807e93631268e5fd52ca29e3e4755088cf11bf27-PR-262

pending completion

Build # 807e93631268e5fd52ca29e3e4755088cf11bf27-PR-262

Build Type

Pull #262

github

Committed by

mruoss

Commit Message

add possibility to wait for delete

Pull Request Pull Request #262: add possibility to wait for delete

Run Details

6 of 6 new or added lines in 1 file covered. (100.0%)

732 of 1009 relevant lines covered (72.55%)

44.92 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.23

/lib/k8s/conn/auth/exec.ex

defmodule K8s.Conn.Auth.Exec do
  @moduledoc """
  Cluster authentication for kube configs using an `exec` section.

  Useful for Kubernetes clusters running on AWS which use IAM authentication (eg. the `aws-iam-authenticator` binary).
  An applicable kube config may look something like this:

  ```
  # ...
  users:
  - name: staging-user
    user:
      exec:
        # API version to use when decoding the ExecCredentials resource. Required.
        apiVersion: client.authentication.k8s.io/v1alpha1

        # Command to execute. Required.
        command: aws-iam-authenticator

        # Arguments to pass when executing the plugin. Optional.
        args:
        - token
        - -i
        - staging

        # Environment variables to set when executing the plugin. Optional.
        env:
        - name: "FOO"
          value: "bar"
  ```
  """

  @behaviour K8s.Conn.Auth
  alias __MODULE__
  alias K8s.Conn.Error

  defstruct [:command, :env, args: []]

  @type t :: %__MODULE__{
          command: String.t(),
          env: %{name: String.t(), value: String.t()},
          args: list(String.t())
        }

  @impl true
  @spec create(map() | any, String.t() | any) :: {:ok, t} | {:error, Error.t()} | :skip
  def create(%{"exec" => %{"command" => command} = config}, _) do
    # Optional:
    args = config["args"] |> List.wrap()
    env = config["env"] |> List.wrap() |> format_env()

    {:ok,
     %__MODULE__{
       command: command,
       env: env,
       args: args
     }}
  end

  def create(_, _), do: :skip

  @spec format_env(list()) :: map()
  defp format_env(env), do: Map.new(env, &{&1["name"], &1["value"]})

  defimpl K8s.Conn.RequestOptions, for: K8s.Conn.Auth.Exec do
    @doc "Generates HTTP Authorization options for auth-provider authentication"
    @spec generate(Exec.t()) :: K8s.Conn.RequestOptions.generate_t()
    def generate(%Exec{} = provider) do
      with {:ok, token} <- Exec.generate_token(provider) do
        {
          :ok,
          %K8s.Conn.RequestOptions{
            headers: [{:Authorization, "Bearer #{token}"}],
            ssl_options: []
          }
        }
      end
    end
  end

  @doc """
  "Generate" a token using the `exec` config in kube config.
  """
  @spec generate_token(t) ::
          {:ok, binary} | {:error, Jason.DecodeError.t() | Error.t()}
  def generate_token(config) do
    with {cmd_response, 0} <- System.cmd(config.command, config.args, env: config.env),
         {:ok, data} <- Jason.decode(cmd_response),
         {:ok, token} when not is_nil(token) <- parse_cmd_response(data) do
      {:ok, token}
    else
      {cmd_response, err_code} when is_binary(cmd_response) and is_integer(err_code) ->
        msg = "#{__MODULE__} failed: #{cmd_response}"
        {:error, %Error{message: msg}}

      error ->
        error
    end
  end

  @spec parse_cmd_response(map) :: {:ok, binary} | {:error, Error.t()}
  defp parse_cmd_response(%{"kind" => "ExecCredential", "status" => %{"token" => token}}),
    do: {:ok, token}

  defp parse_cmd_response(_) do
    msg = "#{__MODULE__} failed: Unsupported ExecCredential"
    {:error, %Error{message: msg}}
  end
end

1	defmodule K8s.Conn.Auth.Exec do
2	@moduledoc """
3	Cluster authentication for kube configs using an `exec` section.
4
5	Useful for Kubernetes clusters running on AWS which use IAM authentication (eg. the `aws-iam-authenticator` binary).
6	An applicable kube config may look something like this:
7
8	```
9	# ...
10	users:
11	- name: staging-user
12	user:
13	exec:
14	# API version to use when decoding the ExecCredentials resource. Required.
15	apiVersion: client.authentication.k8s.io/v1alpha1
16
17	# Command to execute. Required.
18	command: aws-iam-authenticator
19
20	# Arguments to pass when executing the plugin. Optional.
21	args:
22	- token
23	- -i
24	- staging
25
26	# Environment variables to set when executing the plugin. Optional.
27	env:
28	- name: "FOO"
29	value: "bar"
30	```
31	"""
32
33	@behaviour K8s.Conn.Auth
34	alias __MODULE__
35	alias K8s.Conn.Error
36
37	defstruct [:command, :env, args: []]
38
39	@type t :: %__MODULE__{
40	command: String.t(),
41	env: %{name: String.t(), value: String.t()},
42	args: list(String.t())
43	}
44
45	@impl true
46	@spec create(map() \| any, String.t() \| any) :: {:ok, t} \| {:error, Error.t()} \| :skip
47	def create(%{"exec" => %{"command" => command} = config}, _) do
48	# Optional:
49	args = config["args"] \|> List.wrap()	5✔
50	env = config["env"] \|> List.wrap() \|> format_env()	5✔
51
52	{:ok,
53	%__MODULE__{
54	command: command,
55	env: env,
56	args: args
57	}}
58	end
59
60	def create(_, _), do: :skip	×
61
62	@spec format_env(list()) :: map()
63	defp format_env(env), do: Map.new(env, &{&1["name"], &1["value"]})	5✔
64
65	defimpl K8s.Conn.RequestOptions, for: K8s.Conn.Auth.Exec do
66	@doc "Generates HTTP Authorization options for auth-provider authentication"
67	@spec generate(Exec.t()) :: K8s.Conn.RequestOptions.generate_t()
68	def generate(%Exec{} = provider) do
69	with {:ok, token} <- Exec.generate_token(provider) do	1✔
70	{
71	:ok,
72	%K8s.Conn.RequestOptions{
73	headers: [{:Authorization, "Bearer #{token}"}],	1✔
74	ssl_options: []
75	}
76	}
77	end
78	end
79	end
80
81	@doc """
82	"Generate" a token using the `exec` config in kube config.
83	"""
84	@spec generate_token(t) ::
85	{:ok, binary} \| {:error, Jason.DecodeError.t() \| Error.t()}
86	def generate_token(config) do
87	with {cmd_response, 0} <- System.cmd(config.command, config.args, env: config.env),	1✔
88	{:ok, data} <- Jason.decode(cmd_response),	1✔
89	{:ok, token} when not is_nil(token) <- parse_cmd_response(data) do	1✔
90	{:ok, token}
91	else
92	{cmd_response, err_code} when is_binary(cmd_response) and is_integer(err_code) ->
93	msg = "#{__MODULE__} failed: #{cmd_response}"	×
94	{:error, %Error{message: msg}}
95
96	error ->
97	error	×
98	end
99	end
100
101	@spec parse_cmd_response(map) :: {:ok, binary} \| {:error, Error.t()}
102	defp parse_cmd_response(%{"kind" => "ExecCredential", "status" => %{"token" => token}}),	1✔
103	do: {:ok, token}
104
105	defp parse_cmd_response(_) do
106	msg = "#{__MODULE__} failed: Unsupported ExecCredential"	×
107	{:error, %Error{message: msg}}
108	end
109	end

coryodaniel / k8s / 807e93631268e5fd52ca29e3e4755088cf11bf27-PR-262

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous