-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(cli): add version header + warning on client-server mismatch. Fixes #9212 #13635
Commits on Sep 20, 2024
-
feat(cli): add warning on version mismatch between client and server. F…
…ixes argoproj#9212 This adds a warning message to the CLI when it detects a mismatch between the client and server versions. There was another PR (argoproj#11909) for this implemented it by making a blocking API call to `/api/v1/version` in a `PersistentPreRun` hook. This PR takes a different approach: have the server send the version in a new header called `argo-version`, which the client will detect and extract. There's several advantages to this approach: 1. Negligible performance impact, since no additional requests are needed. 2. Warning is only shown when the command would normally send an API request. 3. Can be useful for bug triaging, since the header can be seen in `curl` output. Exposing the version information has security implictions, since it could be used by attackers to identify vulnerable Argo servers. To mitigate that, the header is not sent on 401 errors. Of course, if a user is exposing their Argo server to the internet without authentication, then an attacker could see this header, but then they've got bigger problems (and an attacker could just call `/api/v1/version`). This is implemented on the client and server side using [grpc-go interceptors](https://github.com/grpc/grpc-go/blob/master/examples/features/interceptor/README.md). On the server side, there's interceptors to set the version header in the response. On the client side, there's an interceptor to check the response for the header and stash it in a global variable (which is obviously not ideal, but I couldn't think of a better way to handle that). Testing process: 1. Manually changed the version to `v9.99`: https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/Makefile#L95 2. Ran `make cli && cp dist/argo argo2` 3. Ran `make start API=true` 4. Ran `ARGO_SECURE=false ARGO_TOKEN="Bearer $(kubectl get secret argo-server.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" ARGO_SERVER=localhost:2746 ./dist/argo2 list` Output: ``` No workflows found WARN[2024-09-20T18:03:26.116Z] CLI version (v9.99+303bcce.dirty) does not match server version (latest+303bcce.dirty). This can lead to unexpected behavior. ``` Signed-off-by: Mason Malone <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c30a042 - Browse repository at this point
Copy the full SHA c30a042View commit details
Commits on Sep 21, 2024
-
Signed-off-by: Mason Malone <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5cff940 - Browse repository at this point
Copy the full SHA 5cff940View commit details
Commits on Sep 22, 2024
-
fix(server): never send version header on errors
Signed-off-by: Mason Malone <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f590dcb - Browse repository at this point
Copy the full SHA f590dcbView commit details
Commits on Sep 23, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 2305e8b - Browse repository at this point
Copy the full SHA 2305e8bView commit details
Commits on Sep 24, 2024
-
Configuration menu - View commit details
-
Copy full SHA for d358881 - Browse repository at this point
Copy the full SHA d358881View commit details
Commits on Sep 26, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 9e10006 - Browse repository at this point
Copy the full SHA 9e10006View commit details
Commits on Sep 28, 2024
-
test: additional tests for interceptor error handling
Signed-off-by: Mason Malone <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for eb08e76 - Browse repository at this point
Copy the full SHA eb08e76View commit details -
Merge branch 'main' into feat-9212
Signed-off-by: Mason Malone <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b958ca7 - Browse repository at this point
Copy the full SHA b958ca7View commit details
Commits on Sep 30, 2024
-
refactor: rename err to origErr
Signed-off-by: Mason Malone <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a8a283f - Browse repository at this point
Copy the full SHA a8a283fView commit details