From 0a6ca827a989148e9bcfb52c0c90cc9e4376e304 Mon Sep 17 00:00:00 2001 From: mans2singh Date: Wed, 12 Oct 2022 20:21:25 -0400 Subject: [PATCH 1/9] Updated example steps --- examples/node_labels.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/node_labels.py b/examples/node_labels.py index f71c8126e..cdde822b3 100644 --- a/examples/node_labels.py +++ b/examples/node_labels.py @@ -16,7 +16,7 @@ This example demonstrates the following: - Get a list of all the cluster nodes - Iterate through each node list item - - Add or overwirite label "foo" with the value "bar" + - Add or overwrite label "foo" with the value "bar" - Remove the label "baz" - Return the list of node with updated labels """ From 15980fb0ca260416ddd2d7b1b907239f54776820 Mon Sep 17 00:00:00 2001 From: Vibhor Gupta Date: Tue, 11 Oct 2022 19:01:26 +0530 Subject: [PATCH 2/9] Add support for using oidc CA certificate file while refreshing token --- kubernetes/base/config/kube_config.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kubernetes/base/config/kube_config.py b/kubernetes/base/config/kube_config.py index ed70df0ca..b93267871 100644 --- a/kubernetes/base/config/kube_config.py +++ b/kubernetes/base/config/kube_config.py @@ -439,6 +439,9 @@ class KubeConfigLoader(object): config.ssl_ca_cert = ca_cert.name + elif 'idp-certificate-authority' in provider['config']: + config.ssl_ca_cert = provider['config']['idp-certificate-authority'] + else: config.verify_ssl = False From afbe1713cf3e452ff9dc33add7d9d31b4efe2ff1 Mon Sep 17 00:00:00 2001 From: Vibhor Gupta Date: Wed, 12 Oct 2022 00:12:25 +0530 Subject: [PATCH 3/9] add testcases --- kubernetes/base/config/kube_config_test.py | 52 ++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/kubernetes/base/config/kube_config_test.py b/kubernetes/base/config/kube_config_test.py index 6233e977d..da0d2f35c 100644 --- a/kubernetes/base/config/kube_config_test.py +++ b/kubernetes/base/config/kube_config_test.py @@ -17,6 +17,7 @@ import datetime import io import json import os +from pprint import pprint import shutil import tempfile import unittest @@ -485,6 +486,13 @@ class TestKubeConfigLoader(BaseTestCase): "user": "expired_oidc" } }, + { + "name": "expired_oidc_with_idp_ca_file", + "context": { + "cluster": "default", + "user": "expired_oidc_with_idp_ca_file" + } + }, { "name": "expired_oidc_nocert", "context": { @@ -799,6 +807,23 @@ class TestKubeConfigLoader(BaseTestCase): } } }, + { + "name": "expired_oidc_with_idp_ca_file", + "user": { + "auth-provider": { + "name": "oidc", + "config": { + "client-id": "tectonic-kubectl", + "client-secret": "FAKE_SECRET", + "id-token": TEST_OIDC_EXPIRED_LOGIN, + "idp-certificate-authority": TEST_CERTIFICATE_AUTH, + "idp-issuer-url": "https://example.org/identity", + "refresh-token": + "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk" + } + } + } + }, { "name": "expired_oidc_nocert", "user": { @@ -1059,6 +1084,33 @@ class TestKubeConfigLoader(BaseTestCase): self.assertTrue(loader._load_auth_provider_token()) self.assertEqual("Bearer abc123", loader.token) + @mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token') + @mock.patch('kubernetes.config.kube_config.ApiClient.request') + def test_oidc_with_idp_ca_file_refresh(self, mock_ApiClient, mock_OAuth2Session): + mock_response = mock.MagicMock() + type(mock_response).status = mock.PropertyMock( + return_value=200 + ) + type(mock_response).data = mock.PropertyMock( + return_value=json.dumps({ + "token_endpoint": "https://example.org/identity/token" + }) + ) + + mock_ApiClient.return_value = mock_response + + mock_OAuth2Session.return_value = {"id_token": "abc123", + "refresh_token": "newtoken123"} + + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="expired_oidc_with_idp_ca_file", + ) + + + self.assertTrue(loader._load_auth_provider_token()) + self.assertEqual("Bearer abc123", loader.token) + @mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token') @mock.patch('kubernetes.config.kube_config.ApiClient.request') def test_oidc_with_refresh_nocert( From 279c70b0a0eace3cae429a3e25063b715ee2f6fd Mon Sep 17 00:00:00 2001 From: ram vikram singh Date: Tue, 11 Oct 2022 00:07:09 +0530 Subject: [PATCH 4/9] decoding a not safe url in load_kube_config for issue #1911 fixing load_kube_config for decoding unsafe url token --- kubernetes/base/config/kube_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/base/config/kube_config.py b/kubernetes/base/config/kube_config.py index b93267871..b95955448 100644 --- a/kubernetes/base/config/kube_config.py +++ b/kubernetes/base/config/kube_config.py @@ -398,7 +398,7 @@ class KubeConfigLoader(object): if PY3: jwt_attributes = json.loads( - base64.b64decode(parts[1] + padding).decode('utf-8') + base64.urlsafe_b64decode(parts[1] + padding).decode('utf-8') ) else: jwt_attributes = json.loads( From bfef7e481963cea54f6a1552758c5357c42b7c56 Mon Sep 17 00:00:00 2001 From: mans2singh Date: Sat, 15 Oct 2022 21:26:54 -0400 Subject: [PATCH 5/9] Updated example description --- examples/rollout-daemonset.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rollout-daemonset.py b/examples/rollout-daemonset.py index b337d0c88..649924705 100644 --- a/examples/rollout-daemonset.py +++ b/examples/rollout-daemonset.py @@ -2,7 +2,7 @@ This example covers the following: - Create daemonset - Update daemonset - - List contoller revisions which belong to specified daemonset + - List controller revisions which belong to specified daemonset - Roll out daemonset """ From 5ec07d8ce8aa2d95e54f62793b4be0c55df6262b Mon Sep 17 00:00:00 2001 From: Yu Liao Date: Thu, 20 Oct 2022 16:44:15 +0000 Subject: [PATCH 6/9] update changelog with release notes from master branch --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cdf4d22c5..db6f77506 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# v25.2.0b1 + +Kubernetes API Version: v1.25.3 + +### Feature +- Adds support for loading CA certificates from a file using the `idp-certificate-authority` key for the oidc plugin. (#1916, @vgupta3) + # v25.2.0a1 Kubernetes API Version: v1.25.2 From 6d3860ac5f617e3fe68471720d193ce364f09a75 Mon Sep 17 00:00:00 2001 From: Yu Liao Date: Thu, 20 Oct 2022 16:44:15 +0000 Subject: [PATCH 7/9] update version constants for 25.2.0b1 release --- scripts/constants.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/constants.py b/scripts/constants.py index 13059cb4a..4b5b1c2b9 100644 --- a/scripts/constants.py +++ b/scripts/constants.py @@ -18,13 +18,13 @@ import sys KUBERNETES_BRANCH = "release-1.25" # client version for packaging and releasing. -CLIENT_VERSION = "25.2.0a1" +CLIENT_VERSION = "25.2.0b1" # Name of the release package PACKAGE_NAME = "kubernetes" # Stage of development, mainly used in setup.py's classifiers. -DEVELOPMENT_STATUS = "3 - Alpha" +DEVELOPMENT_STATUS = "4 - Beta" # If called directly, return the constant value given From 01941c3252b27d5828a0abe77c920c3a99ecb78b Mon Sep 17 00:00:00 2001 From: Yu Liao Date: Thu, 20 Oct 2022 16:44:32 +0000 Subject: [PATCH 8/9] generated client change --- kubernetes/README.md | 2 +- kubernetes/__init__.py | 2 +- kubernetes/client/__init__.py | 2 +- kubernetes/client/api_client.py | 2 +- kubernetes/client/configuration.py | 2 +- setup.py | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/kubernetes/README.md b/kubernetes/README.md index d32b55796..825bcef1c 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -4,7 +4,7 @@ No description provided (generated by Openapi Generator https://github.com/opena This Python package is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project: - API version: release-1.25 -- Package version: 25.2.0a1 +- Package version: 25.2.0b1 - Build package: org.openapitools.codegen.languages.PythonClientCodegen ## Requirements. diff --git a/kubernetes/__init__.py b/kubernetes/__init__.py index b61773e91..10a8f00f7 100644 --- a/kubernetes/__init__.py +++ b/kubernetes/__init__.py @@ -14,7 +14,7 @@ __project__ = 'kubernetes' # The version is auto-updated. Please do not edit. -__version__ = "25.2.0a1" +__version__ = "25.2.0b1" import kubernetes.client import kubernetes.config diff --git a/kubernetes/client/__init__.py b/kubernetes/client/__init__.py index e4400cf6d..d7bf825b1 100644 --- a/kubernetes/client/__init__.py +++ b/kubernetes/client/__init__.py @@ -14,7 +14,7 @@ from __future__ import absolute_import -__version__ = "25.2.0a1" +__version__ = "25.2.0b1" # import apis into sdk package from kubernetes.client.api.well_known_api import WellKnownApi diff --git a/kubernetes/client/api_client.py b/kubernetes/client/api_client.py index f029dc991..58efb4ecc 100644 --- a/kubernetes/client/api_client.py +++ b/kubernetes/client/api_client.py @@ -78,7 +78,7 @@ class ApiClient(object): self.default_headers[header_name] = header_value self.cookie = cookie # Set default User-Agent. - self.user_agent = 'OpenAPI-Generator/25.2.0a1/python' + self.user_agent = 'OpenAPI-Generator/25.2.0b1/python' self.client_side_validation = configuration.client_side_validation def __enter__(self): diff --git a/kubernetes/client/configuration.py b/kubernetes/client/configuration.py index ca123a8bc..974856ca8 100644 --- a/kubernetes/client/configuration.py +++ b/kubernetes/client/configuration.py @@ -350,7 +350,7 @@ class Configuration(object): "OS: {env}\n"\ "Python Version: {pyversion}\n"\ "Version of the API: release-1.25\n"\ - "SDK Package Version: 25.2.0a1".\ + "SDK Package Version: 25.2.0b1".\ format(env=sys.platform, pyversion=sys.version) def get_host_settings(self): diff --git a/setup.py b/setup.py index 220ebc3e5..7c5c69c18 100644 --- a/setup.py +++ b/setup.py @@ -16,9 +16,9 @@ from setuptools import setup # Do not edit these constants. They will be updated automatically # by scripts/update-client.sh. -CLIENT_VERSION = "25.2.0a1" +CLIENT_VERSION = "25.2.0b1" PACKAGE_NAME = "kubernetes" -DEVELOPMENT_STATUS = "3 - Alpha" +DEVELOPMENT_STATUS = "4 - Beta" # To install the library, run the following # From 4da537e3abf98af16f3d5956429df379f70c7d14 Mon Sep 17 00:00:00 2001 From: Yu Liao Date: Thu, 20 Oct 2022 16:48:30 +0000 Subject: [PATCH 9/9] updated compatibility matrix for 25.2.0b1 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ad062d7c1..3ddb49332 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ supported versions of Kubernetes clusters. - [client 22.y.z](https://pypi.org/project/kubernetes/22.6.0/): Kubernetes 1.21 or below (+-), Kubernetes 1.22 (✓), Kubernetes 1.23 or above (+-) - [client 23.y.z](https://pypi.org/project/kubernetes/23.6.0/): Kubernetes 1.22 or below (+-), Kubernetes 1.23 (✓), Kubernetes 1.24 or above (+-) - [client 24.y.z](https://pypi.org/project/kubernetes/24.2.0/): Kubernetes 1.23 or below (+-), Kubernetes 1.24 (✓), Kubernetes 1.25 or above (+-) -- [client 25.y.z](https://pypi.org/project/kubernetes/25.2.0a1/): Kubernetes 1.24 or below (+-), Kubernetes 1.25 (✓), Kubernetes 1.26 or above (+-) +- [client 25.y.z](https://pypi.org/project/kubernetes/25.2.0b1/): Kubernetes 1.24 or below (+-), Kubernetes 1.25 (✓), Kubernetes 1.26 or above (+-) > See [here](#homogenizing-the-kubernetes-python-client-versions) for an explanation of why there is no v13-v16 release.