-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kinetics 62 enable strict transport security header for all the service endpoints #6846
Merged
kalroy
merged 27 commits into
main
from
KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints
Apr 21, 2022
Merged
Kinetics 62 enable strict transport security header for all the service endpoints #6846
kalroy
merged 27 commits into
main
from
KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints
Apr 21, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
…-all-the-service-endpoints' of github.com:chef/automate into KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
…-all-the-service-endpoints' of github.com:chef/automate into KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
…-all-the-service-endpoints' of github.com:chef/automate into KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
👷 Deploy Preview for chef-automate processing.
|
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
…-all-the-service-endpoints' of github.com:chef/automate into KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
…-all-the-service-endpoints' of github.com:chef/automate into KINETICS-62-enable-strict-transport-security-header-for-all-the-service-endpoints Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
kalroy
requested changes
Apr 5, 2022
Update the |
Sure. I will add that and update the PR. |
Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
Kudos, SonarCloud Quality Gate passed! |
Dmaddu
approved these changes
Apr 6, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me
kalroy
approved these changes
Apr 6, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔩 Description: What code changed, and why?
Added HSTS response headers in some services listed by customer. These services are:
2000 automate-gateway
10115 session-service
10161 automate-ui (nginx: master)
10117 dex (related PR: Added HSTS response header. dex-1#45)
10143 backup-gateway (minio)Note: Fix for MinIO service is dependent on upcoming refresh of core/minio package which is planned for the current quarter (Refer to PR: chef-base-plans/minio#5 and minio/minio#12256).
Also removed HSTS from load balancer for above services due to duplicate HSTS headers.
⛓️ Related Resources
Related issue: #5698
Customer bug: https://github.com/chef/customer-bugs/issues/471
👍 Definition of Done
All above 4 services running on ports (10115, 2000, 10161, 10117) should have HSTS ie. Strict-Transport-Security response header.
👟 How to Build and Test the Change
Rebuild the required components ie. session-service, automate-gateway, automate-ui and automate-load-balancer.
Testing can be done via UI or doing curl request inside hab studio. Ex:
✅ Checklist
All PRs must tick these:
With occasional exceptions, all PRs from Progress employees must tick these:
make spell
in any component directory)All PRs from Progress employees should tick these if appropriate:
Please add a note next to any checkbox above if you are NOT ticking it.
📷 Screenshots, if applicable