-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure virt-export route has redirect policy #12195
Conversation
9a3f24a
to
6ee594f
Compare
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @awels!
General question: Should we redirect or block insecure connections?
Regarding the code: only two little things regarding the pkg.
I know that this is outside of the scope of this PR but I think that only one of GetAllRoutes
and NewExportProxyRoute
should be exported (maybe the first one).
Currently, NewExportProxyRoute
is exported to allow the usage in the kubevirt_test
file, which does not look so good to me :)
@@ -0,0 +1,21 @@ | |||
package components |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing header
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it be components_test
?
Either block or redirect are options. I am just following what other similar routes do, and they do redirect so I did the same. Let me add the header and change the package name. |
The virt-export route should have a redirect policy to ensure that insecure requests are automatically redirected to the secure route. Signed-off-by: Alexander Wels <awels@redhat.com>
6ee594f
to
68e0ef9
Compare
Fair enough! Thank you! |
Looks good, thanks! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alicefr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Required labels detected, running phase 2 presubmits: |
/cherrypick release-1.3 |
@awels: new pull request created: #12226 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/cherrypick release-1.2 |
@awels: new pull request created: #12227 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/cherrypick release-1.1 |
@awels: #12195 failed to apply on top of branch "release-1.1":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
What this PR does
Before this PR:
The virt-export route did not have an EdgeTerminationPolicy set.
After this PR:
The virt-export route has an EdgeTerminationPolicy of redirect to ensure that insecure requests are automatically redirected to the secure route.
Fixes https://issues.redhat.com/browse/CNV-43248
Why we need it and why it was done in this way
The following tradeoffs were made:
The following alternatives were considered:
Links to places where the discussion took place:
Special notes for your reviewer
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note