Kubeclient 4.2.2

CHANGELOG.md

@@ -3,6 +3,9 @@
 *Bug fixes*
 - Attempting to deploy from a directory that only contains `secrets.ejson` will no longer fail deploy ([#416](https://github.com/Shopify/kubernetes-deploy/pull/416))
 
+*Other*
+- Update kubeclient gem to 4.2.2. Note this replaces the `KubeclientBuilder::GoogleFriendlyConfig` class with `KubeclientBuilder::KubeConfig` ([#418](https://github.com/Shopify/kubernetes-deploy/pull/418))
+
 ## 0.24.0
 
 *Features*

kubernetes-deploy.gemspec

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3.0'
   spec.add_dependency("activesupport", ">= 5.0")
-  spec.add_dependency("kubeclient", "~> 3.0")
+  spec.add_dependency("kubeclient", "~> 4.0")
   spec.add_dependency("googleauth", "~> 0.6.6") # https://github.com/google/google-auth-library-ruby/issues/153
   spec.add_dependency("ejson", "~> 1.0")
   spec.add_dependency("colorize", "~> 0.8")

lib/kubernetes-deploy/kubeclient_builder.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 require 'kubeclient'
-require 'kubernetes-deploy/kubeclient_builder/google_friendly_config'
+require 'kubernetes-deploy/kubeclient_builder/kube_config'
 
 module KubernetesDeploy
   module KubeclientBuilder
@@ -86,13 +86,12 @@ def build_rbac_v1_kubeclient(context)
 
     def _build_kubeclient(api_version:, context:, endpoint_path: nil)
       # Find a context defined in kube conf files that matches the input context by name
-      friendly_configs = config_files.map { |f| GoogleFriendlyConfig.read(f) }
-      config = friendly_configs.find { |c| c.contexts.include?(context) }
+      configs = config_files.map { |f| KubeConfig.read(f) }
+      config = configs.find { |c| c.contexts.include?(context) }
 
       raise ContextMissingError, context unless config
 
       kube_context = config.context(context)
-
       client = Kubeclient::Client.new(
         "#{kube_context.api_endpoint}#{endpoint_path}",
         api_version,

lib/kubernetes-deploy/kubeclient_builder/kube_config.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'googleauth'
+module KubernetesDeploy
+  module KubeclientBuilder
+    class KubeConfig < Kubeclient::Config
+      def self.read(filename)
+        parsed = YAML.safe_load(File.read(filename), [Date, Time])
+        new(parsed, File.dirname(filename))
+      end
+
+      def fetch_user_auth_options(user)
+        if user.dig('auth-provider', 'name') == 'gcp'
+          { bearer_token: Kubeclient::GoogleApplicationDefaultCredentials.token }
+        else
+          super
+        end
+      end
+    end
+  end
+end

lib/kubernetes-deploy/restart_task.rb

@@ -112,12 +112,8 @@ def build_watchables(kubeclient_resources, started)
     def verify_namespace
       kubeclient.get_namespace(@namespace)
       @logger.info("Namespace #{@namespace} found in context #{@context}")
-    rescue KubeException => error
-      if error.error_code == 404
-        raise NamespaceNotFoundError.new(@namespace, @context)
-      else
-        raise
-      end
+    rescue Kubeclient::ResourceNotFoundError
+      raise NamespaceNotFoundError.new(@namespace, @context)
     end
 
     def patch_deployment_with_restart(record)
@@ -133,7 +129,7 @@ def patch_kubeclient_deployments(deployments)
         begin
           patch_deployment_with_restart(record)
           @logger.info("Triggered `#{record.metadata.name}` restart")
-        rescue Kubeclient::ResourceNotFoundError, Kubeclient::HttpError => e
+        rescue Kubeclient::HttpError => e
           raise RestartAPIError.new(record.metadata.name, e.message)
         end
       end
@@ -144,12 +140,8 @@ def fetch_deployments(list)
         record = nil
         begin
           record = v1beta1_kubeclient.get_deployment(name, @namespace)
-        rescue KubeException => error
-          if error.error_code == 404
-            raise FatalRestartError, "Deployment `#{name}` not found in namespace `#{@namespace}`"
-          else
-            raise
-          end
+        rescue Kubeclient::ResourceNotFoundError
+          raise FatalRestartError, "Deployment `#{name}` not found in namespace `#{@namespace}`"
         end
         record
       end

lib/kubernetes-deploy/runner_task.rb

@@ -64,7 +64,7 @@ def create_pod(pod)
       kubeclient.create_pod(pod.to_kubeclient_resource)
       @pod_name = pod.name
       @logger.info("Pod creation succeeded")
-    rescue KubeException => e
+    rescue Kubeclient::HttpError => e
       msg = "Failed to create pod: #{e.class.name}: #{e.message}"
       @logger.summary.add_paragraph(msg)
       raise FatalDeploymentError, msg
@@ -122,9 +122,11 @@ def validate_configuration(task_template, args)
       begin
         kubeclient.get_namespace(@namespace) if @namespace.present?
         @logger.info("Using namespace '#{@namespace}' in context '#{@context}'")
-      rescue KubeException => e
-        msg = e.error_code == 404 ? "Namespace was not found" : "Could not connect to kubernetes cluster"
-        errors << msg
+
+      rescue Kubeclient::ResourceNotFoundError
+        errors << "Namespace was not found"
+      rescue Kubeclient::HttpError
+        errors << "Could not connect to kubernetes cluster"
       end
 
       unless errors.empty?
@@ -140,16 +142,13 @@ def validate_configuration(task_template, args)
 
     def get_template(template_name)
       pod_template = kubeclient.get_pod_template(template_name, @namespace)
-
       pod_template.template
-    rescue KubeException => error
-      if error.error_code == 404
-        msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
-        @logger.summary.add_paragraph(msg)
-        raise TaskTemplateMissingError, msg
-      else
-        raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
-      end
+    rescue Kubeclient::ResourceNotFoundError
+      msg = "Pod template `#{template_name}` not found in namespace `#{@namespace}`, context `#{@context}`"
+      @logger.summary.add_paragraph(msg)
+      raise TaskTemplateMissingError, msg
+    rescue Kubeclient::HttpError => error
+      raise FatalKubeAPIError, "Error retrieving pod template: #{error.class.name}: #{error.message}"
     end
 
     def build_pod_definition(base_template)

test/helpers/fixture_set.rb

@@ -34,7 +34,7 @@ def refute_resource_exists(type, name, beta: false)
         flunk("#{type} #{name} unexpectedly existed and is not being deleted.")
       end
     rescue KubeException => e
-      raise unless e.to_s.include?("not found")
+      raise unless e.is_a?(Kubeclient::ResourceNotFoundError)
     end
 
     def assert_pod_status(pod_name, status, count = 1)

test/helpers/test_provisioner.rb

@@ -29,7 +29,7 @@ def claim_namespace(test_name)
     def delete_namespace(namespace)
       kubeclient.delete_namespace(namespace) if namespace.present?
     rescue KubeException => e
-      raise unless e.to_s.include?("not found")
+      raise unless e.is_a?(Kubeclient::ResourceNotFoundError)
     end
 
     private

test/unit/kubernetes-deploy/google_friendly_config_test.rb → test/unit/kubernetes-deploy/kube_config_test.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require 'test_helper'
 
-class GoogleFriendlyConfigTest < KubernetesDeploy::TestCase
+class KubeConfigTest < KubernetesDeploy::TestCase
   def setup
     WebMock.disable_net_connect!
     set_google_env_vars
@@ -12,7 +12,7 @@ def teardown
   end
 
   def test_auth_use_default_gcp_success
-    config = KubernetesDeploy::KubeclientBuilder::GoogleFriendlyConfig.new(kubeconfig, "")
+    config = KubernetesDeploy::KubeclientBuilder::KubeConfig.new(kubeconfig, "")
 
     stub_request(:post, 'https://oauth2.googleapis.com/token')
       .to_return(
@@ -31,7 +31,7 @@ def test_auth_use_default_gcp_success
   end
 
   def test_auth_use_default_gcp_failure
-    config = KubernetesDeploy::KubeclientBuilder::GoogleFriendlyConfig.new(kubeconfig, "")
+    config = KubernetesDeploy::KubeclientBuilder::KubeConfig.new(kubeconfig, "")
 
     stub_request(:post, 'https://oauth2.googleapis.com/token')
       .to_return(
@@ -40,13 +40,13 @@ def test_auth_use_default_gcp_failure
         status: 401
       )
 
-    assert_raises(KubeException) do
+    assert_raises(Signet::AuthorizationError) do
       config.context("google")
     end
   end
 
   def test_non_google_auth_works
-    config = KubernetesDeploy::KubeclientBuilder::GoogleFriendlyConfig.new(kubeconfig, "")
+    config = KubernetesDeploy::KubeclientBuilder::KubeConfig.new(kubeconfig, "")
 
     context = config.context("minikube")
 

test/unit/kubernetes-deploy/kubernetes_resource/custom_resource_definition_test.rb

@@ -99,12 +99,13 @@ def test_cr_instance_fails_validation_when_rollout_conditions_for_crd_invalid
         "metadata" => { "name" => "test" },
       })
     cr.validate_definition(kubectl)
-    assert_equal(cr.validation_error_msg,
+    assert(cr.validation_error_msg.include?(
       "The CRD that specifies this resource is using invalid rollout conditions. Kubernetes-deploy will not be " \
       "able to continue until those rollout conditions are fixed.\nRollout conditions can be found on the CRD " \
       "that defines this resource (unittests.stable.example.io), under the annotation " \
       "kubernetes-deploy.shopify.io/instance-rollout-conditions.\nValidation failed with: " \
-      "Rollout conditions are not valid JSON: Empty input () at line 1, column 1 [parse.c:963] in 'bad string")
+      "Rollout conditions are not valid JSON:"
+    ))
   end
 
   def test_cr_instance_valid_when_rollout_conditions_for_crd_valid