Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Strict-Transport-Security Header for all the service endpoints #5698

Closed
kalroy opened this issue Sep 9, 2021 · 0 comments · Fixed by #6846
Closed

Enable Strict-Transport-Security Header for all the service endpoints #5698

kalroy opened this issue Sep 9, 2021 · 0 comments · Fixed by #6846
Assignees
@kalroy
Labels
bug 🐛 Something isn't working security Team: Kinetic Analysis, user managerment, compliance size, govt findings, Telemetry, Customer bugs, CVE issues

Comments

@kalroy
Copy link
Collaborator

kalroy commented Sep 9, 2021

User Story

Enable Strict-Transport-Security header for all the endpoints of all the services inside Automate micro-services.
Some of the ones to be named:

Chef Automate ->

2000 automate-gatew

10115 session-servic

10117 dex

10143 minio

10161 nginx: master

https://github.com/chef/customer-bugs/issues/471

Acceptance Criteria

  • All the service endpoints of the microservices should have the Strict-Transport-Security set
  • Load balancers/Haproxy can be set at the config level

Definition of Done

  • All things specified in User Story Acceptance Criteria should be fulfilled.
  • All Exceptions are Handled Properly
  • Ensure logs have no unnecessary data.
  • Test coverage for the new feature is done to at least 70%
  • If needed raise Docs PR and tag documentation.
  • Swagger Documentation updated
  • Smoke Test done.
  • Ensure Build and Integration Pipelines are Green.
  • PR has 2 approvers.
  • All Code Review Comments are Resolved.
  • README doc should be updated, if needed.
@kalroy kalroy self-assigned this Sep 9, 2021
@kalroy kalroy added bug 🐛 Something isn't working security labels Sep 9, 2021
@kalroy kalroy mentioned this issue Nov 16, 2021
Open
3 tasks
@kalroy kalroy added the Team: Kinetic Analysis, user managerment, compliance size, govt findings, Telemetry, Customer bugs, CVE issues label Nov 16, 2021
@atultherajput atultherajput linked a pull request Apr 4, 2022 that will close this issue
Kinetics 62 enable strict transport security header for all the service endpoints #6846
Merged
9 tasks
This was referenced Apr 4, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kalroy kalroy

Labels
bug 🐛 Something isn't working security Team: Kinetic Analysis, user managerment, compliance size, govt findings, Telemetry, Customer bugs, CVE issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Kinetics 62 enable strict transport security header for all the service endpoints chef/automate
1 participant
@kalroy