Closed Pluggi closed 1 year ago
Thanks for pointing this out. What if the scripts were pulled from a ref hash instead of master? This ensures that one version of tfo only uses one script version by default.
It really should be in the image. Alternatively, start a tiny web-server that can serve these default scripts. It also has the problem of relying on github being online (e.g. yesterday github was down and all of our changes failed)
Good points @davhdavh . I'll see what the best option for a default built into the image will look like. I don't think a server is better than GitHub because keeping uptime just ins't in my schedule at the moment :). Thanks for your input.
Yeah using a webserver to serve those files is equally as bad in terms of uptime/attack surface.
You should just ship it in the binary, and create a ConfigMap with it for every TFO resource, just as if it was a user-provided script for taskOptions.script.configMapSelector
.
Hello,
I was trying to specify a custom script to run my terraform and found this piece of code that downloads bash scripts from your Github which is then executed in the container
https://github.com/GalleyBytes/terraform-operator/blob/c41c38ee4a376c4e34c5cd4c883e1ffe04d16ad6/pkg/controllers/terraform_controller.go#L390-L408
I think this is a big security risk and should be removed.
If you push a buggy commit to master, it could potentially break lots of terraform code, delete infrastructure, etc. An attacker that gets access to your account could also retrieve credentials of any tfo user and get access to their infrastructure.