search

kubevirt / hyperconverged-cluster-operator

Operator pattern for managing multi-operator products
Apache License 2.0
149 stars 150 forks source link

[CNV-39949] enable nosniff for kubevirt-console-plugin nginx config #2965

Closed orenc1 closed 3 months ago

orenc1 commented 3 months ago

What this PR does / why we need it: To increase security measures, it is advise to add the 'nosniff' Anti-MIME-Sniffing header X-Content-Type-Options in the kubevirt-console-plugin NGINX configuration. The advantages of setting it are:

Reviewer Checklist

Reviewers are supposed to review the PR for every aspect below one by one. To check an item means the PR is either "OK" or "Not Applicable" in terms of that item. All items are supposed to be checked before merging a PR.

Jira Ticket:

https://issues.redhat.com/browse/CNV-39949

Release note:

Enable 'nosniff' for kubevirt-console-plugin nginx webserver
kubevirt-bot commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nunnatsa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubevirt/hyperconverged-cluster-operator/blob/main/OWNERS)~~ [nunnatsa] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
nunnatsa commented 3 months ago

/override-bot

hco-bot commented 3 months ago

hco-e2e-kv-smoke-gcp lane succeeded. /override ci/prow/hco-e2e-kv-smoke-azure hco-e2e-consecutive-operator-sdk-upgrades-azure lane succeeded. /override ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws hco-e2e-upgrade-prev-operator-sdk-sno-azure lane succeeded. /override ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws hco-e2e-upgrade-operator-sdk-azure lane succeeded. /override ci/prow/hco-e2e-upgrade-operator-sdk-aws hco-e2e-operator-sdk-sno-azure lane succeeded. /override ci/prow/hco-e2e-operator-sdk-sno-aws hco-e2e-operator-sdk-gcp lane succeeded. /override ci/prow/hco-e2e-operator-sdk-aws hco-e2e-operator-sdk-gcp lane succeeded. /override ci/prow/hco-e2e-operator-sdk-azure

kubevirt-bot commented 3 months ago

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws, ci/prow/hco-e2e-kv-smoke-azure, ci/prow/hco-e2e-operator-sdk-aws, ci/prow/hco-e2e-operator-sdk-azure, ci/prow/hco-e2e-operator-sdk-sno-aws, ci/prow/hco-e2e-upgrade-operator-sdk-aws, ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws

In response to [this](https://github.com/kubevirt/hyperconverged-cluster-operator/pull/2965#issuecomment-2120229039): >hco-e2e-kv-smoke-gcp lane succeeded. >/override ci/prow/hco-e2e-kv-smoke-azure >hco-e2e-consecutive-operator-sdk-upgrades-azure lane succeeded. >/override ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws >hco-e2e-upgrade-prev-operator-sdk-sno-azure lane succeeded. >/override ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws >hco-e2e-upgrade-operator-sdk-azure lane succeeded. >/override ci/prow/hco-e2e-upgrade-operator-sdk-aws >hco-e2e-operator-sdk-sno-azure lane succeeded. >/override ci/prow/hco-e2e-operator-sdk-sno-aws >hco-e2e-operator-sdk-gcp lane succeeded. >/override ci/prow/hco-e2e-operator-sdk-aws >hco-e2e-operator-sdk-gcp lane succeeded. >/override ci/prow/hco-e2e-operator-sdk-azure > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
nunnatsa commented 3 months ago

/retest

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

orenc1 commented 3 months ago

fixed the indentation. @nunnatsa , could you please re-review?

nunnatsa commented 3 months ago

/lgtm

hco-bot commented 3 months ago

hco-e2e-upgrade-prev-operator-sdk-azure lane succeeded. /override ci/prow/hco-e2e-upgrade-prev-operator-sdk-aws hco-e2e-consecutive-operator-sdk-upgrades-azure lane succeeded. /override ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws hco-e2e-upgrade-prev-operator-sdk-sno-azure lane succeeded. /override ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws hco-e2e-operator-sdk-azure lane succeeded. /override ci/prow/hco-e2e-operator-sdk-aws hco-e2e-operator-sdk-azure lane succeeded. /override ci/prow/hco-e2e-operator-sdk-gcp hco-e2e-upgrade-operator-sdk-azure lane succeeded. /override ci/prow/hco-e2e-upgrade-operator-sdk-aws

kubevirt-bot commented 3 months ago

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws, ci/prow/hco-e2e-operator-sdk-aws, ci/prow/hco-e2e-operator-sdk-gcp, ci/prow/hco-e2e-upgrade-operator-sdk-aws, ci/prow/hco-e2e-upgrade-prev-operator-sdk-aws, ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws

In response to [this](https://github.com/kubevirt/hyperconverged-cluster-operator/pull/2965#issuecomment-2120700618): >hco-e2e-upgrade-prev-operator-sdk-azure lane succeeded. >/override ci/prow/hco-e2e-upgrade-prev-operator-sdk-aws >hco-e2e-consecutive-operator-sdk-upgrades-azure lane succeeded. >/override ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws >hco-e2e-upgrade-prev-operator-sdk-sno-azure lane succeeded. >/override ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws >hco-e2e-operator-sdk-azure lane succeeded. >/override ci/prow/hco-e2e-operator-sdk-aws >hco-e2e-operator-sdk-azure lane succeeded. >/override ci/prow/hco-e2e-operator-sdk-gcp >hco-e2e-upgrade-operator-sdk-azure lane succeeded. >/override ci/prow/hco-e2e-upgrade-operator-sdk-aws > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
orenc1 commented 3 months ago

/retest

hco-bot commented 3 months ago

hco-e2e-operator-sdk-sno-azure lane succeeded. /override ci/prow/hco-e2e-operator-sdk-sno-aws

kubevirt-bot commented 3 months ago

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-operator-sdk-sno-aws

In response to [this](https://github.com/kubevirt/hyperconverged-cluster-operator/pull/2965#issuecomment-2122193274): >hco-e2e-operator-sdk-sno-azure lane succeeded. >/override ci/prow/hco-e2e-operator-sdk-sno-aws > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
orenc1 commented 3 months ago

/retest

nunnatsa commented 3 months ago

/override-bot

hco-bot commented 3 months ago

hco-e2e-kv-smoke-gcp lane succeeded. /override ci/prow/hco-e2e-kv-smoke-azure

kubevirt-bot commented 3 months ago

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure

In response to [this](https://github.com/kubevirt/hyperconverged-cluster-operator/pull/2965#issuecomment-2123850595): >hco-e2e-kv-smoke-gcp lane succeeded. >/override ci/prow/hco-e2e-kv-smoke-azure > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
nunnatsa commented 3 months ago

/retest

orenc1 commented 3 months ago

/retest

openshift-ci[bot] commented 3 months ago

@orenc1: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/hco-e2e-operator-sdk-gcp 48e16125408fa6de4ad455ff89052cca7f6a2220 link true /test hco-e2e-operator-sdk-gcp
ci/prow/hco-e2e-upgrade-operator-sdk-aws 48e16125408fa6de4ad455ff89052cca7f6a2220 link true /test hco-e2e-upgrade-operator-sdk-aws
ci/prow/hco-e2e-operator-sdk-aws 48e16125408fa6de4ad455ff89052cca7f6a2220 link true /test hco-e2e-operator-sdk-aws
ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws 48e16125408fa6de4ad455ff89052cca7f6a2220 link false /test hco-e2e-upgrade-prev-operator-sdk-sno-aws
ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws 48e16125408fa6de4ad455ff89052cca7f6a2220 link true /test hco-e2e-consecutive-operator-sdk-upgrades-aws
ci/prow/hco-e2e-upgrade-prev-operator-sdk-aws 48e16125408fa6de4ad455ff89052cca7f6a2220 link true /test hco-e2e-upgrade-prev-operator-sdk-aws
ci/prow/hco-e2e-operator-sdk-sno-aws 48e16125408fa6de4ad455ff89052cca7f6a2220 link false /test hco-e2e-operator-sdk-sno-aws
ci/prow/hco-e2e-kv-smoke-azure 48e16125408fa6de4ad455ff89052cca7f6a2220 link true /test hco-e2e-kv-smoke-azure
ci/prow/hco-e2e-upgrade-operator-sdk-sno-azure 48e16125408fa6de4ad455ff89052cca7f6a2220 link false /test hco-e2e-upgrade-operator-sdk-sno-azure

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
nunnatsa commented 3 months ago

/override-bot

hco-bot commented 3 months ago

hco-e2e-upgrade-operator-sdk-sno-aws lane succeeded. /override ci/prow/hco-e2e-upgrade-operator-sdk-sno-azure

kubevirt-bot commented 3 months ago

@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-operator-sdk-sno-azure

In response to [this](https://github.com/kubevirt/hyperconverged-cluster-operator/pull/2965#issuecomment-2124183341): >hco-e2e-upgrade-operator-sdk-sno-aws lane succeeded. >/override ci/prow/hco-e2e-upgrade-operator-sdk-sno-azure > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
orenc1 commented 3 months ago

/cherry-pick release-1.12

kubevirt-bot commented 3 months ago

@orenc1: new pull request created: #2974

In response to [this](https://github.com/kubevirt/hyperconverged-cluster-operator/pull/2965#issuecomment-2124606894): >/cherry-pick release-1.12 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.