Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop listening on 127.0.0.1:4001 with http #212

Merged
merged 4 commits into from
Sep 22, 2023
Merged

Stop listening on 127.0.0.1:4001 with http #212

merged 4 commits into from
Sep 22, 2023

Conversation

addyess
Copy link
Member

@addyess addyess commented Sep 19, 2023
edited
Loading

In order to address a security concern with etcd, we should stop listening on port 4001 (http) and instead only use the more secure https://127.0.0.1:2379 for charm configuration. If the admin wishes to expose 4001 -- they may do so only on the localhost with a new charm config option bind_with_insecure_http.

This PR merges into a branch where I've upgraded the charm to use juju 3.1 for integration testing

  • Addresses lp#2008652
  • Allows for a config bind_with_insecure_http to allow the user to enable if wanted

@addyess addyess added the bug label Sep 20, 2023
kwmonroe
kwmonroe approved these changes Sep 21, 2023
View reviewed changes
Copy link
Contributor

@kwmonroe kwmonroe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with minor suggestion to the config description.

I really like the new option to re-create an insecure endpoint if someone really wants it, though I think we should target this for 1.29 vs a 1.28 maint release.

config.yaml Outdated Show resolved Hide resolved
@addyess @kwmonroe
Update config.yaml
4345ded 
Co-authored-by: Kevin W Monroe <[email protected]>
@addyess addyess merged commit 12d8186 into akd/juju31-testing Sep 22, 2023
@addyess addyess deleted the akd/lp2008652/stop-listening-on-4001-http branch September 22, 2023 12:47
@addyess addyess mentioned this pull request Sep 22, 2023
Merged
addyess added a commit that referenced this pull request Sep 22, 2023
@addyess @kwmonroe
Upgrade tests to juju 3.1 (#211)
bbb2ed3 
* Upgrade tests to juju 3.1

* Update test_etcd.py

use model destroy_unit()

* Stop listening on 127.0.0.1:4001 with http (#212)

* Stop listening on 127.0.0.1:4001 with http

* Ensure the restore action uses the secure endpoint as well

* linting

* Update config.yaml

Co-authored-by: Kevin W Monroe <[email protected]>

---------

Co-authored-by: Kevin W Monroe <[email protected]>

---------

Co-authored-by: Kevin W Monroe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kwmonroe kwmonroe kwmonroe approved these changes

Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@addyess @kwmonroe