Add opts to K8s.Conn.from_file/N and K8s.Conn.from_service_account/N

mruoss · mruoss · commit bb255917cd9e · 2023-02-25T21:31:55.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Added further PATCH mechanisms - [#229](https://github.com/coryodaniel/k8s/pull/229)
+- Add `opts` to `K8s.Conn.from_file/N` and `K8s.Conn.from_service_account/N` in order to be able to pass `:insecure_skip_tls_verify` option directly. - [#230](https://github.com/coryodaniel/k8s/issues/230), [#203](https://github.com/coryodaniel/k8s/issues/203)
 
 <!--------------------- Don't add new entries after this line --------------------->
 
diff --git a/lib/k8s/conn.ex b/lib/k8s/conn.ex
@@ -76,14 +76,16 @@ defmodule K8s.Conn do
          {:ok, user} <- find_configuration(config["users"], user_name, "user"),
          cluster_name <- opts[:cluster] || context["cluster"],
          {:ok, cluster} <- find_configuration(config["clusters"], cluster_name, "cluster"),
+         insecure_skip_tls_verify <-
+           Keyword.get(opts, :insecure_skip_tls_verify, cluster["insecure-skip-tls-verify"]),
          {:ok, cert} <- PKI.cert_from_map(cluster, base_path) do
       conn = %Conn{
         cluster_name: cluster_name,
         user_name: user_name,
         url: cluster["server"],
         ca_cert: cert,
         auth: get_auth(user, base_path),
-        insecure_skip_tls_verify: cluster["insecure-skip-tls-verify"]
+        insecure_skip_tls_verify: insecure_skip_tls_verify
       }
 
       {:ok, maybe_update_defaults(conn, config)}
@@ -99,13 +101,25 @@ defmodule K8s.Conn do
 
   [kubernetes.io :: Accessing the API from a Pod](https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod)
   """
-  @spec from_service_account :: {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
+  @spec from_service_account() ::
+          {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
   def from_service_account do
-    from_service_account(@default_service_account_path)
+    from_service_account(@default_service_account_path, [])
   end
 
-  @spec from_service_account(String.t()) :: {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
-  def from_service_account(service_account_path) do
+  @spec from_service_account(opts_or_sa_path :: String.t() | Keyword.t()) ::
+          {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
+  def from_service_account(opts) when is_list(opts) do
+    from_service_account(@default_service_account_path, opts)
+  end
+
+  def from_service_account(service_account_path) when is_binary(service_account_path) do
+    from_service_account(service_account_path, [])
+  end
+
+  @spec from_service_account(service_account_path :: String.t(), opts :: Keyword.t()) ::
+          {:ok, t()} | {:error, :enoent | K8s.Conn.Error.t()}
+  def from_service_account(service_account_path, opts \\ []) do
     cert_path = Path.join(service_account_path, "ca.crt")
     token_path = Path.join(service_account_path, "token")
 
diff --git a/test/support/integration_helper.ex b/test/support/integration_helper.ex
@@ -6,10 +6,9 @@ defmodule K8s.Test.IntegrationHelper do
     {:ok, conn} =
       "TEST_KUBECONFIG"
       |> System.get_env("./integration.k3d.yaml")
-      |> K8s.Conn.from_file()
+      |> K8s.Conn.from_file(insecure_skip_tls_verify: true)
 
     struct!(conn,
-      insecure_skip_tls_verify: true,
       discovery_driver: K8s.Discovery.Driver.HTTP,
       discovery_opts: [],
       http_provider: K8s.Client.MintHTTPProvider
