New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce alpha feature to hide cfg values in http gateway and dat files on disk #5550

Merged
merged 1 commit into from Sep 5, 2018

Conversation

Projects
None yet
7 participants
@elliott-davis
Member

elliott-davis commented Sep 4, 2018

set FEAT_HIDE_HTTP_SECRETS=true and --hide-http-secrets to hide secrets from the http gateway and not serialize those secrets to disk

  • also hide census and butterfly endpoints if HideHTTPSecrets is enabled

Signed-off-by: Elliott Davis elliott@excellent.io

@thesentinels

This comment has been minimized.

Show comment
Hide comment
@thesentinels

thesentinels Sep 4, 2018

Contributor

Thanks for the pull request! Here is what will happen next:

  1. Your PR will be reviewed by the maintainers
  2. If everything looks good, one of them will approve it, and your PR will be merged.

Thank you for contributing!

Contributor

thesentinels commented Sep 4, 2018

Thanks for the pull request! Here is what will happen next:

  1. Your PR will be reviewed by the maintainers
  2. If everything looks good, one of them will approve it, and your PR will be merged.

Thank you for contributing!

@raskchanky

This comment has been minimized.

Show comment
Hide comment
@raskchanky
Member

raskchanky commented Sep 4, 2018

@baumanj

Generally looks really good. I'd like to se a few changes.

Show outdated Hide outdated components/hab/src/cli.rs
Show outdated Hide outdated components/hab/src/lib.rs
Show outdated Hide outdated components/sup/src/http_gateway.rs
Show outdated Hide outdated components/sup/src/main.rs
Show outdated Hide outdated components/sup/src/manager/mod.rs
Show outdated Hide outdated components/sup/src/manager/mod.rs
@baumanj

Derp! Ignore this, see previous.

Introduce alpha feature to hide cfg values in http gateway and dat fi…
…les on disk

set HAB_FEAT_REDACT_HTTP=true to redact info from the http gateway and not serialize those secrets to disk

* also hide census and butterfly endpoints if RedactHTTP is enabled

Signed-off-by: Elliott Davis <elliott@excellent.io>
@elliott-davis

This comment has been minimized.

Show comment
Hide comment
@elliott-davis

elliott-davis Sep 4, 2018

Member

@baumanj We're creating issues to follow up on any outstanding points you had (just based on time)

Member

elliott-davis commented Sep 4, 2018

@baumanj We're creating issues to follow up on any outstanding points you had (just based on time)

@christophermaier

Looks good for now; further UX cleanups are planned

See above comment

@mwrock

This comment has been minimized.

Show comment
Hide comment
@mwrock

mwrock Sep 4, 2018

Contributor

I don't see any reference to --hide-http-secrets in here. Do we magically set feature flags dynamically if an arg matches?

Contributor

mwrock commented Sep 4, 2018

I don't see any reference to --hide-http-secrets in here. Do we magically set feature flags dynamically if an arg matches?

@baumanj

baumanj approved these changes Sep 4, 2018

Looks good! Let's make sure we do follow up on the deeper changes.

@baumanj

This comment has been minimized.

Show comment
Hide comment

@christophermaier christophermaier merged commit 3935013 into master Sep 5, 2018

4 checks passed

DCO This commit has a DCO Signed-off-by line
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
expeditor/config-validation Validated your Expeditor config file
Details

@christophermaier christophermaier deleted the elliott/ff_health branch Sep 5, 2018

chef-ci pushed a commit that referenced this pull request Sep 5, 2018

Chef Expeditor
Update CHANGELOG.md with details from pull request #5550
Obvious fix; these changes are the result of automation not creative thinking.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment