Commit 71b12835 authored by Zamir Martins Filho's avatar Zamir Martins Filho Committed by Thong Kuah
Browse files

fix: Remove hard-coded values for modSecurity: 

- It sets only when environment variables are set
- Otherwise it will use values from auto-deploy-apps
parent 4392d927

.gitlab-ci.yml

+12 −2
Original line number Diff line number Diff line
@@ -210,7 +210,7 @@ test-persist-environment-url: 


test-deploy:

  <<: *test-job

  variables:

  variables: &deploy-variables

    GIT_STRATEGY: none

    CI_APPLICATION_REPOSITORY: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image/master/test-dockerfile"

    CI_APPLICATION_TAG: "b359d01bc8c611a2f7b14283cc878dea4a5f85d7"
@@ -226,13 +226,23 @@ test-deploy: 
    POSTGRES_ENABLED: "true"

    POSTGRES_DB: $CI_ENVIRONMENT_SLUG

    POSTGRES_VERSION: 9.6.2



  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - helm ls --host "localhost:44134"



test-deploy-modsecurity:

  extends: test-deploy

  variables:

    <<: *deploy-variables

    AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE: "On"

  script:

    - auto-deploy initialize_tiller

    - auto-deploy download_chart

    - auto-deploy deploy

    - $([[ $(kubectl get ingress production-auto-deploy -n $KUBE_NAMESPACE --no-headers=true -o custom-columns=:"metadata.annotations.nginx\.ingress\.kubernetes\.io/modsecurity-snippet") != "<none>" ]])



test-create-application-secret:

  <<: *test-job

  variables:

src/bin/auto-deploy

+4 −5
Original line number Diff line number Diff line
@@ -132,8 +132,9 @@ function deploy() { 
    secret_name=''

  fi



  local modsecurity_set_args=()

  if [[ -n "$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" ]]; then

    modsecurity_enabled="true"

    modsecurity_set_args=("--set" "ingress.modSecurity.enabled=true,ingress.modSecurity.secRuleEngine=$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE")

  fi



  create_application_secret "$track"
@@ -190,8 +191,7 @@ function deploy() { 
      --set postgresql.postgresDatabase="$POSTGRES_DB" \

      --set postgresql.imageTag="$POSTGRES_VERSION" \

      --set application.initializeCommand="$DB_INITIALIZE" \

      --set ingress.modSecurity.enabled="$modsecurity_enabled" \

      --set ingress.modSecurity.secRuleEngine="$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" \

      "${modsecurity_set_args[@]}" \

      "${helm_values_args[@]}" \

      $HELM_UPGRADE_EXTRA_ARGS \

      --namespace="$KUBE_NAMESPACE" \
@@ -231,8 +231,7 @@ function deploy() { 
    --set postgresql.imageTag="$POSTGRES_VERSION" \

    --set application.initializeCommand="" \

    --set application.migrateCommand="$DB_MIGRATE" \

    --set ingress.modSecurity.enabled="$modsecurity_enabled" \

    --set ingress.modSecurity.secRuleEngine="$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" \

    "${modsecurity_set_args[@]}" \

    "${helm_values_args[@]}" \

    $HELM_UPGRADE_EXTRA_ARGS \

    --namespace="$KUBE_NAMESPACE" \