Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security notice to be shown after install and upgrade #316

Merged

Conversation

@corneliusweig
Copy link
Contributor

commented Aug 22, 2019

Close #315

For example, when running krew install konfig, this will print:

Updated the local copy of plugin index.
Installing plugin: konfig
CAVEATS:
\
 |  Usage:
 |    $ kubectl konfig import --save new-cfg
 |    $ kubectl konfig merge kubeconfig1 kubeconfig2 > merged
 |    $ kubectl konfig export ctx1 ctx2 -k k8s.yaml,k3s.yaml > extracted
 |  
 |  Documentation:
 |    $ kubectl konfig help
 |    or https://github.com/corneliusweig/konfig/blob/v0.2.2/doc/USAGE.md#usage
/
Installed plugin: konfig

>> Plugins do not undergo any kind of security validation.
>> Please keep in mind that you are running these plugins at your own risk.

@k8s-ci-robot k8s-ci-robot requested review from ahmetb and soltysh Aug 22, 2019

@corneliusweig corneliusweig force-pushed the corneliusweig:pr/krew-remove-windows branch from a03d6e1 to e7d2a07 Aug 22, 2019

@codecov-io

This comment has been minimized.

Copy link

commented Aug 22, 2019

Codecov Report

Merging #316 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff           @@
##           master    #316   +/-   ##
======================================
  Coverage    57.3%   57.3%           
======================================
  Files          19      19           
  Lines         904     904           
======================================
  Hits          518     518           
  Misses        335     335           
  Partials       51      51

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 555b305...812bbc9. Read the comment docs.

@ahmetb

This comment has been minimized.

Copy link
Member

commented Aug 22, 2019

Do you mind integrating fatih/colors for colors and bold styles?

We can iterate on the fine print as well.

@k8s-ci-robot k8s-ci-robot added size/M and removed size/S labels Aug 26, 2019

@corneliusweig corneliusweig force-pushed the corneliusweig:pr/krew-remove-windows branch from e247905 to c99da3d Aug 26, 2019

@corneliusweig

This comment has been minimized.

Copy link
Contributor Author

commented Aug 26, 2019

@ahmetb Sorry for the delay. I think it's a good idea to have colors, however I'd also keep special line markers for terminals without colors. Can you take another look?

cmd/krew/cmd/install.go Outdated Show resolved Hide resolved
cmd/krew/cmd/install.go Outdated Show resolved Hide resolved
@@ -132,7 +134,10 @@ Remarks:
}
fmt.Fprintf(os.Stderr, "Installed plugin: %s\n", plugin.Name)
}
if len(failed) > 0 {
if len(failed)+len(skipped) < len(install) {

This comment has been minimized.

Copy link
@ahmetb

ahmetb Aug 27, 2019

Member

hmm what if we printed it per-plugin?

like, move it up to where we do "Installed plugin: %s"?

@@ -70,6 +76,7 @@ kubectl krew upgrade foo bar"`,
if err != nil {
return errors.Wrapf(err, "failed to upgrade plugin %q", plugin.Name)
}
printSecurityNotice = true
fmt.Fprintf(os.Stderr, "Upgraded plugin: %s\n", plugin.Name)

This comment has been minimized.

Copy link
@ahmetb

ahmetb Aug 27, 2019

Member

ditto here, I think it would be good to print warning per-plugin + right away once it's upgraded.

This comment has been minimized.

Copy link
@corneliusweig

corneliusweig Aug 27, 2019

Author Contributor

Yeah, makes sense and simplifies things a little.

@corneliusweig corneliusweig force-pushed the corneliusweig:pr/krew-remove-windows branch from 7c2ffe9 to 812bbc9 Aug 27, 2019

@@ -0,0 +1,31 @@
// Copyright 2019 The Kubernetes Authors.

This comment has been minimized.

Copy link
@ahmetb

ahmetb Aug 27, 2019

Member

fwiw I think often internal is not a direct package name. It's usually like internal/abc where abc is package name. Similarly you don't need to create a new package just for this.

@ahmetb

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

/lgtm
/approve

@k8s-ci-robot

This comment has been minimized.

Copy link

commented Aug 28, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahmetb, corneliusweig

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ahmetb,corneliusweig]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 798fe49 into kubernetes-sigs:master Aug 28, 2019

2 of 3 checks passed

tide Not mergeable. Needs lgtm label.
Details
cla/linuxfoundation corneliusweig authorized
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.