Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 1880: Adds ability to disable certificate validation in pullrequest resource #1881

Merged
merged 1 commit into from
Jan 22, 2020
Merged

Issue 1880: Adds ability to disable certificate validation in pullrequest resource #1881

merged 1 commit into from
Jan 22, 2020

Conversation

dibbles
Copy link
Member

@dibbles dibbles commented Jan 16, 2020

Changes

Fixes Issue #1880 by adding the ability to disable certificate validation in the client interacting with the git server performing actions related to the use of the pipeline resource of type pullrequest.

To disable, user specifies sslVerify parameter in their resource with value set to "false". Value is true by default.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Double check this list of stuff that's easy to miss:

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

Users are now able to disable certificate validation in the client that is used to perform actions for the pull request pipeline resource.  To disable certificate validation, the user specifies the sslVerify parameter in their pipeline resource with the value set to "false".  Value is true by default.

@googlebot googlebot added the cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit label Jan 16, 2020
@tekton-robot tekton-robot requested review from bobcatfish and a user January 16, 2020 10:26
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jan 16, 2020
@dibbles
Copy link
Member Author

dibbles commented Jan 16, 2020

/test pull-tekton-pipeline-integration-tests

@chmouel
Copy link
Member

chmouel commented Jan 16, 2020

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2020
ghost
ghost reviewed Jan 16, 2020
View reviewed changes
cmd/pullrequest-init/main.go Outdated Show resolved Hide resolved
pkg/apis/pipeline/v1alpha1/pull_request_resource.go Outdated Show resolved Hide resolved
@ghost
Copy link

ghost commented Jan 16, 2020

/cc @wlynch

@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2020
@ghost
Copy link

ghost commented Jan 16, 2020

Looks like lint errors:

I0116 15:45:09.958] ===============================
I0116 15:45:09.958] ==== RUNNING GOLANGCI-LINT ====
I0116 15:45:09.958] ===============================
I0116 15:45:55.656] pkg/apis/pipeline/v1alpha1/pull_request_resource.go:67:3: ifElseChain: rewrite if-else to switch statement (gocritic)
I0116 15:45:55.657] 		if strings.EqualFold(param.Name, "URL") {
I0116 15:45:55.658] 		^
I0116 15:45:55.658] pkg/pullrequest/scm.go:28: File is not `goimports`-ed (goimports)
I0116 15:45:55.658] 	"crypto/tls"
I0116 15:45:55.659] pkg/pullrequest/scm_test.go:20: File is not `goimports`-ed (goimports)
I0116 15:45:55.659] 	"go.uber.org/zap"
I0116 15:45:55.660] 	"go.uber.org/zap/zaptest/observer"
I0116 15:45:55.660] cmd/pullrequest-init/main.go:21: File is not `goimports`-ed (goimports)
I0116 15:45:55.660] 	"fmt"
I0116 15:45:55.661] pkg/pullrequest/scm.go:95: G402: TLS InsecureSkipVerify may be true. (gosec)
I0116 15:45:55.661] 					TLSClientConfig: &tls.Config{InsecureSkipVerify: !sslVerify},
I0116 15:45:55.662] pkg/pullrequest/scm.go:102: G402: TLS InsecureSkipVerify may be true. (gosec)
I0116 15:45:55.662] 				TLSClientConfig: &tls.Config{InsecureSkipVerify: !sslVerify},
I0116 15:45:55.662] pkg/pullrequest/scm.go:148: G402: TLS InsecureSkipVerify may be true. (gosec)
I0116 15:45:55.663] 					TLSClientConfig: &tls.Config{InsecureSkipVerify: !sslVerify},

@dibbles
Copy link
Member Author

dibbles commented Jan 16, 2020
edited
Loading

Linter fixes added ..... added ignore for TLS linter issue as the ability to run insecure is exactly what this code provides and I think the G402 is just stipulating that this could be a security problem.

@dibbles dibbles requested a review from a user January 17, 2020 09:10
@vdemeester vdemeester added this to the Pipelines 0.10 🐱 milestone Jan 17, 2020
ghost
ghost reviewed Jan 17, 2020
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i have one more comment but otherwise this code is ready to go imo

cmd/pullrequest-init/main.go Outdated Show resolved Hide resolved
@dibbles
Issue 1880: Adds the ability to disable the certificate validation in…
3c2ee1f 
… the

client interacting with the git server performing actions
related to the use of the pipeline resource of type pullrequest.

To disable, user specifies insecure-skip-tls-verify parameter in their resource
with value set to "true".  Value is false by default.
@dibbles dibbles requested a review from a user January 21, 2020 09:22
@ghost
Copy link

ghost commented Jan 21, 2020

/lgtm

@tekton-robot tekton-robot assigned ghost Jan 21, 2020
@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 21, 2020
vdemeester
vdemeester approved these changes Jan 22, 2020
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/meow

@tekton-robot
Copy link
Collaborator

@vdemeester: cat image

In response to this:

/meow

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 22, 2020
@tekton-robot tekton-robot merged commit 2973b6e into tektoncd:master Jan 22, 2020
@dibyom dibyom mentioned this pull request Mar 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdemeester vdemeester vdemeester approved these changes

@bobcatfish bobcatfish Awaiting requested review from bobcatfish

@wlynch wlynch Awaiting requested review from wlynch

Assignees

@chmouel chmouel

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
Pipelines 0.10 🐱
Development

Successfully merging this pull request may close these issues.
5 participants
@dibbles @chmouel @tekton-robot @vdemeester @googlebot