Merge lp:~simpoir/landscape-charm/pass_ping_through_https into lp:landscape-charm

Proposed by Simon Poirier
Status: Merged
Approved by: Simon Poirier
Approved revision: 402
Merged at revision: 402
Proposed branch: lp:~simpoir/landscape-charm/pass_ping_through_https
Merge into: lp:landscape-charm
Diff against target: 60 lines (+9/-1)
2 files modified
lib/relations/haproxy.py (+2/-0)
lib/relations/tests/test_haproxy.py (+7/-1)
To merge this branch: bzr merge lp:~simpoir/landscape-charm/pass_ping_through_https
Reviewer Review Type Date Requested Status
Daniel Manrique Approve
🤖 Landscape Builder test results Approve
Review via email: mp+384051@code.launchpad.net

Commit message

Add ping service to the https frontend in haproxy.

Description of the change

A few customers have strict no cleartext http policies.
Although not a security issue, the /ping endpoint was only exposed as http.

This branch changes that by also adding the backend to the https services
in haproxy, thus allowing that traffic to also go through https.

To post a comment you must log in.
Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :
review: Approve (test results)
Revision history for this message
Daniel Manrique (roadmr) wrote :

+1 thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/relations/haproxy.py'
2--- lib/relations/haproxy.py 2017-03-20 11:24:41 +0000
3+++ lib/relations/haproxy.py 2020-05-15 22:18:31 +0000
4@@ -43,10 +43,12 @@
5 "acl attachment path_beg -i /attachment",
6 "acl api path_beg -i /api",
7 "acl prometheus_metrics path_beg -i /metrics",
8+ "acl ping path_beg -i /ping",
9 "http-request deny if prometheus_metrics",
10 "use_backend landscape-message if message",
11 "use_backend landscape-message if attachment",
12 "use_backend landscape-api if api",
13+ "use_backend landscape-ping if ping",
14 ],
15 }
16 SERVER_BASE_PORTS = {
17
18=== modified file 'lib/relations/tests/test_haproxy.py'
19--- lib/relations/tests/test_haproxy.py 2017-03-20 11:29:10 +0000
20+++ lib/relations/tests/test_haproxy.py 2020-05-15 22:18:31 +0000
21@@ -107,10 +107,12 @@
22 "acl attachment path_beg -i /attachment",
23 "acl api path_beg -i /api",
24 "acl prometheus_metrics path_beg -i /metrics",
25+ "acl ping path_beg -i /ping",
26 "http-request deny if prometheus_metrics",
27 "use_backend landscape-message if message",
28 "use_backend landscape-message if attachment",
29- "use_backend landscape-api if api"],
30+ "use_backend landscape-api if api",
31+ "use_backend landscape-ping if ping"],
32 "errorfiles": expected_errorfiles,
33 "crts": expected_certs,
34 "servers": [
35@@ -433,10 +435,12 @@
36 "acl attachment path_beg -i /attachment",
37 "acl api path_beg -i /api",
38 "acl prometheus_metrics path_beg -i /metrics",
39+ "acl ping path_beg -i /ping",
40 "http-request deny if prometheus_metrics",
41 "use_backend landscape-message if message",
42 "use_backend landscape-message if attachment",
43 "use_backend landscape-api if api",
44+ "use_backend landscape-ping if ping",
45 "acl pppa-proxy path_beg -i /archive",
46 "reqrep ^([^\\ ]*)\\ /archive/(.*) \\1\\ /\\2",
47 "use_backend landscape-pppa-proxy if pppa-proxy",
48@@ -490,10 +494,12 @@
49 "acl attachment path_beg -i /attachment",
50 "acl api path_beg -i /api",
51 "acl prometheus_metrics path_beg -i /metrics",
52+ "acl ping path_beg -i /ping",
53 "http-request deny if prometheus_metrics",
54 "use_backend landscape-message if message",
55 "use_backend landscape-message if attachment",
56 "use_backend landscape-api if api",
57+ "use_backend landscape-ping if ping",
58 "acl pppa-proxy hdr(host) -i archive.landscape.dev",
59 "use_backend landscape-pppa-proxy if pppa-proxy",
60 ],

Subscribers

People subscribed via source and target branches