Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config: add support to read kube config files #127

Merged
merged 2 commits into from
May 22, 2016
Merged

config: add support to read kube config files #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bc4dae1
config: add support to read kube config files
simon3z Oct 6, 2015
5e4463c
handle scenario where there's no user in a context
jonmoter May 11, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .rubocop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ Metrics/LineLength:
Max: 100
Metrics/ParameterLists:
Max: 8
Metrics/CyclomaticComplexity:
Max: 8
1 change: 1 addition & 0 deletions lib/kubeclient.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
require 'kubeclient/watch_notice'
require 'kubeclient/watch_stream'
require 'kubeclient/common'
require 'kubeclient/config'

module Kubeclient
# Kubernetes Client
Expand Down
111 changes: 111 additions & 0 deletions lib/kubeclient/config.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
require 'yaml'
require 'base64'

module Kubeclient
# Kubernetes client configuration class
class Config
# Kubernetes client configuration context class
class Context
attr_reader :api_endpoint, :api_version, :ssl_options

def initialize(api_endpoint, api_version, ssl_options)
@api_endpoint = api_endpoint
@api_version = api_version
@ssl_options = ssl_options
end
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For convenience, it would be nice to have a #client method of context that would return a Kubeclient::Client, so you could say:

config = Kubeclient::Config.read(ENV['HOME'] + '/.kube/config')
client = config.context('vagrant').client

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonmoter yes that would have been nice but since this part should work also with openshift_client we should come up with something smarter (what client to return, etc.). At the moment I went with the simple implementation where we don't prepare any of the two clients.


def initialize(kcfg, kcfg_path)
@kcfg = kcfg
@kcfg_path = kcfg_path
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why both kcfg and kcfg path are needed separately?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abonas because the configuration file and where the external files (e.g. CA) are stored, could be different paths.

fail 'Unknown kubeconfig version' if @kcfg['apiVersion'] != 'v1'
end

def self.read(filename)
Config.new(YAML.load_file(filename), File.dirname(filename))
end

def contexts
@kcfg['contexts'].map { |x| x['name'] }
end

def context(context_name = nil)
cluster, user = fetch_context(context_name || @kcfg['current-context'])

ca_cert_data = fetch_cluster_ca_data(cluster)
client_cert_data = fetch_user_cert_data(user)
client_key_data = fetch_user_key_data(user)

ssl_options = {}

if !ca_cert_data.nil?
cert_store = OpenSSL::X509::Store.new
cert_store.add_cert(OpenSSL::X509::Certificate.new(ca_cert_data))
ssl_options[:verify_ssl] = OpenSSL::SSL::VERIFY_PEER
ssl_options[:cert_store] = cert_store
else
ssl_options[:verify_ssl] = OpenSSL::SSL::VERIFY_NONE
end

unless client_cert_data.nil?
ssl_options[:client_cert] = OpenSSL::X509::Certificate.new(client_cert_data)
end

unless client_key_data.nil?
ssl_options[:client_key] = OpenSSL::PKey.read(client_key_data)
end

Context.new(cluster['server'], @kcfg['apiVersion'], ssl_options)
end

private

def ext_file_path(path)
File.join(@kcfg_path, path)
end

def fetch_context(context_name)
context = @kcfg['contexts'].detect do |x|
break x['context'] if x['name'] == context_name
end

fail "Unknown context #{context_name}" unless context

cluster = @kcfg['clusters'].detect do |x|
break x['cluster'] if x['name'] == context['cluster']
end

fail "Unknown cluster #{context['cluster']}" unless cluster

user = @kcfg['users'].detect do |x|
break x['user'] if x['name'] == context['user']
end || {}

[cluster, user]
end

def fetch_cluster_ca_data(cluster)
if cluster.key?('certificate-authority')
return File.read(ext_file_path(cluster['certificate-authority']))
elsif cluster.key?('certificate-authority-data')
return Base64.decode64(cluster['certificate-authority-data'])
end
end

def fetch_user_cert_data(user)
if user.key?('client-certificate')
return File.read(ext_file_path(user['client-certificate']))
elsif user.key?('client-certificate-data')
return Base64.decode64(user['client-certificate-data'])
end
end

def fetch_user_key_data(user)
if user.key?('client-key')
return File.read(ext_file_path(user['client-key']))
elsif user.key?('client-key-data')
return Base64.decode64(user['client-key-data'])
end
end
end
end
20 changes: 20 additions & 0 deletions test/config/allinone.kubeconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1akNDQWRDZ0F3SUJBZ0lCQVRBTEJna3Foa2lHOXcwQkFRc3dKakVrTUNJR0ExVUVBd3diYjNCbGJuTm8KYVdaMExYTnBaMjVsY2tBeE5EUTBNVEk0T0Rnd01CNFhEVEUxTVRBd05qRXdOVFEwTUZvWERURTJNVEF3TlRFdwpOVFEwTVZvd0pqRWtNQ0lHQTFVRUF3d2JiM0JsYm5Ob2FXWjBMWE5wWjI1bGNrQXhORFEwTVRJNE9EZ3dNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyNmdtOUhBV2UxbGswSlBJUE9vSXl2azkKWXJwN0dMa0ljQ1B4ME1CTEd0cmpVK2wyNzl6RER2NlBWMmIwS1UxTEZDM0l4UGtaTXJMQkVaNTR3MllrV3ZlUApreUhZczByMEdOd0hldk9XR2R0c2d0VXkveHAvTlVHUlZrclVPUGtrNGZMclAzcm5DQmVuVzdTYWlxRCtxNUpJCjhxTytXSVZtaDZGRjF1R0tWWjZmaS8rRjZwN1AreXhCUForV0kyTWt0UXE2akZrQlgxbjFnYlIzRGpRdng3SjEKdjNvWi9PTkNkQ2FXZXNuUm1ON0MyUDRVMVdPNXk0dkwzNFFPcXYyai9jaXpmRWdFcERsNXcrdXk1WDQ3aEsvSwpubEh0UHdrSFpMRWtva3VETnBjVGZ4Nk5Od09UVEZIdmdUeDUvYlFvVUZrbkVad2oyRW9lTW8wd05Pb0VId0lECkFRQUJveU13SVRBT0JnTlZIUThCQWY4RUJBTUNBS1F3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFMQmdrcWhraUcKOXcwQkFRc0RnZ0VCQUVQUUFDa09LUkhVem85SXBMNWQxK05wRjVHWFJEb3BCSkllRkJuZ01tZ1g3cUtqRzJNcwpHWGx3bXgvL2hZQll4MHc2R2FBNFc0VzM4cEYwR24yaFNXTVE2cTZsRXpoQU1ROWFYb2xRcXBTLytzMmFGK2J2CmxoWStoUXk2dmRTTUExK3ZPVzBLTDBRaGxjdCszY3UwN1pTajFXNG9obmJpUklXYzJJdCsxSWVMbnZBY210eCsKTURnSTlzV2ZmeW5VVkN0RkVsdEkrTVM2VjhuRlAxVTB6Z243V3ZSc1JQK0YyYXZkejRmYWR4RVBTTTl4WGtUVQpDL2M5L0JvKzlmT0dMakhnbFMwY1ZiNWI3d3k5ZHhwc0p2Wll3SjFwZk5Uci9COVZpL09kQzN0UFBhd0habVVCCnVkSTVXUWljelVQSjhDU1NSMDJuaDJMUUMvRzVCS2FxSk9ZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://localhost:8443
name: localhost:8443
contexts:
- context:
cluster: localhost:8443
namespace: default
user: system:admin/localhost:8443
name: default/localhost:8443/system:admin
current-context: default/localhost:8443/system:admin
kind: Config
preferences: {}
users:
- name: system:admin/localhost:8443
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDVENDQWZPZ0F3SUJBZ0lCQlRBTEJna3Foa2lHOXcwQkFRc3dKakVrTUNJR0ExVUVBd3diYjNCbGJuTm8KYVdaMExYTnBaMjVsY2tBeE5EUTBNVEk0T0Rnd01CNFhEVEUxTVRBd05qRXdOVFEwTWxvWERURTJNVEF3TlRFdwpOVFEwTTFvd056RWVNQndHQTFVRUNoTVZjM2x6ZEdWdE9tTnNkWE4wWlhJdFlXUnRhVzV6TVJVd0V3WURWUVFECkV3eHplWE4wWlcwNllXUnRhVzR3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFYKSjNJUkJTdTQ4TVppOFBaVlJFSno1NWN2d3hsclhyZUxSZnQ0cW1FdVQwbzE5WUlOR3lMMWVXc0VpanBML1ZVWAo0clA4Q280MXFHbDVBbS94WDZHMWNKTE45Z1plY3l5SHJUTTdjSXNsTjRydy9UUkg2SXF2ZWluUHNrcHl3UTRDClU1UHlQSTh0QU9aa3I2VU14K1cwckJWZXNUM1NKZjF0UVY0Ynh4cXlHeXA2dGM5SElGZ1hGQzdUQnovcDBGU2MKdXdiaFpMTmkrbHcxcC9QWGxCK3BJY0hNMnN5RldHYnVFemk2aE1TWHNKN3l2dEtpZW9KdWtmV05ZOE9QcURNRgpWVmNnUHJJaTErM0Z4ZWFEY1pYMUZ1TEw5ZVVOQ2o3NlR6dDVJcUJzaHVVdy8ra0I1cWxtemgyaDdrbmMxbkRsCmNaRkxxdlE1MFV0cVJqazdFQ3UvQWdNQkFBR2pOVEF6TUE0R0ExVWREd0VCL3dRRUF3SUFvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUFzR0NTcUdTSWIzRFFFQkN3T0NBUUVBaThLRgpiYzVwcVg1U2tlbytqaExESzRwdHB3VCtNMDFuRGdyc3FDMTEzbFNZclNvKytGbnptZ2hTRVBoSmg1TzhIYjNYCkZkN0NybWc1V3BQVldCaGt0NHBpenRWN2VpRTdES050NUxMTjNrcm1sWHlBUUppYkkxVSthOUJuelJCWnQzOXMKeHVUOE9XOTBNdS9oVkFRN1NkTzlTNzYvbm1xamZWQTNwNHFENTVXVDRQZ0N0Q1hzc042ZEYwdE9WV0NUZW9aUwpxRVBHODY1Wmw3ODlMTWZZVVlSbmhCa0xnVkVkU1U4Z2N6NU1JNUpSejd6cll4ekc2REMreXZYdnJrUFJLRE5PCm42VUFDbTI2UVFwcHZrUzVRczkwR2lER3FTdHhtY2JEd1Y1Z0lmMStQcmtwaXRlMzNmN0hud2JhQy9vRGN1d3MKRDRPRlhNZkE1c1FEMVpJTUZRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMVNkeUVRVXJ1UERHWXZEMlZVUkNjK2VYTDhNWmExNjNpMFg3ZUtwaExrOUtOZldDCkRSc2k5WGxyQklvNlMvMVZGK0t6L0FxT05haHBlUUp2OFYraHRYQ1N6ZllHWG5Nc2g2MHpPM0NMSlRlSzhQMDAKUitpS3Izb3B6N0pLY3NFT0FsT1Q4anlQTFFEbVpLK2xETWZsdEt3VlhyRTkwaVg5YlVGZUc4Y2FzaHNxZXJYUApSeUJZRnhRdTB3Yy82ZEJVbkxzRzRXU3pZdnBjTmFmejE1UWZxU0hCek5yTWhWaG03aE00dW9URWw3Q2U4cjdTCm9ucUNicEgxaldQRGo2Z3pCVlZYSUQ2eUl0ZnR4Y1htZzNHVjlSYml5L1hsRFFvKytrODdlU0tnYklibE1QL3AKQWVhcFpzNGRvZTVKM05adzVYR1JTNnIwT2RGTGFrWTVPeEFydndJREFRQUJBb0lCQVFDcWozTEZ6Y1pycVRhRgp5MXpCWStwc3hsOEMxL0hLS2JOaTNXL1k0VFQ4RW5SR2N4cEtsSEZIelkxbHg1bllYbkV0dUxqZXNDK1ZIaHF2CnV0U0taMFNGWS93RWxKNEtDODBSRC9XVDFYMXlIVnl2YzF6WFFXdGYrTGZtT3pzNVVlTjgxeFhtV3JFU2lNclMKdkgyc21YUGtPMktxTDlkUkJoY2d5cEtjVlppMTlITHR2ZG83TUg4V3g0Ukw5dnVnY0VVU2laYTFTQjdyMVp2dApTOXFqSHZUMEhSOThDUGh2b0h2Q29mdndGVDhZQTBzdHBYczFqSWZBZmFFSC9aLzhGNkhZUnJid1dNMFAxRXE1Cmw1WmROK04vQnNXaGQvbW5ZVHZUcWNDWnJIaFVFaCtyUDcyR2tlY1hwR0svR3diRXRFOWNYK0ZYMVkwRkJxWW0KcUM4NnRtcEJBb0dCQU9NRGdwdkhYZkhRb3RqU0tMMVlNOUVQZnhEeG9mY3JSekJEd0NNRFZPZTh5aDIxT0kxdgozdUVZc1BRTkZ1eXVxOWxuYmJkQWdwNHRPZm9OTVBucnRIUXdmelpRQmpYby9Gc2U1Q3l5MVdDZWg4a3IyWWxRCmQwNWNmWUFMeDlZRGFoK0dkd00xZWplQ1JRQndUQ0RrZzY2bENkQTFScll6bWF6by9TVWRKRnZoQW9HQkFQQmUKNW13YlZiam1yUWlhSU1maHRKODZFNWFJMnhSRGdzNGYzTm9RdWw5K1paaERaQkl5NXQ3Vjc4NElhYkZ2dklNYwpHV2hobC8xWGtxNmFBUzRnVWRET1lWQkEwVnBiMWx0RkUybG81SklpWXg5c2R1MXdNMkZNL0ZMUGpkcGR2R0o3CnVpeWxFTUVHNC9oTHQ2UFpGd1Y2aTMxUHlUU3hUVmQ5WWlSRUZudWZBb0dBZllTWFZxS3BJdWNFNDNWdjZTRTMKcFVRNE1ab292NDFDVTBGaW52bGNuTFVaMjhzemRhQ0JUMXhqbXMwUis5T29XUkNDN1d2UnpMdWM3dEVVWDFzZgo3NDVSQ0NxL0JGZktFR2ZJS1o3SHRDQnpXNXZQTDhrNTdpM2Roa3I5Tnl1MEpiSW5ZN0xSM0pjK3A3dHZuRkE5Ckx2YzVzZEdEUTRMTVdYcUpYVmY3bm9FQ2dZRUE0WjZDTkZrWUJsMW5iMXFVaUdtZ0M1RU16OUNYcXBhUDBnQncKWWJNdjdQQ01WZlp6bU8xMGJSZHNadnpZa0hjci8vakJGSXYraVFySklPQm5XUzkyL0VLcmJ4UFlMak5qcWZuVgpkYXpDVnpTMXk4b1llMWhFc2dEOEdwSzlPSW1oaU9OUDVoWHQrdkVIeklqdHozcTJ0Q3JKZ1k4QmNsYzJISGdSClJhOHZWMHNDZ1lBOHlPdmlWZUUxT2lJVklkT1NxbjFsOXVtUDBFZXhHazVhUGlXZlVMc2ZWcTNveWNJd3AzdkcKWHdNOEFmRlFPZGxyR3dkeVdqQ1hDdzNKRmMwdHBPa3h6dzM2aUw5ekdoZ2JndjMyZ2ptR2djYllWV0w1bm04Rgp0eGlBOEZMSCs4eXI2b2hhalRZL293WUlaWFN6S3ptcDh1QnhuRzdpU2J0MzNBc0UzTGJjMnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
18 changes: 18 additions & 0 deletions test/config/external-ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC5jCCAdCgAwIBAgIBATALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo
aWZ0LXNpZ25lckAxNDQ0MTI4ODgwMB4XDTE1MTAwNjEwNTQ0MFoXDTE2MTAwNTEw
NTQ0MVowJjEkMCIGA1UEAwwbb3BlbnNoaWZ0LXNpZ25lckAxNDQ0MTI4ODgwMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6gm9HAWe1lk0JPIPOoIyvk9
Yrp7GLkIcCPx0MBLGtrjU+l279zDDv6PV2b0KU1LFC3IxPkZMrLBEZ54w2YkWveP
kyHYs0r0GNwHevOWGdtsgtUy/xp/NUGRVkrUOPkk4fLrP3rnCBenW7SaiqD+q5JI
8qO+WIVmh6FF1uGKVZ6fi/+F6p7P+yxBPZ+WI2MktQq6jFkBX1n1gbR3DjQvx7J1
v3oZ/ONCdCaWesnRmN7C2P4U1WO5y4vL34QOqv2j/cizfEgEpDl5w+uy5X47hK/K
nlHtPwkHZLEkokuDNpcTfx6NNwOTTFHvgTx5/bQoUFknEZwj2EoeMo0wNOoEHwID
AQABoyMwITAOBgNVHQ8BAf8EBAMCAKQwDwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG
9w0BAQsDggEBAEPQACkOKRHUzo9IpL5d1+NpF5GXRDopBJIeFBngMmgX7qKjG2Ms
GXlwmx//hYBYx0w6GaA4W4W38pF0Gn2hSWMQ6q6lEzhAMQ9aXolQqpS/+s2aF+bv
lhY+hQy6vdSMA1+vOW0KL0Qhlct+3cu07ZSj1W4ohnbiRIWc2It+1IeLnvAcmtx+
MDgI9sWffynUVCtFEltI+MS6V8nFP1U0zgn7WvRsRP+F2avdz4fadxEPSM9xXkTU
C/c9/Bo+9fOGLjHglS0cVb5b7wy9dxpsJvZYwJ1pfNTr/B9Vi/OdC3tPPawHZmUB
udI5WQiczUPJ8CSSR02nh2LQC/G5BKaqJOY=
-----END CERTIFICATE-----
19 changes: 19 additions & 0 deletions test/config/external-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDCTCCAfOgAwIBAgIBBTALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo
aWZ0LXNpZ25lckAxNDQ0MTI4ODgwMB4XDTE1MTAwNjEwNTQ0MloXDTE2MTAwNTEw
NTQ0M1owNzEeMBwGA1UEChMVc3lzdGVtOmNsdXN0ZXItYWRtaW5zMRUwEwYDVQQD
EwxzeXN0ZW06YWRtaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV
J3IRBSu48MZi8PZVREJz55cvwxlrXreLRft4qmEuT0o19YINGyL1eWsEijpL/VUX
4rP8Co41qGl5Am/xX6G1cJLN9gZecyyHrTM7cIslN4rw/TRH6IqveinPskpywQ4C
U5PyPI8tAOZkr6UMx+W0rBVesT3SJf1tQV4bxxqyGyp6tc9HIFgXFC7TBz/p0FSc
uwbhZLNi+lw1p/PXlB+pIcHM2syFWGbuEzi6hMSXsJ7yvtKieoJukfWNY8OPqDMF
VVcgPrIi1+3FxeaDcZX1FuLL9eUNCj76Tzt5IqBshuUw/+kB5qlmzh2h7knc1nDl
cZFLqvQ50UtqRjk7ECu/AgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIAoDATBgNVHSUE
DDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMAsGCSqGSIb3DQEBCwOCAQEAi8KF
bc5pqX5Skeo+jhLDK4ptpwT+M01nDgrsqC113lSYrSo++FnzmghSEPhJh5O8Hb3X
Fd7Crmg5WpPVWBhkt4piztV7eiE7DKNt5LLN3krmlXyAQJibI1U+a9BnzRBZt39s
xuT8OW90Mu/hVAQ7SdO9S76/nmqjfVA3p4qD55WT4PgCtCXssN6dF0tOVWCTeoZS
qEPG865Zl789LMfYUYRnhBkLgVEdSU8gcz5MI5JRz7zrYxzG6DC+yvXvrkPRKDNO
n6UACm26QQppvkS5Qs90GiDGqStxmcbDwV5gIf1+Prkpite33f7HnwbaC/oDcuws
D4OFXMfA5sQD1ZIMFQ==
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions test/config/external-key.rsa
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1SdyEQUruPDGYvD2VURCc+eXL8MZa163i0X7eKphLk9KNfWC
DRsi9XlrBIo6S/1VF+Kz/AqONahpeQJv8V+htXCSzfYGXnMsh60zO3CLJTeK8P00
R+iKr3opz7JKcsEOAlOT8jyPLQDmZK+lDMfltKwVXrE90iX9bUFeG8cashsqerXP
RyBYFxQu0wc/6dBUnLsG4WSzYvpcNafz15QfqSHBzNrMhVhm7hM4uoTEl7Ce8r7S
onqCbpH1jWPDj6gzBVVXID6yItftxcXmg3GV9Rbiy/XlDQo++k87eSKgbIblMP/p
AeapZs4doe5J3NZw5XGRS6r0OdFLakY5OxArvwIDAQABAoIBAQCqj3LFzcZrqTaF
y1zBY+psxl8C1/HKKbNi3W/Y4TT8EnRGcxpKlHFHzY1lx5nYXnEtuLjesC+VHhqv
utSKZ0SFY/wElJ4KC80RD/WT1X1yHVyvc1zXQWtf+LfmOzs5UeN81xXmWrESiMrS
vH2smXPkO2KqL9dRBhcgypKcVZi19HLtvdo7MH8Wx4RL9vugcEUSiZa1SB7r1Zvt
S9qjHvT0HR98CPhvoHvCofvwFT8YA0stpXs1jIfAfaEH/Z/8F6HYRrbwWM0P1Eq5
l5ZdN+N/BsWhd/mnYTvTqcCZrHhUEh+rP72GkecXpGK/GwbEtE9cX+FX1Y0FBqYm
qC86tmpBAoGBAOMDgpvHXfHQotjSKL1YM9EPfxDxofcrRzBDwCMDVOe8yh21OI1v
3uEYsPQNFuyuq9lnbbdAgp4tOfoNMPnrtHQwfzZQBjXo/Fse5Cyy1WCeh8kr2YlQ
d05cfYALx9YDah+GdwM1ejeCRQBwTCDkg66lCdA1RrYzmazo/SUdJFvhAoGBAPBe
5mwbVbjmrQiaIMfhtJ86E5aI2xRDgs4f3NoQul9+ZZhDZBIy5t7V784IabFvvIMc
GWhhl/1Xkq6aAS4gUdDOYVBA0Vpb1ltFE2lo5JIiYx9sdu1wM2FM/FLPjdpdvGJ7
uiylEMEG4/hLt6PZFwV6i31PyTSxTVd9YiREFnufAoGAfYSXVqKpIucE43Vv6SE3
pUQ4MZoov41CU0FinvlcnLUZ28szdaCBT1xjms0R+9OoWRCC7WvRzLuc7tEUX1sf
745RCCq/BFfKEGfIKZ7HtCBzW5vPL8k57i3dhkr9Nyu0JbInY7LR3Jc+p7tvnFA9
Lvc5sdGDQ4LMWXqJXVf7noECgYEA4Z6CNFkYBl1nb1qUiGmgC5EMz9CXqpaP0gBw
YbMv7PCMVfZzmO10bRdsZvzYkHcr//jBFIv+iQrJIOBnWS92/EKrbxPYLjNjqfnV
dazCVzS1y8oYe1hEsgD8GpK9OImhiONP5hXt+vEHzIjtz3q2tCrJgY8Bclc2HHgR
Ra8vV0sCgYA8yOviVeE1OiIVIdOSqn1l9umP0EexGk5aPiWfULsfVq3oycIwp3vG
XwM8AfFQOdlrGwdyWjCXCw3JFc0tpOkxzw36iL9zGhgbgv32gjmGgcbYVWL5nm8F
txiA8FLH+8yr6ohajTY/owYIZXSzKzmp8uBxnG7iSbt33AsE3Lbc2w==
-----END RSA PRIVATE KEY-----
20 changes: 20 additions & 0 deletions test/config/external.kubeconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority: external-ca.pem
server: https://localhost:8443
name: localhost:8443
contexts:
- context:
cluster: localhost:8443
namespace: default
user: system:admin/localhost:8443
name: default/localhost:8443/system:admin
current-context: default/localhost:8443/system:admin
kind: Config
preferences: {}
users:
- name: system:admin/localhost:8443
user:
client-certificate: external-cert.pem
client-key: external-key.rsa
16 changes: 16 additions & 0 deletions test/config/nouser.kubeconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v1
clusters:
- cluster:
server: https://localhost:8443
insecure-skip-tls-verify: true
name: localhost:8443
contexts:
- context:
cluster: localhost:8443
namespace: default
user: ""
name: default/localhost:8443/nouser
current-context: default/localhost:8443/nouser
kind: Config
preferences: {}
users: []
42 changes: 42 additions & 0 deletions test/test_config.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
require 'test_helper'

def test_config_file(name)
File.new(File.join(File.dirname(__FILE__), 'config', name))
end

# Testing Kubernetes client configuration
class KubeClientConfigTest < MiniTest::Test
def test_allinone
config = Kubeclient::Config.read(test_config_file('allinone.kubeconfig'))
assert_equal(['default/localhost:8443/system:admin'], config.contexts)
check_context(config.context, ssl: true)
end

def test_external
config = Kubeclient::Config.read(test_config_file('external.kubeconfig'))
assert_equal(['default/localhost:8443/system:admin'], config.contexts)
check_context(config.context, ssl: true)
end

def test_nouser
config = Kubeclient::Config.read(test_config_file('nouser.kubeconfig'))
assert_equal(['default/localhost:8443/nouser'], config.contexts)
check_context(config.context, ssl: false)
end

private

def check_context(context, ssl: true)
assert_equal('https://localhost:8443', context.api_endpoint)
assert_equal('v1', context.api_version)
if ssl
assert_equal(OpenSSL::SSL::VERIFY_PEER, context.ssl_options[:verify_ssl])
assert_kind_of(OpenSSL::X509::Store, context.ssl_options[:cert_store])
assert_kind_of(OpenSSL::X509::Certificate, context.ssl_options[:client_cert])
assert_kind_of(OpenSSL::PKey::RSA, context.ssl_options[:client_key])
assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert]))
else
assert_equal(OpenSSL::SSL::VERIFY_NONE, context.ssl_options[:verify_ssl])
end
end
end