Commit b26fd49e authored by drew cimino's avatar drew cimino

catching and cleanly reporting SSL errors in Ci::Config::External::Processor

parent 95bbcf08
---
title: Catch and report OpenSSL exceptions while fetching external configuration files
in CI::Config
merge_request: 26750
author: Drew Cimino
type: fixed
...@@ -11,7 +11,8 @@ module Gitlab ...@@ -11,7 +11,8 @@ module Gitlab
@values = values @values = values
@external_files = External::Mapper.new(values, project: project, sha: sha, user: user, expandset: expandset).process @external_files = External::Mapper.new(values, project: project, sha: sha, user: user, expandset: expandset).process
@content = {} @content = {}
rescue External::Mapper::Error => e rescue External::Mapper::Error,
OpenSSL::SSL::SSLError => e
raise IncludeError, e.message raise IncludeError, e.message
end end
......
...@@ -270,5 +270,27 @@ describe Gitlab::Ci::Config::External::Processor do ...@@ -270,5 +270,27 @@ describe Gitlab::Ci::Config::External::Processor do
end end
end end
end end
context 'when config includes an external configuration file via SSL web request' do
before do
stub_request(:get, 'https://sha256.badssl.com/fake.yml').to_return(body: 'image: ruby:2.6', status: 200)
stub_request(:get, 'https://self-signed.badssl.com/fake.yml')
.to_raise(OpenSSL::SSL::SSLError.new('SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)'))
end
context 'with an acceptable certificate' do
let(:values) { { include: 'https://sha256.badssl.com/fake.yml' } }
it { is_expected.to include(image: 'ruby:2.6') }
end
context 'with a self-signed certificate' do
let(:values) { { include: 'https://self-signed.badssl.com/fake.yml' } }
it 'returns a reportable configuration error' do
expect { subject }.to raise_error(described_class::IncludeError, /certificate verify failed/)
end
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment