Use http_max_redirects opt to replace monkeypatch

http_max_redirects was introduced in 4.2.2, so upgrade kubeclient. The monkey-patch was global so we will have to check that all instances of Kubeclient::Client are handled. Spec all methods of KubeClient This should provide better confidence that we are indeed disallowing redirection in all cases
author: Thong Kuah <tkuah@gitlab.com> 2019-01-10 12:26:40 +1300
committer: Thong Kuah <tkuah@gitlab.com> 2019-01-25 16:48:37 +1300
commit: f234aef9943ec7ccd3e30e55d6cd0acd114e6c29 (patch)
tree: 5244711fc7893968465d2a703fd4b53503d78a9b /lib
parent: e4dc22e330388df385b64815f12d7c51dd97635f (diff)
download: gitlab-ce-f234aef9943ec7ccd3e30e55d6cd0acd114e6c29.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb
index fe839940f74..624c2c67551 100644
--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -76,9 +76,12 @@ module Gitlab
 
       attr_reader :api_prefix, :kubeclient_options
 
+      # We disable redirects through 'http_max_redirects: 0',
+      # so that KubeClient does not follow redirects and
+      # expose internal services.
       def initialize(api_prefix, **kubeclient_options)
         @api_prefix = api_prefix
-        @kubeclient_options = kubeclient_options
+        @kubeclient_options = kubeclient_options.merge(http_max_redirects: 0)
       end
 
       def create_or_update_cluster_role_binding(resource)
author	Thong Kuah <tkuah@gitlab.com>	2019-01-10 12:26:40 +1300
committer	Thong Kuah <tkuah@gitlab.com>	2019-01-25 16:48:37 +1300
commit	f234aef9943ec7ccd3e30e55d6cd0acd114e6c29 (patch)
tree	5244711fc7893968465d2a703fd4b53503d78a9b /lib
parent	e4dc22e330388df385b64815f12d7c51dd97635f (diff)
download	gitlab-ce-f234aef9943ec7ccd3e30e55d6cd0acd114e6c29.tar.gz