Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor GRPC TLS connection defaults #6163

Merged
merged 1 commit into from
Oct 12, 2021
Merged

Refactor GRPC TLS connection defaults #6163

merged 1 commit into from
Oct 12, 2021

Conversation

aledbf
Copy link
Member

@aledbf aledbf commented Oct 11, 2021
edited
Loading

Description

Refactor TLSConfig to be more strict. In particular, disable tls1.3.

Changes:

  • CurvePreferences: tls.X25519, tls.CurveP256
  • TLS versions (min/max) to tls.VersionTLS12
  • Enable h2 setting NextProtos

Release Notes

Refactor GRPC TLS connection defaults

xref: #5301

@aledbf aledbf force-pushed the aledbf/tlsgrpc branch 3 times, most recently from 7798445 to dd6c506 Compare October 11, 2021 22:28
@aledbf
Copy link
Member Author

aledbf commented Oct 11, 2021
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-aledbf-tlsgrpc.4

@aledbf aledbf requested review from csweichel and removed request for gtsiolis October 11, 2021 22:56
@aledbf aledbf changed the title Refactor GRPC TLS connection default Refactor GRPC TLS connection defaults Oct 11, 2021
@aledbf
Copy link
Member Author

aledbf commented Oct 12, 2021
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-aledbf-tlsgrpc.5

@codecov
Copy link

codecov bot commented Oct 12, 2021
edited
Loading

Codecov Report

Merging #6163 (5550f46) into main (3743533) will increase coverage by 15.60%.
The diff coverage is 0.00%.

❗ Current head 5550f46 differs from pull request most recent head a89255a. Consider uploading reports for the commit a89255a to get more accurate results
Impacted file tree graph

@@             Coverage Diff             @@
##             main    #6163       +/-   ##
===========================================
+ Coverage   19.04%   34.65%   +15.60%     
===========================================
  Files           2      116      +114     
  Lines         168    21298    +21130     
===========================================
+ Hits           32     7381     +7349     
- Misses        134    13250    +13116     
- Partials        2      667      +665
Flag Coverage Δ
components-blobserve-app 28.57% <ø> (?)
components-common-go-lib 36.89% <ø> (?)
components-content-service-api-go-lib ∅ <ø> (?)
components-content-service-app 14.48% <ø> (?)
components-content-service-lib 14.48% <ø> (?)
components-ee-agent-smith-app 25.52% <ø> (?)
components-ee-kedge-app 45.48% <ø> (?)
components-ee-ws-scheduler-app 63.89% <0.00%> (?)
components-image-builder-api-go-lib ∅ <ø> (?)
components-image-builder-app 34.44% <ø> (?)
components-image-builder-bob-app ∅ <ø> (?)
components-image-builder-mk3-app 35.20% <0.00%> (?)
components-local-app-app-linux-amd64 ?
components-local-app-app-linux-arm64 ?
components-local-app-app-windows-386 ?
components-local-app-app-windows-amd64 ?
components-local-app-app-windows-arm64 ?
components-openvsx-proxy-app 46.22% <ø> (?)
components-registry-facade-app 11.85% <0.00%> (?)
components-registry-facade-lib 11.85% <0.00%> (?)
components-service-waiter-app ∅ <ø> (?)
components-supervisor-app 37.88% <ø> (?)
components-workspacekit-app 7.09% <ø> (?)
components-ws-daemon-api-go-lib ∅ <ø> (?)
components-ws-daemon-app 22.11% <ø> (?)
components-ws-daemon-nsinsider-app ∅ <ø> (?)
components-ws-manager-api-go-lib ∅ <ø> (?)
components-ws-manager-app 39.48% <0.00%> (?)
components-ws-proxy-app 69.68% <0.00%> (?)
dev-loadgen-app ∅ <ø> (?)
dev-poolkeeper-app ∅ <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
components/ee/ws-scheduler/pkg/scaler/driver.go 53.97% <0.00%> (ø)
...image-builder-mk3/pkg/orchestrator/orchestrator.go 40.10% <0.00%> (ø)
...omponents/registry-facade/pkg/registry/registry.go 0.00% <0.00%> (ø)
components/ws-manager/pkg/manager/manager.go 25.65% <0.00%> (ø)
components/ws-proxy/pkg/proxy/infoprovider.go 62.30% <0.00%> (ø)
components/local-app/pkg/auth/auth.go
components/local-app/pkg/auth/pkce.go
components/ws-manager/pkg/manager/create.go 79.68% <0.00%> (ø)
components/workspacekit/cmd/rings.go 6.97% <0.00%> (ø)
...s/content-service/pkg/service/workspace-service.go 0.00% <0.00%> (ø)
... and 113 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3743533...a89255a. Read the comment docs.

@aledbf aledbf force-pushed the aledbf/tlsgrpc branch 3 times, most recently from 5550f46 to 246b2f1 Compare October 12, 2021 02:01
@csweichel
Copy link
Contributor

/lgtm

@roboquat roboquat added the lgtm label Oct 12, 2021
@roboquat
Copy link
Contributor

LGTM label has been added.

Git tree hash: 4921172d4d0bf14e8c73872646b1809dd0e6f9bf

@roboquat
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csweichel

Associated issue: #5301

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@roboquat roboquat merged commit 1eb8f86 into main Oct 12, 2021
@roboquat roboquat deleted the aledbf/tlsgrpc branch October 12, 2021 19:10
@iQQBot iQQBot mentioned this pull request Oct 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csweichel csweichel Awaiting requested review from csweichel

Assignees

@csweichel csweichel

Labels
approved release-note size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@aledbf @csweichel @roboquat