breaking vpn ip configuration to unique step #11620
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dwhitestratiform
requested review from
BearHanded,
braxex and
karla-vm
as code owners
dwhitestratiform
changed the title
berryd
requested changes
Mar 8, 2024
|
Code Climate has analyzed commit 7199e5d and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (90% is the threshold). This pull request will bring the total coverage in the repository to 96.8% (0.0% change). View more on Code Climate. |
berryd
approved these changes
Mar 8, 2024
berryd
approved these changes
Mar 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When the vpn restriction code was merged into mcr we noticed a few things
This PR aims to fix the above issues by doing the following
In addition I've added some debug into the cleanup step for future debugging should issues arise similar to what we saw where IPs could not be cleaned up in val.
When we merge this the expectation is that main, and val will no longer register IP's and run the cleanup step
if/when we want to add ip restrictions we'll need to update the Serverless conditional as well as the if statements in both register and cleanup steps.
Related ticket(s)
How to test
I wanted to ensure that we know what will happen in upper environments. I pushed a branch that created the waf and ipsets. The job ran through successfully including running the cleanup step that removes cidr blocks from the ipset after a successful run.
I modified the code and added this branch (waf-fix-refactor) as part of the conditional to mirror that of an upper environment where we do not have vpn restriction but also want to run tests, and also do not need to run the cleanup step. see screenshots below ... note the register IP step and the cleanup steps are being skipped but tests are still running:
configuration:
results:
I then removed my branch from the branch restrictions to ensure that registering the ip's and cleanup runs successfully. See below.... note register ip and cleanup run when then conditional for this branch is removed:
configuration:
results:
Important updates
Author checklist
convert to a different template: test → val | val → prod