diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2019-01-10 02:26:40 +0300 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2019-01-25 06:48:37 +0300 |
| commit | f234aef9943ec7ccd3e30e55d6cd0acd114e6c29 (patch) | |
| tree | 5244711fc7893968465d2a703fd4b53503d78a9b /config | |
| parent | e4dc22e330388df385b64815f12d7c51dd97635f (diff) | |
Use http_max_redirects opt to replace monkeypatch
http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
The monkey-patch was global so we will have to check that all instances
of Kubeclient::Client are handled.
Spec all methods of KubeClient
This should provide better confidence that we are indeed disallowing
redirection in all cases
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/kubeclient.rb | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/config/initializers/kubeclient.rb b/config/initializers/kubeclient.rb deleted file mode 100644 index f8fe1156aaa..00000000000 --- a/config/initializers/kubeclient.rb +++ /dev/null @@ -1,22 +0,0 @@ -class Kubeclient::Client - # Monkey patch to set `max_redirects: 0`, so that kubeclient - # does not follow redirects and expose internal services. - # See https://gitlab.com/gitlab-org/gitlab-ce/issues/53158 - def create_rest_client(path = nil) - path ||= @api_endpoint.path - options = { - ssl_ca_file: @ssl_options[:ca_file], - ssl_cert_store: @ssl_options[:cert_store], - verify_ssl: @ssl_options[:verify_ssl], - ssl_client_cert: @ssl_options[:client_cert], - ssl_client_key: @ssl_options[:client_key], - proxy: @http_proxy_uri, - user: @auth_options[:username], - password: @auth_options[:password], - open_timeout: @timeouts[:open], - read_timeout: @timeouts[:read], - max_redirects: 0 - } - RestClient::Resource.new(@api_endpoint.merge(path).to_s, options) - end -end |