From 71b12835e56b3f3527db3402dcd327e4b1de1ac6 Mon Sep 17 00:00:00 2001 From: Zamir Martins Filho Date: Wed, 29 Jan 2020 20:17:13 +0000 Subject: [PATCH] fix: Remove hard-coded values for modSecurity: - It sets only when environment variables are set - Otherwise it will use values from auto-deploy-apps --- .gitlab-ci.yml | 14 ++++++++++++-- src/bin/auto-deploy | 9 ++++----- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b5ab34..27746a0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -210,7 +210,7 @@ test-persist-environment-url: test-deploy: <<: *test-job - variables: + variables: &deploy-variables GIT_STRATEGY: none CI_APPLICATION_REPOSITORY: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image/master/test-dockerfile" CI_APPLICATION_TAG: "b359d01bc8c611a2f7b14283cc878dea4a5f85d7" @@ -226,13 +226,23 @@ test-deploy: POSTGRES_ENABLED: "true" POSTGRES_DB: $CI_ENVIRONMENT_SLUG POSTGRES_VERSION: 9.6.2 - script: - auto-deploy initialize_tiller - auto-deploy download_chart - auto-deploy deploy - helm ls --host "localhost:44134" +test-deploy-modsecurity: + extends: test-deploy + variables: + <<: *deploy-variables + AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE: "On" + script: + - auto-deploy initialize_tiller + - auto-deploy download_chart + - auto-deploy deploy + - $([[ $(kubectl get ingress production-auto-deploy -n $KUBE_NAMESPACE --no-headers=true -o custom-columns=:"metadata.annotations.nginx\.ingress\.kubernetes\.io/modsecurity-snippet") != "" ]]) + test-create-application-secret: <<: *test-job variables: diff --git a/src/bin/auto-deploy b/src/bin/auto-deploy index 38a4367..6b4fe23 100755 --- a/src/bin/auto-deploy +++ b/src/bin/auto-deploy @@ -132,8 +132,9 @@ function deploy() { secret_name='' fi + local modsecurity_set_args=() if [[ -n "$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" ]]; then - modsecurity_enabled="true" + modsecurity_set_args=("--set" "ingress.modSecurity.enabled=true,ingress.modSecurity.secRuleEngine=$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE") fi create_application_secret "$track" @@ -190,8 +191,7 @@ function deploy() { --set postgresql.postgresDatabase="$POSTGRES_DB" \ --set postgresql.imageTag="$POSTGRES_VERSION" \ --set application.initializeCommand="$DB_INITIALIZE" \ - --set ingress.modSecurity.enabled="$modsecurity_enabled" \ - --set ingress.modSecurity.secRuleEngine="$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" \ + "${modsecurity_set_args[@]}" \ "${helm_values_args[@]}" \ $HELM_UPGRADE_EXTRA_ARGS \ --namespace="$KUBE_NAMESPACE" \ @@ -231,8 +231,7 @@ function deploy() { --set postgresql.imageTag="$POSTGRES_VERSION" \ --set application.initializeCommand="" \ --set application.migrateCommand="$DB_MIGRATE" \ - --set ingress.modSecurity.enabled="$modsecurity_enabled" \ - --set ingress.modSecurity.secRuleEngine="$AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" \ + "${modsecurity_set_args[@]}" \ "${helm_values_args[@]}" \ $HELM_UPGRADE_EXTRA_ARGS \ --namespace="$KUBE_NAMESPACE" \ -- GitLab