search

cds-snc / url-shortener

An API written in Python that shortens URLs
MIT License
4 stars 1 forks source link

fix: add contact paths to the firewall #263

Closed patheard closed 1 year ago

patheard commented 1 year ago

Summary

Allow the English and French Contact us paths through the firewall.

Also update the other regular expressions to allow an optional trailing / and tighten down the static files path.

Related

github-actions[bot] commented 1 year ago

Staging: cloudfront

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|-----------------------------------------------| | update | `aws_wafv2_regex_pattern_set.valid_uri_paths` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_wafv2_regex_pattern_set.valid_uri_paths will be updated in-place ~ resource "aws_wafv2_regex_pattern_set" "valid_uri_paths" { id = "0f686f62-6a61-4453-b650-57f0ff027aa7" name = "valid-api-paths" tags = { "CostCentre" = "url-shortener-staging" "Terraform" = "true" } # (5 unchanged attributes hidden) - regular_expression { - regex_string = "^/?(en|fr)?$" -> null } + regular_expression { + regex_string = "^/?(en|fr)?/?$" } - regular_expression { - regex_string = "^/[0-9A-Za-z]{8}$" -> null } + regular_expression { + regex_string = "^/[0-9A-Za-z]{8}/?$" } + regular_expression { + regex_string = "^/en/(login|logout|contact|magic-link)/?$" } - regular_expression { - regex_string = "^/en/(login|logout|magic-link)/?$" -> null } + regular_expression { + regex_string = "^/fr/(connexion|deconnexion|contact|lien-magique)/?$" } - regular_expression { - regex_string = "^/fr/(connexion|deconnexion|lien-magique*)$" -> null } - regular_expression { - regex_string = "^/lang/(en|fr)$" -> null } + regular_expression { + regex_string = "^/lang/(en|fr)/?$" } + regular_expression { + regex_string = "^/static/(css|js|img)/[^/]+$" } - regular_expression { - regex_string = "^/static/*$" -> null } - regular_expression { - regex_string = "^/v1$" -> null } + regular_expression { + regex_string = "^/v1/?$" } # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["module.resolver_dns.aws_route53_resolver_firewall_rule_group_association.firewall_rules[0]"] WARN - plan.json - main - Missing Common Tags: ["module.resolver_dns.aws_route53_resolver_query_log_config.route53_vpc_dns"] 19 tests, 17 passed, 2 warnings, 0 failures, 0 exceptions ```