Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(3021) Exclude health check requests from host auth #2319

Merged
merged 1 commit into from
Jan 17, 2024
Merged

(3021) Exclude health check requests from host auth #2319

merged 1 commit into from
Jan 17, 2024

Conversation

CristinaRO
Copy link
Collaborator

Changes in this PR

Exclude health check requests from host authorisation, to allow the AWS deploy pipeline to proceed faster. Currently health check requests are denied by the host auth process, because the IPs are not in the DOMAIN or ADDITIONAL_HOSTNAMES env vars.

We don't have a canonical list of the IPs, nor do we have easy access to the env vars (these particular env vars live in task definitions, not in ParameterStore).

https://api.rubyonrails.org/classes/ActionDispatch/HostAuthorization.html

Screenshots of UI changes

N/A

Next steps

  • Is an ADR required? An ADR should be added if this PR introduces a change to the architecture.
  • Is a changelog entry required? An entry should always be made in CHANGELOG.md, unless this PR is a small tweak which has no impact outside the development team.
  • Do any environment variables need amending or adding?
  • Have any changes to the XML been checked with the IATI validator? See XML Validation

@CristinaRO CristinaRO force-pushed the 3021-get-rid-of-unauthorised-host-error branch 2 times, most recently from d2ebe22 to ca309ee Compare January 16, 2024 17:03
@CristinaRO
Copy link
Collaborator Author

Get rid of unauthorised host error for AWS health check requests

mec
mec requested changes Jan 17, 2024
View reviewed changes
config/application.rb Outdated Show resolved Hide resolved
@CristinaRO
Exclude health check requests from host auth
38b634a 
Exclude health check requests from host authorisation, to allow the AWS
deploy pipeline to proceed faster. Currently health check requests are
denied by the host auth process, because the IPs are not in the DOMAIN
or ADDITIONAL_HOSTNAMES env vars.

We don't have a canonical list of the IPs, nor do we have easy access to
the env vars (these particular env vars live in task definitions, not
in ParameterStore).

https://api.rubyonrails.org/classes/ActionDispatch/HostAuthorization.html
@CristinaRO CristinaRO force-pushed the 3021-get-rid-of-unauthorised-host-error branch from ca309ee to 38b634a Compare January 17, 2024 11:04
@CristinaRO CristinaRO requested a review from mec January 17, 2024 11:06
mec
mec approved these changes Jan 17, 2024
View reviewed changes
Copy link
Collaborator

@mec mec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@CristinaRO CristinaRO merged commit a77f334 into develop Jan 17, 2024
3 checks passed
@CristinaRO CristinaRO deleted the 3021-get-rid-of-unauthorised-host-error branch January 17, 2024 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mec mec mec approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@CristinaRO @mec