Datree offline mode is still reaching out to the internet

[adamdepollo]

Describe the bug In the latest version of Datree, test commands are still reaching out to the internet even when executed in offline mode. It's attempting to hit https://gateway.staging.datree.io/cli/tokens/

To Reproduce Steps to reproduce the behavior:

1. Run command 'datree config set offline local'
2. Execute datree test, providing local schema and policy files
3. See error

Expected behavior Datree commands should not reach out to the internet with offline mode configured.

Screenshots

datree config set offline local

datree kustomize test ../projects/pingfederate/conf_yaml/base/ -s 1.23.0 --schema-location '../projects/kubernetes-json-schema/v1.23.0-standalone-strict/{{.ResourceKind}}{{.KindSuffix}}.json' --no-record --policy-config ./policies.yaml

<h3>Web Page Blocked!</h3>
<div class="notice">
    <p>The page you have requested has been blocked, because the URL is
banned.</p>
    <p>
        URL: https://gateway.staging.datree.io/cli/tokens/<br />
        <br/>URL Source: Local URLfilter Block
</p>

Desktop (please complete the following information):

• OS: Rhel7

Datree version (run datree version):

• Version: 1.7.0

Client ID (cat ~/.datree/config.yaml):

• client_id: C7VCRvHA8RRfpEZtLGLX9Z

Additional context
I am executing these commands in an airgapped environment so no outbound calls are possible.

This command still works in Datree 1.6.7. I'm not sure which version exactly this broke in.

[hadar-co]

related to: https://github.com/datreeio/datree/issues/746

[adifayer]

@adamdepollo Thank you for opening this issue, we will prioritize it soon and update here once we start developing the solution :)

[royhadad]

Here to shed some light on this issue 👋

The following command datree config set offline local only tells the Datree CLI what to do once it detects there is no internet connection. The datree CLI detects a network error, and only if one is detected will it go offline. A network error is detected in this code block

Because your network-blocking software returns a modified (and different) network error than expected, Datree does not switch to offline mode.

A quick possible patch could be to add your particular error (or some distinguishing part of it) to the errors array in the code block mentioned: Maybe "Web Page Blocked" or "blocked" (case-insensitive)? https://github.com/datreeio/datree/blob/dc462f538c4a2074d8e00ee683f238d535bcb9e7/pkg/utils/errors.go#L21

This is an open-source project, pull requests are welcomed :)

[romanlab]

@adamdepollo i noticed the url is pointing to our staging environment. How did you download the version you're using?

[adamdepollo]

@romanlab I believe I just grabbed the binary from the releases page.

@royhadad OK, thanks for that clarification. I will try to work on a pull request this week for the fix you suggested.

Though I wonder about the functionality of that offline option ... seems like there could theoretically be any number of error messages thrown depending on what network configurations folks have. Wouldn't it make more sense to just skip any outbound calls when the offline flag is on rather than wait for an error to happen?

[romanlab]

@adamdepollo It's best to download via one of our install methods but if you want to use a binary from the releases, make sure you don't use one of the -rc releases as they point to our staging environment and may be less stable to use.

[adamdepollo]

@romanlab Ah OK good to know, I think I did pull the rc one originally but unfortunately having the same issue with the stable version :(