From 45de9b95c39f91c8949fde3f9a8120a040e4e752 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 7 Oct 2019 14:22:19 +0000 Subject: [PATCH] hack/update-rhcos-bootimage: Require ART endpoint Don't allow people to point to e.g. an RHT-internal endpoint. See: https://github.com/openshift/installer/pull/2462 --- hack/update-rhcos-bootimage.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hack/update-rhcos-bootimage.py b/hack/update-rhcos-bootimage.py index 3d07a2b23b6..97e84c1845d 100755 --- a/hack/update-rhcos-bootimage.py +++ b/hack/update-rhcos-bootimage.py @@ -1,15 +1,22 @@ #!/usr/bin/python3 -# Usage: ./hack/update-rhcos-bootimage.py https://releases-rhcos.svc.ci.openshift.org/storage/releases/ootpa/410.8.20190401.0/meta.json +# Usage: ./hack/update-rhcos-bootimage.py https://releases-art-rhcos.svc.ci.openshift.org/storage/releases/ootpa/410.8.20190401.0/meta.json import codecs,os,sys,json,argparse import urllib.parse import urllib.request +# An app running in the CI cluster exposes this public endpoint about ART RHCOS +# builds. Do not try to e.g. point to RHT-internal endpoints. +RHCOS_RELEASES_APP = 'https://releases-art-rhcos.svc.ci.openshift.org' + dn = os.path.abspath(os.path.dirname(sys.argv[0])) parser = argparse.ArgumentParser() parser.add_argument("meta", action='store') args = parser.parse_args() +if not args.meta.startswith(RHCOS_RELEASES_APP): + raise SystemExit("URL must start with: " + RHCOS_RELEASES_APP) + with urllib.request.urlopen(args.meta) as f: string_f = codecs.getreader('utf-8')(f) # support for Python < 3.6 meta = json.load(string_f)