diff options
| author | drew cimino <dcimino@gitlab.com> | 2019-04-04 18:24:12 +0100 |
|---|---|---|
| committer | drew cimino <dcimino@gitlab.com> | 2019-04-15 17:58:17 +0100 |
| commit | b26fd49eb731492e1eda7efddb1e267e1758997c (patch) | |
| tree | cb500304fa05fa3ff07c44efbeca17483aeacf5f | |
| parent | 95bbcf082970ae72d3bac814101803e4118db47e (diff) | |
| download | gitlab-ce-b26fd49eb731492e1eda7efddb1e267e1758997c.tar.gz | |
catching and cleanly reporting SSL errors in Ci::Config::External::Processor
| -rw-r--r-- | changelogs/unreleased/ci-lint-ssl-error.yml | 6 | ||||
| -rw-r--r-- | lib/gitlab/ci/config/external/processor.rb | 3 | ||||
| -rw-r--r-- | spec/lib/gitlab/ci/config/external/processor_spec.rb | 22 |
3 files changed, 30 insertions, 1 deletions
diff --git a/changelogs/unreleased/ci-lint-ssl-error.yml b/changelogs/unreleased/ci-lint-ssl-error.yml new file mode 100644 index 00000000000..d59b9204357 --- /dev/null +++ b/changelogs/unreleased/ci-lint-ssl-error.yml @@ -0,0 +1,6 @@ +--- +title: Catch and report OpenSSL exceptions while fetching external configuration files + in CI::Config +merge_request: 26750 +author: Drew Cimino +type: fixed diff --git a/lib/gitlab/ci/config/external/processor.rb b/lib/gitlab/ci/config/external/processor.rb index 1dd2d42016a..4a049ecae49 100644 --- a/lib/gitlab/ci/config/external/processor.rb +++ b/lib/gitlab/ci/config/external/processor.rb @@ -11,7 +11,8 @@ module Gitlab @values = values @external_files = External::Mapper.new(values, project: project, sha: sha, user: user, expandset: expandset).process @content = {} - rescue External::Mapper::Error => e + rescue External::Mapper::Error, + OpenSSL::SSL::SSLError => e raise IncludeError, e.message end diff --git a/spec/lib/gitlab/ci/config/external/processor_spec.rb b/spec/lib/gitlab/ci/config/external/processor_spec.rb index e94bb44f990..0f58a4f1d44 100644 --- a/spec/lib/gitlab/ci/config/external/processor_spec.rb +++ b/spec/lib/gitlab/ci/config/external/processor_spec.rb @@ -270,5 +270,27 @@ describe Gitlab::Ci::Config::External::Processor do end end end + + context 'when config includes an external configuration file via SSL web request' do + before do + stub_request(:get, 'https://sha256.badssl.com/fake.yml').to_return(body: 'image: ruby:2.6', status: 200) + stub_request(:get, 'https://self-signed.badssl.com/fake.yml') + .to_raise(OpenSSL::SSL::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)')) + end + + context 'with an acceptable certificate' do + let(:values) { { include: 'https://sha256.badssl.com/fake.yml' } } + + it { is_expected.to include(image: 'ruby:2.6') } + end + + context 'with a self-signed certificate' do + let(:values) { { include: 'https://self-signed.badssl.com/fake.yml' } } + + it 'returns a reportable configuration error' do + expect { subject }.to raise_error(described_class::IncludeError, /certificate verify failed/) + end + end + end end end |