Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security notice to be shown after install and upgrade #316

Merged
merged 6 commits into from
Aug 28, 2019
Merged

Add security notice to be shown after install and upgrade #316

merged 6 commits into from
Aug 28, 2019

Conversation

corneliusweig
Copy link
Contributor

Close #315

For example, when running krew install konfig, this will print:

Updated the local copy of plugin index.
Installing plugin: konfig
CAVEATS:
\
 |  Usage:
 |    $ kubectl konfig import --save new-cfg
 |    $ kubectl konfig merge kubeconfig1 kubeconfig2 > merged
 |    $ kubectl konfig export ctx1 ctx2 -k k8s.yaml,k3s.yaml > extracted
 |  
 |  Documentation:
 |    $ kubectl konfig help
 |    or https://github.com/corneliusweig/konfig/blob/v0.2.2/doc/USAGE.md#usage
/
Installed plugin: konfig

>> Plugins do not undergo any kind of security validation.
>> Please keep in mind that you are running these plugins at your own risk.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 22, 2019
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 22, 2019
@codecov-io
Copy link

codecov-io commented Aug 22, 2019
edited

Codecov Report

Merging #316 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff           @@
##           master    #316   +/-   ##
======================================
  Coverage    57.3%   57.3%           
======================================
  Files          19      19           
  Lines         904     904           
======================================
  Hits          518     518           
  Misses        335     335           
  Partials       51      51

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 555b305...812bbc9. Read the comment docs.

@ahmetb
Copy link
Member

ahmetb commented Aug 22, 2019

Do you mind integrating fatih/colors for colors and bold styles?

We can iterate on the fine print as well.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 26, 2019
@corneliusweig
Copy link
Contributor Author

@ahmetb Sorry for the delay. I think it's a good idea to have colors, however I'd also keep special line markers for terminals without colors. Can you take another look?

ahmetb
ahmetb reviewed Aug 26, 2019
View reviewed changes
cmd/krew/cmd/install.go Outdated Show resolved Hide resolved
ahmetb
ahmetb reviewed Aug 27, 2019
View reviewed changes
cmd/krew/cmd/install.go Outdated Show resolved Hide resolved
ahmetb
ahmetb reviewed Aug 27, 2019
View reviewed changes
cmd/krew/cmd/install.go Outdated
@@ -132,7 +134,10 @@ Remarks:
}
fmt.Fprintf(os.Stderr, "Installed plugin: %s\n", plugin.Name)
}
if len(failed) > 0 {
if len(failed)+len(skipped) < len(install) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm what if we printed it per-plugin?

like, move it up to where we do "Installed plugin: %s"?

ahmetb
ahmetb reviewed Aug 27, 2019
View reviewed changes
cmd/krew/cmd/upgrade.go
@@ -70,6 +76,7 @@ kubectl krew upgrade foo bar"`,
if err != nil {
return errors.Wrapf(err, "failed to upgrade plugin %q", plugin.Name)
}
printSecurityNotice = true
fmt.Fprintf(os.Stderr, "Upgraded plugin: %s\n", plugin.Name)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto here, I think it would be good to print warning per-plugin + right away once it's upgraded.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, makes sense and simplifies things a little.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 27, 2019
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 27, 2019
ahmetb
ahmetb reviewed Aug 27, 2019
View reviewed changes
cmd/krew/cmd/internal/security_notice.go
@@ -0,0 +1,31 @@
// Copyright 2019 The Kubernetes Authors.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fwiw I think often internal is not a direct package name. It's usually like internal/abc where abc is package name. Similarly you don't need to create a new package just for this.

@ahmetb
Copy link
Member

ahmetb commented Aug 28, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 28, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahmetb, corneliusweig

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ahmetb,corneliusweig]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 798fe49 into kubernetes-sigs:master Aug 28, 2019
@ahmetb ahmetb mentioned this pull request Dec 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmetb ahmetb ahmetb left review comments

@soltysh soltysh Awaiting requested review from soltysh

Assignees

@ahmetb ahmetb

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add post-install disclaimer about plugin security
4 participants
@corneliusweig @codecov-io @ahmetb @k8s-ci-robot