actions/k8s-set-context
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vidya reddy pretty code (#53)

Browse Source 
* updated action file with node16

* Code consistency using prettier and its workflow

* Enforce Prettier

* code fix

* code fix

* code fix

Co-authored-by: Vidya Reddy <vidyareddy@microsoft.com>
This commit is contained in:
Vidya Reddy 2022-06-24 16:08:48 -07:00 committed by GitHub
parent e972a5b196
commit b6c5bf067a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 9089 additions and 9033 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/ISSUE_TEMPLATE/issue--bug-report---feature-request.md vendored
View File

@ -1,7 +1,7 @@
---
name: "Issue: Bug Report / Feature Request"
name: 'Issue: Bug Report / Feature Request'
about: Create a report to help us improve
title: ""
title: ''
labels: need-to-triage
assignees: "@Azure/aks-atlanta"
assignees: '@Azure/aks-atlanta'
---

52
.github/workflows/default-labels.yml vendored
View File

@ -2,34 +2,34 @@ name: Setting Default Labels
# Controls when the action will run.
on:
schedule:
- cron: "0 0/3 * * *"
schedule:
- cron: '0 0/3 * * *'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/stale@v3
name: Setting Issue as Idle
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: "This issue is idle because it has been open for 14 days with no activity."
stale-issue-label: "idle"
days-before-stale: 14
days-before-close: -1
operations-per-run: 100
exempt-issue-labels: "backlog"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/stale@v3
name: Setting Issue as Idle
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is idle because it has been open for 14 days with no activity.'
stale-issue-label: 'idle'
days-before-stale: 14
days-before-close: -1
operations-per-run: 100
exempt-issue-labels: 'backlog'
- uses: actions/stale@v3
name: Setting PR as Idle
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: "This PR is idle because it has been open for 14 days with no activity."
stale-pr-label: "idle"
days-before-stale: 14
days-before-close: -1
operations-per-run: 100
- uses: actions/stale@v3
name: Setting PR as Idle
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: 'This PR is idle because it has been open for 14 days with no activity.'
stale-pr-label: 'idle'
days-before-stale: 14
days-before-close: -1
operations-per-run: 100

278
.github/workflows/integration-tests.yml vendored
View File

@ -1,143 +1,143 @@
name: Run Integration Tests
on:
pull_request:
branches:
- main
- "releases/*"
push:
branches:
- main
- "releases/*"
pull_request:
branches:
- main
- 'releases/*'
push:
branches:
- main
- 'releases/*'
jobs:
kubeconfig-method-integration-test:
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
id: checkout-code
uses: actions/checkout@v2
- name: Npm Install and Build
id: npm-build
run: |
npm install
npm run build
- name: Set Context
uses: ./
with:
method: kubeconfig
context: exp-scratch
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority: fake-ca-file
server: https://1.2.3.4
name: development
- cluster:
insecure-skip-tls-verify: true
server: https://5.6.7.8
name: scratch
contexts:
- context:
cluster: development
namespace: frontend
user: developer
name: dev-frontend
- context:
cluster: development
namespace: storage
user: developer
name: dev-storage
- context:
cluster: scratch
namespace: default
user: experimenter
name: exp-scratch
current-context: ""
kind: Config
preferences: {}
users:
- name: developer
user:
client-certificate: fake-cert-file
client-key: fake-key-file
- name: experimenter
user:
password: some-password
username: exp
- name: Vertify Results
run: |
echo "$EXPECTED_KC" > /tmp/expected_kc.json
DIFF=$(diff <(jq -S -c . $KUBECONFIG) <(jq -S -c . /tmp/expected_kc.json))
if [ "$DIFF" != "" ]; then exit 1; else echo -e "Kubeconfig matches expected"; fi
env:
EXPECTED_KC: |
{
"apiVersion": "v1",
"clusters": [
{
"cluster": {
"certificate-authority": "fake-ca-file",
"insecure-skip-tls-verify": false,
"server": "https://1.2.3.4"
},
"name": "development"
},
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "https://5.6.7.8"
},
"name": "scratch"
}
],
"contexts": [
{
"context": {
"cluster": "development",
"name": "dev-frontend",
"namespace": "frontend",
"user": "developer"
},
"name": "dev-frontend"
},
{
"context": {
"cluster": "development",
"name": "dev-storage",
"namespace": "storage",
"user": "developer"
},
"name": "dev-storage"
},
{
"context": {
"cluster": "scratch",
"name": "exp-scratch",
"namespace": "default",
"user": "experimenter"
},
"name": "exp-scratch"
}
],
"current-context": "exp-scratch",
"kind": "Config",
"preferences": {
},
"users": [
{
"name": "developer",
"user": {
"client-certificate": "fake-cert-file",
"client-key": "fake-key-file"
}
},
{
"name": "experimenter",
"user": {
"password": "some-password",
"username": "exp"
}
}
]
}
kubeconfig-method-integration-test:
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
id: checkout-code
uses: actions/checkout@v2
- name: Npm Install and Build
id: npm-build
run: |
npm install
npm run build
- name: Set Context
uses: ./
with:
method: kubeconfig
context: exp-scratch
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority: fake-ca-file
server: https://1.2.3.4
name: development
- cluster:
insecure-skip-tls-verify: true
server: https://5.6.7.8
name: scratch
contexts:
- context:
cluster: development
namespace: frontend
user: developer
name: dev-frontend
- context:
cluster: development
namespace: storage
user: developer
name: dev-storage
- context:
cluster: scratch
namespace: default
user: experimenter
name: exp-scratch
current-context: ""
kind: Config
preferences: {}
users:
- name: developer
user:
client-certificate: fake-cert-file
client-key: fake-key-file
- name: experimenter
user:
password: some-password
username: exp
- name: Vertify Results
run: |
echo "$EXPECTED_KC" > /tmp/expected_kc.json
DIFF=$(diff <(jq -S -c . $KUBECONFIG) <(jq -S -c . /tmp/expected_kc.json))
if [ "$DIFF" != "" ]; then exit 1; else echo -e "Kubeconfig matches expected"; fi
env:
EXPECTED_KC: |
{
"apiVersion": "v1",
"clusters": [
{
"cluster": {
"certificate-authority": "fake-ca-file",
"insecure-skip-tls-verify": false,
"server": "https://1.2.3.4"
},
"name": "development"
},
{
"cluster": {
"insecure-skip-tls-verify": true,
"server": "https://5.6.7.8"
},
"name": "scratch"
}
],
"contexts": [
{
"context": {
"cluster": "development",
"name": "dev-frontend",
"namespace": "frontend",
"user": "developer"
},
"name": "dev-frontend"
},
{
"context": {
"cluster": "development",
"name": "dev-storage",
"namespace": "storage",
"user": "developer"
},
"name": "dev-storage"
},
{
"context": {
"cluster": "scratch",
"name": "exp-scratch",
"namespace": "default",
"user": "experimenter"
},
"name": "exp-scratch"
}
],
"current-context": "exp-scratch",
"kind": "Config",
"preferences": {
},
"users": [
{
"name": "developer",
"user": {
"client-certificate": "fake-cert-file",
"client-key": "fake-key-file"
}
},
{
"name": "experimenter",
"user": {
"password": "some-password",
"username": "exp"
}
}
]
}

18
.github/workflows/prettify-code.yml vendored Normal file
View File

@ -0,0 +1,18 @@
name: 'Run prettify'
on:
pull_request:
push:
branches: [main]
jobs:
prettier:
name: Prettier Check
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v2
- name: Enforce Prettier
uses: actionsx/prettier@v2
with:
args: --check .

18
.github/workflows/release-pr.yml vendored
View File

@ -1,14 +1,14 @@
name: Create release PR
on:
workflow_dispatch:
inputs:
release:
description: "Define release version (ex: v1, v2, v3)"
required: true
workflow_dispatch:
inputs:
release:
description: 'Define release version (ex: v1, v2, v3)'
required: true
jobs:
release-pr:
uses: OliverMKing/javascript-release-workflow/.github/workflows/release-pr.yml@main
with:
release: ${{ github.event.inputs.release }}
release-pr:
uses: OliverMKing/javascript-release-workflow/.github/workflows/release-pr.yml@main
with:
release: ${{ github.event.inputs.release }}

10
.github/workflows/tag-and-draft.yml vendored
View File

@ -1,10 +1,10 @@
name: Tag and create release draft
on:
push:
branches:
- releases/*
push:
branches:
- releases/*
jobs:
tag-and-release:
uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main
tag-and-release:
uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main

32
.github/workflows/unit-tests.yml vendored
View File

@ -1,20 +1,20 @@
name: Run Unit Tests
on:
pull_request:
branches:
- main
- "releases/*"
push:
branches:
- main
- "releases/*"
pull_request:
branches:
- main
- 'releases/*'
push:
branches:
- main
- 'releases/*'
jobs:
unit-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Run Unit Tests
run: |
npm install
npm test
unit-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Run Unit Tests
run: |
npm install
npm test

4
.prettierignore Normal file
View File

@ -0,0 +1,4 @@
# dependencies
/node_modules
coverage
/lib

8
.prettierrc.json Normal file
View File

@ -0,0 +1,8 @@
{
"trailingComma": "none",
"bracketSpacing": false,
"semi": false,
"tabWidth": 3,
"singleQuote": true,
"printWidth": 80
}

18
CODE_OF_CONDUCT.md
View File

@ -1,9 +1,9 @@
# Microsoft Open Source Code of Conduct
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
Resources:
- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
# Microsoft Open Source Code of Conduct
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
Resources:
- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns

218
README.md
View File

@ -1,109 +1,109 @@
# Kubernetes set context
This action can be used to set cluster context before other actions like [`azure/k8s-deploy`](https://github.com/Azure/k8s-deploy/tree/master) and [`azure/k8s-create-secret`](https://github.com/Azure/k8s-create-secret/tree/master). It should also be used before `kubectl` commands (in script) are run subsequently in the workflow.
It is a requirement to use [`azure/login`](https://github.com/Azure/login/tree/master) in your workflow before using this action when using the `service-account` or `service-principal` methods.
There are three approaches for specifying the deployment target:
- Kubeconfig file provided as input to the action
- Service account approach where the secret associated with the service account is provided as input to the action
- Service principal approach (only applicable for arc cluster) where service principal provided with 'creds' is used as input to action
In all these approaches it is recommended to store these contents (kubeconfig file content or secret content) in a [secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets/).
Refer to the [action metadata file](./action.yml) for details about inputs. Note that different inputs are required for different method and cluster types. Use the below examples as a reference.
## Example usage
### Kubeconfig approach
```yaml
- uses: azure/k8s-set-context@v2
with:
method: kubeconfig
kubeconfig: <your kubeconfig>
context: <context name> # current-context from kubeconfig is used as default
```
**Please note** that the input requires the _contents_ of the kubeconfig file, and not its path.
Following are the ways to fetch kubeconfig file onto your local development machine so that the same can be used in the action input shown above.
#### Azure Kubernetes Service cluster
```bash
az aks get-credentials --name
--resource-group
[--admin]
[--file]
[--overwrite-existing]
[--subscription]
```
Further details can be found in [az aks get-credentials documentation](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-get-credentials).
#### Generic Kubernetes cluster
Please refer to documentation on fetching [kubeconfig for any generic K8s cluster](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
### Service account approach
```yaml
- uses: azure/k8s-set-context@v2
with:
method: service-account
k8s-url: <URL of the cluster's API server>
k8s-secret: <secret associated with the service account>
```
For fetching Server URL, execute the following command on your shell:
```bash
kubectl config view --minify -o 'jsonpath={.clusters[0].cluster.server}'
```
For fetching Secret object required to connect and authenticate with the cluster, the following sequence of commands need to be run:
```bash
kubectl get serviceAccounts <service-account-name> -n <namespace> -o 'jsonpath={.secrets[*].name}'
kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
```
### Service account approach for arc cluster
```yaml
- uses: azure/k8s-set-context@v2
with:
method: service-account
cluster-type: arc
cluster-name: <cluster-name>
resource-group: <resource-group>
token: "${{ secrets.SA_TOKEN }}"
```
### Service principal approach for arc cluster
```yaml
- uses: azure/k8s-set-context@v2
with:
method: service-principal
cluster-type: arc
cluster-name: <cluster-name>
resource-group: <resource-group>
```
## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
# Kubernetes set context
This action can be used to set cluster context before other actions like [`azure/k8s-deploy`](https://github.com/Azure/k8s-deploy/tree/master) and [`azure/k8s-create-secret`](https://github.com/Azure/k8s-create-secret/tree/master). It should also be used before `kubectl` commands (in script) are run subsequently in the workflow.
It is a requirement to use [`azure/login`](https://github.com/Azure/login/tree/master) in your workflow before using this action when using the `service-account` or `service-principal` methods.
There are three approaches for specifying the deployment target:
- Kubeconfig file provided as input to the action
- Service account approach where the secret associated with the service account is provided as input to the action
- Service principal approach (only applicable for arc cluster) where service principal provided with 'creds' is used as input to action
In all these approaches it is recommended to store these contents (kubeconfig file content or secret content) in a [secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets/).
Refer to the [action metadata file](./action.yml) for details about inputs. Note that different inputs are required for different method and cluster types. Use the below examples as a reference.
## Example usage
### Kubeconfig approach
```yaml
- uses: azure/k8s-set-context@v2
with:
method: kubeconfig
kubeconfig: <your kubeconfig>
context: <context name> # current-context from kubeconfig is used as default
```
**Please note** that the input requires the _contents_ of the kubeconfig file, and not its path.
Following are the ways to fetch kubeconfig file onto your local development machine so that the same can be used in the action input shown above.
#### Azure Kubernetes Service cluster
```bash
az aks get-credentials --name
--resource-group
[--admin]
[--file]
[--overwrite-existing]
[--subscription]
```
Further details can be found in [az aks get-credentials documentation](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-get-credentials).
#### Generic Kubernetes cluster
Please refer to documentation on fetching [kubeconfig for any generic K8s cluster](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
### Service account approach
```yaml
- uses: azure/k8s-set-context@v2
with:
method: service-account
k8s-url: <URL of the cluster's API server>
k8s-secret: <secret associated with the service account>
```
For fetching Server URL, execute the following command on your shell:
```bash
kubectl config view --minify -o 'jsonpath={.clusters[0].cluster.server}'
```
For fetching Secret object required to connect and authenticate with the cluster, the following sequence of commands need to be run:
```bash
kubectl get serviceAccounts <service-account-name> -n <namespace> -o 'jsonpath={.secrets[*].name}'
kubectl get secret <service-account-secret-name> -n <namespace> -o yaml
```
### Service account approach for arc cluster
```yaml
- uses: azure/k8s-set-context@v2
with:
method: service-account
cluster-type: arc
cluster-name: <cluster-name>
resource-group: <resource-group>
token: '${{ secrets.SA_TOKEN }}'
```
### Service principal approach for arc cluster
```yaml
- uses: azure/k8s-set-context@v2
with:
method: service-principal
cluster-type: arc
cluster-name: <cluster-name>
resource-group: <resource-group>
```
## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

70
SECURITY.md
View File

@ -1,35 +1,35 @@
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.1 BLOCK -->
## Security
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/).
If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [definition](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security vulnerability, please report it to us as described below.
## Reporting Security Issues
**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center at [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155).
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
## Preferred Languages
We prefer all communications to be in English.
## Policy
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
<!-- END MICROSOFT SECURITY.MD BLOCK -->
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.1 BLOCK -->
## Security
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/).
If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [definition](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>) of a security vulnerability, please report it to us as described below.
## Reporting Security Issues
**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center at [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155).
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
## Preferred Languages
We prefer all communications to be in English.
## Policy
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
<!-- END MICROSOFT SECURITY.MD BLOCK -->

78
action.yml
View File

@ -1,39 +1,39 @@
name: "Kubernetes Set Context"
description: "Set the context of a target Kubernetes cluster and export the kubeconfig which is used by subsequent actions"
inputs:
# Please ensure you have used azure/login in the workflow before this action
cluster-type:
description: "Acceptable values: generic or arc"
required: true
default: "generic"
method:
description: "Acceptable values: kubeconfig or service-account or service-principal"
required: true
default: "kubeconfig"
kubeconfig:
description: "Contents of kubeconfig file"
required: false
context:
description: "If your kubeconfig has multiple contexts, use this field to use a specific context, otherwise the default one would be chosen"
required: false
k8s-url:
description: "Cluster Url"
required: false
k8s-secret:
description: "Service account secret (run kubectl get serviceaccounts <service-account-name> -o yaml and copy the service-account-secret-name)"
required: false
token:
description: "Token extracted from the secret of service account (should be base 64 decoded)"
required: false
resource-group:
description: "Azure resource group name"
required: false
cluster-name:
description: "Azure connected cluster name"
required: false
branding:
color: "blue"
runs:
using: "node16"
main: "lib/run.js"
name: 'Kubernetes Set Context'
description: 'Set the context of a target Kubernetes cluster and export the kubeconfig which is used by subsequent actions'
inputs:
# Please ensure you have used azure/login in the workflow before this action
cluster-type:
description: 'Acceptable values: generic or arc'
required: true
default: 'generic'
method:
description: 'Acceptable values: kubeconfig or service-account or service-principal'
required: true
default: 'kubeconfig'
kubeconfig:
description: 'Contents of kubeconfig file'
required: false
context:
description: 'If your kubeconfig has multiple contexts, use this field to use a specific context, otherwise the default one would be chosen'
required: false
k8s-url:
description: 'Cluster Url'
required: false
k8s-secret:
description: 'Service account secret (run kubectl get serviceaccounts <service-account-name> -o yaml and copy the service-account-secret-name)'
required: false
token:
description: 'Token extracted from the secret of service account (should be base 64 decoded)'
required: false
resource-group:
description: 'Azure resource group name'
required: false
cluster-name:
description: 'Azure connected cluster name'
required: false
branding:
color: 'blue'
runs:
using: 'node16'
main: 'lib/run.js'

38
jest.config.js
View File

@ -1,20 +1,20 @@
module.exports = {
restoreMocks: true,
clearMocks: true,
resetMocks: true,
moduleFileExtensions: ["js", "ts"],
testEnvironment: "node",
testMatch: ["**/*.test.ts"],
transform: {
"^.+\\.ts$": "ts-jest",
},
verbose: true,
coverageThreshold: {
global: {
branches: 0,
functions: 40,
lines: 22,
statements: 22,
},
},
};
restoreMocks: true,
clearMocks: true,
resetMocks: true,
moduleFileExtensions: ['js', 'ts'],
testEnvironment: 'node',
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
verbose: true,
coverageThreshold: {
global: {
branches: 0,
functions: 40,
lines: 22,
statements: 22
}
}
}

15900
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

69
package.json
View File

@ -1,33 +1,36 @@
{
"name": "k8s-set-context-action",
"version": "1.0.0",
"private": true,
"main": "lib/run.js",
"scripts": {
"build": "tsc --outDir ./lib --rootDir ./src",
"test": "jest",
"test-coverage": "jest --coverage"
},
"keywords": [
"actions",
"node",
"setup"
],
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.2.6",
"@actions/exec": "^1.0.0",
"@actions/io": "^1.1.2",
"@kubernetes/client-node": "^0.16.0",
"js-yaml": "^4.1.0"
},
"devDependencies": {
"@types/jest": "^28.1.2",
"@types/js-yaml": "^4.0.4",
"@types/node": "^16.0.0",
"jest": "^28.1.1",
"ts-jest": "^28.0.5",
"typescript": "4.7.4"
}
}
{
"name": "k8s-set-context-action",
"version": "1.0.0",
"private": true,
"main": "lib/run.js",
"scripts": {
"build": "tsc --outDir ./lib --rootDir ./src",
"test": "jest",
"test-coverage": "jest --coverage",
"format": "prettier --write .",
"format-check": "prettier --check ."
},
"keywords": [
"actions",
"node",
"setup"
],
"author": "GitHub",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.2.6",
"@actions/exec": "^1.0.0",
"@actions/io": "^1.1.2",
"@kubernetes/client-node": "^0.16.0",
"js-yaml": "^4.1.0"
},
"devDependencies": {
"@types/jest": "^28.1.2",
"@types/js-yaml": "^4.0.4",
"@types/node": "^16.0.0",
"jest": "^28.1.1",
"prettier": "2.7.1",
"ts-jest": "^28.0.5",
"typescript": "4.7.4"
}
}

188
src/kubeconfigs/arc.test.ts
View File

@ -1,103 +1,103 @@
import * as actions from "@actions/exec";
import * as io from "@actions/io";
import { getRequiredInputError } from "../../tests/util";
import { getArcKubeconfig, KUBECONFIG_LOCATION } from "./arc";
import * as az from "./azCommands";
import * as actions from '@actions/exec'
import * as io from '@actions/io'
import {getRequiredInputError} from '../../tests/util'
import {getArcKubeconfig, KUBECONFIG_LOCATION} from './arc'
import * as az from './azCommands'
describe("Arc kubeconfig", () => {
test("it throws error without resource group", async () => {
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError("resource-group")
);
});
test("it throws error without cluster name", async () => {
process.env["INPUT_RESOURCE-GROUP"] = "group";
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError("cluster-name")
);
});
describe("runs az cli commands", () => {
const group = "group";
const name = "name";
const path = "path";
const kubeconfig = "kubeconfig";
beforeEach(() => {
process.env["INPUT_RESOURCE-GROUP"] = group;
process.env["INPUT_CLUSTER-NAME"] = name;
jest.spyOn(io, "which").mockImplementation(async () => path);
jest.spyOn(az, "runAzCliCommand").mockImplementation(async () => {});
jest
.spyOn(az, "runAzKubeconfigCommandBlocking")
.mockImplementation(async () => kubeconfig);
});
it("throws an error without method", async () => {
describe('Arc kubeconfig', () => {
test('it throws error without resource group', async () => {
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError("method")
);
});
getRequiredInputError('resource-group')
)
})
test('it throws error without cluster name', async () => {
process.env['INPUT_RESOURCE-GROUP'] = 'group'
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError('cluster-name')
)
})
describe('runs az cli commands', () => {
const group = 'group'
const name = 'name'
const path = 'path'
const kubeconfig = 'kubeconfig'
describe("service account method", () => {
beforeEach(() => {
process.env["INPUT_METHOD"] = "service-account";
});
process.env['INPUT_RESOURCE-GROUP'] = group
process.env['INPUT_CLUSTER-NAME'] = name
it("throws an error without token", async () => {
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError("token")
);
});
jest.spyOn(io, 'which').mockImplementation(async () => path)
jest.spyOn(az, 'runAzCliCommand').mockImplementation(async () => {})
jest
.spyOn(az, 'runAzKubeconfigCommandBlocking')
.mockImplementation(async () => kubeconfig)
})
it("gets the kubeconfig", async () => {
const token = "token";
process.env["INPUT_TOKEN"] = token;
it('throws an error without method', async () => {
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError('method')
)
})
expect(await getArcKubeconfig()).toBe(kubeconfig);
expect(az.runAzKubeconfigCommandBlocking).toHaveBeenCalledWith(
path,
[
"connectedk8s",
"proxy",
"-n",
name,
"-g",
group,
"--token",
token,
"-f",
KUBECONFIG_LOCATION,
],
KUBECONFIG_LOCATION
);
});
});
describe('service account method', () => {
beforeEach(() => {
process.env['INPUT_METHOD'] = 'service-account'
})
describe("service principal method", () => {
beforeEach(() => {
process.env["INPUT_METHOD"] = "service-principal";
});
it('throws an error without token', async () => {
await expect(getArcKubeconfig()).rejects.toThrow(
getRequiredInputError('token')
)
})
it("gets the kubeconfig", async () => {
expect(await getArcKubeconfig()).toBe(kubeconfig);
expect(az.runAzKubeconfigCommandBlocking).toHaveBeenCalledWith(
path,
[
"connectedk8s",
"proxy",
"-n",
name,
"-g",
group,
"-f",
KUBECONFIG_LOCATION,
],
KUBECONFIG_LOCATION
);
});
});
});
});
it('gets the kubeconfig', async () => {
const token = 'token'
process.env['INPUT_TOKEN'] = token
expect(await getArcKubeconfig()).toBe(kubeconfig)
expect(az.runAzKubeconfigCommandBlocking).toHaveBeenCalledWith(
path,
[
'connectedk8s',
'proxy',
'-n',
name,
'-g',
group,
'--token',
token,
'-f',
KUBECONFIG_LOCATION
],
KUBECONFIG_LOCATION
)
})
})
describe('service principal method', () => {
beforeEach(() => {
process.env['INPUT_METHOD'] = 'service-principal'
})
it('gets the kubeconfig', async () => {
expect(await getArcKubeconfig()).toBe(kubeconfig)
expect(az.runAzKubeconfigCommandBlocking).toHaveBeenCalledWith(
path,
[
'connectedk8s',
'proxy',
'-n',
name,
'-g',
group,
'-f',
KUBECONFIG_LOCATION
],
KUBECONFIG_LOCATION
)
})
})
})
})

112
src/kubeconfigs/arc.ts
View File

@ -1,68 +1,68 @@
import * as core from "@actions/core";
import * as io from "@actions/io";
import { Method, parseMethod } from "../types/method";
import * as path from "path";
import { runAzCliCommand, runAzKubeconfigCommandBlocking } from "./azCommands";
import * as core from '@actions/core'
import * as io from '@actions/io'
import {Method, parseMethod} from '../types/method'
import * as path from 'path'
import {runAzCliCommand, runAzKubeconfigCommandBlocking} from './azCommands'
const RUNNER_TEMP: string = process.env["RUNNER_TEMP"] || "";
const RUNNER_TEMP: string = process.env['RUNNER_TEMP'] || ''
export const KUBECONFIG_LOCATION: string = path.join(
RUNNER_TEMP,
`arc_kubeconfig_${Date.now()}`
);
RUNNER_TEMP,
`arc_kubeconfig_${Date.now()}`
)
/**
* Gets the kubeconfig based on provided method for an Arc Kubernetes cluster
* @returns The kubeconfig wrapped in a Promise
*/
export async function getArcKubeconfig(): Promise<string> {
const resourceGroupName = core.getInput("resource-group", { required: true });
const clusterName = core.getInput("cluster-name", { required: true });
const azPath = await io.which("az", true);
const resourceGroupName = core.getInput('resource-group', {required: true})
const clusterName = core.getInput('cluster-name', {required: true})
const azPath = await io.which('az', true)
const method: Method | undefined = parseMethod(
core.getInput("method", { required: true })
);
const method: Method | undefined = parseMethod(
core.getInput('method', {required: true})
)
await runAzCliCommand(azPath, ["extension", "add", "-n", "connectedk8s"]);
await runAzCliCommand(azPath, ['extension', 'add', '-n', 'connectedk8s'])
switch (method) {
case Method.SERVICE_ACCOUNT:
const saToken = core.getInput("token", { required: true });
return await runAzKubeconfigCommandBlocking(
azPath,
[
"connectedk8s",
"proxy",
"-n",
clusterName,
"-g",
resourceGroupName,
"--token",
saToken,
"-f",
KUBECONFIG_LOCATION,
],
KUBECONFIG_LOCATION
);
case Method.SERVICE_PRINCIPAL:
return await runAzKubeconfigCommandBlocking(
azPath,
[
"connectedk8s",
"proxy",
"-n",
clusterName,
"-g",
resourceGroupName,
"-f",
KUBECONFIG_LOCATION,
],
KUBECONFIG_LOCATION
);
case undefined:
core.warning("Defaulting to kubeconfig method");
case Method.KUBECONFIG:
default:
throw Error("Kubeconfig method not supported for Arc cluster");
}
switch (method) {
case Method.SERVICE_ACCOUNT:
const saToken = core.getInput('token', {required: true})
return await runAzKubeconfigCommandBlocking(
azPath,
[
'connectedk8s',
'proxy',
'-n',
clusterName,
'-g',
resourceGroupName,
'--token',
saToken,
'-f',
KUBECONFIG_LOCATION
],
KUBECONFIG_LOCATION
)
case Method.SERVICE_PRINCIPAL:
return await runAzKubeconfigCommandBlocking(
azPath,
[
'connectedk8s',
'proxy',
'-n',
clusterName,
'-g',
resourceGroupName,
'-f',
KUBECONFIG_LOCATION
],
KUBECONFIG_LOCATION
)
case undefined:
core.warning('Defaulting to kubeconfig method')
case Method.KUBECONFIG:
default:
throw Error('Kubeconfig method not supported for Arc cluster')
}
}

22
src/kubeconfigs/azCommands.test.ts
View File

@ -1,14 +1,14 @@
import * as actions from "@actions/exec";
import { runAzCliCommand } from "./azCommands";
import * as actions from '@actions/exec'
import {runAzCliCommand} from './azCommands'
describe("Az commands", () => {
test("it runs an az cli command", async () => {
const path = "path";
const args = ["args"];
describe('Az commands', () => {
test('it runs an az cli command', async () => {
const path = 'path'
const args = ['args']
jest.spyOn(actions, "exec").mockImplementation(async () => 0);
jest.spyOn(actions, 'exec').mockImplementation(async () => 0)
expect(await runAzCliCommand(path, args));
expect(actions.exec).toBeCalledWith(path, args, {});
});
});
expect(await runAzCliCommand(path, args))
expect(actions.exec).toBeCalledWith(path, args, {})
})
})

40
src/kubeconfigs/azCommands.ts
View File

@ -1,9 +1,9 @@
import * as fs from "fs";
import { ExecOptions } from "@actions/exec/lib/interfaces";
import { exec } from "@actions/exec";
import { spawn } from "child_process";
import * as fs from 'fs'
import {ExecOptions} from '@actions/exec/lib/interfaces'
import {exec} from '@actions/exec'
import {spawn} from 'child_process'
const AZ_TIMEOUT_SECONDS: number = 120;
const AZ_TIMEOUT_SECONDS: number = 120
/**
* Executes an az cli command
@ -12,11 +12,11 @@ const AZ_TIMEOUT_SECONDS: number = 120;
* @param options Optional options for the command execution
*/
export async function runAzCliCommand(
azPath: string,
args: string[],
options: ExecOptions = {}
azPath: string,
args: string[],
options: ExecOptions = {}
) {
await exec(azPath, args, options);
await exec(azPath, args, options)
}
/**
* Executes an az cli command that will set the kubeconfig
@ -26,19 +26,19 @@ export async function runAzCliCommand(
* @returns The contents of the kubeconfig
*/
export async function runAzKubeconfigCommandBlocking(
azPath: string,
args: string[],
kubeconfigPath: string
azPath: string,
args: string[],
kubeconfigPath: string
): Promise<string> {
const proc = spawn(azPath, args, {
detached: true,
stdio: "ignore",
});
proc.unref();
const proc = spawn(azPath, args, {
detached: true,
stdio: 'ignore'
})
proc.unref()
await sleep(AZ_TIMEOUT_SECONDS);
return fs.readFileSync(kubeconfigPath).toString();
await sleep(AZ_TIMEOUT_SECONDS)
return fs.readFileSync(kubeconfigPath).toString()
}
const sleep = (seconds: number) =>
new Promise((resolve) => setTimeout(resolve, seconds * 1000));
new Promise((resolve) => setTimeout(resolve, seconds * 1000))

259
src/kubeconfigs/default.test.ts
View File

@ -1,150 +1,149 @@
import * as fs from "fs";
import { getRequiredInputError } from "../../tests/util";
import { createKubeconfig, getDefaultKubeconfig } from "./default";
import * as fs from 'fs'
import {getRequiredInputError} from '../../tests/util'
import {createKubeconfig, getDefaultKubeconfig} from './default'
describe("Default kubeconfig", () => {
test("it creates a kubeconfig with proper format", () => {
const certAuth = "certAuth";
const token = "token";
const clusterUrl = "clusterUrl";
describe('Default kubeconfig', () => {
test('it creates a kubeconfig with proper format', () => {
const certAuth = 'certAuth'
const token = 'token'
const clusterUrl = 'clusterUrl'
const kc = createKubeconfig(certAuth, token, clusterUrl);
const expected = JSON.stringify({
apiVersion: "v1",
kind: "Config",
clusters: [
{
name: "default",
cluster: {
server: clusterUrl,
"certificate-authority-data": certAuth,
"insecure-skip-tls-verify": false,
},
},
],
users: [{ name: "default-user", user: { token } }],
contexts: [
{
name: "loaded-context",
context: {
cluster: "default",
user: "default-user",
name: "loaded-context",
},
},
],
preferences: {},
"current-context": "loaded-context",
});
const kc = createKubeconfig(certAuth, token, clusterUrl)
const expected = JSON.stringify({
apiVersion: 'v1',
kind: 'Config',
clusters: [
{
name: 'default',
cluster: {
server: clusterUrl,
'certificate-authority-data': certAuth,
'insecure-skip-tls-verify': false
}
}
],
users: [{name: 'default-user', user: {token}}],
contexts: [
{
name: 'loaded-context',
context: {
cluster: 'default',
user: 'default-user',
name: 'loaded-context'
}
}
],
preferences: {},
'current-context': 'loaded-context'
})
expect(kc).toBe(expected)
})
expect(kc).toBe(expected);
});
test("it throws error without method", () => {
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError("method")
);
});
describe("default method", () => {
beforeEach(() => {
process.env["INPUT_METHOD"] = "default";
});
test("it throws error without kubeconfig", () => {
test('it throws error without method', () => {
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError("kubeconfig")
);
});
getRequiredInputError('method')
)
})
test("it gets default config through kubeconfig input", () => {
const kc = "example kc";
process.env["INPUT_KUBECONFIG"] = kc;
describe('default method', () => {
beforeEach(() => {
process.env['INPUT_METHOD'] = 'default'
})
expect(getDefaultKubeconfig()).toBe(kc);
});
});
test('it throws error without kubeconfig', () => {
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError('kubeconfig')
)
})
test("it defaults to default method", () => {
process.env["INPUT_METHOD"] = "unknown";
test('it gets default config through kubeconfig input', () => {
const kc = 'example kc'
process.env['INPUT_KUBECONFIG'] = kc
const kc = "example kc";
process.env["INPUT_KUBECONFIG"] = kc;
expect(getDefaultKubeconfig()).toBe(kc)
})
})
expect(getDefaultKubeconfig()).toBe(kc);
});
test('it defaults to default method', () => {
process.env['INPUT_METHOD'] = 'unknown'
test("it defaults to default method from service-principal", () => {
process.env["INPUT_METHOD"] = "service-principal";
const kc = 'example kc'
process.env['INPUT_KUBECONFIG'] = kc
const kc = "example kc";
process.env["INPUT_KUBECONFIG"] = kc;
expect(getDefaultKubeconfig()).toBe(kc)
})
expect(getDefaultKubeconfig()).toBe(kc);
});
test('it defaults to default method from service-principal', () => {
process.env['INPUT_METHOD'] = 'service-principal'
describe("service-account method", () => {
beforeEach(() => {
process.env["INPUT_METHOD"] = "service-account";
});
const kc = 'example kc'
process.env['INPUT_KUBECONFIG'] = kc
test("it throws error without cluster url", () => {
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError("k8s-url")
);
});
expect(getDefaultKubeconfig()).toBe(kc)
})
test("it throws error without k8s secret", () => {
process.env["INPUT_K8S-URL"] = "url";
describe('service-account method', () => {
beforeEach(() => {
process.env['INPUT_METHOD'] = 'service-account'
})
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError("k8s-secret")
);
});
test('it throws error without cluster url', () => {
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError('k8s-url')
)
})
test("it gets kubeconfig through service-account", () => {
const k8sUrl = "https://testing-dns-4za.hfp.earth.azmk8s.io:443";
const token = "ZXlKaGJHY2lPcUpTVXpJMU5pSX=";
const cert = "LS0tLS1CRUdJTiBDRWyUSUZJQ";
const k8sSecret = fs.readFileSync("tests/sample-secret.yml").toString();
test('it throws error without k8s secret', () => {
process.env['INPUT_K8S-URL'] = 'url'
process.env["INPUT_K8S-URL"] = k8sUrl;
process.env["INPUT_K8S-SECRET"] = k8sSecret;
expect(() => getDefaultKubeconfig()).toThrow(
getRequiredInputError('k8s-secret')
)
})
const expectedConfig = JSON.stringify({
apiVersion: "v1",
kind: "Config",
clusters: [
{
name: "default",
cluster: {
server: k8sUrl,
"certificate-authority-data": cert,
"insecure-skip-tls-verify": false,
},
},
],
users: [
{
name: "default-user",
user: { token: Buffer.from(token, "base64").toString() },
},
],
contexts: [
{
name: "loaded-context",
context: {
cluster: "default",
user: "default-user",
name: "loaded-context",
},
},
],
preferences: {},
"current-context": "loaded-context",
});
test('it gets kubeconfig through service-account', () => {
const k8sUrl = 'https://testing-dns-4za.hfp.earth.azmk8s.io:443'
const token = 'ZXlKaGJHY2lPcUpTVXpJMU5pSX='
const cert = 'LS0tLS1CRUdJTiBDRWyUSUZJQ'
const k8sSecret = fs.readFileSync('tests/sample-secret.yml').toString()
expect(getDefaultKubeconfig()).toBe(expectedConfig);
});
});
});
process.env['INPUT_K8S-URL'] = k8sUrl
process.env['INPUT_K8S-SECRET'] = k8sSecret
const expectedConfig = JSON.stringify({
apiVersion: 'v1',
kind: 'Config',
clusters: [
{
name: 'default',
cluster: {
server: k8sUrl,
'certificate-authority-data': cert,
'insecure-skip-tls-verify': false
}
}
],
users: [
{
name: 'default-user',
user: {token: Buffer.from(token, 'base64').toString()}
}
],
contexts: [
{
name: 'loaded-context',
context: {
cluster: 'default',
user: 'default-user',
name: 'loaded-context'
}
}
],
preferences: {},
'current-context': 'loaded-context'
})
expect(getDefaultKubeconfig()).toBe(expectedConfig)
})
})
})

112
src/kubeconfigs/default.ts
View File

@ -1,50 +1,52 @@
import * as core from "@actions/core";
import * as jsyaml from "js-yaml";
import { KubeConfig } from "@kubernetes/client-node";
import { K8sSecret, parseK8sSecret } from "../types/k8sSecret";
import { Method, parseMethod } from "../types/method";
import * as core from '@actions/core'
import * as jsyaml from 'js-yaml'
import {KubeConfig} from '@kubernetes/client-node'
import {K8sSecret, parseK8sSecret} from '../types/k8sSecret'
import {Method, parseMethod} from '../types/method'
/**
* Gets the kubeconfig based on provided method for a default Kubernetes cluster
* @returns The kubeconfig
*/
export function getDefaultKubeconfig(): string {
const method: Method | undefined = parseMethod(
core.getInput("method", { required: true })
);
const method: Method | undefined = parseMethod(
core.getInput('method', {required: true})
)
switch (method) {
case Method.SERVICE_ACCOUNT: {
const clusterUrl = core.getInput("k8s-url", { required: true });
core.debug(
"Found clusterUrl. Creating kubeconfig using certificate and token"
);
switch (method) {
case Method.SERVICE_ACCOUNT: {
const clusterUrl = core.getInput('k8s-url', {required: true})
core.debug(
'Found clusterUrl. Creating kubeconfig using certificate and token'
)
const k8sSecret: string = core.getInput("k8s-secret", {
required: true,
});
const parsedK8sSecret: K8sSecret = parseK8sSecret(jsyaml.load(k8sSecret));
const certAuth: string = parsedK8sSecret.data["ca.crt"];
const token: string = Buffer.from(
parsedK8sSecret.data.token,
"base64"
).toString();
const k8sSecret: string = core.getInput('k8s-secret', {
required: true
})
const parsedK8sSecret: K8sSecret = parseK8sSecret(
jsyaml.load(k8sSecret)
)
const certAuth: string = parsedK8sSecret.data['ca.crt']
const token: string = Buffer.from(
parsedK8sSecret.data.token,
'base64'
).toString()
return createKubeconfig(certAuth, token, clusterUrl);
}
case Method.SERVICE_PRINCIPAL: {
core.warning(
"Service Principal method not supported for default cluster type"
);
}
case undefined: {
core.warning("Defaulting to kubeconfig method");
}
default: {
core.debug("Setting context using kubeconfig");
return core.getInput("kubeconfig", { required: true });
}
}
return createKubeconfig(certAuth, token, clusterUrl)
}
case Method.SERVICE_PRINCIPAL: {
core.warning(
'Service Principal method not supported for default cluster type'
)
}
case undefined: {
core.warning('Defaulting to kubeconfig method')
}
default: {
core.debug('Setting context using kubeconfig')
return core.getInput('kubeconfig', {required: true})
}
}
}
/**
@ -55,22 +57,22 @@ export function getDefaultKubeconfig(): string {
* @returns The kubeconfig as a string
*/
export function createKubeconfig(
certAuth: string,
token: string,
clusterUrl: string
certAuth: string,
token: string,
clusterUrl: string
): string {
const kc = new KubeConfig();
kc.loadFromClusterAndUser(
{
name: "default",
server: clusterUrl,
caData: certAuth,
skipTLSVerify: false,
},
{
name: "default-user",
token,
}
);
return kc.exportConfig();
const kc = new KubeConfig()
kc.loadFromClusterAndUser(
{
name: 'default',
server: clusterUrl,
caData: certAuth,
skipTLSVerify: false
},
{
name: 'default-user',
token
}
)
return kc.exportConfig()
}

50
src/run.test.ts
View File

@ -1,30 +1,30 @@
import { getRequiredInputError } from "../tests/util";
import { run } from "./run";
import fs from "fs";
import * as utils from "./utils";
import {getRequiredInputError} from '../tests/util'
import {run} from './run'
import fs from 'fs'
import * as utils from './utils'
describe("Run", () => {
it("throws error without cluster type", async () => {
await expect(run()).rejects.toThrow(getRequiredInputError("cluster-type"));
});
describe('Run', () => {
it('throws error without cluster type', async () => {
await expect(run()).rejects.toThrow(getRequiredInputError('cluster-type'))
})
it("writes kubeconfig and sets context", async () => {
const kubeconfig = "kubeconfig";
it('writes kubeconfig and sets context', async () => {
const kubeconfig = 'kubeconfig'
process.env["INPUT_CLUSTER-TYPE"] = "default";
process.env["RUNNER_TEMP"] = "/sample/path";
process.env['INPUT_CLUSTER-TYPE'] = 'default'
process.env['RUNNER_TEMP'] = '/sample/path'
jest
.spyOn(utils, "getKubeconfig")
.mockImplementation(async () => kubeconfig);
jest.spyOn(fs, "writeFileSync").mockImplementation(() => {});
jest.spyOn(fs, "chmodSync").mockImplementation(() => {});
jest.spyOn(utils, "setContext").mockImplementation(() => kubeconfig);
jest
.spyOn(utils, 'getKubeconfig')
.mockImplementation(async () => kubeconfig)
jest.spyOn(fs, 'writeFileSync').mockImplementation(() => {})
jest.spyOn(fs, 'chmodSync').mockImplementation(() => {})
jest.spyOn(utils, 'setContext').mockImplementation(() => kubeconfig)
expect(await run());
expect(utils.getKubeconfig).toHaveBeenCalled();
expect(fs.writeFileSync).toHaveBeenCalled();
expect(fs.chmodSync).toHaveBeenCalled();
expect(utils.setContext).toHaveBeenCalled();
});
});
expect(await run())
expect(utils.getKubeconfig).toHaveBeenCalled()
expect(fs.writeFileSync).toHaveBeenCalled()
expect(fs.chmodSync).toHaveBeenCalled()
expect(utils.setContext).toHaveBeenCalled()
})
})

52
src/run.ts
View File

@ -1,36 +1,36 @@
import * as core from "@actions/core";
import * as path from "path";
import * as fs from "fs";
import { Cluster, parseCluster } from "./types/cluster";
import { setContext, getKubeconfig } from "./utils";
import * as core from '@actions/core'
import * as path from 'path'
import * as fs from 'fs'
import {Cluster, parseCluster} from './types/cluster'
import {setContext, getKubeconfig} from './utils'
/**
* Sets the Kubernetes context based on supplied action inputs
*/
export async function run() {
// get inputs
const clusterType: Cluster | undefined = parseCluster(
core.getInput("cluster-type", {
required: true,
})
);
const runnerTempDirectory: string = process.env["RUNNER_TEMP"];
const kubeconfigPath: string = path.join(
runnerTempDirectory,
`kubeconfig_${Date.now()}`
);
// get inputs
const clusterType: Cluster | undefined = parseCluster(
core.getInput('cluster-type', {
required: true
})
)
const runnerTempDirectory: string = process.env['RUNNER_TEMP']
const kubeconfigPath: string = path.join(
runnerTempDirectory,
`kubeconfig_${Date.now()}`
)
// get kubeconfig and update context
const kubeconfig: string = await getKubeconfig(clusterType);
const kubeconfigWithContext: string = setContext(kubeconfig);
// get kubeconfig and update context
const kubeconfig: string = await getKubeconfig(clusterType)
const kubeconfigWithContext: string = setContext(kubeconfig)
// output kubeconfig
core.debug(`Writing kubeconfig contents to ${kubeconfigPath}`);
fs.writeFileSync(kubeconfigPath, kubeconfigWithContext);
fs.chmodSync(kubeconfigPath, "600");
core.debug("Setting KUBECONFIG environment variable");
core.exportVariable("KUBECONFIG", kubeconfigPath);
// output kubeconfig
core.debug(`Writing kubeconfig contents to ${kubeconfigPath}`)
fs.writeFileSync(kubeconfigPath, kubeconfigWithContext)
fs.chmodSync(kubeconfigPath, '600')
core.debug('Setting KUBECONFIG environment variable')
core.exportVariable('KUBECONFIG', kubeconfigPath)
}
// Run the application
run().catch(core.setFailed);
run().catch(core.setFailed)

40
src/types/cluster.test.ts
View File

@ -1,24 +1,24 @@
import { Cluster, parseCluster } from "./cluster";
import {Cluster, parseCluster} from './cluster'
describe("Cluster type", () => {
test("it has required values", () => {
const vals = <any>Object.values(Cluster);
expect(vals.includes("arc")).toBe(true);
expect(vals.includes("generic")).toBe(true);
});
describe('Cluster type', () => {
test('it has required values', () => {
const vals = <any>Object.values(Cluster)
expect(vals.includes('arc')).toBe(true)
expect(vals.includes('generic')).toBe(true)
})
test("it can parse valid values from a string", () => {
expect(parseCluster("arc")).toBe(Cluster.ARC);
expect(parseCluster("Arc")).toBe(Cluster.ARC);
expect(parseCluster("ARC")).toBe(Cluster.ARC);
test('it can parse valid values from a string', () => {
expect(parseCluster('arc')).toBe(Cluster.ARC)
expect(parseCluster('Arc')).toBe(Cluster.ARC)
expect(parseCluster('ARC')).toBe(Cluster.ARC)
expect(parseCluster("generic")).toBe(Cluster.GENERIC);
expect(parseCluster("Generic")).toBe(Cluster.GENERIC);
expect(parseCluster("GENERIC")).toBe(Cluster.GENERIC);
});
expect(parseCluster('generic')).toBe(Cluster.GENERIC)
expect(parseCluster('Generic')).toBe(Cluster.GENERIC)
expect(parseCluster('GENERIC')).toBe(Cluster.GENERIC)
})
test("it will return undefined if it can't parse values from a string", () => {
expect(parseCluster("invalid")).toBe(undefined);
expect(parseCluster("unsupportedType")).toBe(undefined);
});
});
test("it will return undefined if it can't parse values from a string", () => {
expect(parseCluster('invalid')).toBe(undefined)
expect(parseCluster('unsupportedType')).toBe(undefined)
})
})

14
src/types/cluster.ts
View File

@ -1,6 +1,6 @@
export enum Cluster {
ARC = "arc",
GENERIC = "generic",
ARC = 'arc',
GENERIC = 'generic'
}
/**
@ -9,8 +9,8 @@ export enum Cluster {
* @returns The Cluster enum or undefined if it can't be parsed
*/
export const parseCluster = (str: string): Cluster | undefined =>
Cluster[
Object.keys(Cluster).filter(
(k) => Cluster[k].toString().toLowerCase() === str.toLowerCase()
)[0] as keyof typeof Cluster
];
Cluster[
Object.keys(Cluster).filter(
(k) => Cluster[k].toString().toLowerCase() === str.toLowerCase()
)[0] as keyof typeof Cluster
]

56
src/types/k8sSecret.test.ts
View File

@ -1,33 +1,33 @@
import { parseK8sSecret, K8sSecret } from "./k8sSecret";
import {parseK8sSecret, K8sSecret} from './k8sSecret'
describe("K8sSecret type", () => {
describe("Parsing from any", () => {
test("it returns a type guarded secret", () => {
const secret = { data: { token: "token", "ca.crt": "cert" } };
expect(() => parseK8sSecret(secret)).not.toThrow();
});
describe('K8sSecret type', () => {
describe('Parsing from any', () => {
test('it returns a type guarded secret', () => {
const secret = {data: {token: 'token', 'ca.crt': 'cert'}}
expect(() => parseK8sSecret(secret)).not.toThrow()
})
test("it throws an error when secret not provided", () => {
expect(() => parseK8sSecret(undefined)).toThrow();
});
test('it throws an error when secret not provided', () => {
expect(() => parseK8sSecret(undefined)).toThrow()
})
test("it throws an error when there is no data field", () => {
const secret = {};
expect(() => parseK8sSecret(secret)).toThrow();
});
test('it throws an error when there is no data field', () => {
const secret = {}
expect(() => parseK8sSecret(secret)).toThrow()
})
test("it throws an error when there is no token", () => {
const secret = {
data: {
"ca.crt": "cert",
},
};
expect(() => parseK8sSecret(secret)).toThrow();
});
test('it throws an error when there is no token', () => {
const secret = {
data: {
'ca.crt': 'cert'
}
}
expect(() => parseK8sSecret(secret)).toThrow()
})
test("it throws an error when there is no ca.crt field", () => {
const secret = { data: { token: "token" } };
expect(() => parseK8sSecret(secret)).toThrow();
});
});
});
test('it throws an error when there is no ca.crt field', () => {
const secret = {data: {token: 'token'}}
expect(() => parseK8sSecret(secret)).toThrow()
})
})
})

22
src/types/k8sSecret.ts
View File

@ -1,10 +1,10 @@
import * as util from "util";
import * as util from 'util'
export interface K8sSecret {
data: {
token: string;
"ca.crt": string;
};
data: {
token: string
'ca.crt': string
}
}
/**
@ -13,13 +13,13 @@ export interface K8sSecret {
* @returns A type guarded K8sSecret
*/
export function parseK8sSecret(secret: any): K8sSecret {
if (!secret) throw Error("K8s secret yaml is invalid");
if (!secret.data) throw k8sSecretMissingFieldError("data");
if (!secret.data.token) throw k8sSecretMissingFieldError("token");
if (!secret.data["ca.crt"]) throw k8sSecretMissingFieldError("ca.crt");
if (!secret) throw Error('K8s secret yaml is invalid')
if (!secret.data) throw k8sSecretMissingFieldError('data')
if (!secret.data.token) throw k8sSecretMissingFieldError('token')
if (!secret.data['ca.crt']) throw k8sSecretMissingFieldError('ca.crt')
return secret as K8sSecret;
return secret as K8sSecret
}
const k8sSecretMissingFieldError = (field: string): Error =>
Error(util.format("K8s secret yaml does not contain %s field", field));
Error(util.format('K8s secret yaml does not contain %s field', field))

48
src/types/method.test.ts
View File

@ -1,29 +1,29 @@
import { Method, parseMethod } from "./method";
import {Method, parseMethod} from './method'
describe("Method type", () => {
test("it has required values", () => {
const vals = <any>Object.values(Method);
expect(vals.includes("kubeconfig")).toBe(true);
expect(vals.includes("service-account")).toBe(true);
expect(vals.includes("service-principal")).toBe(true);
});
describe('Method type', () => {
test('it has required values', () => {
const vals = <any>Object.values(Method)
expect(vals.includes('kubeconfig')).toBe(true)
expect(vals.includes('service-account')).toBe(true)
expect(vals.includes('service-principal')).toBe(true)
})
test("it can parse valid values from a string", () => {
expect(parseMethod("kubeconfig")).toBe(Method.KUBECONFIG);
expect(parseMethod("Kubeconfig")).toBe(Method.KUBECONFIG);
expect(parseMethod("KUBECONFIG")).toBe(Method.KUBECONFIG);
test('it can parse valid values from a string', () => {
expect(parseMethod('kubeconfig')).toBe(Method.KUBECONFIG)
expect(parseMethod('Kubeconfig')).toBe(Method.KUBECONFIG)
expect(parseMethod('KUBECONFIG')).toBe(Method.KUBECONFIG)
expect(parseMethod("service-account")).toBe(Method.SERVICE_ACCOUNT);
expect(parseMethod("Service-Account")).toBe(Method.SERVICE_ACCOUNT);
expect(parseMethod("SERVICE-ACCOUNT")).toBe(Method.SERVICE_ACCOUNT);
expect(parseMethod('service-account')).toBe(Method.SERVICE_ACCOUNT)
expect(parseMethod('Service-Account')).toBe(Method.SERVICE_ACCOUNT)
expect(parseMethod('SERVICE-ACCOUNT')).toBe(Method.SERVICE_ACCOUNT)
expect(parseMethod("service-principal")).toBe(Method.SERVICE_PRINCIPAL);
expect(parseMethod("Service-Principal")).toBe(Method.SERVICE_PRINCIPAL);
expect(parseMethod("SERVICE-PRINCIPAL")).toBe(Method.SERVICE_PRINCIPAL);
});
expect(parseMethod('service-principal')).toBe(Method.SERVICE_PRINCIPAL)
expect(parseMethod('Service-Principal')).toBe(Method.SERVICE_PRINCIPAL)
expect(parseMethod('SERVICE-PRINCIPAL')).toBe(Method.SERVICE_PRINCIPAL)
})
test("it will return undefined if it can't parse values from a string", () => {
expect(parseMethod("invalid")).toBe(undefined);
expect(parseMethod("unsupportedType")).toBe(undefined);
});
});
test("it will return undefined if it can't parse values from a string", () => {
expect(parseMethod('invalid')).toBe(undefined)
expect(parseMethod('unsupportedType')).toBe(undefined)
})
})

16
src/types/method.ts
View File

@ -1,7 +1,7 @@
export enum Method {
KUBECONFIG = "kubeconfig",
SERVICE_ACCOUNT = "service-account",
SERVICE_PRINCIPAL = "service-principal",
KUBECONFIG = 'kubeconfig',
SERVICE_ACCOUNT = 'service-account',
SERVICE_PRINCIPAL = 'service-principal'
}
/**
@ -10,8 +10,8 @@ export enum Method {
* @returns The Method enum or undefined if it can't be parsed
*/
export const parseMethod = (str: string): Method | undefined =>
Method[
Object.keys(Method).filter(
(k) => Method[k].toString().toLowerCase() === str.toLowerCase()
)[0] as keyof typeof Method
];
Method[
Object.keys(Method).filter(
(k) => Method[k].toString().toLowerCase() === str.toLowerCase()
)[0] as keyof typeof Method
]

76
src/utils.test.ts
View File

@ -1,47 +1,47 @@
import fs from "fs";
import * as arc from "./kubeconfigs/arc";
import * as def from "./kubeconfigs/default";
import { Cluster } from "./types/cluster";
import { getKubeconfig, setContext } from "./utils";
import fs from 'fs'
import * as arc from './kubeconfigs/arc'
import * as def from './kubeconfigs/default'
import {Cluster} from './types/cluster'
import {getKubeconfig, setContext} from './utils'
describe("Utils", () => {
describe("get kubeconfig", () => {
test("it gets arc kubeconfig when type is arc", async () => {
const arcKubeconfig = "arckubeconfig";
jest
.spyOn(arc, "getArcKubeconfig")
.mockImplementation(async () => arcKubeconfig);
describe('Utils', () => {
describe('get kubeconfig', () => {
test('it gets arc kubeconfig when type is arc', async () => {
const arcKubeconfig = 'arckubeconfig'
jest
.spyOn(arc, 'getArcKubeconfig')
.mockImplementation(async () => arcKubeconfig)
expect(await getKubeconfig(Cluster.ARC)).toBe(arcKubeconfig);
});
expect(await getKubeconfig(Cluster.ARC)).toBe(arcKubeconfig)
})
test("it defaults to default kubeconfig", async () => {
const defaultKubeconfig = "arckubeconfig";
jest
.spyOn(def, "getDefaultKubeconfig")
.mockImplementation(() => defaultKubeconfig);
test('it defaults to default kubeconfig', async () => {
const defaultKubeconfig = 'arckubeconfig'
jest
.spyOn(def, 'getDefaultKubeconfig')
.mockImplementation(() => defaultKubeconfig)
expect(await getKubeconfig(undefined)).toBe(defaultKubeconfig);
expect(await getKubeconfig(Cluster.GENERIC)).toBe(defaultKubeconfig);
});
});
expect(await getKubeconfig(undefined)).toBe(defaultKubeconfig)
expect(await getKubeconfig(Cluster.GENERIC)).toBe(defaultKubeconfig)
})
})
describe("set context", () => {
const kc = fs.readFileSync("tests/sample-kubeconfig.yml").toString();
describe('set context', () => {
const kc = fs.readFileSync('tests/sample-kubeconfig.yml').toString()
test("it doesn't change kubeconfig without context", () => {
expect(setContext(kc)).toBe(kc);
});
test("it doesn't change kubeconfig without context", () => {
expect(setContext(kc)).toBe(kc)
})
test("it writes the context to the kubeconfig", () => {
process.env["INPUT_CONTEXT"] = "example";
test('it writes the context to the kubeconfig', () => {
process.env['INPUT_CONTEXT'] = 'example'
const received = JSON.parse(setContext(kc));
const expectedKc = JSON.parse(
fs.readFileSync("tests/expected-kubeconfig.json").toString()
);
const received = JSON.parse(setContext(kc))
const expectedKc = JSON.parse(
fs.readFileSync('tests/expected-kubeconfig.json').toString()
)
expect(received).toMatchObject(expectedKc);
});
});
});
expect(received).toMatchObject(expectedKc)
})
})
})

58
src/utils.ts
View File

@ -1,9 +1,9 @@
import * as core from "@actions/core";
import * as fs from "fs";
import { KubeConfig } from "@kubernetes/client-node";
import { getDefaultKubeconfig } from "./kubeconfigs/default";
import { getArcKubeconfig } from "./kubeconfigs/arc";
import { Cluster } from "./types/cluster";
import * as core from '@actions/core'
import * as fs from 'fs'
import {KubeConfig} from '@kubernetes/client-node'
import {getDefaultKubeconfig} from './kubeconfigs/default'
import {getArcKubeconfig} from './kubeconfigs/arc'
import {Cluster} from './types/cluster'
/**
* Gets the kubeconfig based on Kubernetes cluster type
@ -11,19 +11,19 @@ import { Cluster } from "./types/cluster";
* @returns A promise of the kubeconfig
*/
export async function getKubeconfig(
type: Cluster | undefined
type: Cluster | undefined
): Promise<string> {
switch (type) {
case Cluster.ARC: {
return await getArcKubeconfig();
}
case undefined: {
core.warning("Cluster type not recognized. Defaulting to generic.");
}
default: {
return getDefaultKubeconfig();
}
}
switch (type) {
case Cluster.ARC: {
return await getArcKubeconfig()
}
case undefined: {
core.warning('Cluster type not recognized. Defaulting to generic.')
}
default: {
return getDefaultKubeconfig()
}
}
}
/**
@ -32,17 +32,17 @@ export async function getKubeconfig(
* @returns Updated kubeconfig with the context
*/
export function setContext(kubeconfig: string): string {
const context: string = core.getInput("context");
if (!context) {
core.debug("Can't set context because context is unspecified.");
return kubeconfig;
}
const context: string = core.getInput('context')
if (!context) {
core.debug("Can't set context because context is unspecified.")
return kubeconfig
}
// load current kubeconfig
const kc = new KubeConfig();
kc.loadFromString(kubeconfig);
// load current kubeconfig
const kc = new KubeConfig()
kc.loadFromString(kubeconfig)
// update kubeconfig
kc.setCurrentContext(context);
return kc.exportConfig();
// update kubeconfig
kc.setCurrentContext(context)
return kc.exportConfig()
}

46
tests/expected-kubeconfig.json
View File

@ -1,27 +1,27 @@
{
"apiVersion": "v1",
"kind": "Config",
"clusters": [
{
"name": "example",
"cluster": {
"server": "http://example.com:8080",
"insecure-skip-tls-verify": false
"apiVersion": "v1",
"kind": "Config",
"clusters": [
{
"name": "example",
"cluster": {
"server": "http://example.com:8080",
"insecure-skip-tls-verify": false
}
}
}
],
"users": [],
"contexts": [
{
"name": "example",
"context": {
"cluster": "example",
"name": "example",
"user": "example",
"namespace": "example"
],
"users": [],
"contexts": [
{
"name": "example",
"context": {
"cluster": "example",
"name": "example",
"user": "example",
"namespace": "example"
}
}
}
],
"preferences": {},
"current-context": "example"
],
"preferences": {},
"current-context": "example"
}

16
tests/sample-kubeconfig.yml
View File

@ -1,12 +1,12 @@
apiVersion: v1
kind: Config
clusters:
- cluster:
server: http://example.com:8080
name: example
- cluster:
server: http://example.com:8080
name: example
contexts:
- context:
cluster: example
namespace: example
user: example
name: example
- context:
cluster: example
namespace: example
user: example
name: example

60
tests/sample-secret.yml
View File

@ -1,35 +1,35 @@
apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRWyUSUZJQ
namespace: ZGVmBXUsLdA==
token: ZXlKaGJHY2lPcUpTVXpJMU5pSX=
ca.crt: LS0tLS1CRUdJTiBDRWyUSUZJQ
namespace: ZGVmBXUsLdA==
token: ZXlKaGJHY2lPcUpTVXpJMU5pSX=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: e1414a3z-22fe-48d1-ab9e-18e4a5b91c
creationTimestamp: "2020-03-02T06:40:31Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:ca.crt: {}
f:namespace: {}
f:token: {}
f:metadata:
f:annotations:
.: {}
f:kubernetes.io/service-account.name: {}
f:kubernetes.io/service-account.uid: {}
f:type: {}
manager: kube-controller-manager
operation: Update
time: "2020-03-02T06:40:31Z"
name: default-token-bl8ra
namespace: default
resourceVersion: "278"
selfLink: /api/v1/namespaces/default/secrets/default-token-bl8ra
uid: e6d8b21b-2e3a-4606-98za-54fb44fdc
annotations:
kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: e1414a3z-22fe-48d1-ab9e-18e4a5b91c
creationTimestamp: '2020-03-02T06:40:31Z'
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:ca.crt: {}
f:namespace: {}
f:token: {}
f:metadata:
f:annotations:
.: {}
f:kubernetes.io/service-account.name: {}
f:kubernetes.io/service-account.uid: {}
f:type: {}
manager: kube-controller-manager
operation: Update
time: '2020-03-02T06:40:31Z'
name: default-token-bl8ra
namespace: default
resourceVersion: '278'
selfLink: /api/v1/namespaces/default/secrets/default-token-bl8ra
uid: e6d8b21b-2e3a-4606-98za-54fb44fdc
type: kubernetes.io/service-account-token

2
tests/util.ts
View File

@ -4,4 +4,4 @@
* @returns Error with explanation message
*/
export const getRequiredInputError = (inputName) =>
Error(`Input required and not supplied: ${inputName}`);
Error(`Input required and not supplied: ${inputName}`)

16
tsconfig.json
View File

@ -1,8 +1,8 @@
{
"compilerOptions": {
"target": "ES6",
"module": "commonjs",
"esModuleInterop": true
},
"exclude": ["node_modules", "tests", "src/**/*.test.ts"]
}
{
"compilerOptions": {
"target": "ES6",
"module": "commonjs",
"esModuleInterop": true
},
"exclude": ["node_modules", "tests", "src/**/*.test.ts"]
}