search

ManageIQ / kubeclient

A Ruby client for Kubernetes REST API
MIT License
416 stars 166 forks source link

Delete kubeclient gem default certificates #501

Closed chaitrahegde115 closed 3 years ago

chaitrahegde115 commented 3 years ago

Hi, I have installed kubeclient gem in td-agent. This gem has installed default certificates in test/config/ folder. From https://github.com/abonas/kubeclient/issues/499 I got to know it is used for running unit tests and also the certificates are expired. Having default certificates bundled in a gem is a security risk. Can these certificates be deleted while bundling the gem so that the default certificates are not bundled with kubeclient gem?

cben commented 3 years ago

They are not "default certificates", they are just unused test files, but fair enough. Turns out the gem includes the whole test/ directory, which I think is ~useful~ EDIT: useless? https://stackoverflow.com/questions/18871541/what-is-the-purpose-of-test-files-configuration-in-a-gemspec

File: kubeclient.gemspec
  ...
  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
$ tar tvf data.tar.gz  # from kubeclient-4.9.1.gem
-rw-r--r-- wheel/wheel     142 2020-08-31 12:36 .gitignore
-rw-r--r-- wheel/wheel     864 2020-08-31 12:36 .rubocop.yml
-rw-r--r-- wheel/wheel     495 2020-08-31 12:36 .travis.yml
-rw-r--r-- wheel/wheel    8733 2020-08-31 12:36 CHANGELOG.md
-rw-r--r-- wheel/wheel     208 2020-08-31 12:36 Gemfile
-rw-r--r-- wheel/wheel    1069 2020-08-31 12:36 LICENSE.txt
-rw-r--r-- wheel/wheel   33647 2020-08-31 12:36 README.md
-rw-r--r-- wheel/wheel    1873 2020-08-31 12:36 RELEASING.md
-rw-r--r-- wheel/wheel     191 2020-08-31 12:36 Rakefile
-rw-r--r-- wheel/wheel    1553 2020-08-31 12:36 kubeclient.gemspec
-rw-r--r-- wheel/wheel     774 2020-08-31 12:36 lib/kubeclient.rb
-rw-r--r-- wheel/wheel    1680 2020-08-31 12:36 lib/kubeclient/aws_eks_credentials.rb
-rw-r--r-- wheel/wheel   24236 2020-08-31 12:36 lib/kubeclient/common.rb
-rw-r--r-- wheel/wheel    6167 2020-08-31 12:36 lib/kubeclient/config.rb
-rw-r--r-- wheel/wheel     483 2020-08-31 12:36 lib/kubeclient/entity_list.rb
-rw-r--r-- wheel/wheel    2676 2020-08-31 12:36 lib/kubeclient/exec_credentials.rb
-rw-r--r-- wheel/wheel     506 2020-08-31 12:36 lib/kubeclient/gcp_auth_provider.rb
-rw-r--r-- wheel/wheel     713 2020-08-31 12:36 lib/kubeclient/gcp_command_credentials.rb
-rw-r--r-- wheel/wheel     986 2020-08-31 12:36 lib/kubeclient/google_application_default_credentials.rb
-rw-r--r-- wheel/wheel     657 2020-08-31 12:36 lib/kubeclient/http_error.rb
-rw-r--r-- wheel/wheel    3408 2020-08-31 12:36 lib/kubeclient/missing_kind_compatibility.rb
-rw-r--r-- wheel/wheel    1933 2020-08-31 12:36 lib/kubeclient/oidc_auth_provider.rb
-rw-r--r-- wheel/wheel     268 2020-08-31 12:36 lib/kubeclient/resource.rb
-rw-r--r-- wheel/wheel      70 2020-08-31 12:36 lib/kubeclient/resource_not_found_error.rb
-rw-r--r-- wheel/wheel      78 2020-08-31 12:36 lib/kubeclient/version.rb
-rw-r--r-- wheel/wheel    2594 2020-08-31 12:36 lib/kubeclient/watch_stream.rb
-rw-r--r-- wheel/wheel   33232 2020-08-31 12:36 test/cassettes/kubernetes_guestbook.yml
-rw-r--r-- wheel/wheel    5670 2020-08-31 12:36 test/config/allinone.kubeconfig
-rw-r--r-- wheel/wheel    1865 2020-08-31 12:36 test/config/execauth.kubeconfig
-rw-r--r-- wheel/wheel    1070 2020-08-31 12:36 test/config/external-ca.pem
-rw-r--r-- wheel/wheel    1151 2020-08-31 12:36 test/config/external-cert.pem
-rw-r--r-- wheel/wheel    1679 2020-08-31 12:36 test/config/external-key.rsa
-rw-r--r-- wheel/wheel     499 2020-08-31 12:36 test/config/external.kubeconfig
-rw-r--r-- wheel/wheel     510 2020-08-31 12:36 test/config/gcpauth.kubeconfig
-rw-r--r-- wheel/wheel     682 2020-08-31 12:36 test/config/gcpcmdauth.kubeconfig
-rw-r--r-- wheel/wheel     338 2020-08-31 12:36 test/config/nouser.kubeconfig
-rw-r--r-- wheel/wheel     590 2020-08-31 12:36 test/config/oidcauth.kubeconfig
-rw-r--r-- wheel/wheel     773 2020-08-31 12:36 test/config/timestamps.kubeconfig
-rw-r--r-- wheel/wheel     646 2020-08-31 12:36 test/config/userauth.kubeconfig
-rw-r--r-- wheel/wheel     206 2020-08-31 12:36 test/json/bindings_list.json
-rw-r--r-- wheel/wheel     337 2020-08-31 12:36 test/json/component_status.json
-rw-r--r-- wheel/wheel    1279 2020-08-31 12:36 test/json/component_status_list.json
-rw-r--r-- wheel/wheel   12743 2020-08-31 12:36 test/json/config.istio.io_api_resource_list.json
-rw-r--r-- wheel/wheel     154 2020-08-31 12:36 test/json/config_map_list.json
-rw-r--r-- wheel/wheel    3490 2020-08-31 12:36 test/json/core_api_resource_list.json
-rw-r--r-- wheel/wheel    2233 2020-08-31 12:36 test/json/core_api_resource_list_without_kind.json
-rw-r--r-- wheel/wheel    3503 2020-08-31 12:36 test/json/core_oapi_resource_list_without_kind.json
-rw-r--r-- wheel/wheel     554 2020-08-31 12:36 test/json/created_endpoint.json
-rw-r--r-- wheel/wheel     326 2020-08-31 12:36 test/json/created_namespace.json
-rw-r--r-- wheel/wheel     395 2020-08-31 12:36 test/json/created_secret.json
-rw-r--r-- wheel/wheel    1613 2020-08-31 12:36 test/json/created_security_context_constraint.json
-rw-r--r-- wheel/wheel     776 2020-08-31 12:36 test/json/created_service.json
-rw-r--r-- wheel/wheel     146 2020-08-31 12:36 test/json/empty_pod_list.json
-rw-r--r-- wheel/wheel    1164 2020-08-31 12:36 test/json/endpoint_list.json
-rw-r--r-- wheel/wheel    1780 2020-08-31 12:36 test/json/entity_list.json
-rw-r--r-- wheel/wheel    1201 2020-08-31 12:36 test/json/event_list.json
-rw-r--r-- wheel/wheel    4009 2020-08-31 12:36 test/json/extensions_v1beta1_api_resource_list.json
-rw-r--r-- wheel/wheel     496 2020-08-31 12:36 test/json/limit_range.json
-rw-r--r-- wheel/wheel     723 2020-08-31 12:36 test/json/limit_range_list.json
-rw-r--r-- wheel/wheel     334 2020-08-31 12:36 test/json/namespace.json
-rw-r--r-- wheel/wheel     185 2020-08-31 12:36 test/json/namespace_exception.json
-rw-r--r-- wheel/wheel     924 2020-08-31 12:36 test/json/namespace_list.json
-rw-r--r-- wheel/wheel     806 2020-08-31 12:36 test/json/node.json
-rw-r--r-- wheel/wheel    1145 2020-08-31 12:36 test/json/node_list.json
-rw-r--r-- wheel/wheel    5173 2020-08-31 12:36 test/json/node_notice.json
-rw-r--r-- wheel/wheel     812 2020-08-31 12:36 test/json/persistent_volume.json
-rw-r--r-- wheel/wheel     655 2020-08-31 12:36 test/json/persistent_volume_claim.json
-rw-r--r-- wheel/wheel     901 2020-08-31 12:36 test/json/persistent_volume_claim_list.json
-rw-r--r-- wheel/wheel     167 2020-08-31 12:36 test/json/persistent_volume_claims_nil_items.json
-rw-r--r-- wheel/wheel    1073 2020-08-31 12:36 test/json/persistent_volume_list.json
-rw-r--r-- wheel/wheel    2862 2020-08-31 12:36 test/json/pod.json
-rw-r--r-- wheel/wheel    2784 2020-08-31 12:36 test/json/pod_list.json
-rw-r--r-- wheel/wheel     158 2020-08-31 12:36 test/json/pod_template_list.json
-rw-r--r-- wheel/wheel    7375 2020-08-31 12:36 test/json/pods_1.json
-rw-r--r-- wheel/wheel    3310 2020-08-31 12:36 test/json/pods_2.json
-rw-r--r-- wheel/wheel     246 2020-08-31 12:36 test/json/pods_410.json
-rw-r--r-- wheel/wheel     563 2020-08-31 12:36 test/json/processed_template.json
-rw-r--r-- wheel/wheel    1640 2020-08-31 12:36 test/json/replication_controller.json
-rw-r--r-- wheel/wheel    2413 2020-08-31 12:36 test/json/replication_controller_list.json
-rw-r--r-- wheel/wheel    1057 2020-08-31 12:36 test/json/resource_quota.json
-rw-r--r-- wheel/wheel    1379 2020-08-31 12:36 test/json/resource_quota_list.json
-rw-r--r-- wheel/wheel    1162 2020-08-31 12:36 test/json/secret_list.json
-rw-r--r-- wheel/wheel    1400 2020-08-31 12:36 test/json/security.openshift.io_api_resource_list.json
-rw-r--r-- wheel/wheel   11239 2020-08-31 12:36 test/json/security_context_constraint_list.json
-rw-r--r-- wheel/wheel     840 2020-08-31 12:36 test/json/service.json
-rw-r--r-- wheel/wheel     607 2020-08-31 12:36 test/json/service_account.json
-rw-r--r-- wheel/wheel    2519 2020-08-31 12:36 test/json/service_account_list.json
-rw-r--r-- wheel/wheel      19 2020-08-31 12:36 test/json/service_illegal_json_404.json
-rw-r--r-- wheel/wheel     470 2020-08-31 12:36 test/json/service_json_patch.json
-rw-r--r-- wheel/wheel    3113 2020-08-31 12:36 test/json/service_list.json
-rw-r--r-- wheel/wheel     466 2020-08-31 12:36 test/json/service_merge_patch.json
-rw-r--r-- wheel/wheel     442 2020-08-31 12:36 test/json/service_patch.json
-rw-r--r-- wheel/wheel     430 2020-08-31 12:36 test/json/service_update.json
-rw-r--r-- wheel/wheel     725 2020-08-31 12:36 test/json/template.json
-rw-r--r-- wheel/wheel    1416 2020-08-31 12:36 test/json/template.openshift.io_api_resource_list.json
-rw-r--r-- wheel/wheel     881 2020-08-31 12:36 test/json/template_list.json
-rw-r--r-- wheel/wheel      60 2020-08-31 12:36 test/json/versions_list.json
-rw-r--r-- wheel/wheel    2251 2020-08-31 12:36 test/json/watch_stream.json
-rw-r--r-- wheel/wheel    3293 2020-08-31 12:36 test/test_common.rb
-rw-r--r-- wheel/wheel    7369 2020-08-31 12:36 test/test_common_url_handling.rb
-rw-r--r-- wheel/wheel     912 2020-08-31 12:36 test/test_component_status.rb
-rw-r--r-- wheel/wheel    9205 2020-08-31 12:36 test/test_config.rb
-rw-r--r-- wheel/wheel    2205 2020-08-31 12:36 test/test_endpoint.rb
-rw-r--r-- wheel/wheel    5845 2020-08-31 12:36 test/test_exec_credentials.rb
-rw-r--r-- wheel/wheel     837 2020-08-31 12:36 test/test_gcp_command_credentials.rb
-rw-r--r-- wheel/wheel     475 2020-08-31 12:36 test/test_google_application_default_credentials.rb
-rw-r--r-- wheel/wheel    7569 2020-08-31 12:36 test/test_guestbook_go.rb
-rw-r--r-- wheel/wheel     557 2020-08-31 12:36 test/test_helper.rb
-rw-r--r-- wheel/wheel   29309 2020-08-31 12:36 test/test_kubeclient.rb
-rw-r--r-- wheel/wheel     852 2020-08-31 12:36 test/test_limit_range.rb
-rw-r--r-- wheel/wheel    3380 2020-08-31 12:36 test/test_missing_methods.rb
-rw-r--r-- wheel/wheel    1964 2020-08-31 12:36 test/test_namespace.rb
-rw-r--r-- wheel/wheel    2050 2020-08-31 12:36 test/test_node.rb
-rw-r--r-- wheel/wheel    3464 2020-08-31 12:36 test/test_oidc_auth_provider.rb
-rw-r--r-- wheel/wheel     841 2020-08-31 12:36 test/test_persistent_volume.rb
-rw-r--r-- wheel/wheel     907 2020-08-31 12:36 test/test_persistent_volume_claim.rb
-rw-r--r-- wheel/wheel    2233 2020-08-31 12:36 test/test_pod.rb
-rw-r--r-- wheel/wheel    5752 2020-08-31 12:36 test/test_pod_log.rb
-rw-r--r-- wheel/wheel    3321 2020-08-31 12:36 test/test_process_template.rb
-rw-r--r-- wheel/wheel    1880 2020-08-31 12:36 test/test_replication_controller.rb
-rw-r--r-- wheel/wheel    2064 2020-08-31 12:36 test/test_resource_list_without_kind.rb
-rw-r--r-- wheel/wheel     779 2020-08-31 12:36 test/test_resource_quota.rb
-rw-r--r-- wheel/wheel    2193 2020-08-31 12:36 test/test_secret.rb
-rw-r--r-- wheel/wheel    2833 2020-08-31 12:36 test/test_security_context_constraint.rb
-rw-r--r-- wheel/wheel   12041 2020-08-31 12:36 test/test_service.rb
-rw-r--r-- wheel/wheel     908 2020-08-31 12:36 test/test_service_account.rb
-rw-r--r-- wheel/wheel    5832 2020-08-31 12:36 test/test_watch.rb
-rw-r--r-- wheel/wheel     125 2020-08-31 12:36 test/txt/pod_log.txt
-rw-r--r-- wheel/wheel      12 2020-08-31 12:36 test/valid_token_file
cben commented 3 years ago

(I meant useless. Thanks for reporting this.)

cben commented 3 years ago

Released 4.9.2 without the test/ folder.