* debian/patches/revert-k8s-changes-in-2.1.6.patch: This reverts some

Kubernetes-related changes in 2.1.6 that likely lead to unit test
    failures.

debian/changelog

@@ -8,6 +8,9 @@ patroni (2.1.6-1) UNRELEASED; urgency=medium
   * debian/patches/acceptance_tests_reenable_etcdv2.patch: New patch,
     re-enables V2 API on etcd-3.4 and later. 
   * debian/tests/control: Add etcd3 behave test. 
+  * debian/patches/revert-k8s-changes-in-2.1.6.patch: This reverts some
+    Kubernetes-related changes in 2.1.6 that likely lead to unit test
+    failures.
 
  -- Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>  Mon, 02 Jan 2023 09:21:16 +0100
 

debian/patches/revert-k8s-changes-in-2.1.6.patch

@@ -0,0 +1,139 @@
+--- patroni-2.1.6.orig/features/environment.py
++++ patroni-2.1.6/features/environment.py
+@@ -508,10 +508,10 @@ class KubernetesController(AbstractDcsCo
+         self._label_selector = ','.join('{0}={1}'.format(k, v) for k, v in self._labels.items())
+         os.environ['PATRONI_KUBERNETES_LABELS'] = json.dumps(self._labels)
+         os.environ['PATRONI_KUBERNETES_USE_ENDPOINTS'] = 'true'
+-        os.environ.setdefault('PATRONI_KUBERNETES_BYPASS_API_SERVICE', 'true')
++        os.environ['PATRONI_KUBERNETES_BYPASS_API_SERVICE'] = 'true'
+ 
+         from patroni.dcs.kubernetes import k8s_client, k8s_config
+-        k8s_config.load_kube_config(context=os.environ.setdefault('PATRONI_KUBERNETES_CONTEXT', 'kind-kind'))
++        k8s_config.load_kube_config(context='local')
+         self._client = k8s_client
+         self._api = self._client.CoreV1Api()
+ 
+--- patroni-2.1.6.orig/patroni/dcs/kubernetes.py
++++ patroni-2.1.6/patroni/dcs/kubernetes.py
+@@ -1,5 +1,3 @@
+-import atexit
+-import base64
+ import datetime
+ import functools
+ import json
+@@ -9,7 +7,6 @@ import random
+ import socket
+ import six
+ import sys
+-import tempfile
+ import time
+ import urllib3
+ import yaml
+@@ -31,34 +28,12 @@ SERVICE_HOST_ENV_NAME = 'KUBERNETES_SERV
+ SERVICE_PORT_ENV_NAME = 'KUBERNETES_SERVICE_PORT'
+ SERVICE_TOKEN_FILENAME = '/var/run/secrets/kubernetes.io/serviceaccount/token'
+ SERVICE_CERT_FILENAME = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+-__temp_files = []
+ 
+ 
+ class KubernetesError(DCSError):
+     pass
+ 
+ 
+-def _cleanup_temp_files():
+-    global __temp_files
+-    for temp_file in __temp_files:
+-        try:
+-            os.remove(temp_file)
+-        except OSError:
+-            pass
+-    __temp_files = []
+-
+-
+-def _create_temp_file(content):
+-    if len(__temp_files) == 0:
+-        atexit.register(_cleanup_temp_files)
+-
+-    fd, name = tempfile.mkstemp()
+-    os.write(fd, content)
+-    os.close(fd)
+-    __temp_files.append(name)
+-    return name
+-
+-
+ # this function does the same mapping of snake_case => camelCase for > 97% of cases as autogenerated swagger code
+ def to_camel_case(value):
+     reserved = {'api', 'apiv3', 'cidr', 'cpu', 'csi', 'id', 'io', 'ip', 'ipc', 'pid', 'tls', 'uri', 'url', 'uuid'}
+@@ -118,13 +93,6 @@ class K8sConfig(object):
+             if c['name'] == name:
+                 return c[section]
+ 
+-    def _pool_config_from_file_or_data(self, config, file_key_name, pool_key_name):
+-        data_key_name = file_key_name + '-data'
+-        if data_key_name in config:
+-            self.pool_config[pool_key_name] = _create_temp_file(base64.b64decode(config[data_key_name]))
+-        elif file_key_name in config:
+-            self.pool_config[pool_key_name] = config[file_key_name]
+-
+     def load_kube_config(self, context=None):
+         with open(os.path.expanduser(KUBE_CONFIG_DEFAULT_LOCATION)) as f:
+             config = yaml.safe_load(f)
+@@ -135,9 +103,10 @@ class K8sConfig(object):
+ 
+         self._server = cluster['server'].rstrip('/')
+         if self._server.startswith('https'):
+-            self._pool_config_from_file_or_data(user, 'client-certificate', 'cert_file')
+-            self._pool_config_from_file_or_data(user, 'client-key', 'key_file')
+-            self._pool_config_from_file_or_data(cluster, 'certificate-authority', 'ca_certs')
++            self.pool_config.update({v: user[k] for k, v in {'client-certificate': 'cert_file',
++                                                             'client-key': 'key_file'}.items() if k in user})
++            if 'certificate-authority' in cluster:
++                self.pool_config['ca_certs'] = cluster['certificate-authority']
+             self.pool_config['cert_reqs'] = 'CERT_NONE' if cluster.get('insecure-skip-tls-verify') else 'CERT_REQUIRED'
+         if user.get('token'):
+             self._make_headers(token=user['token'])
+@@ -702,7 +671,7 @@ class Kubernetes(AbstractDCS):
+         try:
+             k8s_config.load_incluster_config(ca_certs=self._ca_certs)
+         except k8s_config.ConfigException:
+-            k8s_config.load_kube_config(context=config.get('context', 'kind-kind'))
++            k8s_config.load_kube_config(context=config.get('context', 'local'))
+ 
+         self.__my_pod = None
+         self.__ips = [] if config.get('patronictl') else [config.get('pod_ip')]
+--- patroni-2.1.6.orig/tests/test_kubernetes.py
++++ patroni-2.1.6/tests/test_kubernetes.py
+@@ -1,11 +1,10 @@
+-import base64
+ import datetime
+ import json
+ import socket
+ import time
+ import unittest
+ 
+-from mock import call, Mock, PropertyMock, mock_open, patch
++from mock import Mock, PropertyMock, mock_open, patch
+ from patroni.dcs.kubernetes import k8s_client, k8s_config, K8sConfig, K8sConnectionFailed,\
+         K8sException, K8sObject, Kubernetes, KubernetesError, KubernetesRetriableException,\
+         Retry, RetryFailedError, SERVICE_HOST_ENV_NAME, SERVICE_PORT_ENV_NAME
+@@ -122,20 +121,6 @@ class TestK8sConfig(unittest.TestCase):
+             k8s_config.load_kube_config()
+             self.assertEqual(k8s_config.headers.get('authorization'), 'Bearer token')
+ 
+-        config["users"][0]["user"]["client-key-data"] = base64.b64encode(b'foobar').decode('utf-8')
+-        config["clusters"][0]["cluster"]["certificate-authority-data"] = base64.b64encode(b'foobar').decode('utf-8')
+-        with patch.object(builtins, 'open', mock_open(read_data=json.dumps(config))),\
+-                patch('os.write', Mock()), patch('os.close', Mock()),\
+-                patch('os.remove') as mock_remove,\
+-                patch('atexit.register') as mock_atexit,\
+-                patch('tempfile.mkstemp') as mock_mkstemp:
+-            mock_mkstemp.side_effect = [(3, '1.tmp'), (4, '2.tmp')]
+-            k8s_config.load_kube_config()
+-            mock_atexit.assert_called_once()
+-            mock_remove.side_effect = OSError
+-            mock_atexit.call_args[0][0]()  # call _cleanup_temp_files
+-            mock_remove.assert_has_calls([call('1.tmp'), call('2.tmp')])
+-
+ 
+ @patch('urllib3.PoolManager.request')
+ class TestApiClient(unittest.TestCase):

debian/patches/series

@@ -5,3 +5,4 @@ offline_intersphinx.patch
 requirements_cdiff.patch
 avoid_overwriting_configuration_during_boostrap.patch
 acceptance_tests_reenable_etcdv2.patch
+revert-k8s-changes-in-2.1.6.patch