render profiles and data-collector upstreams correctly #1665
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
when setting the configuration value `insecure_addon_compat`, the chef-server library code does not render the secrets from the secrets helper into the PrivateChef hash, which results specifically in `data_collector['token']` not showing up there. when configured to proxy compliance profiles and the data-collector endpoint, however, the nginx recipe was relying on this field being present for the upstreams to be rendered into the config. this resulted in us never rendering the correct upstreams in `insecure_addon_compat` mode. this change makes it so that the profiles and data-collector upstreams will always be rendered if their root_url is configured. if, by chance, the user doesn't have the `data_collector token` secret set, we'll now see a 401 response code and an error message instead of a confusing and misleading 404. Signed-off-by: Stephen Delano <[email protected]>
markan
reviewed
May 7, 2019
|
Running CI as https://buildkite.com/chef/chef-chef-server-master-omnibus-adhoc/builds/141#617d6407-2bdf-434f-8b66-5d2eb7ecc2d1. I'll merge if it's good. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
when setting the configuration value
insecure_addon_compat, thechef-server library code does not render the secrets from the
secrets helper into the PrivateChef hash, which results specifically
in
data_collector['token']not showing up there. when configuredto proxy compliance profiles and the data-collector endpoint, however,
the nginx recipe was relying on this field being present for the
upstreams to be rendered into the config. this resulted in us never
rendering the correct upstreams in
insecure_addon_compatmode.this change makes it so that the profiles and data-collector upstreams
will always be rendered if their root_url is configured. if, by
chance, the user doesn't have the
data_collector tokensecret set,we'll now see a 401 response code and an error message instead of a
confusing and misleading 404.
Signed-off-by: Stephen Delano [email protected]
Issues Resolved
[List any existing issues this PR resolves, or any Discourse or
StackOverflow discussion that's relevant]
Internal support issue: https://getchef.zendesk.com/agent/tickets/21598
Check List