Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make insecure upstream servers configurable #1007

Merged
merged 3 commits into from
Dec 4, 2020
Merged

make insecure upstream servers configurable #1007

merged 3 commits into from
Dec 4, 2020

Conversation

wkloucek
Copy link
Contributor

@wkloucek wkloucek commented Dec 2, 2020
edited
Loading

At the moment we can disable certificate verification for the OIDC provider in the proxy. But you can not disable certificate verification for upstream servers defined in the proxy-config.json.

For some situations like testing, it is desirable to turn off certificate verification for upstream servers in the proxy.

@wkloucek wkloucek requested a review from refs December 2, 2020 14:03
dragotin
dragotin reviewed Dec 3, 2020
View reviewed changes
proxy/pkg/config/config.go Outdated
@@ -106,6 +106,7 @@ type Config struct {
PreSignedURL PreSignedURL
AutoprovisionAccounts bool
EnableBasicAuth bool
Insecure bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Naming: How about rather calling that SkipCertValidation or so?

But this is more in the area of nitpicking - just as you want.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is called Insecure everywhere in oCIS:

  • PROXY_OIDC_INSECURE
  • KONNECTD_INSECURE
  • GLAUTH_BACKEND_INSECURE
  • STORAGE_OIDC_INSECURE

Copy link
Contributor

@IljaN IljaN Dec 3, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would change it to InsecureBackends to signify what is insecure

IljaN
IljaN suggested changes Dec 3, 2020
View reviewed changes
proxy/pkg/proxy/proxy.go Show resolved Hide resolved
@wkloucek wkloucek requested a review from IljaN December 3, 2020 12:58
@wkloucek wkloucek force-pushed the proxy_allow_insecure_upstreams branch from cbe9817 to fe2efc3 Compare December 4, 2020 06:32
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 4, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@wkloucek wkloucek merged commit f8da4db into master Dec 4, 2020
@delete-merged-branch delete-merged-branch bot deleted the proxy_allow_insecure_upstreams branch December 4, 2020 07:23
ownclouders pushed a commit that referenced this pull request Dec 4, 2020
@wkloucek
commit f8da4db
4cdd989 
Merge: 5be1970 fe2efc3
Author: Willy Kloucek <34452982+wkloucek@users.noreply.github.com>
Date:   Fri Dec 4 08:23:16 2020 +0100

    Merge pull request #1007 from owncloud/proxy_allow_insecure_upstreams

    make insecure upstream servers configurable
@micbar micbar mentioned this pull request Dec 16, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dragotin dragotin dragotin left review comments

@IljaN IljaN IljaN approved these changes

@refs refs Awaiting requested review from refs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wkloucek @IljaN @dragotin