diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2022-02-25 16:08:22 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2022-02-25 16:08:22 +0000 |
| commit | bb9d70c496576889ae936e153007b984ffea5a26 (patch) | |
| tree | b043cbea3948000d6618da5dd634ac3bfeed4664 /kubernetes | |
| parent | 2d427a36b97bb58c1f58fae191c7fbaad5e207f2 (diff) | |
| parent | c1aa75883eda55ab5e68cc60ba7d68ec27d1d126 (diff) | |
Merge "[AAI] Request blocking enhancement for AAI"
Diffstat (limited to 'kubernetes')
| -rw-r--r-- | kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg | 9 | ||||
| -rw-r--r-- | kubernetes/aai/resources/config/haproxy/haproxy.cfg | 9 | ||||
| -rw-r--r-- | kubernetes/aai/values.yaml | 6 |
3 files changed, 24 insertions, 0 deletions
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 9fa6d2ee9b..6e7acef17f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -88,6 +88,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1db4addb5a..1accff9935 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -119,6 +119,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 {{- end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 68d74459f4..62d1d2eabd 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -349,6 +349,12 @@ nodeSelector: {} affinity: {} +# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns +haproxy: + requestBlocking: + enabled: false + customConfigs: [] + # probe configuration parameters liveness: initialDelaySeconds: 10 |