diff options
| author | Thong Kuah <tkuah@gitlab.com> | 2019-01-10 02:26:40 +0300 |
|---|---|---|
| committer | Thong Kuah <tkuah@gitlab.com> | 2019-01-25 06:48:37 +0300 |
| commit | f234aef9943ec7ccd3e30e55d6cd0acd114e6c29 (patch) | |
| tree | 5244711fc7893968465d2a703fd4b53503d78a9b /lib/gitlab/kubernetes | |
| parent | e4dc22e330388df385b64815f12d7c51dd97635f (diff) | |
Use http_max_redirects opt to replace monkeypatch
http_max_redirects was introduced in 4.2.2, so upgrade kubeclient.
The monkey-patch was global so we will have to check that all instances
of Kubeclient::Client are handled.
Spec all methods of KubeClient
This should provide better confidence that we are indeed disallowing
redirection in all cases
Diffstat (limited to 'lib/gitlab/kubernetes')
| -rw-r--r-- | lib/gitlab/kubernetes/kube_client.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb index fe839940f74..624c2c67551 100644 --- a/lib/gitlab/kubernetes/kube_client.rb +++ b/lib/gitlab/kubernetes/kube_client.rb @@ -76,9 +76,12 @@ module Gitlab attr_reader :api_prefix, :kubeclient_options + # We disable redirects through 'http_max_redirects: 0', + # so that KubeClient does not follow redirects and + # expose internal services. def initialize(api_prefix, **kubeclient_options) @api_prefix = api_prefix - @kubeclient_options = kubeclient_options + @kubeclient_options = kubeclient_options.merge(http_max_redirects: 0) end def create_or_update_cluster_role_binding(resource) |