Skip to content

Commit

Permalink
Add opts to K8s.Conn.from_file/N and `K8s.Conn.from_service_accou…
Browse files Browse the repository at this point in the history
…nt/N`
  • Loading branch information
mruoss committed Feb 25, 2023
1 parent b5cb571 commit 53d76e9
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added

- Added further PATCH mechanisms - [#229](https://github.com/coryodaniel/k8s/pull/229)
- Add `opts` to `K8s.Conn.from_file/N` and `K8s.Conn.from_service_account/N` in order to be able to pass `:insecure_skip_tls_verify` option directly. - [#230](https://github.com/coryodaniel/k8s/issues/230), [#203](https://github.com/coryodaniel/k8s/issues/203)

<!--------------------- Don't add new entries after this line --------------------->

Expand Down
28 changes: 22 additions & 6 deletions lib/k8s/conn.ex
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,16 @@ defmodule K8s.Conn do
{:ok, user} <- find_configuration(config["users"], user_name, "user"),
cluster_name <- opts[:cluster] || context["cluster"],
{:ok, cluster} <- find_configuration(config["clusters"], cluster_name, "cluster"),
insecure_skip_tls_verify <-
Keyword.get(opts, :insecure_skip_tls_verify, cluster["insecure-skip-tls-verify"]),
{:ok, cert} <- PKI.cert_from_map(cluster, base_path) do
conn = %Conn{
cluster_name: cluster_name,
user_name: user_name,
url: cluster["server"],
ca_cert: cert,
auth: get_auth(user, base_path),
insecure_skip_tls_verify: cluster["insecure-skip-tls-verify"]
insecure_skip_tls_verify: insecure_skip_tls_verify
}

{:ok, maybe_update_defaults(conn, config)}
Expand All @@ -99,22 +101,36 @@ defmodule K8s.Conn do
[kubernetes.io :: Accessing the API from a Pod](https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod)
"""
@spec from_service_account :: {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
@spec from_service_account() ::
{:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
def from_service_account do
from_service_account(@default_service_account_path)
from_service_account(@default_service_account_path, [])
end

@spec from_service_account(String.t()) :: {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
def from_service_account(service_account_path) do
@spec from_service_account(opts_or_sa_path :: String.t() | Keyword.t()) ::
{:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
def from_service_account(opts) when is_list(opts) do
from_service_account(@default_service_account_path, opts)
end

def from_service_account(service_account_path) when is_binary(service_account_path) do
from_service_account(service_account_path, [])
end

@spec from_service_account(service_account_path :: String.t(), opts :: Keyword.t()) ::
{:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
def from_service_account(service_account_path, opts \\ []) do
cert_path = Path.join(service_account_path, "ca.crt")
token_path = Path.join(service_account_path, "token")
insecure_skip_tls_verify = Keyword.get(opts, :insecure_skip_tls_verify, false)

with {:ok, token} <- File.read(token_path),
{:ok, ca_cert} <- PKI.cert_from_pem(cert_path) do
conn = %Conn{
url: kubernetes_service_url(),
ca_cert: ca_cert,
auth: %K8s.Conn.Auth.Token{token: token}
auth: %K8s.Conn.Auth.Token{token: token},
insecure_skip_tls_verify: insecure_skip_tls_verify
}

{:ok, conn}
Expand Down
3 changes: 1 addition & 2 deletions test/support/integration_helper.ex
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,9 @@ defmodule K8s.Test.IntegrationHelper do
{:ok, conn} =
"TEST_KUBECONFIG"
|> System.get_env("./integration.k3d.yaml")
|> K8s.Conn.from_file()
|> K8s.Conn.from_file(insecure_skip_tls_verify: true)

struct!(conn,
insecure_skip_tls_verify: true,
discovery_driver: K8s.Discovery.Driver.HTTP,
discovery_opts: [],
http_provider: K8s.Client.MintHTTPProvider
Expand Down

0 comments on commit 53d76e9

Please sign in to comment.