.com/Shopify/kubernetes-deploy/pull/418)). This resolves [#396](https://github.com/Shopify/kubernetes-deploy/issues/396) and should allow us to support more authentication methods (e.g. `exec` for EKS).
+- Invalid context when using `kubernetes-run` gives more descriptive error([#423](https://github.com/Shopify/kubernetes-deploy/pull/423))
+- When resources are not found, instead of being `Unknown`, they are now labelled as `Not Found`([#427](https://github.com/Shopify/kubernetes-deploy/pull/427))
 ## 0.24.0

data/README.md CHANGED Viewed

@@ -227,7 +227,7 @@ This is a limitation of the current implementation.
 ### Customizing behaviour with annotations
 - `kubernetes-deploy.shopify.io/timeout-override`: Override the tool's hard timeout for one specific resource. Both full ISO8601 durations and the time portion of ISO8601 durations are valid. Value must be between 1 second and 24 hours.
   - _Example values_: 45s / 3m / 1h / PT0.25H
-  - _Compatibility_: all resource types (Note: `Deployment` timeouts are based on `spec.progressDeadlineSeconds` if present, and that field has a default value as of the `apps/v1beta1` group version. Using this annotation will have no effect on `Deployment`s that time out with "Timeout reason: ProgressDeadlineExceeded".)
+  - _Compatibility_: all resource types
 - `kubernetes-deploy.shopify.io/required-rollout`: Modifies how much of the rollout needs to finish
 before the deployment is considered successful.
   - _Compatibility_: Deployment

data/kubernetes-deploy.gemspec CHANGED Viewed

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.3.0'
   spec.add_dependency("activesupport", ">= 5.0")
-  spec.add_dependency("kubeclient", "~> 3.0")
+  spec.add_dependency("kubeclient", "~> 4.0")
   spec.add_dependency("googleauth", "~> 0.6.6") # https://github.com/google/google-auth-library-ruby/issues/153
   spec.add_dependency("ejson", "~> 1.0")
   spec.add_dependency("colorize", "~> 0.8")

data/lib/kubernetes-deploy/deploy_task.rb CHANGED Viewed

@@ -324,8 +324,8 @@ module KubernetesDeploy
       if !File.directory?(@template_dir)
         errors << "Template directory `#{@template_dir}` doesn't exist"
-      elsif Dir.entries(@template_dir).none? { |file| file =~ /\.ya?ml(\.erb)?$/ }
-        errors << "`#{@template_dir}` doesn't contain valid templates (postfix .yml or .yml.erb)"
+      elsif Dir.entries(@template_dir).none? { |file| file =~ /(\.ya?ml(\.erb)?)$|(secrets\.ejson)$/ }
+        errors << "`#{@template_dir}` doesn't contain valid templates (secrets.ejson or postfix .yml, .yml.erb)"
       end
       if @namespace.blank?

data/lib/kubernetes-deploy/ejson_secret_provisioner.rb CHANGED Viewed

@@ -74,7 +74,7 @@ module KubernetesDeploy
         prune_count += 1
         out, err, st = @kubectl.run("delete", "secret", secret_name)
         @logger.debug(out)
-        raise EjsonSecretError, err unless st.success?
+        raise EjsonSecretError, "Failed to prune secrets" unless st.success?
       end
       @logger.summary.add_action("pruned #{prune_count} #{'secret'.pluralize(prune_count)}") if prune_count > 0
     end
@@ -121,7 +121,7 @@ module KubernetesDeploy
       out, err, st = @kubectl.run("apply", "--filename=#{file.path}")
       @logger.debug(out)
-      raise EjsonSecretError, err unless st.success?
+      raise EjsonSecretError, "Failed to create or update secrets" unless st.success?
     ensure
       file&.unlink
     end
@@ -181,7 +181,7 @@ module KubernetesDeploy
       raise EjsonSecretError, out_err unless st.success?
       JSON.parse(out_err)
     rescue JSON::ParserError => e
-      raise EjsonSecretError, "Failed to parse decrypted ejson:\n  #{e}"
+      raise EjsonSecretError, "Failed to parse decrypted ejson"
     end
     def fetch_private_key_from_secret

data/lib/kubernetes-deploy/kubeclient_builder/kube_config.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require 'googleauth'
+module KubernetesDeploy
+  module KubeclientBuilder
+    class KubeConfig < Kubeclient::Config
+      def self.read(filename)
+        parsed = YAML.safe_load(File.read(filename), [Date, Time])
+        new(parsed, File.dirname(filename))
+      end
+      def fetch_user_auth_options(user)
+        if user.dig('auth-provider', 'name') == 'gcp'
+          { bearer_token: Kubeclient::GoogleApplicationDefaultCredentials.token }
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/lib/kubernetes-deploy/kubeclient_builder.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 require 'kubeclient'
-require 'kubernetes-deploy/kubeclient_builder/google_friendly_config'
+require 'kubernetes-deploy/kubeclient_builder/kube_config'
 module KubernetesDeploy
   module KubeclientBuilder
@@ -86,13 +86,12 @@ module KubernetesDeploy
     def _build_kubeclient(api_version:, context:, endpoint_path: nil)
       # Find a context defined in kube conf files that matches the input context by name
-      friendly_configs = config_files.map { |f| GoogleFriendlyConfig.read(f) }
-      config = friendly_configs.find { |c| c.contexts.include?(context) }
+      configs = config_files.map { |f| KubeConfig.read(f) }
+      config = configs.find { |c| c.contexts.include?(context) }
       raise ContextMissingError, context unless config
       kube_context = config.context(context)
       client = Kubeclient::Client.new(
         "#{kube_context.api_endpoint}#{endpoint_path}",
         api_version,

data/lib/kubernetes-deploy/kubernetes_resource/config_map.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module KubernetesDeploy
     end
     def status
-      exists? ? "Available" : "Unknown"
+      exists? ? "Available" : "Not Found"
     end
     def deploy_failed?

data/lib/kubernetes-deploy/kubernetes_resource/deployment.rb CHANGED Viewed

@@ -63,7 +63,9 @@ module KubernetesDeploy
     end
     def timeout_message
-      reason_msg = if progress_condition.present?
+      reason_msg = if timeout_override
+        STANDARD_TIMEOUT_MESSAGE
+      elsif progress_condition.present?
         "Timeout reason: #{progress_condition['reason']}"
       else
         "Timeout reason: hard deadline for #{type}"
@@ -73,11 +75,19 @@ module KubernetesDeploy
     end
     def pretty_timeout_type
-      progress_deadline.present? ? "progress deadline: #{progress_deadline}s" : super
+      if timeout_override
+        "timeout override: #{timeout_override}s"
+      elsif progress_deadline.present?
+        "progress deadline: #{progress_deadline}s"
+      else
+        super
+      end
     end
     def deploy_timed_out?
       return false if deploy_failed?
+      return super if timeout_override
       # Do not use the hard timeout if progress deadline is set
       progress_condition.present? ? deploy_failing_to_progress? : super
     end

data/lib/kubernetes-deploy/kubernetes_resource/ingress.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/persistent_volume_claim.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 5.minutes
     def status
-      exists? ? @instance_data["status"]["phase"] : "Unknown"
+      exists? ? @instance_data["status"]["phase"] : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/pod_disruption_budget.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 10.seconds
     def status
-      exists? ? "Available" : "Unknown"
+      exists? ? "Available" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/pod_template.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module KubernetesDeploy
   class PodTemplate < KubernetesResource
     def status
-      exists? ? "Available" : "Unknown"
+      exists? ? "Available" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/resource_quota.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "In effect" : "Unknown"
+      exists? ? "In effect" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/role.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/role_binding.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource/service_account.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module KubernetesDeploy
     TIMEOUT = 30.seconds
     def status
-      exists? ? "Created" : "Unknown"
+      exists? ? "Created" : "Not Found"
     end
     def deploy_succeeded?

data/lib/kubernetes-deploy/kubernetes_resource.rb CHANGED Viewed

@@ -179,7 +179,7 @@ module KubernetesDeploy
     end
     def status
-      exists? ? "Exists" : "Unknown"
+      exists? ? "Exists" : "Not Found"
     end
     def type

data/lib/kubernetes-deploy/restart_task.rb CHANGED Viewed

@@ -112,12 +112,8 @@ module KubernetesDeploy
     def verify_namespace
       kubeclient.get_namespace(@namespace)
       @logger.info("Namespace #{@namespace} found in context #{@context}")
-    rescue KubeException => error
-      if error.error_code == 404
-        raise NamespaceNotFoundError.new(@namespace, @context)
-      else
-        raise
-      end
+    rescue Kubeclient::ResourceNotFoundError
+      raise NamespaceNotFoundError.new(@namespace, @context)
     end
     def patch_deployment_with_restart(record)
@@ -133,7 +129,7 @@ module KubernetesDeploy
         begin
           patch_deployment_with_restart(record)
           @logger.info("Triggered `#{record.metadata.name}` restart")
-        rescue Kubeclient::ResourceNotFoundError, Kubeclient::HttpError => e
+        rescue Kubeclient::HttpError => e
           raise RestartAPIError.new(record.metadata.name, e.message)
         end
       end
@@ -144,12 +140,8 @@ module KubernetesDeploy
         record = nil
         begin
           record = v1beta1_kubeclient.get_deployment(name, @namespace)
-        rescue KubeException => error
-          if error.error_code == 404
-            raise FatalRestartError, "Deployment `#{name}` not found in namespace `#{@namespace}`"
-          else
-            raise
-          end
+        rescue Kubeclient::ResourceNotFoundError
+          raise FatalRestartError, "Deployment `#{name}` not found in namespace `#{@namespace}`"
         end
         record
       end

data/lib/kubernetes-deploy/runner_task.rb CHANGED Viewed

@@ -64,7 +64,7 @@ module KubernetesDeploy
       kubeclient.create_pod(pod.to_kubeclient_resource)
       @pod_name = pod.name
       @logger.info("Pod creation succeeded")
-    rescue KubeException => e
+    rescue Kubeclient::HttpError => e
       msg = "Failed to create pod: #{e.class.name}: #{e.message}"
       @logger.summary.add_paragraph(msg)
       raise FatalDeploymentError, msg
@@ -122,9 +122,13 @@ module KubernetesDeploy
       begin
         kubeclient.get_namespace(@namespace) if @namespace.present?
         @logger.info("Using namespace '#{@namespace}' in context '#{@context}'")
-      rescue KubeException => e
-        msg = e.error_code == 404 ? "Namespace was not found" : "Could not connect to kubernetes cluster"
-        errors << msg
+      rescue Kubeclient::ResourceNotFoundError
+        errors << "Namespace was not found"
+      rescue Kubeclient::HttpError
+        errors << "Could not connect to kubernetes cluster"
+      rescue KubernetesDeploy::KubeclientBuilder::ContextMissingError
+        errors << "Could not connect to kubernetes cluster - context invalid"
       end
       unless errors.empty?
@@ -140,16 +144,13 @@ module KubernetesDeploy
     def get_template(template_name)
       pod_template = kubeclient.get_pod_template(template_name, @namespace)
       pod_template.template
-    rescue KubeException => error
-      if error.error_code == 404
-        msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
-        @logger.summary.add_paragraph(msg)
-        raise TaskTemplateMissingError, msg
-      else
-        raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
-      end
+    rescue Kubeclient::ResourceNotFoundError
+      msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
+      @logger.summary.add_paragraph(msg)
+      raise TaskTemplateMissingError, msg
+    rescue Kubeclient::HttpError => error
+      raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
     end
     def build_pod_definition(base_template)

data/lib/kubernetes-deploy/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module KubernetesDeploy
-  VERSION = "0.24.0"
+  VERSION = "0.25.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kubernetes-deploy
 version: !ruby/object:Gem::Version
-  version: 0.24.0
+  version: 0.25.0
 platform: ruby
 authors:
 - Katrina Verey
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-01-23 00:00:00.000000000 Z
+date: 2019-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: googleauth
   requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ files:
 - lib/kubernetes-deploy/errors.rb
 - lib/kubernetes-deploy/formatted_logger.rb
 - lib/kubernetes-deploy/kubeclient_builder.rb
-- lib/kubernetes-deploy/kubeclient_builder/google_friendly_config.rb
+- lib/kubernetes-deploy/kubeclient_builder/kube_config.rb
 - lib/kubernetes-deploy/kubectl.rb
 - lib/kubernetes-deploy/kubernetes_resource.rb
 - lib/kubernetes-deploy/kubernetes_resource/cloudsql.rb

data/lib/kubernetes-deploy/kubeclient_builder/google_friendly_config.rb DELETED Viewed

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-require 'googleauth'
-module KubernetesDeploy
-  module KubeclientBuilder
-    class GoogleFriendlyConfig < Kubeclient::Config
-      def fetch_user_auth_options(user)
-        if user.dig('auth-provider', 'name') == 'gcp'
-          { bearer_token: new_token }
-        else
-          super
-        end
-      end
-      def self.read(filename)
-        new(YAML.safe_load(File.read(filename), [Time]), File.dirname(filename))
-      end
-      def new_token
-        scopes = ['https://www.googleapis.com/auth/cloud-platform']
-        authorization = Google::Auth.get_application_default(scopes)
-        authorization.apply({})
-        authorization.access_token
-      rescue Signet::AuthorizationError => e
-        err_message = json_error_message(e.response.body) || e.message
-        raise KubeException.new(e.response.status, err_message, e.response.body)
-      end
-      private
-      def json_error_message(body)
-        err = JSON.parse(body || '') || {}
-        err['message']
-      rescue JSON::ParserError
-        nil
-      end
-    end
-  end
-end