Test-infra: updateconfig: use a local clone to retrieve files, not the GitHub API

Created on 16 Oct 2019  路  8Comments  路  Source: kubernetes/test-infra

In the updateconfig plugin, we need to fetch the content of files before we upload them to the cluster inside of ConfigMaps. To encapsulate this behavior, we have an interface:

https://github.com/kubernetes/test-infra/blob/f63737a069e07158d0d98d2d0399fe00d0df6a68/prow/plugins/updateconfig/updateconfig.go#L76-L79

The implementation of this interface used by the plugin, however, uses GitHub to fetch the file contents:

https://github.com/kubernetes/test-infra/blob/f63737a069e07158d0d98d2d0399fe00d0df6a68/prow/plugins/updateconfig/updateconfig.go#L81-L88

It is possible, however, to simply load the files from disk if the appropriate version of the repository is checked out, as is done in the config-bootstrapper:

https://github.com/kubernetes/test-infra/blob/f63737a069e07158d0d98d2d0399fe00d0df6a68/prow/cmd/config-bootstrapper/main.go#L141-L147

The current behavior of updateconfig is problematic as its token use scales linearly with the number of files changed that need to be uploaded. This allows for inadvertent DoS of the system by changing a large number of configuration files at once. The updateconfig plugin should be updated to clone the repository at the version that was pushed and use the local checkout to populate file contents.

/cc @cjwagner
/area prow/hook

areprohook good first issue help wanted kinbug
Source
picture stevekuznetsov

Most helpful comment

/assign rajibmitra

picture rajibmitra on 16 Oct 2019
3

All 8 comments

/good-first-issue

stevekuznetsov picture stevekuznetsov on 16 Oct 2019

@stevekuznetsov:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

In response to this:

/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 16 Oct 2019

/help

stevekuznetsov picture stevekuznetsov on 16 Oct 2019

/assign rajibmitra

rajibmitra picture rajibmitra on 16 Oct 2019
3

@rajibmitra: GitHub didn't allow me to assign the following users: me.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign me

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 16 Oct 2019

/assign rajibmitra

rajibmitra picture rajibmitra on 16 Oct 2019

@stevekuznetsov if I change the /updateconfig's gitHubFileGetter to osFileGetter , will it be able to
use the local checkout to populate file contents ?

rajibmitra picture rajibmitra on 16 Oct 2019

You'll need to call git.Clone() first to populate the filesystem, then use the osFileGetter@

stevekuznetsov picture stevekuznetsov on 16 Oct 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

spiffxp picture spiffxp  路  3Comments
chaosaffe picture chaosaffe  路  3Comments
benmoss picture benmoss  路  3Comments
cblecker picture cblecker  路  4Comments
BenTheElder picture BenTheElder  路  4Comments