Page MenuHomeSoftware Heritage

Check the return code is 401 if basic auth is activated on a vhost
ClosedPublic

Authored by vsellier on Nov 3 2021, 12:23 PM.

Details

Summary

instead of the default 200
An real authentication string can't be specified because the user/pass
is displayed in the icinga web ui

Related to T3621

The result in the ui if an auth string is defined:

Test Plan

Nothing detected by octocatalog-diff as it's collected ressources,
but tested in vagrant:

  • objstorage service definition:
object Service "swh objstorage" {
  import "generic-service"

  host_name = "moma.softwareheritage.org"
  check_command = "http"
  vars.http_sni = true
  vars.http_ssl = true
  vars.http_uri = "/"
  vars.http_port = 443
  vars.http_vhost = "objstorage.softwareheritage.org"
  vars.http_expect = "401 Restricted"
  vars.http_address = "objstorage.softwareheritage.org"
  vars.http_onredirect = "sticky"
}

object Service "swh objstorage" {
  import "generic-service"

  host_name = "rp0.internal.staging.swh.network"
  check_command = "http"
  vars.http_sni = true
  vars.http_ssl = true
  vars.http_uri = "/"
  vars.http_port = 443
  vars.http_vhost = "objstorage.staging.swh.network"
  vars.http_expect = "401 Restricted"
  vars.http_address = "objstorage.staging.swh.network"
  vars.http_onredirect = "sticky"
}
  • Other services are untouched:
object Service "swh deposit" {
  import "generic-service"

  host_name = "moma.softwareheritage.org"
  check_command = "http"
  vars.http_sni = true
  vars.http_ssl = true
  vars.http_uri = "/"
  vars.http_port = 443
  vars.http_vhost = "deposit.softwareheritage.org"
  vars.http_address = "deposit.softwareheritage.org"
  vars.http_onredirect = "sticky"
}

Diff Detail

Repository
rSPSITE puppet-swh-site
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.