msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

Merge pull request #8779 from bacongobbler/use-warning

Browse Source 
use warning function
pull/8791/head
Matthew Fisher 5 years ago committed by GitHub
parent 367277afc2 92c4bda184
commit 03a1e8e03c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File

2
cmd/helm/registry_login.go
Unescape View File

@ -104,7 +104,7 @@ func getUsernamePassword(usernameOpt string, passwordOpt string, passwordFromStd
} }
} }
} else { } else {
fmt.Fprintln(os.Stderr, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.") warning("Using --password via the CLI is insecure. Use --password-stdin.")
} }
return username, password, nil return username, password, nil

2
cmd/helm/root.go
Unescape View File

@ -205,7 +205,7 @@ func newRootCmd(actionConfig *action.Configuration, out io.Writer, args []string
loadPlugins(cmd, out) loadPlugins(cmd, out)
// Check permissions on critical files // Check permissions on critical files
checkPerms(out) checkPerms()
return cmd, nil return cmd, nil
} }

8
cmd/helm/root_unix.go
Unescape View File

@ -19,14 +19,12 @@ limitations under the License.
package main package main
import ( import (
"fmt"
"io"
"os" "os"
"os/user" "os/user"
"path/filepath" "path/filepath"
) )
func checkPerms(out io.Writer) { func checkPerms() {
// This function MUST NOT FAIL, as it is just a check for a common permissions problem. // This function MUST NOT FAIL, as it is just a check for a common permissions problem.
// If for some reason the function hits a stopping condition, it may panic. But only if // If for some reason the function hits a stopping condition, it may panic. But only if
// we can be sure that it is panicing because Helm cannot proceed. // we can be sure that it is panicing because Helm cannot proceed.
@ -52,9 +50,9 @@ func checkPerms(out io.Writer) {
perm := fi.Mode().Perm() perm := fi.Mode().Perm()
if perm&0040 > 0 { if perm&0040 > 0 {
fmt.Fprintf(out, "WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: %s\n", kc) warning("Kubernetes configuration file is group-readable. This is insecure. Location: %s", kc)
} }
if perm&0004 > 0 { if perm&0004 > 0 {
fmt.Fprintf(out, "WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: %s\n", kc) warning("Kubernetes configuration file is world-readable. This is insecure. Location: %s", kc)
} }
} }

33
cmd/helm/root_unix_test.go
Unescape View File

@ -19,7 +19,7 @@ limitations under the License.
package main package main
import ( import (
"bytes" "bufio"
"io/ioutil" "io/ioutil"
"os" "os"
"path/filepath" "path/filepath"
@ -28,6 +28,14 @@ import (
) )
func TestCheckPerms(t *testing.T) { func TestCheckPerms(t *testing.T) {
// NOTE(bacongobbler): have to open a new file handler here as the default os.Sterr cannot be read from
stderr, err := os.Open("/dev/stderr")
if err != nil {
t.Fatalf("could not open /dev/stderr for reading: %s", err)
}
defer stderr.Close()
reader := bufio.NewReader(stderr)
tdir, err := ioutil.TempDir("", "helmtest") tdir, err := ioutil.TempDir("", "helmtest")
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
@ -43,21 +51,26 @@ func TestCheckPerms(t *testing.T) {
settings.KubeConfig = tfile settings.KubeConfig = tfile
defer func() { settings.KubeConfig = tconfig }() defer func() { settings.KubeConfig = tconfig }()
var b bytes.Buffer checkPerms()
checkPerms(&b) text, err := reader.ReadString('\n')
if err != nil {
t.Fatalf("could not read from stderr: %s", err)
}
expectPrefix := "WARNING: Kubernetes configuration file is group-readable. This is insecure. Location:" expectPrefix := "WARNING: Kubernetes configuration file is group-readable. This is insecure. Location:"
if !strings.HasPrefix(b.String(), expectPrefix) { if !strings.HasPrefix(text, expectPrefix) {
t.Errorf("Expected to get a warning for group perms. Got %q", b.String()) t.Errorf("Expected to get a warning for group perms. Got %q", text)
} }
if err := fh.Chmod(0404); err != nil { if err := fh.Chmod(0404); err != nil {
t.Errorf("Could not change mode on file: %s", err) t.Errorf("Could not change mode on file: %s", err)
} }
b.Reset() checkPerms()
checkPerms(&b) text, err = reader.ReadString('\n')
if err != nil {
t.Fatalf("could not read from stderr: %s", err)
}
expectPrefix = "WARNING: Kubernetes configuration file is world-readable. This is insecure. Location:" expectPrefix = "WARNING: Kubernetes configuration file is world-readable. This is insecure. Location:"
if !strings.HasPrefix(b.String(), expectPrefix) { if !strings.HasPrefix(text, expectPrefix) {
t.Errorf("Expected to get a warning for world perms. Got %q", b.String()) t.Errorf("Expected to get a warning for world perms. Got %q", text)
} }
} }

2
cmd/helm/root_windows.go
Unescape View File

@ -18,7 +18,7 @@ package main
import "io" import "io"
func checkPerms(out io.Writer) { func checkPerms() {
// Not yet implemented on Windows. If you know how to do a comprehensive perms // Not yet implemented on Windows. If you know how to do a comprehensive perms
// check on Windows, contributions welcomed! // check on Windows, contributions welcomed!
} }

3
cmd/helm/search_repo.go
Unescape View File

@ -22,7 +22,6 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"os"
"path/filepath" "path/filepath"
"strings" "strings"
@ -184,7 +183,7 @@ func (o *searchRepoOptions) buildIndex() (*search.Index, error) {
f := filepath.Join(o.repoCacheDir, helmpath.CacheIndexFile(n)) f := filepath.Join(o.repoCacheDir, helmpath.CacheIndexFile(n))
ind, err := repo.LoadIndexFile(f) ind, err := repo.LoadIndexFile(f)
if err != nil { if err != nil {
fmt.Fprintf(os.Stderr, "WARNING: Repo %q is corrupt or missing. Try 'helm repo update'.", n) warning("Repo %q is corrupt or missing. Try 'helm repo update'.", n)
continue continue
} }

Write Preview
Loading…
Cancel
Save