From b67d2866553675652ffb15e66289b6400ee1b99d Mon Sep 17 00:00:00 2001 From: Jorge Turrado Date: Thu, 2 Feb 2023 01:11:59 +0100 Subject: [PATCH 1/8] chore: add VersionTLS12 as min default TLS version Signed-off-by: Jorge Turrado --- .../authentication/authentication_helpers.go | 5 +++- pkg/scalers/elasticsearch_scaler.go | 5 +++- pkg/scalers/ibmmq_scaler.go | 5 +++- pkg/scalers/influxdb_scaler.go | 5 +++- pkg/scalers/predictkube_scaler.go | 1 + pkg/scalers/redis_scaler.go | 3 ++ pkg/util/http.go | 29 +++++++++++++++++-- pkg/util/tls_config.go | 4 ++- 8 files changed, 50 insertions(+), 7 deletions(-) diff --git a/pkg/scalers/authentication/authentication_helpers.go b/pkg/scalers/authentication/authentication_helpers.go index 6ecf5c315a5..32c34dd3e3a 100644 --- a/pkg/scalers/authentication/authentication_helpers.go +++ b/pkg/scalers/authentication/authentication_helpers.go @@ -94,7 +94,10 @@ func NewTLSConfig(auth *AuthMeta) (*tls.Config, error) { } func CreateHTTPRoundTripper(roundTripperType TransportType, auth *AuthMeta, conf ...*HTTPTransport) (rt http.RoundTripper, err error) { - tlsConfig := &tls.Config{InsecureSkipVerify: false} + tlsConfig := &tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), + InsecureSkipVerify: false, + } if auth != nil && (auth.CA != "" || auth.EnableTLS) { tlsConfig, err = NewTLSConfig(auth) if err != nil || tlsConfig == nil { diff --git a/pkg/scalers/elasticsearch_scaler.go b/pkg/scalers/elasticsearch_scaler.go index 25a64dee38a..9b4fd4a2bca 100644 --- a/pkg/scalers/elasticsearch_scaler.go +++ b/pkg/scalers/elasticsearch_scaler.go @@ -244,7 +244,10 @@ func newElasticsearchClient(meta *elasticsearchMetadata, logger logr.Logger) (*e } transport := http.DefaultTransport.(*http.Transport) - transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: meta.unsafeSsl} + transport.TLSClientConfig = &tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), + InsecureSkipVerify: meta.unsafeSsl, + } config.Transport = transport esClient, err := elasticsearch.NewClient(config) diff --git a/pkg/scalers/ibmmq_scaler.go b/pkg/scalers/ibmmq_scaler.go index 8ac90c9e70f..d5c111c3446 100644 --- a/pkg/scalers/ibmmq_scaler.go +++ b/pkg/scalers/ibmmq_scaler.go @@ -179,7 +179,10 @@ func (s *IBMMQScaler) getQueueDepthViaHTTP(ctx context.Context) (int64, error) { req.SetBasicAuth(s.metadata.username, s.metadata.password) tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: s.metadata.tlsDisabled}, + TLSClientConfig: &tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), + InsecureSkipVerify: s.metadata.tlsDisabled, + }, } client := kedautil.CreateHTTPClient(s.defaultHTTPTimeout, false) client.Transport = tr diff --git a/pkg/scalers/influxdb_scaler.go b/pkg/scalers/influxdb_scaler.go index a9b5aff8837..2a92e0990be 100644 --- a/pkg/scalers/influxdb_scaler.go +++ b/pkg/scalers/influxdb_scaler.go @@ -52,7 +52,10 @@ func NewInfluxDBScaler(config *ScalerConfig) (Scaler, error) { client := influxdb2.NewClientWithOptions( meta.serverURL, meta.authToken, - influxdb2.DefaultOptions().SetTLSConfig(&tls.Config{InsecureSkipVerify: meta.unsafeSsl})) + influxdb2.DefaultOptions().SetTLSConfig(&tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), + InsecureSkipVerify: meta.unsafeSsl, + })) return &influxDBScaler{ client: client, diff --git a/pkg/scalers/predictkube_scaler.go b/pkg/scalers/predictkube_scaler.go index 7d67ffe7551..fa2abef6f1a 100644 --- a/pkg/scalers/predictkube_scaler.go +++ b/pkg/scalers/predictkube_scaler.go @@ -113,6 +113,7 @@ func (s *PredictKubeScaler) setupClientConn() error { if !grpcConf.Conn.Insecure { clientOpt = append(clientOpt, grpc.WithTransportCredentials( credentials.NewTLS(&tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), ServerName: mlEngineHost, }), )) diff --git a/pkg/scalers/redis_scaler.go b/pkg/scalers/redis_scaler.go index 858960dab67..72b85bd9acb 100644 --- a/pkg/scalers/redis_scaler.go +++ b/pkg/scalers/redis_scaler.go @@ -464,6 +464,7 @@ func getRedisClusterClient(ctx context.Context, info redisConnectionInfo) (*redi } if info.enableTLS { options.TLSConfig = &tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), InsecureSkipVerify: info.unsafeSsl, } } @@ -488,6 +489,7 @@ func getRedisSentinelClient(ctx context.Context, info redisConnectionInfo, dbInd } if info.enableTLS { options.TLSConfig = &tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), InsecureSkipVerify: info.unsafeSsl, } } @@ -509,6 +511,7 @@ func getRedisClient(ctx context.Context, info redisConnectionInfo, dbIndex int) } if info.enableTLS { options.TLSConfig = &tls.Config{ + MinVersion: kedautil.GetMinTlsVersion(), InsecureSkipVerify: info.unsafeSsl, } } diff --git a/pkg/util/http.go b/pkg/util/http.go index cf8481e2cbc..7d247efef72 100644 --- a/pkg/util/http.go +++ b/pkg/util/http.go @@ -19,10 +19,12 @@ package util import ( "crypto/tls" "net/http" + "os" "time" ) var disableKeepAlives bool +var minTLSVersion uint16 func init() { var err error @@ -30,6 +32,22 @@ func init() { if err != nil { disableKeepAlives = false } + + minTLSVersion = tls.VersionTLS12 + version, found := os.LookupEnv("KEDA_HTTP_MIN_TLS_VERSION") + if found { + switch version { + case "TLS13": + minTLSVersion = tls.VersionTLS13 + case "TLS12": + minTLSVersion = tls.VersionTLS12 + case "TLS11": + minTLSVersion = tls.VersionTLS11 + default: + minTLSVersion = tls.VersionTLS10 + } + } + } // HTTPDoer is an interface that matches the Do method on @@ -48,8 +66,11 @@ func CreateHTTPClient(timeout time.Duration, unsafeSsl bool) *http.Client { timeout = 300 * time.Millisecond } transport := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: unsafeSsl}, - Proxy: http.ProxyFromEnvironment, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: unsafeSsl, + MinVersion: GetMinTlsVersion(), + }, + Proxy: http.ProxyFromEnvironment, } if disableKeepAlives { // disable keep http connection alive @@ -62,3 +83,7 @@ func CreateHTTPClient(timeout time.Duration, unsafeSsl bool) *http.Client { } return httpClient } + +func GetMinTlsVersion() uint16 { + return minTLSVersion +} diff --git a/pkg/util/tls_config.go b/pkg/util/tls_config.go index cb6e6932fdb..c8a2b395f9d 100644 --- a/pkg/util/tls_config.go +++ b/pkg/util/tls_config.go @@ -54,7 +54,9 @@ func decryptClientKey(clientKey, clientKeyPassword string) ([]byte, error) { func NewTLSConfigWithPassword(clientCert, clientKey, clientKeyPassword, caCert string) (*tls.Config, error) { valid := false - config := &tls.Config{} + config := &tls.Config{ + MinVersion: GetMinTlsVersion(), + } if clientCert != "" && clientKey != "" { key := []byte(clientKey) From 6966887cfe394ed20e5338064a329d79e92a628f Mon Sep 17 00:00:00 2001 From: Jorge Turrado Date: Thu, 2 Feb 2023 01:22:25 +0100 Subject: [PATCH 2/8] update changelog Signed-off-by: Jorge Turrado --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 794fa93e03a..542b94fee8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -62,6 +62,7 @@ Here is an overview of all new **experimental** features: - **General**: Add a warning when KEDA run outside supported k8s versions ([#4130](https://github.com/kedacore/keda/issues/4130)) - **General**: Use (self-signed) certificates for all the communications (internals and externals) ([#3931](https://github.com/kedacore/keda/issues/3931)) +- **General**: Use TLS1.2 as minimum TLS version ([#4193](https://github.com/kedacore/keda/issues/4193)) - **Hashicorp Vault**: Add support to secrets backend version 1 ([#2645](https://github.com/kedacore/keda/issues/2645)) - **RabbitMQ Scaler**: Add TLS support ([#967](https://github.com/kedacore/keda/issues/967)) - **Redis Scalers**: Add support to Redis 7 ([#4052](https://github.com/kedacore/keda/issues/4052)) From d4453c375d0c38238e57681a2115f11e1f8ae7e9 Mon Sep 17 00:00:00 2001 From: Jorge Turrado Date: Thu, 2 Feb 2023 01:23:44 +0100 Subject: [PATCH 3/8] fix style Signed-off-by: Jorge Turrado --- pkg/scalers/authentication/authentication_helpers.go | 2 +- pkg/scalers/elasticsearch_scaler.go | 2 +- pkg/scalers/ibmmq_scaler.go | 2 +- pkg/scalers/influxdb_scaler.go | 2 +- pkg/scalers/predictkube_scaler.go | 2 +- pkg/scalers/redis_scaler.go | 6 +++--- pkg/util/http.go | 5 ++--- pkg/util/tls_config.go | 2 +- 8 files changed, 11 insertions(+), 12 deletions(-) diff --git a/pkg/scalers/authentication/authentication_helpers.go b/pkg/scalers/authentication/authentication_helpers.go index 32c34dd3e3a..db5c9d8a49f 100644 --- a/pkg/scalers/authentication/authentication_helpers.go +++ b/pkg/scalers/authentication/authentication_helpers.go @@ -95,7 +95,7 @@ func NewTLSConfig(auth *AuthMeta) (*tls.Config, error) { func CreateHTTPRoundTripper(roundTripperType TransportType, auth *AuthMeta, conf ...*HTTPTransport) (rt http.RoundTripper, err error) { tlsConfig := &tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: false, } if auth != nil && (auth.CA != "" || auth.EnableTLS) { diff --git a/pkg/scalers/elasticsearch_scaler.go b/pkg/scalers/elasticsearch_scaler.go index 9b4fd4a2bca..73c3cc22788 100644 --- a/pkg/scalers/elasticsearch_scaler.go +++ b/pkg/scalers/elasticsearch_scaler.go @@ -245,7 +245,7 @@ func newElasticsearchClient(meta *elasticsearchMetadata, logger logr.Logger) (*e transport := http.DefaultTransport.(*http.Transport) transport.TLSClientConfig = &tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: meta.unsafeSsl, } config.Transport = transport diff --git a/pkg/scalers/ibmmq_scaler.go b/pkg/scalers/ibmmq_scaler.go index d5c111c3446..700a69e2161 100644 --- a/pkg/scalers/ibmmq_scaler.go +++ b/pkg/scalers/ibmmq_scaler.go @@ -180,7 +180,7 @@ func (s *IBMMQScaler) getQueueDepthViaHTTP(ctx context.Context) (int64, error) { tr := &http.Transport{ TLSClientConfig: &tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: s.metadata.tlsDisabled, }, } diff --git a/pkg/scalers/influxdb_scaler.go b/pkg/scalers/influxdb_scaler.go index 2a92e0990be..6a3d605c948 100644 --- a/pkg/scalers/influxdb_scaler.go +++ b/pkg/scalers/influxdb_scaler.go @@ -53,7 +53,7 @@ func NewInfluxDBScaler(config *ScalerConfig) (Scaler, error) { meta.serverURL, meta.authToken, influxdb2.DefaultOptions().SetTLSConfig(&tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: meta.unsafeSsl, })) diff --git a/pkg/scalers/predictkube_scaler.go b/pkg/scalers/predictkube_scaler.go index fa2abef6f1a..4ea7341a088 100644 --- a/pkg/scalers/predictkube_scaler.go +++ b/pkg/scalers/predictkube_scaler.go @@ -113,7 +113,7 @@ func (s *PredictKubeScaler) setupClientConn() error { if !grpcConf.Conn.Insecure { clientOpt = append(clientOpt, grpc.WithTransportCredentials( credentials.NewTLS(&tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), ServerName: mlEngineHost, }), )) diff --git a/pkg/scalers/redis_scaler.go b/pkg/scalers/redis_scaler.go index 72b85bd9acb..7156755b323 100644 --- a/pkg/scalers/redis_scaler.go +++ b/pkg/scalers/redis_scaler.go @@ -464,7 +464,7 @@ func getRedisClusterClient(ctx context.Context, info redisConnectionInfo) (*redi } if info.enableTLS { options.TLSConfig = &tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: info.unsafeSsl, } } @@ -489,7 +489,7 @@ func getRedisSentinelClient(ctx context.Context, info redisConnectionInfo, dbInd } if info.enableTLS { options.TLSConfig = &tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: info.unsafeSsl, } } @@ -511,7 +511,7 @@ func getRedisClient(ctx context.Context, info redisConnectionInfo, dbIndex int) } if info.enableTLS { options.TLSConfig = &tls.Config{ - MinVersion: kedautil.GetMinTlsVersion(), + MinVersion: kedautil.GetMinTLSVersion(), InsecureSkipVerify: info.unsafeSsl, } } diff --git a/pkg/util/http.go b/pkg/util/http.go index 7d247efef72..2fd4368f58b 100644 --- a/pkg/util/http.go +++ b/pkg/util/http.go @@ -47,7 +47,6 @@ func init() { minTLSVersion = tls.VersionTLS10 } } - } // HTTPDoer is an interface that matches the Do method on @@ -68,7 +67,7 @@ func CreateHTTPClient(timeout time.Duration, unsafeSsl bool) *http.Client { transport := &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: unsafeSsl, - MinVersion: GetMinTlsVersion(), + MinVersion: GetMinTLSVersion(), }, Proxy: http.ProxyFromEnvironment, } @@ -84,6 +83,6 @@ func CreateHTTPClient(timeout time.Duration, unsafeSsl bool) *http.Client { return httpClient } -func GetMinTlsVersion() uint16 { +func GetMinTLSVersion() uint16 { return minTLSVersion } diff --git a/pkg/util/tls_config.go b/pkg/util/tls_config.go index c8a2b395f9d..3a64f1ed752 100644 --- a/pkg/util/tls_config.go +++ b/pkg/util/tls_config.go @@ -55,7 +55,7 @@ func NewTLSConfigWithPassword(clientCert, clientKey, clientKeyPassword, caCert s valid := false config := &tls.Config{ - MinVersion: GetMinTlsVersion(), + MinVersion: GetMinTLSVersion(), } if clientCert != "" && clientKey != "" { From d26aee5850f13eda0925e0167d47ee5b13b3b1ab Mon Sep 17 00:00:00 2001 From: Jorge Turrado Date: Thu, 2 Feb 2023 09:51:54 +0100 Subject: [PATCH 4/8] update the version switch Signed-off-by: Jorge Turrado --- pkg/util/http.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/util/http.go b/pkg/util/http.go index 2fd4368f58b..4a772bdce1f 100644 --- a/pkg/util/http.go +++ b/pkg/util/http.go @@ -18,15 +18,19 @@ package util import ( "crypto/tls" + "fmt" "net/http" "os" "time" + + ctrl "sigs.k8s.io/controller-runtime" ) var disableKeepAlives bool var minTLSVersion uint16 func init() { + setupLog := ctrl.Log.WithName("http_setup") var err error disableKeepAlives, err = ResolveOsEnvBool("KEDA_HTTP_DISABLE_KEEP_ALIVE", false) if err != nil { @@ -43,8 +47,11 @@ func init() { minTLSVersion = tls.VersionTLS12 case "TLS11": minTLSVersion = tls.VersionTLS11 - default: + case "TLS10": minTLSVersion = tls.VersionTLS10 + default: + setupLog.Info(fmt.Sprintf("%s is not a valid value, using `TLS12`. Allowed values are: `TLS13`,`TLS12`,`TLS11`,`TLS10`", version)) + minTLSVersion = tls.VersionTLS12 } } } From 367102d920d14b418ab68f68706cf5f9e7470b6d Mon Sep 17 00:00:00 2001 From: Jorge Turrado Date: Wed, 8 Feb 2023 12:49:30 +0100 Subject: [PATCH 5/8] add a unit test for the parsing Signed-off-by: Jorge Turrado --- pkg/util/http.go | 20 +++++++----- pkg/util/http_test.go | 72 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 7 deletions(-) create mode 100644 pkg/util/http_test.go diff --git a/pkg/util/http.go b/pkg/util/http.go index 4a772bdce1f..23c3a8c3397 100644 --- a/pkg/util/http.go +++ b/pkg/util/http.go @@ -23,6 +23,7 @@ import ( "os" "time" + "github.com/go-logr/logr" ctrl "sigs.k8s.io/controller-runtime" ) @@ -37,23 +38,28 @@ func init() { disableKeepAlives = false } - minTLSVersion = tls.VersionTLS12 + minTLSVersion = initMinTLSVersion(setupLog) +} + +func initMinTLSVersion(logger logr.Logger) uint16 { version, found := os.LookupEnv("KEDA_HTTP_MIN_TLS_VERSION") + minVersion := tls.VersionTLS12 if found { switch version { case "TLS13": - minTLSVersion = tls.VersionTLS13 + minVersion = tls.VersionTLS13 case "TLS12": - minTLSVersion = tls.VersionTLS12 + minVersion = tls.VersionTLS12 case "TLS11": - minTLSVersion = tls.VersionTLS11 + minVersion = tls.VersionTLS11 case "TLS10": - minTLSVersion = tls.VersionTLS10 + minVersion = tls.VersionTLS10 default: - setupLog.Info(fmt.Sprintf("%s is not a valid value, using `TLS12`. Allowed values are: `TLS13`,`TLS12`,`TLS11`,`TLS10`", version)) - minTLSVersion = tls.VersionTLS12 + logger.Info(fmt.Sprintf("%s is not a valid value, using `TLS12`. Allowed values are: `TLS13`,`TLS12`,`TLS11`,`TLS10`", version)) + minVersion = tls.VersionTLS12 } } + return uint16(minVersion) } // HTTPDoer is an interface that matches the Do method on diff --git a/pkg/util/http_test.go b/pkg/util/http_test.go new file mode 100644 index 00000000000..d4964e97cc9 --- /dev/null +++ b/pkg/util/http_test.go @@ -0,0 +1,72 @@ +/* +Copyright 2023 The KEDA Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "crypto/tls" + "os" + "testing" + + "github.com/go-logr/logr" +) + +type minTLSVersionTestData struct { + envSet bool + envValue string + expectedVersion uint16 +} + +var minTLSVersionTestDatas = []minTLSVersionTestData{ + { + envSet: true, + envValue: "TLS10", + expectedVersion: tls.VersionTLS10, + }, + { + envSet: true, + envValue: "TLS11", + expectedVersion: tls.VersionTLS11, + }, + { + envSet: true, + envValue: "TLS12", + expectedVersion: tls.VersionTLS12, + }, + { + envSet: true, + envValue: "TLS13", + expectedVersion: tls.VersionTLS13, + }, + { + envSet: false, + expectedVersion: tls.VersionTLS12, + }, +} + +func TestResolveMinTLSVersion(t *testing.T) { + for _, testData := range minTLSVersionTestDatas { + os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") + if testData.envSet { + os.Setenv("KEDA_HTTP_MIN_TLS_VERSION", testData.envValue) + } + minVersion := initMinTLSVersion(logr.Discard()) + + if testData.expectedVersion != minVersion { + t.Error("Failed to resolve minTLSVersion correctly", "wants", testData.expectedVersion, "got", minVersion) + } + } +} From 6c01ed1e6e82f0a860b799cd0069fff9d0c34a84 Mon Sep 17 00:00:00 2001 From: Jorge Turrado Ferrero Date: Wed, 8 Feb 2023 14:39:58 +0100 Subject: [PATCH 6/8] Update pkg/util/http_test.go Co-authored-by: Zbynek Roubalik Signed-off-by: Jorge Turrado Ferrero --- pkg/util/http_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/util/http_test.go b/pkg/util/http_test.go index d4964e97cc9..316b484d255 100644 --- a/pkg/util/http_test.go +++ b/pkg/util/http_test.go @@ -58,6 +58,7 @@ var minTLSVersionTestDatas = []minTLSVersionTestData{ } func TestResolveMinTLSVersion(t *testing.T) { + defer os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") for _, testData := range minTLSVersionTestDatas { os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") if testData.envSet { From 68ef56b95926b9b460cbd4aca05c14f16110e385 Mon Sep 17 00:00:00 2001 From: Zbynek Roubalik Date: Wed, 8 Feb 2023 14:50:15 +0100 Subject: [PATCH 7/8] Update pkg/util/http_test.go Signed-off-by: Zbynek Roubalik --- pkg/util/http_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/util/http_test.go b/pkg/util/http_test.go index 316b484d255..e440ae42fc3 100644 --- a/pkg/util/http_test.go +++ b/pkg/util/http_test.go @@ -58,7 +58,7 @@ var minTLSVersionTestDatas = []minTLSVersionTestData{ } func TestResolveMinTLSVersion(t *testing.T) { - defer os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") + defer os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") for _, testData := range minTLSVersionTestDatas { os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") if testData.envSet { From 7b36edb4bacebb64a18437c24375c62b484c165e Mon Sep 17 00:00:00 2001 From: Jorge Turrado Date: Wed, 8 Feb 2023 15:47:00 +0100 Subject: [PATCH 8/8] fix style Signed-off-by: Jorge Turrado --- pkg/util/http_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/util/http_test.go b/pkg/util/http_test.go index e440ae42fc3..970a6c76dcf 100644 --- a/pkg/util/http_test.go +++ b/pkg/util/http_test.go @@ -58,7 +58,7 @@ var minTLSVersionTestDatas = []minTLSVersionTestData{ } func TestResolveMinTLSVersion(t *testing.T) { - defer os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") + defer os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") for _, testData := range minTLSVersionTestDatas { os.Unsetenv("KEDA_HTTP_MIN_TLS_VERSION") if testData.envSet {