Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete kubeclient gem default certificates #501

Closed
chaitrahegde115 opened this issue May 10, 2021 · 3 comments · Fixed by #502
Closed

Delete kubeclient gem default certificates #501

chaitrahegde115 opened this issue May 10, 2021 · 3 comments · Fixed by #502

Comments

@chaitrahegde115
Copy link

Hi,
I have installed kubeclient gem in td-agent. This gem has installed default certificates in test/config/ folder. From #499 I got to know it is used for running unit tests and also the certificates are expired. Having default certificates bundled in a gem is a security risk. Can these certificates be deleted while bundling the gem so that the default certificates are not bundled with kubeclient gem?
@cben
Copy link
Collaborator

cben commented May 11, 2021
edited
Loading

They are not "default certificates", they are just unused test files, but fair enough.
Turns out the gem includes the whole test/ directory, which I think is useful EDIT: useless?
https://stackoverflow.com/questions/18871541/what-is-the-purpose-of-test-files-configuration-in-a-gemspec

File: kubeclient.gemspec
  ...
  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})

$ tar tvf data.tar.gz  # from kubeclient-4.9.1.gem
-rw-r--r-- wheel/wheel     142 2020-08-31 12:36 .gitignore
-rw-r--r-- wheel/wheel     864 2020-08-31 12:36 .rubocop.yml
-rw-r--r-- wheel/wheel     495 2020-08-31 12:36 .travis.yml
-rw-r--r-- wheel/wheel    8733 2020-08-31 12:36 CHANGELOG.md
-rw-r--r-- wheel/wheel     208 2020-08-31 12:36 Gemfile
-rw-r--r-- wheel/wheel    1069 2020-08-31 12:36 LICENSE.txt
-rw-r--r-- wheel/wheel   33647 2020-08-31 12:36 README.md
-rw-r--r-- wheel/wheel    1873 2020-08-31 12:36 RELEASING.md
-rw-r--r-- wheel/wheel     191 2020-08-31 12:36 Rakefile
-rw-r--r-- wheel/wheel    1553 2020-08-31 12:36 kubeclient.gemspec
-rw-r--r-- wheel/wheel     774 2020-08-31 12:36 lib/kubeclient.rb
-rw-r--r-- wheel/wheel    1680 2020-08-31 12:36 lib/kubeclient/aws_eks_credentials.rb
-rw-r--r-- wheel/wheel   24236 2020-08-31 12:36 lib/kubeclient/common.rb
-rw-r--r-- wheel/wheel    6167 2020-08-31 12:36 lib/kubeclient/config.rb
-rw-r--r-- wheel/wheel     483 2020-08-31 12:36 lib/kubeclient/entity_list.rb
-rw-r--r-- wheel/wheel    2676 2020-08-31 12:36 lib/kubeclient/exec_credentials.rb
-rw-r--r-- wheel/wheel     506 2020-08-31 12:36 lib/kubeclient/gcp_auth_provider.rb
-rw-r--r-- wheel/wheel     713 2020-08-31 12:36 lib/kubeclient/gcp_command_credentials.rb
-rw-r--r-- wheel/wheel     986 2020-08-31 12:36 lib/kubeclient/google_application_default_credentials.rb
-rw-r--r-- wheel/wheel     657 2020-08-31 12:36 lib/kubeclient/http_error.rb
-rw-r--r-- wheel/wheel    3408 2020-08-31 12:36 lib/kubeclient/missing_kind_compatibility.rb
-rw-r--r-- wheel/wheel    1933 2020-08-31 12:36 lib/kubeclient/oidc_auth_provider.rb
-rw-r--r-- wheel/wheel     268 2020-08-31 12:36 lib/kubeclient/resource.rb
-rw-r--r-- wheel/wheel      70 2020-08-31 12:36 lib/kubeclient/resource_not_found_error.rb
-rw-r--r-- wheel/wheel      78 2020-08-31 12:36 lib/kubeclient/version.rb
-rw-r--r-- wheel/wheel    2594 2020-08-31 12:36 lib/kubeclient/watch_stream.rb
-rw-r--r-- wheel/wheel   33232 2020-08-31 12:36 test/cassettes/kubernetes_guestbook.yml
-rw-r--r-- wheel/wheel    5670 2020-08-31 12:36 test/config/allinone.kubeconfig
-rw-r--r-- wheel/wheel    1865 2020-08-31 12:36 test/config/execauth.kubeconfig
-rw-r--r-- wheel/wheel    1070 2020-08-31 12:36 test/config/external-ca.pem
-rw-r--r-- wheel/wheel    1151 2020-08-31 12:36 test/config/external-cert.pem
-rw-r--r-- wheel/wheel    1679 2020-08-31 12:36 test/config/external-key.rsa
-rw-r--r-- wheel/wheel     499 2020-08-31 12:36 test/config/external.kubeconfig
-rw-r--r-- wheel/wheel     510 2020-08-31 12:36 test/config/gcpauth.kubeconfig
-rw-r--r-- wheel/wheel     682 2020-08-31 12:36 test/config/gcpcmdauth.kubeconfig
-rw-r--r-- wheel/wheel     338 2020-08-31 12:36 test/config/nouser.kubeconfig
-rw-r--r-- wheel/wheel     590 2020-08-31 12:36 test/config/oidcauth.kubeconfig
-rw-r--r-- wheel/wheel     773 2020-08-31 12:36 test/config/timestamps.kubeconfig
-rw-r--r-- wheel/wheel     646 2020-08-31 12:36 test/config/userauth.kubeconfig
-rw-r--r-- wheel/wheel     206 2020-08-31 12:36 test/json/bindings_list.json
-rw-r--r-- wheel/wheel     337 2020-08-31 12:36 test/json/component_status.json
-rw-r--r-- wheel/wheel    1279 2020-08-31 12:36 test/json/component_status_list.json
-rw-r--r-- wheel/wheel   12743 2020-08-31 12:36 test/json/config.istio.io_api_resource_list.json
-rw-r--r-- wheel/wheel     154 2020-08-31 12:36 test/json/config_map_list.json
-rw-r--r-- wheel/wheel    3490 2020-08-31 12:36 test/json/core_api_resource_list.json
-rw-r--r-- wheel/wheel    2233 2020-08-31 12:36 test/json/core_api_resource_list_without_kind.json
-rw-r--r-- wheel/wheel    3503 2020-08-31 12:36 test/json/core_oapi_resource_list_without_kind.json
-rw-r--r-- wheel/wheel     554 2020-08-31 12:36 test/json/created_endpoint.json
-rw-r--r-- wheel/wheel     326 2020-08-31 12:36 test/json/created_namespace.json
-rw-r--r-- wheel/wheel     395 2020-08-31 12:36 test/json/created_secret.json
-rw-r--r-- wheel/wheel    1613 2020-08-31 12:36 test/json/created_security_context_constraint.json
-rw-r--r-- wheel/wheel     776 2020-08-31 12:36 test/json/created_service.json
-rw-r--r-- wheel/wheel     146 2020-08-31 12:36 test/json/empty_pod_list.json
-rw-r--r-- wheel/wheel    1164 2020-08-31 12:36 test/json/endpoint_list.json
-rw-r--r-- wheel/wheel    1780 2020-08-31 12:36 test/json/entity_list.json
-rw-r--r-- wheel/wheel    1201 2020-08-31 12:36 test/json/event_list.json
-rw-r--r-- wheel/wheel    4009 2020-08-31 12:36 test/json/extensions_v1beta1_api_resource_list.json
-rw-r--r-- wheel/wheel     496 2020-08-31 12:36 test/json/limit_range.json
-rw-r--r-- wheel/wheel     723 2020-08-31 12:36 test/json/limit_range_list.json
-rw-r--r-- wheel/wheel     334 2020-08-31 12:36 test/json/namespace.json
-rw-r--r-- wheel/wheel     185 2020-08-31 12:36 test/json/namespace_exception.json
-rw-r--r-- wheel/wheel     924 2020-08-31 12:36 test/json/namespace_list.json
-rw-r--r-- wheel/wheel     806 2020-08-31 12:36 test/json/node.json
-rw-r--r-- wheel/wheel    1145 2020-08-31 12:36 test/json/node_list.json
-rw-r--r-- wheel/wheel    5173 2020-08-31 12:36 test/json/node_notice.json
-rw-r--r-- wheel/wheel     812 2020-08-31 12:36 test/json/persistent_volume.json
-rw-r--r-- wheel/wheel     655 2020-08-31 12:36 test/json/persistent_volume_claim.json
-rw-r--r-- wheel/wheel     901 2020-08-31 12:36 test/json/persistent_volume_claim_list.json
-rw-r--r-- wheel/wheel     167 2020-08-31 12:36 test/json/persistent_volume_claims_nil_items.json
-rw-r--r-- wheel/wheel    1073 2020-08-31 12:36 test/json/persistent_volume_list.json
-rw-r--r-- wheel/wheel    2862 2020-08-31 12:36 test/json/pod.json
-rw-r--r-- wheel/wheel    2784 2020-08-31 12:36 test/json/pod_list.json
-rw-r--r-- wheel/wheel     158 2020-08-31 12:36 test/json/pod_template_list.json
-rw-r--r-- wheel/wheel    7375 2020-08-31 12:36 test/json/pods_1.json
-rw-r--r-- wheel/wheel    3310 2020-08-31 12:36 test/json/pods_2.json
-rw-r--r-- wheel/wheel     246 2020-08-31 12:36 test/json/pods_410.json
-rw-r--r-- wheel/wheel     563 2020-08-31 12:36 test/json/processed_template.json
-rw-r--r-- wheel/wheel    1640 2020-08-31 12:36 test/json/replication_controller.json
-rw-r--r-- wheel/wheel    2413 2020-08-31 12:36 test/json/replication_controller_list.json
-rw-r--r-- wheel/wheel    1057 2020-08-31 12:36 test/json/resource_quota.json
-rw-r--r-- wheel/wheel    1379 2020-08-31 12:36 test/json/resource_quota_list.json
-rw-r--r-- wheel/wheel    1162 2020-08-31 12:36 test/json/secret_list.json
-rw-r--r-- wheel/wheel    1400 2020-08-31 12:36 test/json/security.openshift.io_api_resource_list.json
-rw-r--r-- wheel/wheel   11239 2020-08-31 12:36 test/json/security_context_constraint_list.json
-rw-r--r-- wheel/wheel     840 2020-08-31 12:36 test/json/service.json
-rw-r--r-- wheel/wheel     607 2020-08-31 12:36 test/json/service_account.json
-rw-r--r-- wheel/wheel    2519 2020-08-31 12:36 test/json/service_account_list.json
-rw-r--r-- wheel/wheel      19 2020-08-31 12:36 test/json/service_illegal_json_404.json
-rw-r--r-- wheel/wheel     470 2020-08-31 12:36 test/json/service_json_patch.json
-rw-r--r-- wheel/wheel    3113 2020-08-31 12:36 test/json/service_list.json
-rw-r--r-- wheel/wheel     466 2020-08-31 12:36 test/json/service_merge_patch.json
-rw-r--r-- wheel/wheel     442 2020-08-31 12:36 test/json/service_patch.json
-rw-r--r-- wheel/wheel     430 2020-08-31 12:36 test/json/service_update.json
-rw-r--r-- wheel/wheel     725 2020-08-31 12:36 test/json/template.json
-rw-r--r-- wheel/wheel    1416 2020-08-31 12:36 test/json/template.openshift.io_api_resource_list.json
-rw-r--r-- wheel/wheel     881 2020-08-31 12:36 test/json/template_list.json
-rw-r--r-- wheel/wheel      60 2020-08-31 12:36 test/json/versions_list.json
-rw-r--r-- wheel/wheel    2251 2020-08-31 12:36 test/json/watch_stream.json
-rw-r--r-- wheel/wheel    3293 2020-08-31 12:36 test/test_common.rb
-rw-r--r-- wheel/wheel    7369 2020-08-31 12:36 test/test_common_url_handling.rb
-rw-r--r-- wheel/wheel     912 2020-08-31 12:36 test/test_component_status.rb
-rw-r--r-- wheel/wheel    9205 2020-08-31 12:36 test/test_config.rb
-rw-r--r-- wheel/wheel    2205 2020-08-31 12:36 test/test_endpoint.rb
-rw-r--r-- wheel/wheel    5845 2020-08-31 12:36 test/test_exec_credentials.rb
-rw-r--r-- wheel/wheel     837 2020-08-31 12:36 test/test_gcp_command_credentials.rb
-rw-r--r-- wheel/wheel     475 2020-08-31 12:36 test/test_google_application_default_credentials.rb
-rw-r--r-- wheel/wheel    7569 2020-08-31 12:36 test/test_guestbook_go.rb
-rw-r--r-- wheel/wheel     557 2020-08-31 12:36 test/test_helper.rb
-rw-r--r-- wheel/wheel   29309 2020-08-31 12:36 test/test_kubeclient.rb
-rw-r--r-- wheel/wheel     852 2020-08-31 12:36 test/test_limit_range.rb
-rw-r--r-- wheel/wheel    3380 2020-08-31 12:36 test/test_missing_methods.rb
-rw-r--r-- wheel/wheel    1964 2020-08-31 12:36 test/test_namespace.rb
-rw-r--r-- wheel/wheel    2050 2020-08-31 12:36 test/test_node.rb
-rw-r--r-- wheel/wheel    3464 2020-08-31 12:36 test/test_oidc_auth_provider.rb
-rw-r--r-- wheel/wheel     841 2020-08-31 12:36 test/test_persistent_volume.rb
-rw-r--r-- wheel/wheel     907 2020-08-31 12:36 test/test_persistent_volume_claim.rb
-rw-r--r-- wheel/wheel    2233 2020-08-31 12:36 test/test_pod.rb
-rw-r--r-- wheel/wheel    5752 2020-08-31 12:36 test/test_pod_log.rb
-rw-r--r-- wheel/wheel    3321 2020-08-31 12:36 test/test_process_template.rb
-rw-r--r-- wheel/wheel    1880 2020-08-31 12:36 test/test_replication_controller.rb
-rw-r--r-- wheel/wheel    2064 2020-08-31 12:36 test/test_resource_list_without_kind.rb
-rw-r--r-- wheel/wheel     779 2020-08-31 12:36 test/test_resource_quota.rb
-rw-r--r-- wheel/wheel    2193 2020-08-31 12:36 test/test_secret.rb
-rw-r--r-- wheel/wheel    2833 2020-08-31 12:36 test/test_security_context_constraint.rb
-rw-r--r-- wheel/wheel   12041 2020-08-31 12:36 test/test_service.rb
-rw-r--r-- wheel/wheel     908 2020-08-31 12:36 test/test_service_account.rb
-rw-r--r-- wheel/wheel    5832 2020-08-31 12:36 test/test_watch.rb
-rw-r--r-- wheel/wheel     125 2020-08-31 12:36 test/txt/pod_log.txt
-rw-r--r-- wheel/wheel      12 2020-08-31 12:36 test/valid_token_file

@cben
Copy link
Collaborator

cben commented May 11, 2021

(I meant useless. Thanks for reporting this.)

@cben cben mentioned this issue May 11, 2021
Merged
@cben
Copy link
Collaborator

cben commented May 30, 2021

Released 4.9.2 without the test/ folder.

@cben cben closed this as completed May 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Omit test/ dir from built .gem (v4.y branch) cben/kubeclient
2 participants
@cben @chaitrahegde115