train-kubernetes 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d1bc478e5fb94a9b61701a3b318d9a423c9ae75c
+  data.tar.gz: f6361651906de111c3e3c889f80580ab83050a3e
+SHA512:
+  metadata.gz: 3dc40490949058296af30fd97f749122d84a81d37603d033a6a350365ccab54054197c1abcae745bf3bbc58574d302fca1b3f6333f20c179145ff8631b32923c
+  data.tar.gz: 70fba3d1ffe3eb045a5c322089bd679612b88df3df147779530a9afda249da5178890e71f0d6a89c6b5f385ea3d50b4b00b07ed1f17989b4ea6c209ceb9d8309

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+gemspec
+
+# Remaining group is only used for development.
+group :development do
+  gem 'bundler'
+  gem 'byebug'
+  gem 'inspec', '>= 3.7.11' # We need InSpec for the test harness while developing.
+  gem 'minitest'
+  gem 'rake'
+  gem 'rubocop', '~> 0.59'
+end

data/README.md

@@ -0,0 +1,72 @@
+# Kubernetes transport plugin for Chef Inspec Train
+
+This plugin allows applications that rely on Train to communicate with the Kubernetes API.  For example, InSpec uses this to perform compliance checks against any resource in the Kubernetes API. Train plugins are managed by InSpec CLI.
+
+## Usage
+
+When used in combination with the [InSpec Kubernetes Resource Pack](https://github.com/bgeesaman/inspec-k8s) you can validate the spec of any Kubernetes resource you have access to:
+
+```ruby
+describe k8sobjects(api: 'v1', type: 'pods', namespace: 'default', labelSelector: 'run=nginx') do
+  it { should exist }
+  ...
+end
+```
+
+```ruby
+describe k8sobjects(api: 'v1', type: 'namespaces', labelSelector: 'myns=prod') do
+  it { should exist }
+  ...
+end
+```
+
+```ruby
+describe k8sobject(api: 'v1', type: 'pod', namespace: 'default', name: 'my-pod') do
+  it { should exist }
+  its('name') { should eq 'my-pod' }
+  ...
+end
+```
+
+## Preconditions
+
+- InSpec 3 or later.
+- Ruby 2.4+
+- You have set the env var KUBECONFIG or have a valid ~/.kube/config
+
+
+## Installation
+
+Train plugins are distributed as gems.  You may choose to manage the gem yourself, but if you are an InSpec user, InSPec can handle it for you.
+
+Simply run:
+
+```
+$ inspec plugin install train-kubernetes
+```
+
+Verify the plugin
+
+```
+$ inspec detect -t k8s://
+
+== Platform Details
+
+Name:      k8s
+Families:  cloud, api
+Release:   0.1.0
+```
+
+## Reporting Issues
+
+Bugs, typos, limitations, and frustrations are welcome to be reported through the [GitHub issues page for the train-kubernetes project](https://github.com/bgeesaman/train-kubernetes/issues).
+
+You may also ask questions in the #inspec channel of the Chef Community Slack team.  However, for an issue to get traction, please report it as a github issue.
+
+### Development Process
+
+If you wish to contribute to this plugin, please use the usual fork-branch-push-PR cycle.  All functional changes need new tests, and bugfixes are expected to include a new test that demonstrates the bug.
+
+### Reference Information
+
+[Plugin Development](https://github.com/inspec/train/blob/master/docs/dev/plugins.md) is documented on the `train` project on GitHub.

data/lib/train-kubernetes.rb

@@ -0,0 +1,20 @@
+# This file is known as the "entry point."
+# This is the file Train will try to load if it
+# thinks your plugin is needed.
+
+# The *only* thing this file should do is setup the
+# load path, then load plugin files.
+
+# Next two lines simply add the path of the gem to the load path.
+# This is not needed when being loaded as a gem; but when doing
+# plugin development, you may need it.  Either way, it's harmless.
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+# It's traditional to keep your gem version in a separate file, so CI can find it easier.
+require 'train-kubernetes/version'
+
+# A train plugin has three components: Transport, Connection, and Platform.
+# Transport acts as the glue.
+require 'train-kubernetes/transport'
+require 'train-kubernetes/platform'

data/lib/train-kubernetes/connection.rb

@@ -0,0 +1,39 @@
+require 'k8s-client'
+require 'train-kubernetes/platform'
+
+module TrainPlugins
+  module TrainKubernetes
+    class Connection < Train::Plugins::Transport::BaseConnection
+      include TrainPlugins::TrainKubernetes::Platform
+
+      def initialize(options)
+        super(options)
+
+        parse_kubeconfig
+        connect
+      end
+
+      attr_accessor :client
+
+      def connect
+        @client.apis(prefetch_resources: true)
+      rescue Excon::Error::Socket => e
+        logger.error e.message
+        exit
+      end
+
+      def uri
+        "kubernetes://#{unique_identifier}"
+      end
+
+      def unique_identifier
+        @client.transport.server.gsub(%r{(http|https)\:\/\/}, '') || 'default'
+      end
+
+      def parse_kubeconfig
+        kubeconfig_file = @options[:kubeconfig] if @options[:kubeconfig]
+        @client = K8s::Client.config(K8s::Config.load_file(File.expand_path(kubeconfig_file)))
+      end
+    end
+  end
+end

data/lib/train-kubernetes/platform.rb

@@ -0,0 +1,10 @@
+module TrainPlugins
+  module TrainKubernetes
+    module Platform
+      def platform
+        Train::Platforms.name('k8s').in_family('cloud')
+        force_platform!('k8s', release: TrainPlugins::TrainKubernetes::VERSION)
+      end
+    end
+  end
+end

data/lib/train-kubernetes/transport.rb

@@ -0,0 +1,13 @@
+require 'train-kubernetes/connection'
+
+module TrainPlugins
+  module TrainKubernetes
+    class Transport < Train.plugin(1)
+      name 'k8s'
+      option :kubeconfig, default: ENV['KUBECONFIG'] || '~/.kube/config'
+      def connection(_instance_opts = nil)
+        @connection ||= TrainPlugins::TrainKubernetes::Connection.new(@options)
+      end
+    end
+  end
+end

data/lib/train-kubernetes/version.rb

@@ -0,0 +1,10 @@
+# This file exists simply to record the version number of the plugin.
+# It is kept in a separate file, so that your gemspec can load it and
+# learn the current version without loading the whole plugin.  Also,
+# many CI servers can update this file when "version bumping".
+
+module TrainPlugins
+  module TrainKubernetes
+    VERSION = '0.1.1'.freeze
+  end
+end

data/train-kubernetes.gemspec

@@ -0,0 +1,47 @@
+# As plugins are usually packaged and distributed as a RubyGem,
+# we have to provide a .gemspec file, which controls the gembuild
+# and publish process.  This is a fairly generic gemspec.
+
+# It is traditional in a gemspec to dynamically load the current version
+# from a file in the source tree.  The next three lines make that happen.
+# lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'train-kubernetes/version'
+
+Gem::Specification.new do |spec|
+  # Importantly, all Train plugins must be prefixed with `train-`
+  spec.name          = 'train-kubernetes'
+
+  # It is polite to namespace your plugin under TrainPlugins::YourPluginInCamelCase
+  spec.version       = TrainPlugins::TrainKubernetes::VERSION
+  spec.authors       = ['Brad Geesaman']
+  spec.email         = ['bradgeesaman@gmail.com']
+  spec.summary       = 'Train Kubernetes'
+  spec.description   = 'A Train "transport" plugin for Chef Inspec that allows testing of all Kubernetes API resources'
+  spec.homepage      = 'https://github.com/bgeesaman/train-kubernetes'
+  spec.license       = 'Apache-2.0'
+
+  # Though complicated-looking, this is pretty standard for a gemspec.
+  # It just filters what will actually be packaged in the gem (leaving
+  # out tests, etc)
+  spec.files = %w{
+    README.md train-kubernetes.gemspec Gemfile
+  } + Dir.glob(
+    'lib/**/*', File::FNM_DOTMATCH
+  ).reject { |f| File.directory?(f) }
+  spec.require_paths = ['lib']
+
+  # If you rely on any other gems, list them here with any constraints.
+  # This is how `inspec plugin install` is able to manage your dependencies.
+  # For example, perhaps you are writing a thing that talks to AWS, and you
+  # want to ensure you have `aws-sdk` in a certain version.
+
+  # If you only need certain gems during development or testing, list
+  # them in Gemfile, not here.
+  # Do not list inspec as a dependency of the train plugin.
+
+  # All plugins should mention train, > 1.4
+  spec.add_dependency 'k8s-client', '0.10.0'
+  spec.add_dependency 'train', '~> 1.4'
+end

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification
+name: train-kubernetes
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Brad Geesaman
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-05-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: k8s-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+- !ruby/object:Gem::Dependency
+  name: train
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+description: A Train "transport" plugin for Chef Inspec that allows testing of all
+  Kubernetes API resources
+email:
+- bradgeesaman@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- lib/train-kubernetes.rb
+- lib/train-kubernetes/connection.rb
+- lib/train-kubernetes/platform.rb
+- lib/train-kubernetes/transport.rb
+- lib/train-kubernetes/version.rb
+- train-kubernetes.gemspec
+homepage: https://github.com/bgeesaman/train-kubernetes
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2.3
+signing_key: 
+specification_version: 4
+summary: Train Kubernetes
+test_files: []