From fcef44e7eeac35351f8fa19ad5c09ff7f404f377 Mon Sep 17 00:00:00 2001 From: Ben Langfeld Date: Tue, 16 Apr 2019 13:27:37 -0300 Subject: [PATCH] Removes special treatment of GCP authentication https://github.com/abonas/kubeclient/pull/394#issuecomment-469012306 --- CHANGELOG.md | 3 + kubernetes-deploy.gemspec | 2 +- lib/kubernetes-deploy/kubeclient_builder.rb | 3 +- .../kubeclient_builder/kube_config.rb | 21 ---- .../kubernetes-deploy/kube_config_test.rb | 107 ------------------ 5 files changed, 5 insertions(+), 131 deletions(-) delete mode 100644 lib/kubernetes-deploy/kubeclient_builder/kube_config.rb delete mode 100644 test/unit/kubernetes-deploy/kube_config_test.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d8b17839..2646d063f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ## next +*Other* +- Removes special treatment of GCP authentication by upgrading to `kubeclient` 4.3. + ## 0.26.3 *Bug fixes* diff --git a/kubernetes-deploy.gemspec b/kubernetes-deploy.gemspec index 92430ee53..8e1e1849f 100644 --- a/kubernetes-deploy.gemspec +++ b/kubernetes-deploy.gemspec @@ -24,7 +24,7 @@ Gem::Specification.new do |spec| spec.required_ruby_version = '>= 2.3.0' spec.add_dependency("activesupport", ">= 5.0") - spec.add_dependency("kubeclient", "~> 4.0") + spec.add_dependency("kubeclient", "~> 4.3") spec.add_dependency("googleauth", "~> 0.6.6") # https://github.com/google/google-auth-library-ruby/issues/153 spec.add_dependency("ejson", "~> 1.0") spec.add_dependency("colorize", "~> 0.8") diff --git a/lib/kubernetes-deploy/kubeclient_builder.rb b/lib/kubernetes-deploy/kubeclient_builder.rb index c88c31907..896dc6ca7 100644 --- a/lib/kubernetes-deploy/kubeclient_builder.rb +++ b/lib/kubernetes-deploy/kubeclient_builder.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true require 'kubeclient' -require 'kubernetes-deploy/kubeclient_builder/kube_config' module KubernetesDeploy class KubeclientBuilder @@ -118,7 +117,7 @@ def validate_config_files! def build_kubeclient(api_version:, context:, endpoint_path: nil) validate_config_files! - @kubeclient_configs ||= @kubeconfig_files.map { |f| KubeConfig.read(f) } + @kubeclient_configs ||= @kubeconfig_files.map { |f| Kubeclient::Config.read(f) } # Find a context defined in kube conf files that matches the input context by name config = @kubeclient_configs.find { |c| c.contexts.include?(context) } raise ContextMissingError.new(context, @kubeconfig_files) unless config diff --git a/lib/kubernetes-deploy/kubeclient_builder/kube_config.rb b/lib/kubernetes-deploy/kubeclient_builder/kube_config.rb deleted file mode 100644 index 996d073dc..000000000 --- a/lib/kubernetes-deploy/kubeclient_builder/kube_config.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true - -require 'googleauth' -module KubernetesDeploy - class KubeclientBuilder - class KubeConfig < Kubeclient::Config - def self.read(filename) - parsed = YAML.safe_load(File.read(filename), [Date, Time]) - new(parsed, File.dirname(filename)) - end - - def fetch_user_auth_options(user) - if user.dig('auth-provider', 'name') == 'gcp' - { bearer_token: Kubeclient::GoogleApplicationDefaultCredentials.token } - else - super - end - end - end - end -end diff --git a/test/unit/kubernetes-deploy/kube_config_test.rb b/test/unit/kubernetes-deploy/kube_config_test.rb deleted file mode 100644 index 12a37f55a..000000000 --- a/test/unit/kubernetes-deploy/kube_config_test.rb +++ /dev/null @@ -1,107 +0,0 @@ -# frozen_string_literal: true -require 'test_helper' - -class KubeConfigTest < KubernetesDeploy::TestCase - def setup - WebMock.disable_net_connect! - set_google_env_vars - end - - def teardown - WebMock.allow_net_connect! - end - - def test_auth_use_default_gcp_success - config = KubernetesDeploy::KubeclientBuilder::KubeConfig.new(kubeconfig, "") - - stub_request(:post, 'https://oauth2.googleapis.com/token') - .to_return( - headers: { 'Content-Type' => 'application/json' }, - body: { - "access_token" => "bearer_token", - "token_type" => "Bearer", - "expires_in" => 3600, - "id_token" => "identity_token", - }.to_json, - status: 200 - ) - - context = config.context("google") - assert_equal('bearer_token', context.auth_options[:bearer_token]) - end - - def test_auth_use_default_gcp_failure - config = KubernetesDeploy::KubeclientBuilder::KubeConfig.new(kubeconfig, "") - - stub_request(:post, 'https://oauth2.googleapis.com/token') - .to_return( - headers: { 'Content-Type' => 'application/json' }, - body: '', - status: 401 - ) - - assert_raises(Signet::AuthorizationError) do - config.context("google") - end - end - - def test_non_google_auth_works - config = KubernetesDeploy::KubeclientBuilder::KubeConfig.new(kubeconfig, "") - - context = config.context("minikube") - - assert_equal('test', context.auth_options[:password]) - assert_equal('admin', context.auth_options[:username]) - end - - def kubeconfig - { - 'apiVersion' => 'v1', - 'clusters' => [ - { 'cluster' => { 'server' => 'https://192.168.64.3:8443' }, 'name' => 'test' }, - ], - 'contexts' => [ - { - 'context' => { - 'cluster' => 'test', - 'user' => 'google', - }, - 'name' => 'google', - }, - { - 'context' => { - 'cluster' => 'test', 'user' => 'minikube' - }, - 'name' => 'minikube', - }, - ], - 'users' => [ - { - 'name' => 'google', - 'user' => { - 'auth-provider' => { - 'name' => 'gcp', - 'config' => { 'access_token' => 'test' }, - }, - }, - }, - { - 'name' => 'minikube', - 'user' => { - 'password' => 'test', - 'username' => 'admin', - }, - }, - ], - }.stringify_keys - end - - def set_google_env_vars - ENV["GOOGLE_PRIVATE_KEY"] ||= "FAKE" - ENV["GOOGLE_CLIENT_EMAIL"] ||= "fake@email.com" - ENV["GOOGLE_ACCOUNT_TYPE"] ||= 'authorized_user' - ENV["GOOGLE_CLIENT_ID"] ||= 'fake' - ENV["GOOGLE_CLIENT_SECRET"] ||= 'fake' - ENV["REFRESH_TOKEN_VAR"] ||= 'fake' - end -end