Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove direct use of DefaultTransport #1221

Merged
merged 1 commit into from
May 20, 2020
Merged

Remove direct use of DefaultTransport #1221

merged 1 commit into from
May 20, 2020

Conversation

antechrestos
Copy link
Contributor

@antechrestos antechrestos commented May 4, 2020
edited
Loading

Description

Using DefaultTransport and manipulating its TLS configuration may lead to unexpected behaviour. For example, lets say at one moment, for a given registry that was asked to disable TLS validation we use default transport, then after that call every TLS uses of default transport will be disabled.

The only remaining use is in Warm method (file warm.go) but I think this use is only used in warmer image.

In this change I centralized the previous work done to clone DefaultTransport object on every needs and only after apply configuration to it.

To go deeper I think it might be interesting to provide in this new module a function allowing to configure once and for all the transport creation at the beginning of the program (right after the parameter reading) and remove every references to kaniko options when they are only needed to get transport configuration. I did not do this in this change as I think it should be discussed.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes unit tests
  • Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

  • The code flow looks good.
  • Unit tests and or integration tests added.

@googlebot googlebot added the cla: yes CLA signed by all commit authors label May 4, 2020
@tejal29
Copy link
Member

tejal29 commented May 19, 2020

@antechrestos Thank you for this Pr. This is definitely more secure approach.
Can you please rebase your PR?

@antechrestos antechrestos force-pushed the refactoring/default_transport branch from a42b072 to 1116a0c Compare May 20, 2020 09:30
@antechrestos
Remove use of DefaultTransport
2f6090d 
Using DefaultTransport and manipulating its tls configuration may lead to unexpected behaviour
@antechrestos antechrestos force-pushed the refactoring/default_transport branch from 1116a0c to 2f6090d Compare May 20, 2020 09:43
@antechrestos
Copy link
Contributor Author

@tejal29 done

I did not put the NewRetry everywhere and kept it in the push section

@tejal29
Copy link
Member

tejal29 commented May 20, 2020

Thanks!

@tejal29 tejal29 merged commit d86e09b into GoogleContainerTools:master May 20, 2020
@antechrestos antechrestos deleted the refactoring/default_transport branch May 24, 2020 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tejal29 tejal29 tejal29 approved these changes

Assignees
No one assigned
Labels
cla: yes CLA signed by all commit authors
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@antechrestos @tejal29 @googlebot