kubes_google 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c2b41e672639ece65b0c749581b7321b30a48213744e28aa63e3e71bf6cf3fd3
4
- data.tar.gz: 0b4006a22492fb1424c3d45b880f9a784deee99d824e986fb7a52e835196f955
3
+ metadata.gz: c00e66f307251f8ea29d5ba9f624197a31f7c914615925816f5086b1948d6122
4
+ data.tar.gz: 75e4cfc3a285162e64ef6e0ae68b79e55f6491774cc18e3c510f7c83feed8d1f
5
5
  SHA512:
6
- metadata.gz: 139e70fe3e151df3fcefa12a4a8d7a7a45b08bc62909815b4be865906e7400f1c5141a42e41331b13aa774b6f04caca3d06a7a882c6a486646047d11a0d09a3f
7
- data.tar.gz: 9c6058c9157f05a8be7aa662fedc71ada94171e7c4fe5086552c68743a683467a2247fa549d2217f6017ea3ed84fdc80cf18f85a2a2f934753546d95d93af943
6
+ metadata.gz: 95d854c940d876be88544ce89e4eb67c0a85989b279bdfa42f3b7fb504f291650283c2b18f9deec03e5f35cb9d977dcd0e19497cb9a4da805d445c2a779ea88c
7
+ data.tar.gz: 2a7648e2f8f2aeb14dd3e8d9beb4fd920512269a8bf6dcd03ec8dce6f118731ccfafc60437b785382001691ea5d22516562338a6cfb01092f5479feb2d8ed3be
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.1] - 2020-11-11
7
+ - [#4](https://github.com/boltops-tools/kubes_google/pull/4) get_credentials hook
8
+
6
9
  ## [0.3.0]
7
10
  - #3 gke hook to whitelist ip
8
11
 
@@ -1,14 +1,22 @@
1
1
  gke = KubesGoogle::Gke.new(
2
- name: KubesGoogle.config.gke.cluster_name,
2
+ cluster_name: KubesGoogle.config.gke.cluster_name,
3
+ google_region: KubesGoogle.config.gke.google_region,
4
+ google_project: KubesGoogle.config.gke.google_project,
5
+ enable_get_credentials: KubesGoogle.config.gke.enable_get_credentials,
3
6
  whitelist_ip: KubesGoogle.config.gke.whitelist_ip,
4
7
  )
5
8
 
9
+ before("apply",
10
+ label: "gke get-credentials hook",
11
+ execute: gke.method(:get_credentials).to_proc,
12
+ ) if gke.get_credentials_enabled?
13
+
6
14
  before("apply",
7
15
  label: "gke whitelist hook",
8
16
  execute: gke.method(:allow).to_proc,
9
- )
17
+ ) if gke.enabled?
10
18
 
11
19
  after("apply",
12
20
  label: "gke whitelist hook",
13
21
  execute: gke.method(:deny).to_proc,
14
- )
22
+ ) if gke.enabled?
@@ -5,35 +5,56 @@ module KubesGoogle
5
5
  extend Memoist
6
6
  include Logging
7
7
  include Services
8
+ include Util::Sh
8
9
 
9
- def initialize(name:, whitelist_ip: nil)
10
- @name, @whitelist_ip = name, whitelist_ip
10
+ def initialize(cluster_name:,
11
+ enable_get_credentials: false,
12
+ google_project: nil,
13
+ google_region: "us-central1",
14
+ whitelist_ip: nil)
15
+ @cluster_name = cluster_name
16
+ @enable_get_credentials = enable_get_credentials
17
+ @google_project = ENV['GOOGLE_PROJECT'] || google_project
18
+ @google_region = ENV['GOOGLE_REGION'] || google_region
19
+ @whitelist_ip = whitelist_ip
11
20
  end
12
21
 
13
22
  def allow
14
- return unless enabled?
15
23
  logger.debug "Updating cluster. Adding IP: #{ip}"
16
24
  update_cluster(cidr_blocks(:with_whitelist))
17
25
  end
18
26
 
19
27
  def deny
20
- return unless enabled?
21
28
  logger.debug "Updating cluster. Removing IP: #{ip}"
22
29
  update_cluster(cidr_blocks(:without_whitelist))
23
30
  end
24
31
 
25
- # Setting the cluster name is enough to enable the hooks
32
+ def get_credentials
33
+ return unless get_credentials_enabled?
34
+ sh "gcloud container clusters get-credentials --project=#{@google_project} --region=#{@google_region} #{@cluster_name}"
35
+ end
36
+
37
+ def full_name
38
+ "projects/#{@google_project}/locations/#{@google_region}/clusters/#{@cluster_name}"
39
+ end
40
+
26
41
  def enabled?
27
42
  enable = KubesGoogle.config.gke.enable_hooks
28
43
  enable = enable.nil? ? true : enable
29
44
  # gke = KubesGoogle::Gke.new(name: KubesGoogle.config.gke.cluster_name)
30
45
  # so @name = KubesGoogle.config.gke.cluster_name
31
- !!(enable && @name)
46
+ !!(enable && @cluster_name)
47
+ end
48
+
49
+ def get_credentials_enabled?
50
+ enable = KubesGoogle.config.gke.enable_get_credentials
51
+ enable = enable.nil? ? false : enable
52
+ !!(enable && full_name)
32
53
  end
33
54
 
34
55
  def update_cluster(cidr_blocks)
35
56
  resp = cluster_manager.update_cluster(
36
- name: @name,
57
+ name: full_name,
37
58
  update: {
38
59
  desired_master_authorized_networks_config: {
39
60
  cidr_blocks: cidr_blocks,
@@ -67,7 +88,7 @@ module KubesGoogle
67
88
  end
68
89
 
69
90
  def old_cidrs
70
- resp = cluster_manager.get_cluster(name: @name)
91
+ resp = cluster_manager.get_cluster(name: full_name)
71
92
  config = resp.master_authorized_networks_config.to_h
72
93
  config[:cidr_blocks]
73
94
  end
@@ -4,6 +4,7 @@ require "json"
4
4
  module KubesGoogle
5
5
  class ServiceAccount
6
6
  include Logging
7
+ include Util::Sh
7
8
 
8
9
  def initialize(app:, namespace:nil, roles: [], gsa: nil, ksa: nil)
9
10
  @app, @roles = app, roles
@@ -71,25 +72,5 @@ module KubesGoogle
71
72
  --member=serviceAccount:#{@service_account} \
72
73
  --role=#{role} > /dev/null".squish
73
74
  end
74
-
75
- private
76
- def sh(command)
77
- logger.debug "=> #{command}"
78
- success = system(command)
79
- unless success
80
- logger.info "WARN: Running #{command}"
81
- end
82
- success
83
- end
84
-
85
- def capture(command)
86
- out = `#{command}`
87
- unless $?.exitstatus == 0
88
- logger.info "ERROR: Running #{command}"
89
- logger.info out
90
- exit 1
91
- end
92
- out
93
- end
94
75
  end
95
76
  end
@@ -0,0 +1,23 @@
1
+ module KubesGoogle::Util
2
+ module Sh
3
+ private
4
+ def sh(command)
5
+ logger.debug "=> #{command}"
6
+ success = system(command)
7
+ unless success
8
+ logger.info "WARN: Running #{command}"
9
+ end
10
+ success
11
+ end
12
+
13
+ def capture(command)
14
+ out = `#{command}`
15
+ unless $?.exitstatus == 0
16
+ logger.info "ERROR: Running #{command}"
17
+ logger.info out
18
+ exit 1
19
+ end
20
+ out
21
+ end
22
+ end
23
+ end
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.3.0"
2
+ VERSION = "0.3.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-11-10 00:00:00.000000000 Z
11
+ date: 2020-11-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -121,6 +121,7 @@ files:
121
121
  - lib/kubes_google/secrets/fetcher.rb
122
122
  - lib/kubes_google/service_account.rb
123
123
  - lib/kubes_google/services.rb
124
+ - lib/kubes_google/util/sh.rb
124
125
  - lib/kubes_google/version.rb
125
126
  homepage: https://github.com/boltops-tools/kubes_google
126
127
  licenses: