Open KazToozs opened 8 months ago
My role is to assist you with the merge of this
pull request. Please type @bert-e help
to get information
on this process, or consult the user documentation.
Status report is not available.
Waiting for integration branch creation to be requested by the user.
To request integration branches, please comment on this pull request with the following command:
/create_integration_branches
Alternatively, the /approve
and /create_pull_requests
commands will automatically
create the integration branches.
/create_integration_branches
I have created the integration data for the additional destination branches.
bugfix/ARSN-387-ssl-check-fix
into
development/7.10
development/7.70
development/8.1
The following branches will NOT be impacted:
development/6.4
development/7.4
You can set option create_pull_requests
if you need me to create
integration pull requests in addition to integration branches, with:
@bert-e create_pull_requests
The following options are set: create_integration_branches
The following approvals are needed before I can proceed with the merge:
the author
2 peers
The following options are set: create_integration_branches
I may be wrong but I'm seeing that the getSslEnabled
function has become dead code, it's not called anywhere anymore. We should either look into removing that if it's not needed, or perhaps the checking of the forwarded header should actually be put in that function. I'm not sure which one it is because I'm not sure what I'm looking at with regards to the requestcontext object.
This fix is for the
aws:secureTransport
condition, related to the TSKB.With load balancers in front, the check for SSL in the request must be done on the x-forwarded-proto header.
Tests have been updated accordingly.
The other necessary change for this condition to work correctly is for the nginx config to properly pass this header:
Edit: Green CS and Vault builds: https://github.com/scality/Vault/pull/2151 https://github.com/scality/cloudserver/pull/5546