Commit 01d7e9d0 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Fix strict-transport-security parameter

It's available only on the slave, so it is not part of master partition
configuration.

Due to the cleanup change the parameter parsing logic has to be improved.
parent e938bfc9
Pipeline #13817 failed with stage
in 0 seconds
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = de69a8c408ce4f228fc22eacb7e96657
md5sum = 04015a7a552285984d091293ef573fb9
[profile-common]
filename = instance-common.cfg.in
......@@ -26,11 +26,11 @@ md5sum = a6a626fd1579fd1d4b80ea67433ca16a
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 9cc78e7ce1960691e37f103855ff0dc9
md5sum = 1ab3fc07bb186601b54c584a3ccaf1c3
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = eb98ffd96b2768cc6a5cf664b23aabd3
md5sum = 9eb14b83ee6fc8a5afa8267d9bcf4772
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
......
......@@ -21,7 +21,6 @@
'ciphers',
'request-timeout',
'authenticate-to-backend',
'strict-transport-security',
]
%}
{% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
......
......@@ -107,12 +107,6 @@
],
"title": "Authenticate to backend",
"type": "string"
},
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"type": "integer"
}
},
"title": "Input Parameters",
......
......@@ -288,7 +288,7 @@
},
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"type": "integer"
},
......
......@@ -106,4 +106,3 @@ configuration.backend-haproxy-statistic-port = 21444
configuration.authenticate-to-backend = False
configuration.rotate-num = 4000
configuration.slave-introspection-https-port = 22443
configuration.strict-transport-security = 0
......@@ -68,7 +68,7 @@ context =
{%- for key in ['disabled-cookie-list'] %}
{%- do slave_instance.__setitem__(key, slave_instance.get(key, '').split()) %}
{%- endfor %}
{%- for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443')] %}
{%- for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443'), ('strict-transport-security', '0')] %}
{%- do slave_instance.__setitem__(key, int(slave_instance.get(key, default))) %}
{%- endfor %}
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
......@@ -128,7 +128,7 @@ context =
{%- do part_list.extend([slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend', 'strict-transport-security'] %}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
{%- if slave_instance.get(key, '') == '' %}
{%- do slave_instance.__setitem__(key, configuration[key]) %}
{%- endif %}
......
......@@ -6814,7 +6814,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'ciphers': 'ciphers',
'request-timeout': 100,
'authenticate-to-backend': True,
'strict-transport-security': 200,
# specific parameters
'-frontend-config-1-ram-cache-size': '512K',
'-frontend-config-2-ram-cache-size': '256K',
......@@ -6912,8 +6911,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'ram-cache-size': u'512K',
u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100',
u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
u'slave-kedifa-information': u'{}'
},
'caddy-frontend-2': {
'X-software_release_url': self.frontend_2_sr,
......@@ -6940,8 +6938,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'ram-cache-size': u'256K',
u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100',
u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
u'slave-kedifa-information': u'{}'
},
'caddy-frontend-3': {
'X-software_release_url': self.frontend_3_sr,
......@@ -6967,8 +6964,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
u'port': u'11443',
u're6st-verification-url': u're6st-verification-url',
u'request-timeout': u'100',
u'slave-kedifa-information': u'{}',
u'strict-transport-security': u'200'
u'slave-kedifa-information': u'{}'
},
'kedifa': {
'X-software_release_url': self.kedifa_sr,
......@@ -7014,8 +7010,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'request-timeout': '100',
'root_instance_title': 'testing partition 0',
'slap_software_type': 'RootSoftwareInstance',
'slave_instance_list': [],
'strict-transport-security': '200'
'slave_instance_list': []
}
}
self.assertEqual(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment