diff --git a/integration/helpers/utils.ts b/integration/helpers/utils.ts index 02aef4f3fd..f3354919c2 100644 --- a/integration/helpers/utils.ts +++ b/integration/helpers/utils.ts @@ -26,7 +26,7 @@ async function getMainWindow(app: ElectronApplication, timeout = 50_000): Promis const onWindow = (page: Page) => { console.log(`Page opened: ${page.url()}`); - if (page.url().startsWith("http://localhost")) { + if (page.url().startsWith("https://localhost")) { cleanup(); console.log(stdoutBuf); resolve(page); diff --git a/package.json b/package.json index 225bc82cbe..1679398829 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "bundledKubectlVersion": "1.23.3", "bundledHelmVersion": "3.7.2", "sentryDsn": "", - "contentSecurityPolicy": "script-src 'unsafe-eval' 'self'; frame-src http://*.localhost:*/; img-src * data:", + "contentSecurityPolicy": "script-src 'unsafe-eval' 'self'; img-src * data:", "welcomeRoute": "/welcome" }, "engines": { diff --git a/src/common/certificate/channel.ts b/src/common/certificate/channel.ts new file mode 100644 index 0000000000..f20d20f5ef --- /dev/null +++ b/src/common/certificate/channel.ts @@ -0,0 +1,9 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ + +import type { SelfSignedCert } from "selfsigned"; +import { getRequestChannel } from "../utils/channel/request-channel-listener-injection-token"; + +export const lensProxyCertificateChannel = getRequestChannel("request-lens-proxy-certificate"); diff --git a/src/common/certificate/token.ts b/src/common/certificate/token.ts new file mode 100644 index 0000000000..88cafb8bce --- /dev/null +++ b/src/common/certificate/token.ts @@ -0,0 +1,11 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ + +import { getInjectionToken } from "@ogre-tools/injectable"; +import type { SelfSignedCert } from "selfsigned"; + +export const lensProxyCertificateInjectionToken = getInjectionToken({ + id: "lens-proxy-certificate-token", +}); diff --git a/src/common/fetch/lens-authed-fetch.injectable.ts b/src/common/fetch/lens-authed-fetch.injectable.ts index 76834eadc7..257cca76e2 100644 --- a/src/common/fetch/lens-authed-fetch.injectable.ts +++ b/src/common/fetch/lens-authed-fetch.injectable.ts @@ -3,20 +3,27 @@ * Licensed under MIT License. See LICENSE in root directory for more information. */ import { getInjectable } from "@ogre-tools/injectable"; +import { Agent } from "https"; +import type { RequestInit, Response } from "node-fetch"; import { lensAuthenticationHeaderValueInjectionToken } from "../auth/header-value"; +import { lensProxyCertificateInjectionToken } from "../certificate/token"; import { lensAuthenticationHeader } from "../vars/auth-header"; import fetchModuleInjectable from "./fetch-module.injectable"; -import type { Fetch } from "./fetch.injectable"; import fetchInjectable from "./fetch.injectable"; +export type AuthenticatedRequestInit = Omit; + +export type AuthenticatedFetch = (url: string, options?: AuthenticatedRequestInit) => Promise; + /** * This injectable should not be used to request data from external sources as it would leak the * authentication header value */ const lensAuthenticatedFetchInjectable = getInjectable({ id: "lens-authenticated-fetch", - instantiate: (di): Fetch => { + instantiate: (di): AuthenticatedFetch => { const authHeaderValue = di.inject(lensAuthenticationHeaderValueInjectionToken); + const lensProxyCertificate = di.inject(lensProxyCertificateInjectionToken); const fetch = di.inject(fetchInjectable); const { Headers } = di.inject(fetchModuleInjectable); @@ -26,12 +33,16 @@ const lensAuthenticatedFetchInjectable = getInjectable({ ...rest } = init ?? {}; const headers = new Headers(headersInit); + const agent = new Agent({ + ca: lensProxyCertificate.cert, + }); headers.set(lensAuthenticationHeader, authHeaderValue); return fetch(url, { headers, ...rest, + agent, }); }; }, diff --git a/src/common/k8s-api/__tests__/kube-api-version-detection.test.ts b/src/common/k8s-api/__tests__/kube-api-version-detection.test.ts index e2caef39fa..8161cb6281 100644 --- a/src/common/k8s-api/__tests__/kube-api-version-detection.test.ts +++ b/src/common/k8s-api/__tests__/kube-api-version-detection.test.ts @@ -49,7 +49,7 @@ describe("KubeApi", () => { const createKubeJsonApi = di.inject(createKubeJsonApiInjectable); request = createKubeJsonApi({ - serverAddress: `http://127.0.0.1:9999`, + serverAddress: `https://127.0.0.1:9999`, apiBase: "/api-kube", }); registerApiSpy = jest.spyOn(di.inject(apiManagerInjectable), "registerApi"); @@ -82,7 +82,7 @@ describe("KubeApi", () => { it("requests version list from the api group from the initial apiBase", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io", { headers: { "content-type": "application/json", @@ -95,8 +95,8 @@ describe("KubeApi", () => { describe("when the version list from the api group resolves", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io", JSON.stringify({ apiVersion: "v1", kind: "APIGroup", name: "networking.k8s.io", @@ -120,7 +120,7 @@ describe("KubeApi", () => { it("requests resources from the versioned api group from the initial apiBase", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1", { headers: { "content-type": "application/json", @@ -133,8 +133,8 @@ describe("KubeApi", () => { describe("when resource request fufills with a resource", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1", JSON.stringify({ resources: [{ name: "ingresses", }], @@ -144,7 +144,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo", { headers: { "content-type": "application/json", @@ -171,8 +171,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo", JSON.stringify({})), ); result = await getCall; }); @@ -196,7 +196,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", { headers: { "content-type": "application/json", @@ -211,8 +211,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", JSON.stringify({})), ); result = await getCall; }); @@ -229,8 +229,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo", JSON.stringify({ apiVersion: "v1", kind: "Ingress", metadata: { @@ -263,7 +263,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", { headers: { "content-type": "application/json", @@ -278,8 +278,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1/namespaces/default/ingresses/foo1", JSON.stringify({})), ); result = await getCall; }); @@ -295,8 +295,8 @@ describe("KubeApi", () => { describe("when resource request fufills with no resource", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1", JSON.stringify({ resources: [], })), ); @@ -304,7 +304,7 @@ describe("KubeApi", () => { it("requests resources from the second versioned api group from the initial apiBase", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1", { headers: { "content-type": "application/json", @@ -319,8 +319,8 @@ describe("KubeApi", () => { describe("when resource request fufills with a resource", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1", JSON.stringify({ resources: [{ name: "ingresses", }], @@ -330,7 +330,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo", { headers: { "content-type": "application/json", @@ -357,8 +357,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({})), ); result = await getCall; }); @@ -382,7 +382,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", { headers: { "content-type": "application/json", @@ -397,8 +397,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), ); result = await getCall; }); @@ -415,8 +415,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({ apiVersion: "v1", kind: "Ingress", metadata: { @@ -449,7 +449,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", + "https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", { headers: { "content-type": "application/json", @@ -464,8 +464,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), ); result = await getCall; }); @@ -483,8 +483,8 @@ describe("KubeApi", () => { describe("when the version list from the api group resolves with no versions", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/networking.k8s.io"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/networking.k8s.io", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/networking.k8s.io"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/networking.k8s.io", JSON.stringify({ "metadata": {}, "status": "Failure", "message": "the server could not find the requested resource", @@ -504,7 +504,7 @@ describe("KubeApi", () => { it("requests the resources from the base api url from the fallback api", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/extensions", + "https://127.0.0.1:9999/api-kube/apis/extensions", { headers: { "content-type": "application/json", @@ -517,8 +517,8 @@ describe("KubeApi", () => { describe("when resource request fufills with a resource", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/extensions"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/extensions", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/extensions"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/extensions", JSON.stringify({ apiVersion: "v1", kind: "APIGroup", name: "extensions", @@ -538,7 +538,7 @@ describe("KubeApi", () => { it("requests resource versions from the versioned api group from the fallback apiBase", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1", + "https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1", { headers: { "content-type": "application/json", @@ -551,8 +551,8 @@ describe("KubeApi", () => { describe("when the preferred version request resolves to v1beta1", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/extensions", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/extensions", JSON.stringify({ resources: [{ name: "ingresses", }], @@ -562,7 +562,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo", + "https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo", { headers: { "content-type": "application/json", @@ -589,8 +589,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({})), ); result = await getCall; }); @@ -614,7 +614,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", + "https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", { headers: { "content-type": "application/json", @@ -629,8 +629,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), ); result = await getCall; }); @@ -647,8 +647,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo", JSON.stringify({ apiVersion: "v1beta1", kind: "Ingress", metadata: { @@ -681,7 +681,7 @@ describe("KubeApi", () => { it("makes the request to get the resource", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", + "https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", { headers: { "content-type": "application/json", @@ -696,8 +696,8 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), + ["https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/extensions/v1beta1/namespaces/default/ingresses/foo1", JSON.stringify({})), ); result = await getCall; }); diff --git a/src/common/k8s-api/__tests__/kube-api.test.ts b/src/common/k8s-api/__tests__/kube-api.test.ts index a4f9fd5b21..2adf67de11 100644 --- a/src/common/k8s-api/__tests__/kube-api.test.ts +++ b/src/common/k8s-api/__tests__/kube-api.test.ts @@ -157,7 +157,7 @@ describe("KubeApi", () => { const createKubeJsonApi = di.inject(createKubeJsonApiInjectable); request = createKubeJsonApi({ - serverAddress: `http://127.0.0.1:9999`, + serverAddress: `https://127.0.0.1:9999`, apiBase: "/api-kube", }); @@ -189,7 +189,7 @@ describe("KubeApi", () => { it("requests a patch using strategic merge", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", + "https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", { headers: { "content-type": "application/strategic-merge-patch+json", @@ -203,8 +203,8 @@ describe("KubeApi", () => { describe("when the patch request resolves with data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", JSON.stringify({ apiVersion: "v1", kind: "Deployment", metadata: { @@ -240,7 +240,7 @@ describe("KubeApi", () => { it("requests a patch using json merge", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", + "https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", { headers: { "content-type": "application/json-patch+json", @@ -256,8 +256,8 @@ describe("KubeApi", () => { describe("when the patch request resolves with data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", JSON.stringify({ apiVersion: "v1", kind: "Deployment", metadata: { @@ -295,7 +295,7 @@ describe("KubeApi", () => { it("requests a patch using json merge", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", + "https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", { headers: { "content-type": "application/merge-patch+json", @@ -309,8 +309,8 @@ describe("KubeApi", () => { describe("when the patch request resolves with data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/apis/apps/v1/namespaces/default/deployments/test", JSON.stringify({ apiVersion: "v1", kind: "Deployment", metadata: { @@ -354,7 +354,7 @@ describe("KubeApi", () => { it("requests deleting pod in default namespace", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", { headers: { "content-type": "application/json", @@ -367,8 +367,8 @@ describe("KubeApi", () => { describe("when request resolves", () => { beforeEach(async () => { fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", "{}"), + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", "{}"), ); }); @@ -390,7 +390,7 @@ describe("KubeApi", () => { it("requests deleting pod in default namespace", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", { headers: { "content-type": "application/json", @@ -403,8 +403,8 @@ describe("KubeApi", () => { describe("when request resolves", () => { beforeEach(async () => { fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", "{}"), + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foo?propagationPolicy=Background", "{}"), ); }); @@ -426,7 +426,7 @@ describe("KubeApi", () => { it("requests deleting pod in given namespace", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/test/pods/foo?propagationPolicy=Background", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/test/pods/foo?propagationPolicy=Background", { headers: { "content-type": "application/json", @@ -439,8 +439,8 @@ describe("KubeApi", () => { describe("when request resolves", () => { beforeEach(async () => { fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/test/pods/foo?propagationPolicy=Background"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/test/pods/foo?propagationPolicy=Background", "{}"), + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/test/pods/foo?propagationPolicy=Background"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/test/pods/foo?propagationPolicy=Background", "{}"), ); }); @@ -472,7 +472,7 @@ describe("KubeApi", () => { it("requests deleting Namespace without namespace", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", { headers: { "content-type": "application/json", @@ -485,8 +485,8 @@ describe("KubeApi", () => { describe("when request resolves", () => { beforeEach(async () => { fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", "{}"), + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", "{}"), ); }); @@ -508,7 +508,7 @@ describe("KubeApi", () => { it("requests deleting Namespace without namespace", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", { headers: { "content-type": "application/json", @@ -521,8 +521,8 @@ describe("KubeApi", () => { describe("when request resolves", () => { beforeEach(async () => { fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", "{}"), + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/foo?propagationPolicy=Background", "{}"), ); }); @@ -571,7 +571,7 @@ describe("KubeApi", () => { it("requests the watch", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", { headers: { "content-type": "application/json", @@ -585,7 +585,7 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( ([url, init]) => { - const isMatch = url === "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600"; + const isMatch = url === "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600"; if (isMatch) { init?.signal?.addEventListener("abort", () => { @@ -595,7 +595,7 @@ describe("KubeApi", () => { return isMatch; }, - createMockResponseFromStream("http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", stream), + createMockResponseFromStream("https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", stream), ); }); @@ -667,7 +667,7 @@ describe("KubeApi", () => { it("requests the watch", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", { headers: { "content-type": "application/json", @@ -681,7 +681,7 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( ([url, init]) => { - const isMatch = url === "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600"; + const isMatch = url === "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600"; if (isMatch) { init?.signal?.addEventListener("abort", () => { @@ -691,7 +691,7 @@ describe("KubeApi", () => { return isMatch; }, - createMockResponseFromStream("http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", stream), + createMockResponseFromStream("https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=600", stream), ); }); @@ -762,7 +762,7 @@ describe("KubeApi", () => { it("requests the watch", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60", { headers: { "content-type": "application/json", @@ -776,7 +776,7 @@ describe("KubeApi", () => { beforeEach(async () => { await fetchMock.resolveSpecific( ([url, init]) => { - const isMatch = url === "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60"; + const isMatch = url === "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60"; if (isMatch) { init?.signal?.addEventListener("abort", () => { @@ -786,7 +786,7 @@ describe("KubeApi", () => { return isMatch; }, - createMockResponseFromStream("http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60", stream), + createMockResponseFromStream("https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60", stream), ); }); @@ -844,7 +844,7 @@ describe("KubeApi", () => { it("requests a new watch", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/kube-system/pods?watch=1&resourceVersion=&timeoutSeconds=60", { headers: { "content-type": "application/json", @@ -914,7 +914,7 @@ describe("KubeApi", () => { it("should request to create a pod with full descriptor", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", { headers: { "content-type": "application/json", @@ -949,8 +949,8 @@ describe("KubeApi", () => { describe("when request resolves with data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", JSON.stringify({ kind: "Pod", apiVersion: "v1", metadata: { @@ -1026,7 +1026,7 @@ describe("KubeApi", () => { it("should request that the pod is updated", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foobar", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foobar", { headers: { "content-type": "application/json", @@ -1061,8 +1061,8 @@ describe("KubeApi", () => { describe("when the request resolves with data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foobar"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foobar", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foobar"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods/foobar", JSON.stringify({ kind: "Pod", apiVersion: "v1", metadata: { @@ -1116,7 +1116,7 @@ describe("KubeApi", () => { it("should request that the pods from all namespaces", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/pods", + "https://127.0.0.1:9999/api-kube/api/v1/pods", { headers: { "content-type": "application/json", @@ -1129,8 +1129,8 @@ describe("KubeApi", () => { describe("when the request resolves with empty data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/pods"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/pods", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/api/v1/pods"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/pods", JSON.stringify({ kind: "PodList", apiVersion: "v1", metadata: {}, @@ -1158,7 +1158,7 @@ describe("KubeApi", () => { it("should request that the pods from all namespaces", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/pods", + "https://127.0.0.1:9999/api-kube/api/v1/pods", { headers: { "content-type": "application/json", @@ -1171,8 +1171,8 @@ describe("KubeApi", () => { describe("when the request resolves with empty data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/pods"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/pods", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/api/v1/pods"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/pods", JSON.stringify({ kind: "PodList", apiVersion: "v1", metadata: {}, @@ -1200,7 +1200,7 @@ describe("KubeApi", () => { it("should request that the pods from just the default namespace", () => { expect(fetchMock.mock.lastCall).toMatchObject([ - "http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", + "https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", { headers: { "content-type": "application/json", @@ -1213,8 +1213,8 @@ describe("KubeApi", () => { describe("when the request resolves with empty data", () => { beforeEach(async () => { await fetchMock.resolveSpecific( - ["http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods"], - createMockResponseFromString("http://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", JSON.stringify({ + ["https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods"], + createMockResponseFromString("https://127.0.0.1:9999/api-kube/api/v1/namespaces/default/pods", JSON.stringify({ kind: "PodList", apiVersion: "v1", metadata: {}, diff --git a/src/common/k8s-api/kube-api-parse.ts b/src/common/k8s-api/kube-api-parse.ts index dcb8b18636..cb5315b50c 100644 --- a/src/common/k8s-api/kube-api-parse.ts +++ b/src/common/k8s-api/kube-api-parse.ts @@ -23,7 +23,7 @@ export interface IKubeApiParsed extends IKubeApiLinkRef { } export function parseKubeApi(path: string): IKubeApiParsed { - const apiPath = new URL(path, "http://localhost").pathname; + const apiPath = new URL(path, "https://localhost").pathname; const [, prefix, ...parts] = apiPath.split("/"); const apiPrefix = `/${prefix}`; const [left, right, namespaced] = splitArray(parts, "namespaces"); diff --git a/src/common/k8s-api/kube-object.ts b/src/common/k8s-api/kube-object.ts index 53bc6defdf..8e89a913e0 100644 --- a/src/common/k8s-api/kube-object.ts +++ b/src/common/k8s-api/kube-object.ts @@ -51,7 +51,7 @@ export interface BaseKubeJsonApiObjectMetadata>; @@ -136,7 +136,7 @@ export interface BaseKubeJsonApiObjectMetadata>; @@ -154,7 +154,7 @@ export interface BaseKubeJsonApiObjectMetadata; @@ -196,7 +196,7 @@ export interface BaseKubeJsonApiObjectMetadata { _requestSignature?: Request; // used only to mark `Request` as "used" _responseSignature?: Response; // used only to mark `Response` as "used" } + +export const getRequestChannel = (id: string): RequestChannel => ({ + id, +}); diff --git a/src/common/utils/request-app-version.injectable.ts b/src/common/utils/request-app-version.injectable.ts index cfb6d942a0..449c8bb5a5 100644 --- a/src/common/utils/request-app-version.injectable.ts +++ b/src/common/utils/request-app-version.injectable.ts @@ -9,11 +9,11 @@ import lensAuthenticatedFetchInjectable from "../fetch/lens-authed-fetch.injecta const requestAppVersionInjectable = getInjectable({ id: "request-app-version", instantiate: (di) => { - const lensAuthenticatedFetch = di.inject(lensAuthenticatedFetchInjectable); + const fetch = di.inject(lensAuthenticatedFetchInjectable); const lensProxyPort = di.inject(lensProxyPortInjectable); return async () => { - const response = await lensAuthenticatedFetch(`http://127.0.0.1:${lensProxyPort.get()}/version`); + const response = await fetch(`https://127.0.0.1:${lensProxyPort.get()}/version`); const body = await response.json() as { version: string }; return body.version; diff --git a/src/common/vars/application-information.global-override-for-injectable.ts b/src/common/vars/application-information.global-override-for-injectable.ts index 83b9559d73..ecc0b0aa3c 100644 --- a/src/common/vars/application-information.global-override-for-injectable.ts +++ b/src/common/vars/application-information.global-override-for-injectable.ts @@ -16,7 +16,7 @@ export default getGlobalOverride(applicationInformationInjectable, () => ({ bundledKubectlVersion: "1.23.3", bundledHelmVersion: "3.7.2", sentryDsn: "", - contentSecurityPolicy: "script-src 'unsafe-eval' 'self'; frame-src http://*.localhost:*/; img-src * data:", + contentSecurityPolicy: "script-src 'unsafe-eval' 'self'; frame-src https://*.localhost:*/; img-src * data:", welcomeRoute: "/welcome", extensions: [], }, diff --git a/src/features/cluster/delete-dialog/delete-cluster-dialog.test.tsx b/src/features/cluster/delete-dialog/delete-cluster-dialog.test.tsx index 5c527edbb4..3b32e16b16 100644 --- a/src/features/cluster/delete-dialog/delete-cluster-dialog.test.tsx +++ b/src/features/cluster/delete-dialog/delete-cluster-dialog.test.tsx @@ -20,7 +20,7 @@ import directoryForKubeConfigsInjectable from "../../../common/app-paths/directo import joinPathsInjectable from "../../../common/path/join-paths.injectable"; const currentClusterServerUrl = "https://localhost"; -const nonCurrentClusterServerUrl = "http://localhost"; +const nonCurrentClusterServerUrl = "https://localhost"; const multiClusterConfig = ` apiVersion: v1 clusters: @@ -48,7 +48,7 @@ users: token: kubeconfig-user-q4lm4:xxxyyyy `; -const singleClusterServerUrl = "http://localhost"; +const singleClusterServerUrl = "https://localhost"; const singleClusterConfig = ` apiVersion: v1 clusters: diff --git a/src/features/helm-charts/add-custom-helm-repository-in-preferences.test.ts b/src/features/helm-charts/add-custom-helm-repository-in-preferences.test.ts index 684cde0038..a8e05c734c 100644 --- a/src/features/helm-charts/add-custom-helm-repository-in-preferences.test.ts +++ b/src/features/helm-charts/add-custom-helm-repository-in-preferences.test.ts @@ -146,7 +146,7 @@ describe("add custom helm repository in preferences", () => { const urlInput = rendered.getByTestId("custom-helm-repository-url-input"); - fireEvent.change(urlInput, { target: { value: "http://some.url" }}); + fireEvent.change(urlInput, { target: { value: "https://some.url" }}); }); it("renders", () => { @@ -170,7 +170,7 @@ describe("add custom helm repository in preferences", () => { it("adds the repository", () => { expect(execFileMock).toHaveBeenCalledWith( "some-helm-binary-path", - ["repo", "add", "some-custom-repository", "http://some.url"], + ["repo", "add", "some-custom-repository", "https://some.url"], { maxBuffer: 34359738368, env: {}, @@ -224,7 +224,7 @@ describe("add custom helm repository in preferences", () => { await execFileMock.resolveSpecific( [ "some-helm-binary-path", - ["repo", "add", "some-custom-repository", "http://some.url"], + ["repo", "add", "some-custom-repository", "https://some.url"], ], { callWasSuccessful: true, @@ -365,7 +365,7 @@ describe("add custom helm repository in preferences", () => { "repo", "add", "some-custom-repository", - "http://some.url", + "https://some.url", "--insecure-skip-tls-verify", "--username", "some-username", diff --git a/src/features/preferences/renderer/preference-items/proxy/http-proxy-url/http-proxy-url.tsx b/src/features/preferences/renderer/preference-items/proxy/http-proxy-url/http-proxy-url.tsx index 7d55fd2b3b..f24f976fdb 100644 --- a/src/features/preferences/renderer/preference-items/proxy/http-proxy-url/http-proxy-url.tsx +++ b/src/features/preferences/renderer/preference-items/proxy/http-proxy-url/http-proxy-url.tsx @@ -23,7 +23,7 @@ const NonInjectedHttpProxyUrl = observer( setProxy(v)} onBlur={() => (userStore.httpsProxy = proxy)} diff --git a/src/features/quitting-and-restarting-the-app/opening-application-window-using-tray.test.ts b/src/features/quitting-and-restarting-the-app/opening-application-window-using-tray.test.ts index 1dccbf71da..4ef28bf8f7 100644 --- a/src/features/quitting-and-restarting-the-app/opening-application-window-using-tray.test.ts +++ b/src/features/quitting-and-restarting-the-app/opening-application-window-using-tray.test.ts @@ -132,7 +132,7 @@ describe("opening application window using tray", () => { }); it("starts loading of content for the application window", () => { - expect(callForApplicationWindowHtmlMock).toHaveBeenCalledWith("http://localhost:42"); + expect(callForApplicationWindowHtmlMock).toHaveBeenCalledWith("https://localhost:42"); }); describe("given static HTML of application window has not resolved yet, when opening from tray again", () => { diff --git a/src/main/__test__/context-handler.test.ts b/src/main/__test__/context-handler.test.ts index 504e352ea6..ad05cdcb88 100644 --- a/src/main/__test__/context-handler.test.ts +++ b/src/main/__test__/context-handler.test.ts @@ -108,7 +108,7 @@ describe("ContextHandler", () => { id: "some-cluster-id", kubeConfigPath: "/some/path/to/kubeconfig", }, { - clusterServerUrl: "http://localhost:81", + clusterServerUrl: "https://localhost:81", }); }); diff --git a/src/main/__test__/kubeconfig-manager.test.ts b/src/main/__test__/kubeconfig-manager.test.ts index 4639c4a3e9..9f36f1f2ea 100644 --- a/src/main/__test__/kubeconfig-manager.test.ts +++ b/src/main/__test__/kubeconfig-manager.test.ts @@ -174,7 +174,7 @@ describe("kubeconfig manager tests", () => { describe("when writing out new proxy kubeconfig resolves", () => { beforeEach(async () => { await writeFileMock.resolveSpecific( - ["/some-directory-for-temp/kubeconfig-foo", "apiVersion: v1\nkind: Config\npreferences: {}\ncurrent-context: minikube\nclusters:\n - name: minikube\n cluster:\n server: http://127.0.0.1:9191/foo\ncontexts:\n - name: minikube\n context:\n cluster: minikube\n user: proxy\nusers:\n - name: proxy\n user: {}\n"], + ["/some-directory-for-temp/kubeconfig-foo", "apiVersion: v1\nkind: Config\npreferences: {}\ncurrent-context: minikube\nclusters:\n - name: minikube\n cluster:\n server: https://127.0.0.1:9191/foo\ncontexts:\n - name: minikube\n context:\n cluster: minikube\n user: proxy\nusers:\n - name: proxy\n user: {}\n"], ); }); @@ -300,7 +300,7 @@ describe("kubeconfig manager tests", () => { describe("when writing out new proxy kubeconfig resolves", () => { beforeEach(async () => { await writeFileMock.resolveSpecific( - ["/some-directory-for-temp/kubeconfig-foo", "apiVersion: v1\nkind: Config\npreferences: {}\ncurrent-context: minikube\nclusters:\n - name: minikube\n cluster:\n server: http://127.0.0.1:9191/foo\ncontexts:\n - name: minikube\n context:\n cluster: minikube\n user: proxy\nusers:\n - name: proxy\n user: {}\n"], + ["/some-directory-for-temp/kubeconfig-foo", "apiVersion: v1\nkind: Config\npreferences: {}\ncurrent-context: minikube\nclusters:\n - name: minikube\n cluster:\n server: https://127.0.0.1:9191/foo\ncontexts:\n - name: minikube\n context:\n cluster: minikube\n user: proxy\nusers:\n - name: proxy\n user: {}\n"], ); }); diff --git a/src/main/k8s-request.injectable.ts b/src/main/k8s-request.injectable.ts index 65d09c89a1..345b9c58d2 100644 --- a/src/main/k8s-request.injectable.ts +++ b/src/main/k8s-request.injectable.ts @@ -25,7 +25,7 @@ const k8sRequestInjectable = getInjectable({ path: string, options: RequestPromiseOptions = {}, ) => { - const kubeProxyUrl = `http://localhost:${lensProxyPort.get()}${apiKubePrefix}`; + const kubeProxyUrl = `https://localhost:${lensProxyPort.get()}${apiKubePrefix}`; options.headers ??= {}; options.json ??= true; diff --git a/src/main/k8s/api-base-server-address.injectable.ts b/src/main/k8s/api-base-server-address.injectable.ts index ae217cb3e2..8d3a960ed4 100644 --- a/src/main/k8s/api-base-server-address.injectable.ts +++ b/src/main/k8s/api-base-server-address.injectable.ts @@ -11,7 +11,7 @@ const apiBaseServerAddressInjectable = getInjectable({ instantiate: (di) => { const lensProxyPort = di.inject(lensProxyPortInjectable); - return `http://127.0.0.1:${lensProxyPort.get()}`; + return `https://127.0.0.1:${lensProxyPort.get()}`; }, injectionToken: apiBaseServerAddressInjectionToken, }); diff --git a/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts b/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts index 48dea26da6..f83d082723 100644 --- a/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts +++ b/src/main/kubeconfig-manager/create-kubeconfig-manager.injectable.ts @@ -15,6 +15,7 @@ import pathExistsInjectable from "../../common/fs/path-exists.injectable"; import writeFileInjectable from "../../common/fs/write-file.injectable"; import removePathInjectable from "../../common/fs/remove.injectable"; import authHeaderValueInjectable from "../lens-proxy/auth-header-value.injectable"; +import lensProxyCertificateInjectable from "../lens-proxy/certificate.injectable"; export interface KubeConfigManagerInstantiationParameter { cluster: Cluster; @@ -31,6 +32,7 @@ const createKubeconfigManagerInjectable = getInjectable({ logger: di.inject(loggerInjectable), lensProxyPort: di.inject(lensProxyPortInjectable), authHeaderValue: di.inject(authHeaderValueInjectable), + lensProxyCertificate: di.inject(lensProxyCertificateInjectable), joinPaths: di.inject(joinPathsInjectable), getDirnameOfPath: di.inject(getDirnameOfPathInjectable), removePath: di.inject(removePathInjectable), diff --git a/src/main/kubeconfig-manager/kubeconfig-manager.ts b/src/main/kubeconfig-manager/kubeconfig-manager.ts index f867c2319b..16be3bebda 100644 --- a/src/main/kubeconfig-manager/kubeconfig-manager.ts +++ b/src/main/kubeconfig-manager/kubeconfig-manager.ts @@ -16,12 +16,14 @@ import type { PathExists } from "../../common/fs/path-exists.injectable"; import type { RemovePath } from "../../common/fs/remove.injectable"; import type { WriteFile } from "../../common/fs/write-file.injectable"; import { lensAuthenticationHeader } from "../../common/vars/auth-header"; +import type { SelfSignedCert } from "selfsigned"; export interface KubeconfigManagerDependencies { readonly directoryForTemp: string; readonly logger: Logger; readonly lensProxyPort: { get: () => number }; readonly authHeaderValue: string; + readonly lensProxyCertificate: SelfSignedCert; joinPaths: JoinPaths; getDirnameOfPath: GetDirnameOfPath; pathExists: PathExists; @@ -108,7 +110,9 @@ export class KubeconfigManager { clusters: [ { name: contextName, - server: `http://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}?${searchParams}`, + caData: Buffer.from(this.dependencies.lensProxyCertificate.cert).toString("base64"), + server: `https://127.0.0.1:${this.dependencies.lensProxyPort.get()}/${this.cluster.id}?${searchParams}`, + skipTLSVerify: false, }, ], users: [ diff --git a/src/main/lens-proxy/certificate.injectable.ts b/src/main/lens-proxy/certificate.injectable.ts new file mode 100644 index 0000000000..1025549573 --- /dev/null +++ b/src/main/lens-proxy/certificate.injectable.ts @@ -0,0 +1,36 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { generate } from "selfsigned"; +import { lensProxyCertificateInjectionToken } from "../../common/certificate/token"; + +const lensProxyCertificateInjectable = getInjectable({ + id: "lens-proxy-certificate", + instantiate: () => generate([ + { name: "commonName", value: "Lens Certificate Authority" }, + { name: "organizationName", value: "Lens" }, + ], { + keySize: 2048, + algorithm: "sha256", + days: 365, + extensions: [ + { + name: "basicConstraints", + cA: true, + }, + { + name: "subjectAltName", + altNames: [ + { type: 2, value: "*.localhost" }, + { type: 2, value: "localhost" }, + { type: 7, ip: "127.0.0.1" }, + ], + }, + ], + }), + injectionToken: lensProxyCertificateInjectionToken, +}); + +export default lensProxyCertificateInjectable; diff --git a/src/main/lens-proxy/handle-request-cert.injectable.ts b/src/main/lens-proxy/handle-request-cert.injectable.ts new file mode 100644 index 0000000000..81fff55832 --- /dev/null +++ b/src/main/lens-proxy/handle-request-cert.injectable.ts @@ -0,0 +1,18 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { lensProxyCertificateChannel } from "../../common/certificate/channel"; +import { getRequestChannelListenerInjectable } from "../utils/channel/channel-listeners/listener-tokens"; +import lensProxyCertificateInjectable from "./certificate.injectable"; + +const lensProxyCertificateHandlerInjectable = getRequestChannelListenerInjectable({ + channel: lensProxyCertificateChannel, + handler: (di) => { + const cert = di.inject(lensProxyCertificateInjectable); + + return () => cert; + }, +}); + +export default lensProxyCertificateHandlerInjectable; diff --git a/src/main/lens-proxy/lens-proxy.injectable.ts b/src/main/lens-proxy/lens-proxy.injectable.ts index f1b8dbe42d..a3ad1b18f8 100644 --- a/src/main/lens-proxy/lens-proxy.injectable.ts +++ b/src/main/lens-proxy/lens-proxy.injectable.ts @@ -14,6 +14,7 @@ import contentSecurityPolicyInjectable from "../../common/vars/content-security- import emitAppEventInjectable from "../../common/app-event-bus/emit-event.injectable"; import loggerInjectable from "../../common/logger.injectable"; import authHeaderValueInjectable from "./auth-header-value.injectable"; +import lensProxyCertificateInjectable from "./certificate.injectable"; const lensProxyInjectable = getInjectable({ id: "lens-proxy", @@ -29,6 +30,7 @@ const lensProxyInjectable = getInjectable({ emitAppEvent: di.inject(emitAppEventInjectable), logger: di.inject(loggerInjectable), authHeaderValue: di.inject(authHeaderValueInjectable), + certificate: di.inject(lensProxyCertificateInjectable), }), }); diff --git a/src/main/lens-proxy/lens-proxy.ts b/src/main/lens-proxy/lens-proxy.ts index 1f8af13fcb..7fa886f4aa 100644 --- a/src/main/lens-proxy/lens-proxy.ts +++ b/src/main/lens-proxy/lens-proxy.ts @@ -4,7 +4,8 @@ */ import net from "net"; -import http from "http"; +import type http from "http"; +import https from "https"; import type httpProxy from "http-proxy"; import { apiPrefix, apiKubePrefix } from "../../common/vars"; import type { ClusterContextHandler } from "../context-handler/context-handler"; @@ -20,6 +21,7 @@ import { lensAuthenticationHeader } from "../../common/vars/auth-header"; import { contentTypes } from "../router/router-content-types"; import { writeServerResponseFor } from "../router/write-server-response"; import { URL } from "url"; +import type { SelfSignedCert } from "selfsigned"; type GetClusterForRequest = (req: http.IncomingMessage) => Cluster | undefined; @@ -36,13 +38,14 @@ interface Dependencies { readonly contentSecurityPolicy: string; readonly logger: Logger; readonly authHeaderValue: string; + readonly certificate: SelfSignedCert; } const watchParam = "watch"; const followParam = "follow"; export function isLongRunningRequest(reqUrl: string) { - const url = new URL(reqUrl, "http://localhost"); + const url = new URL(reqUrl, "https://localhost"); return getBoolean(url.searchParams, watchParam) || getBoolean(url.searchParams, followParam); } @@ -71,16 +74,22 @@ export class LensProxy { protected readonly retryCounters = new Map(); constructor(private readonly dependencies: Dependencies) { - this.configureProxy(dependencies.proxy); + this.configureProxy(this.dependencies.proxy); - this.proxyServer = http.createServer((req, res) => { - this.handleRequest(req as ServerIncomingMessage, res); - }); + this.proxyServer = https.createServer( + { + key: this.dependencies.certificate.private, + cert: this.dependencies.certificate.cert, + }, + (req, res) => { + this.handleRequest(req as ServerIncomingMessage, res); + }, + ); this.proxyServer .on("upgrade", (req: ServerIncomingMessage, socket: net.Socket, head: Buffer) => { const cluster = this.dependencies.getClusterForRequest(req); - const url = new URL(req.url, "http://localhost"); + const url = new URL(req.url, "https://localhost"); if (url.searchParams.get(lensAuthenticationHeader) !== this.dependencies.authHeaderValue) { this.dependencies.logger.warn(`[LENS-PROXY]: Request from url=${req.url} missing authentication`); diff --git a/src/main/router/route-request.injectable.ts b/src/main/router/route-request.injectable.ts index 3a3dd9d12d..adefd2d201 100644 --- a/src/main/router/route-request.injectable.ts +++ b/src/main/router/route-request.injectable.ts @@ -79,7 +79,7 @@ const routeRequestInjectable = getInjectable({ const getRequest = getRequestWith(di); return async (cluster, req, res) => { - const url = new URL(req.url, "http://localhost"); + const url = new URL(req.url, "https://localhost"); const path = url.pathname; const method = req.method.toLowerCase(); const matchingRoute = router.route(method, path); diff --git a/src/main/routes/files/development.injectable.ts b/src/main/routes/files/development.injectable.ts index dcc6fce649..1a8aa91979 100644 --- a/src/main/routes/files/development.injectable.ts +++ b/src/main/routes/files/development.injectable.ts @@ -14,7 +14,7 @@ const devStaticFileRouteHandlerInjectable = getInjectable({ instantiate: (di) => { const proxy = httpProxy.createProxy(); const appName = di.inject(appNameInjectable); - const proxyTarget = `http://127.0.0.1:${webpackDevServerPort}`; + const proxyTarget = `https://127.0.0.1:${webpackDevServerPort}`; return async ({ raw: { req, res }}: LensApiRequest<"/{path*}">): Promise> => { if (req.url === "/" || !req.url) { diff --git a/src/main/start-main-application/lens-window/application-window/create-application-window.injectable.ts b/src/main/start-main-application/lens-window/application-window/create-application-window.injectable.ts index 703542faaa..038059e099 100644 --- a/src/main/start-main-application/lens-window/application-window/create-application-window.injectable.ts +++ b/src/main/start-main-application/lens-window/application-window/create-application-window.injectable.ts @@ -33,7 +33,7 @@ const createApplicationWindowInjectable = getInjectable({ defaultHeight: 900, defaultWidth: 1440, getContentSource: () => ({ - url: `http://localhost:${lensProxyPort.get()}`, + url: `https://localhost:${lensProxyPort.get()}`, }), resizable: true, windowFrameUtilitiesAreShown: isMac, diff --git a/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts b/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts index bc2cbb889f..a47b267c6b 100644 --- a/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts +++ b/src/main/start-main-application/lens-window/application-window/create-electron-window.injectable.ts @@ -14,6 +14,8 @@ import lensResourcesDirInjectable from "../../../../common/vars/lens-resources-d import isLinuxInjectable from "../../../../common/vars/is-linux.injectable"; import applicationInformationInjectable from "../../../../common/vars/application-information.injectable"; import pathExistsSyncInjectable from "../../../../common/fs/path-exists-sync.injectable"; +import lensProxyCertificateInjectable from "../../../lens-proxy/certificate.injectable"; +import { timingSafeEqual, X509Certificate } from "crypto"; export type ElectronWindowTitleBarStyle = "hiddenInset" | "hidden" | "default" | "customButtonsOnHover"; @@ -56,6 +58,8 @@ const createElectronWindowInjectable = getInjectable({ const isLinux = di.inject(isLinuxInjectable); const applicationInformation = di.inject(applicationInformationInjectable); const pathExistsSync = di.inject(pathExistsSyncInjectable); + const lensProxyCertificate = di.inject(lensProxyCertificateInjectable); + const lensProxyCert = new X509Certificate(lensProxyCertificate.cert); return (configuration) => { const applicationWindowState = di.inject( @@ -123,6 +127,13 @@ const createElectronWindowInjectable = getInjectable({ .webContents.on("dom-ready", () => { configuration.onDomReady?.(); }) + .on("certificate-error", (event, url, error, certificate, shouldBeTrusted) => { + const cert = new X509Certificate(certificate.data); + const shouldTrustCert = cert.raw.length === lensProxyCert.raw.length + && timingSafeEqual(cert.raw, lensProxyCert.raw); + + shouldBeTrusted(shouldTrustCert); + }) .on("did-fail-load", (_event, code, desc) => { logger.error( `[CREATE-ELECTRON-WINDOW]: Failed to load window "${configuration.id}"`, diff --git a/src/renderer/auth/init.injectable.ts b/src/renderer/auth/init.injectable.ts index 0431e7aeb0..2d8351f6bf 100644 --- a/src/renderer/auth/init.injectable.ts +++ b/src/renderer/auth/init.injectable.ts @@ -4,7 +4,7 @@ */ import { getInjectable } from "@ogre-tools/injectable"; import { lensAuthenticationChannel } from "../../common/auth/channel"; -import { beforeFrameStartsInjectionToken } from "../before-frame-starts/before-frame-starts-injection-token"; +import { beforeFrameStartsInjectionToken } from "../before-frame-starts/tokens"; import requestFromChannelInjectable from "../utils/channel/request-from-channel.injectable"; import authHeaderValueStateInjectable from "./auth-header-state.injectable"; diff --git a/src/renderer/certificate/certificate.injectable.ts b/src/renderer/certificate/certificate.injectable.ts new file mode 100644 index 0000000000..871df0e3b8 --- /dev/null +++ b/src/renderer/certificate/certificate.injectable.ts @@ -0,0 +1,15 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { lensProxyCertificateInjectionToken } from "../../common/certificate/token"; +import lensProxyCertificateStateInjectable from "./state.injectable"; + +const lensProxyCertificateInjectable = getInjectable({ + id: "lens-proxy-certificate", + instantiate: (di) => di.inject(lensProxyCertificateStateInjectable).get(), + injectionToken: lensProxyCertificateInjectionToken, +}); + +export default lensProxyCertificateInjectable; diff --git a/src/renderer/certificate/init.injectable.ts b/src/renderer/certificate/init.injectable.ts new file mode 100644 index 0000000000..41a526fbaf --- /dev/null +++ b/src/renderer/certificate/init.injectable.ts @@ -0,0 +1,24 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { evenBeforeFrameStartsInjectionToken } from "../before-frame-starts/tokens"; +import requestLensProxyCertificateInjectable from "./request.injectable"; +import lensProxyCertificateStateInjectable from "./state.injectable"; + +const initLensProxyCertificateStateInjectable = getInjectable({ + id: "init-lens-proxy-certificate-state", + instantiate: (di) => ({ + id: "init-lens-proxy-certificate-state", + run: async () => { + const lensProxyCertificateState = di.inject(lensProxyCertificateStateInjectable); + const requestLensProxyCertificate = di.inject(requestLensProxyCertificateInjectable); + + lensProxyCertificateState.set(await requestLensProxyCertificate()); + }, + }), + injectionToken: evenBeforeFrameStartsInjectionToken, +}); + +export default initLensProxyCertificateStateInjectable; diff --git a/src/renderer/certificate/request.injectable.ts b/src/renderer/certificate/request.injectable.ts new file mode 100644 index 0000000000..c5b6089f4b --- /dev/null +++ b/src/renderer/certificate/request.injectable.ts @@ -0,0 +1,18 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import { lensProxyCertificateChannel } from "../../common/certificate/channel"; +import requestFromChannelInjectable from "../utils/channel/request-from-channel.injectable"; + +const requestLensProxyCertificateInjectable = getInjectable({ + id: "request-lens-proxy-certificate", + instantiate: (di) => { + const requestFromChannel = di.inject(requestFromChannelInjectable); + + return () => requestFromChannel(lensProxyCertificateChannel); + }, +}); + +export default requestLensProxyCertificateInjectable; diff --git a/src/renderer/certificate/state.injectable.ts b/src/renderer/certificate/state.injectable.ts new file mode 100644 index 0000000000..15d3d064b2 --- /dev/null +++ b/src/renderer/certificate/state.injectable.ts @@ -0,0 +1,32 @@ +/** + * Copyright (c) OpenLens Authors. All rights reserved. + * Licensed under MIT License. See LICENSE in root directory for more information. + */ +import { getInjectable } from "@ogre-tools/injectable"; +import type { SelfSignedCert } from "selfsigned"; + +const lensProxyCertificateStateInjectable = getInjectable({ + id: "lens-proxy-certificate-state", + instantiate: () => { + let state: SelfSignedCert | undefined = undefined; + + return { + get: () => { + if (!state) { + throw new Error("Tried to use lensProxyCertificate before initialization"); + } + + return state; + }, + set: (cert: SelfSignedCert) => { + if (state) { + throw new Error("Tried to initialize lensProxyCertificate more than once"); + } + + state = cert; + }, + }; + }, +}); + +export default lensProxyCertificateStateInjectable; diff --git a/src/renderer/components/+helm-charts/icon.tsx b/src/renderer/components/+helm-charts/icon.tsx index 78d5be7ed3..14c9a238ef 100644 --- a/src/renderer/components/+helm-charts/icon.tsx +++ b/src/renderer/components/+helm-charts/icon.tsx @@ -21,7 +21,7 @@ export const HelmChartIcon = ({ if (!icon || failedToLoad) { return (
- + diff --git a/src/renderer/components/cluster-settings/proxy-setting.tsx b/src/renderer/components/cluster-settings/proxy-setting.tsx index 7210de36e4..f83bfa4443 100644 --- a/src/renderer/components/cluster-settings/proxy-setting.tsx +++ b/src/renderer/components/cluster-settings/proxy-setting.tsx @@ -48,7 +48,7 @@ export class ClusterProxySetting extends React.Component diff --git a/src/renderer/components/icon/icon.test.tsx b/src/renderer/components/icon/icon.test.tsx index f927caa7da..e23e2f6b82 100644 --- a/src/renderer/components/icon/icon.test.tsx +++ b/src/renderer/components/icon/icon.test.tsx @@ -35,14 +35,14 @@ describe(" href technical tests", () => { const result = render(( )); const icon = result.queryByTestId("my-icon"); expect(icon).toBeInTheDocument(); - expect(icon).toHaveAttribute("href", "http://localhost"); + expect(icon).toHaveAttribute("href", "https://localhost"); expect(logger.warn).not.toBeCalled(); }); diff --git a/src/renderer/components/input/__tests__/input_validators.test.ts b/src/renderer/components/input/__tests__/input_validators.test.ts index 63dda431d0..c396b90352 100644 --- a/src/renderer/components/input/__tests__/input_validators.test.ts +++ b/src/renderer/components/input/__tests__/input_validators.test.ts @@ -27,7 +27,7 @@ describe("input validation tests", () => { it.each([ "https://github-production-registry-package-file-4f11e5.s3.amazonaws.com/307985088/68bbbf00-309f-11eb-8457-a15e4efe9e77?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20201127%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201127T123754Z&X-Amz-Expires=300&X-Amz-Signature=9b8167f00685a20d980224d397892195abc187cdb2934cefb79edcd7ec600f78&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=0&response-content-disposition=filename%3Dstarboard-lens-extension-0.0.1-alpha.1-npm.tgz&response-content-type=application%2Foctet-stream", - "http://www.google.com", + "https://www.google.com", ])("Given '%s' is a valid url, emailOrUrl matches", (input) => { expect(emailOrUrl.validate(input)).toBe(true); }); @@ -62,7 +62,7 @@ describe("input validation tests", () => { it.each([ "https://github-production-registry-package-file-4f11e5.s3.amazonaws.com/307985088/68bbbf00-309f-11eb-8457-a15e4efe9e77?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20201127%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20201127T123754Z&X-Amz-Expires=300&X-Amz-Signature=9b8167f00685a20d980224d397892195abc187cdb2934cefb79edcd7ec600f78&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=0&response-content-disposition=filename%3Dstarboard-lens-extension-0.0.1-alpha.1-npm.tgz&response-content-type=application%2Foctet-stream", - "http://www.google.com", + "https://www.google.com", ])("Given '%s' is a valid url, emailOrUrl matches", async (input) => { try { await emailOrUrl.validate(input); diff --git a/src/renderer/k8s/api-base-server-address.injectable.ts b/src/renderer/k8s/api-base-server-address.injectable.ts index acb1f525d3..17f4028ea8 100644 --- a/src/renderer/k8s/api-base-server-address.injectable.ts +++ b/src/renderer/k8s/api-base-server-address.injectable.ts @@ -11,7 +11,7 @@ const apiBaseServerAddressInjectable = getInjectable({ instantiate: (di) => { const { port } = di.inject(windowLocationInjectable); - return `http://127.0.0.1:${port}`; + return `https://127.0.0.1:${port}`; }, injectionToken: apiBaseServerAddressInjectionToken, }); diff --git a/src/renderer/k8s/api-kube.injectable.ts b/src/renderer/k8s/api-kube.injectable.ts index 40bf7ff0a3..1bda8a725c 100644 --- a/src/renderer/k8s/api-kube.injectable.ts +++ b/src/renderer/k8s/api-kube.injectable.ts @@ -25,7 +25,7 @@ const apiKubeInjectable = getInjectable({ const lensAuthenticationHeaderValue = di.inject(lensAuthenticationHeaderValueInjectionToken); const apiKube = createKubeJsonApi({ - serverAddress: `http://127.0.0.1:${port}`, + serverAddress: `https://127.0.0.1:${port}`, apiBase: apiKubePrefix, debug: isDevelopment, }, {