diff options
| author | Kamil Trzciński <ayufan@ayufan.eu> | 2019-04-16 07:32:32 +0000 |
|---|---|---|
| committer | Kamil Trzciński <ayufan@ayufan.eu> | 2019-04-16 07:32:32 +0000 |
| commit | 78a50fd30cda9e7f255d2cc0cdbd92a08f77d7c6 (patch) | |
| tree | b09ec953cd2020bac439f132ab537b2d6d3bede3 | |
| parent | 378698475462aa6bf40b14f8593a36a325a6b769 (diff) | |
| parent | b26fd49eb731492e1eda7efddb1e267e1758997c (diff) | |
| download | gitlab-ce-78a50fd30cda9e7f255d2cc0cdbd92a08f77d7c6.tar.gz | |
Merge branch 'ci-lint-ssl-error' into 'master'
Reporting SSL certificate verify errors in CI external config
See merge request gitlab-org/gitlab-ce!26750
| -rw-r--r-- | changelogs/unreleased/ci-lint-ssl-error.yml | 6 | ||||
| -rw-r--r-- | lib/gitlab/ci/config/external/processor.rb | 3 | ||||
| -rw-r--r-- | spec/lib/gitlab/ci/config/external/processor_spec.rb | 22 |
3 files changed, 30 insertions, 1 deletions
diff --git a/changelogs/unreleased/ci-lint-ssl-error.yml b/changelogs/unreleased/ci-lint-ssl-error.yml new file mode 100644 index 00000000000..d59b9204357 --- /dev/null +++ b/changelogs/unreleased/ci-lint-ssl-error.yml @@ -0,0 +1,6 @@ +--- +title: Catch and report OpenSSL exceptions while fetching external configuration files + in CI::Config +merge_request: 26750 +author: Drew Cimino +type: fixed diff --git a/lib/gitlab/ci/config/external/processor.rb b/lib/gitlab/ci/config/external/processor.rb index 1dd2d42016a..4a049ecae49 100644 --- a/lib/gitlab/ci/config/external/processor.rb +++ b/lib/gitlab/ci/config/external/processor.rb @@ -11,7 +11,8 @@ module Gitlab @values = values @external_files = External::Mapper.new(values, project: project, sha: sha, user: user, expandset: expandset).process @content = {} - rescue External::Mapper::Error => e + rescue External::Mapper::Error, + OpenSSL::SSL::SSLError => e raise IncludeError, e.message end diff --git a/spec/lib/gitlab/ci/config/external/processor_spec.rb b/spec/lib/gitlab/ci/config/external/processor_spec.rb index e94bb44f990..0f58a4f1d44 100644 --- a/spec/lib/gitlab/ci/config/external/processor_spec.rb +++ b/spec/lib/gitlab/ci/config/external/processor_spec.rb @@ -270,5 +270,27 @@ describe Gitlab::Ci::Config::External::Processor do end end end + + context 'when config includes an external configuration file via SSL web request' do + before do + stub_request(:get, 'https://sha256.badssl.com/fake.yml').to_return(body: 'image: ruby:2.6', status: 200) + stub_request(:get, 'https://self-signed.badssl.com/fake.yml') + .to_raise(OpenSSL::SSL::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)')) + end + + context 'with an acceptable certificate' do + let(:values) { { include: 'https://sha256.badssl.com/fake.yml' } } + + it { is_expected.to include(image: 'ruby:2.6') } + end + + context 'with a self-signed certificate' do + let(:values) { { include: 'https://self-signed.badssl.com/fake.yml' } } + + it 'returns a reportable configuration error' do + expect { subject }.to raise_error(described_class::IncludeError, /certificate verify failed/) + end + end + end end end |