feat: add an option to allow review app creation from forks #882
Conversation
aurelien-reeves-scalingo
changed the title
|
Will be ready once go-scalingo is done: Scalingo/go-scalingo#300 |
aurelien-reeves-scalingo
changed the title
yohann-bacha
force-pushed
the
feat/review-apps/add-option-to-enable-from-forks
branch
from
b050444
to
678c261
Compare
Signed-off-by: Yohann Bacha <[email protected]>
…ating integration links Signed-off-by: Yohann Bacha <[email protected]>
Signed-off-by: Yohann Bacha <[email protected]>
cmd/integration_link.go
Outdated
| forksAllowed := false | ||
| err = survey.AskOne(&survey.Confirm{ | ||
| Message: "Allow review apps to be created from forks:", | ||
| Help: "Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues", | ||
| Default: forksAllowed, | ||
| }, &forksAllowed, nil) |
There was a problem hiding this comment.
I like the use of io.Warning rather than the help mesage to make sure the warning is always seen. We could do the same here.
Also we could then use the same message defined in the constant reviewAppsFromForksSecurityWarning (warningSecurityMessageForAutomaticReviewAppsFromForks)
There was a problem hiding this comment.
Nice idea, it has been done
There was a problem hiding this comment.
it has been done
I don't see the change here. Am I missing something?
There was a problem hiding this comment.
Oh I got messed up, fixing it
cmd/integration_link.go
Outdated
| if forksAllowed { | ||
| io.Info("To bypass this security warning next time, you can provide the flag --aware-of-security-risks") | ||
| } |
There was a problem hiding this comment.
I would not encourage in any way to bypass a security notice. User could find that option on their own easily as it is properly documented
| if forksAllowed { | |
| io.Info("To bypass this security warning next time, you can provide the flag --aware-of-security-risks") | |
| } |
There was a problem hiding this comment.
Well, I think if the user has already told he's been aware of the security risks, we could give him the way to bypass it, because he's already aware. IMHO it would be a better experience
There was a problem hiding this comment.
I would be in favor of security over UX in such case
There was a problem hiding this comment.
Also, the option to bypass the security warning is there mainly to prevent interactive mode in non-tty environment. Not to improve UX.
There was a problem hiding this comment.
Well if you insist, I'll go with it :)
Co-authored-by: aurelien-reeves-scalingo <[email protected]>
cmd/integration_link.go
Outdated
| @@ -22,6 +22,8 @@ import ( | |||
| ) | |||
|
|
|||
| var ( | |||
| reviewAppsFromForksSecurityWarning = "Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues" | |||
There was a problem hiding this comment.
Sorry, one final request for changes: addition of a link to the documentation as suggested on slack
| reviewAppsFromForksSecurityWarning = "Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues" | |
| reviewAppsFromForksSecurityWarning = "Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues. More info here: https://doc.scalingo.com/platform/app/review-apps#addons-collaborators-and-environment-variables" |
cmd/integration_link.go
Outdated
| forksAllowed := false | ||
| err = survey.AskOne(&survey.Confirm{ | ||
| Message: "Allow review apps to be created from forks:", | ||
| Help: "Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues", | ||
| Default: forksAllowed, | ||
| }, &forksAllowed, nil) |
There was a problem hiding this comment.
it has been done
I don't see the change here. Am I missing something?
cmd/integration_link.go
Outdated
| Default: forksAllowed, | ||
| }, &forksAllowed, nil) | ||
| if err != nil { | ||
| return params, err |
There was a problem hiding this comment.
I think we try to always wrap errors into our own, using errgo.Notef for example (errgo when our custom error library is not available).
But I see here that there are other places like you did. I don't know if that was actually on purpose or not
There was a problem hiding this comment.
Well, in order to be consistent, I made this logic on all the integration_link.go file
…rity concerns as a warning Signed-off-by: Yohann Bacha <[email protected]>
cmd/integration_link.go
Outdated
| @@ -447,6 +492,19 @@ func interactiveCreate() (scalingo.SCMRepoLinkCreateParams, error) { | |||
| hoursBeforeDestroyOnStale := uint(hoursBeforeDestroyOnStale64) | |||
| params.HoursBeforeDeleteStale = &hoursBeforeDestroyOnStale | |||
| } | |||
|
|
|||
| io.Warning("Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues") | |||
There was a problem hiding this comment.
| io.Warning("Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues") | |
| io.Warning(reviewAppsFromForksSecurityWarning) |
Signed-off-by: Yohann Bacha <[email protected]>
…ink commands Signed-off-by: Yohann Bacha <[email protected]>
Signed-off-by: Yohann Bacha <[email protected]>
Signed-off-by: Yohann Bacha <[email protected]>
Signed-off-by: Yohann Bacha <[email protected]>
Signed-off-by: Yohann Bacha <[email protected]>
cmd/integration_link.go
Outdated
| if err != nil { | ||
| errorQuit(err) | ||
| } | ||
| err = c.Set("allow-review-apps-from-forks", strconv.FormatBool(stillAllowed)) |
There was a problem hiding this comment.
It appears we actually allow review apps from forks even if the user answered "No".
This is because CheckAndFillParams only checks if allow-review-apps-from-forks is set, not its actual value.
There was a problem hiding this comment.
I am still facing the exact same issue
Did you submit a fix for that one?
To reproduce:
$ ./scalingo-cli -a test-app integration-link
Application: test-app (63691985884fef00111d2a6b)
Integration: GitHub (22a2daa4-b636-41c7-8b1b-9cd10e549fa5)
Linker: aurelien-reeves-scalingo
Repository: aurelien-reeves-scalingo/review-apps-securisation
Auto Deploy: ✘
Review Apps Deploy: ✔
Destroy on Close: instantly
Destroy on Stale: ✘
Automatic creation from forks: ✘
$ ./scalingo-cli -a test-app integration-link-update --allow-review-apps-from-forks
/!\ Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues. More info here: https://doc.scalingo.com/platform/app/review-apps#addons-collaborators-and-environment-variables
? Are your sure? No
-----> Your app 'test-app' integration link has been updated.
$ ./scalingo-cli -a test-app integration-link
Application: test-app (63691985884fef00111d2a6b)
Integration: GitHub (22a2daa4-b636-41c7-8b1b-9cd10e549fa5)
Linker: aurelien-reeves-scalingo
Repository: aurelien-reeves-scalingo/review-apps-securisation
Auto Deploy: ✘
Review Apps Deploy: ✔
Destroy on Close: instantly
Destroy on Stale: ✘
Automatic creation from forks: ✔
We can see that the answer "No" to the update request did not prevent the update to be done
There was a problem hiding this comment.
The "are you sure?" message still feels weird. We may find a way to improve it.
At the moment it looks like that:
$ scalingo -a test-app integration-link-create --allow-review-apps-from-forks https://github.com/aurelien-reeves-scalingo/review-apps-securisation
/!\ Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues. More info here: https://doc.scalingo.com/platform/app/review-apps#addons-collaborators-and-environment-variables
? Are your sure? (y/N)
We may find a way to make it look more like that:
$ scalingo -a test-app integration-link-create --allow-review-apps-from-forks https://github.com/aurelien-reeves-scalingo/review-apps-securisation
/!\ Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues. More info here: https://doc.scalingo.com/platform/app/review-apps#addons-collaborators-and-environment-variables
? Allow review apps from forks: (y/N)
Signed-off-by: Yohann Bacha <[email protected]>
…areness Signed-off-by: Yohann Bacha <[email protected]>
There was a problem hiding this comment.
I am still facing the issue when I am answering "No" to the confirmation, but the update is still done.
Also, the changes requested here seems to still be missing
cmd/integration_link.go
Outdated
| if err != nil { | ||
| errorQuit(err) | ||
| } | ||
| err = c.Set("allow-review-apps-from-forks", strconv.FormatBool(stillAllowed)) |
There was a problem hiding this comment.
I am still facing the exact same issue
Did you submit a fix for that one?
To reproduce:
$ ./scalingo-cli -a test-app integration-link
Application: test-app (63691985884fef00111d2a6b)
Integration: GitHub (22a2daa4-b636-41c7-8b1b-9cd10e549fa5)
Linker: aurelien-reeves-scalingo
Repository: aurelien-reeves-scalingo/review-apps-securisation
Auto Deploy: ✘
Review Apps Deploy: ✔
Destroy on Close: instantly
Destroy on Stale: ✘
Automatic creation from forks: ✘
$ ./scalingo-cli -a test-app integration-link-update --allow-review-apps-from-forks
/!\ Only allow automatic review apps deployments from forks if you trust the owners of those forks, as this could lead to security issues. More info here: https://doc.scalingo.com/platform/app/review-apps#addons-collaborators-and-environment-variables
? Are your sure? No
-----> Your app 'test-app' integration link has been updated.
$ ./scalingo-cli -a test-app integration-link
Application: test-app (63691985884fef00111d2a6b)
Integration: GitHub (22a2daa4-b636-41c7-8b1b-9cd10e549fa5)
Linker: aurelien-reeves-scalingo
Repository: aurelien-reeves-scalingo/review-apps-securisation
Auto Deploy: ✘
Review Apps Deploy: ✔
Destroy on Close: instantly
Destroy on Stale: ✘
Automatic creation from forks: ✔
We can see that the answer "No" to the update request did not prevent the update to be done
Signed-off-by: Yohann Bacha <[email protected]>
|
@aurelien-reeves-scalingo can you merge and release this week? |
yohann-bacha
deleted the
feat/review-apps/add-option-to-enable-from-forks
branch
I'll release it tomorrow 👌 |
contributes to https://github.com/Scalingo/project-items/issues/68
depends on Scalingo/go-scalingo#300
need to do a
go mod vendorafter Scalingo/go-scalingo#300 before merging this