Enable Insecure Requests for SFT Lookups in a Test Environment#2014
Merged
mdimjasevic merged 8 commits intodevelopfrom Dec 30, 2021
Merged
Enable Insecure Requests for SFT Lookups in a Test Environment#2014mdimjasevic merged 8 commits intodevelopfrom
mdimjasevic merged 8 commits intodevelopfrom
Conversation
added 6 commits
December 29, 2021 16:07
- Also fix a request to an SFT's `GET /sft/url`
- This insecure connection will have to be guarded by a Brig configuration flag that is yet to be introduced
- Also fix how the SFT environment is computed. Before, it would rely on the SFT lookup parameters to be set to keep on working. This makes SFT lookup parameters truly optional.
mdimjasevic
force-pushed
the
fs-266/update-sft-configuration
branch
from
9bfaf61 to
9c3d761
Compare
added 2 commits
December 30, 2021 14:36
mdimjasevic
changed the title
mdimjasevic
changed the title
julialongtin
approved these changes
Dec 30, 2021
mdimjasevic
changed the title
mdimjasevic
changed the title
4 tasks
This was referenced Jan 3, 2022
jschaul
added a commit
that referenced
this pull request
Jan 4, 2022
…ftd_disco sidecar process. (#2019) Related to https://wearezeta.atlassian.net/browse/FS-266. Implements querying the list of all SFT servers from the sftd's sidecar nginx pod. This is a different take on the above issue and if this list provided by sft servers is made use of; then that makes some of the work introduced in #2012 #2014 #2015 obsolete (sorry 😟 ). From brig, using the url configured in `setSftStaticUrl`, and calling `/sft_servers_all.json` on that URL, this PR provides a list of all SFT servers available. The list is computed on the SFTD chart itself (using a sftd_disco sidecar container). This has the advantage of allowing brig to be hosted on a separate kubernetes cluster to sftd, and moves the business logic of knowing sftd servers to sftd itself. From a brig pod on a test cluster: ``` # cat /etc/wire/brig/conf/brig.yaml | grep sft setSftStaticUrl: https://sftd.a.adhoc-testing.wire.link:443 / # curl -ks https://sftd.a.adhoc-testing.wire.link:443/sft_servers_all.json { "sft_servers_all": [ "https://sftd.a.adhoc-testing.wire.link/sfts/wire-server-a-sftd-0" ] } ``` Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com>
Merged
4 tasks
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a follow-up to PR #2012 as part of https://wearezeta.atlassian.net/browse/FS-266:
https://<ip-address>/...) if a test environment flag is set in Brig's configurationGET https://<sft-ip-address>/sft/urlChecklist
changelog.d.