From dac43682afc76418fa078e3cc158c58cae1e4b05 Mon Sep 17 00:00:00 2001 From: Thomas Dalichow Date: Fri, 17 Aug 2018 15:09:59 +0200 Subject: [PATCH] fbb-api - roll out several HTTP Auths in PRD, too --- .../fbb-api/prd-api01-fbb.pixelpark.net.yaml | 35 +++++++++++++++++-- .../fbb-api/prd-api02-fbb.pixelpark.net.yaml | 35 +++++++++++++++++-- customer/fbb-api/production.yaml | 5 +++ .../fbb-api/tst-api01-fbb.pixelpark.net.yaml | 11 +++++- .../fbb-api/tst-api02-fbb.pixelpark.net.yaml | 11 +++++- 5 files changed, 89 insertions(+), 8 deletions(-) diff --git a/customer/fbb-api/prd-api01-fbb.pixelpark.net.yaml b/customer/fbb-api/prd-api01-fbb.pixelpark.net.yaml index 467f6cfa..e201d0cf 100644 --- a/customer/fbb-api/prd-api01-fbb.pixelpark.net.yaml +++ b/customer/fbb-api/prd-api01-fbb.pixelpark.net.yaml @@ -1,7 +1,4 @@ --- -infra::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEhHNp9O1ZwXrvSI+ztK8hRVUmB5WSN3wD3Eq5KonQFDhNMPwTXKLGsKZAj6zntROnyzmzoij3beddff2KHi7qFgXkyaa6N/T/l0vBfVwfwKVO0lFEeETwrW49EBF0PKNmgWRDtVIRF50t4K8/e+Fx6q96xHULeWtflz4oats8vm5K5QE0HG1o4VnTNe8JMFF/h6GBbhAq36limSCzW5L2ahfgx3XZGIA0nP+PpuPUEtz3RvG4glfoO+4EHsBvWaRmz9iCMnax/dD3wviJL9ByNYew+crvc1wjF0uKS1pjg1zCsC5MR4JUbuATe3c5Iuun4Xdq2sMFsU4LNlWvGMOEDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBArNUcgz84mMRYddUDDjpKagBAbUFmU+qdqlDedjVBzTreB] infra::profile::cron::cronjobs: temp_rsync_flugdaten: @@ -69,3 +66,35 @@ infra::profile::apache::pp_vhosts: - 'user hh-push' - 'ip 10.5.13.0/24 172.28.0.128/25 217.66.51. 10.99.1.0/24' enforce: all + - location3: + provider: location + path: '/api/v1/documentation' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user documentation' + - location4: + provider: location + path: '/docs/api-docs.json' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user documentation' + - location5: + provider: location + path: '/healthcheck' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user healthcheck' + - location6: + provider: location + path: '/version.json' + require: + - 'ip 217.66.51.0/24 10.90.14.0/24 10.99.1.0/24 10.90.13.0/24 10.204.0.0/16 81.200.176.11 81.200.176.12 81.200.176.13 81.200.176.14 213.61.241.82' diff --git a/customer/fbb-api/prd-api02-fbb.pixelpark.net.yaml b/customer/fbb-api/prd-api02-fbb.pixelpark.net.yaml index 194e405f..a6817e52 100644 --- a/customer/fbb-api/prd-api02-fbb.pixelpark.net.yaml +++ b/customer/fbb-api/prd-api02-fbb.pixelpark.net.yaml @@ -1,7 +1,4 @@ --- -infra::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQrgsaiDoD3HEZf+LtYpa5HXTfV+5o21cAzv65Jdu3c09B+i5NdB6RE083SC0lmXS8d4hnNqLu98fp7QClRf58r54U965yrIYaJi7MiIZD9LtVxcJoN65aAIsdQyTxm7wKTGLIpQIg3nHkkCu2eQrq0iDwjdayBM/ZuVYrwx75OqwicJAisa6vSmj4uS7AXqXSdXL8zBMVtU9k4ppfNCNjCTgGwYbiDS69oad2VkibEvkV3v9JP1+b6DpaiZQ87Xs+qxKyL4aI+hd3pCtRxofF4HpKHf5ky4hhXX7/ZabHnqLm29RIc0NlGNxEK7T1l/oflb5NbFsYWDzP0AfdmJfFzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDwVO4+8Lfjy/pXvsoEV6yHgBDLvStwubq8PI9++0wc4Unx] rabbitmq::environment_variables: NODENAME: 'rabbit@prd-api02-fbb.pixelpark.net' @@ -62,3 +59,35 @@ infra::profile::apache::pp_vhosts: - 'user hh-push' - 'ip 10.5.13.0/24 172.28.0.128/25 217.66.51. 10.99.1.0/24' enforce: all + - location3: + provider: location + path: '/api/v1/documentation' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user documentation' + - location4: + provider: location + path: '/docs/api-docs.json' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user documentation' + - location5: + provider: location + path: '/healthcheck' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user healthcheck' + - location6: + provider: location + path: '/version.json' + require: + - 'ip 217.66.51.0/24 10.90.14.0/24 10.99.1.0/24 10.90.13.0/24 10.204.0.0/16 81.200.176.11 81.200.176.12 81.200.176.13 81.200.176.14 213.61.241.82' diff --git a/customer/fbb-api/production.yaml b/customer/fbb-api/production.yaml index 3cbaed10..ae80c097 100644 --- a/customer/fbb-api/production.yaml +++ b/customer/fbb-api/production.yaml @@ -5,6 +5,11 @@ infra::additional_classes: - logstash - apache::mod::remoteip +infra::profile::apache::htdigest: + server: + documentation: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAjjWCb5Bx31SSnPIc9U1ncx7WVwUYEIyjgMY6rShlfgy2GaIvT+f2XEtV50h6fnjOy0MT05HGXHnKPMstKVtE4g2GvqEEq2TRSGu+3kGw6ddz/9RtgH9kNMdH5ToPuYp3BdzQ+0qzCMW3KxbsUqVJMQZ5UHa3Yko5Mv0RGYZKUZmk7Cu99km/GNxQ4rMeCg9q8WNG6tUQwX2U1q4eJ1F8qaVCqtHB7yd980lv4EHkaOMaxu2Rv2szYcqc+rI7A30twV3Kc2V2r2WsRKykcYNfAIhoKf68CtRNWBqfxo7fH4gJ4WhnS+tRQId2o6GdmqqXLRZgSIKC4Ks/QgnonS6HFjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCLrXCL6eAaQwvZhT53S3/IgCDoqXai/ZTjKlCjuWgPjw59atA5PTanDltCPyB51bmfcQ==] + healthcheck: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAIrQm3DIdZNi0XHZwDvQE992tIb8InExikUqZTBkQDnwSkEFB/sDydHrLiF0+NJHO0jdnH3u6PhQL3gnkA66FcHki9HtGmOVJfCMrLj0mAQaYvyuGGVER4pUNiR03FvbCNaUNTbSW3hw6+2/WrGpbibIVaCRISz+rIiVA2oTdgE+hzwOOjPiJHYllHetSXUmr8Refsi/lLTYQoiVUBHdHqoufk29w13RdGBNLzibquoPGykhth8yG9eMgyGL57weGPJ9Vcg4mqM3sQBTM46oQPnlacuQgSuNZQBNIlhdFuysudlSRQqEyO7u+erP25lGqVaKUABFPlNF8nZOF5d1qWDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBHgE/7emQw1huhosJX7FISgCB/SXitvEL4EGwb14+MscpLWgAkJJp3bGvZTq5xkJTW1g==] + accounts::users: jenkins: apply: true diff --git a/customer/fbb-api/tst-api01-fbb.pixelpark.net.yaml b/customer/fbb-api/tst-api01-fbb.pixelpark.net.yaml index 42046c56..0e7bce70 100644 --- a/customer/fbb-api/tst-api01-fbb.pixelpark.net.yaml +++ b/customer/fbb-api/tst-api01-fbb.pixelpark.net.yaml @@ -86,6 +86,15 @@ infra::profile::apache::pp_vhosts: require: - 'user documentation' - location4: + provider: location + path: '/docs/api-docs.json' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user documentation' + - location5: provider: location path: '/healthcheck' auth_type: Digest @@ -94,7 +103,7 @@ infra::profile::apache::pp_vhosts: auth_user_file: '/etc/httpd/htdigest' require: - 'user healthcheck' - - location5: + - location6: provider: location path: '/version.json' require: diff --git a/customer/fbb-api/tst-api02-fbb.pixelpark.net.yaml b/customer/fbb-api/tst-api02-fbb.pixelpark.net.yaml index 851ddee3..73e3e9bc 100644 --- a/customer/fbb-api/tst-api02-fbb.pixelpark.net.yaml +++ b/customer/fbb-api/tst-api02-fbb.pixelpark.net.yaml @@ -69,6 +69,15 @@ infra::profile::apache::pp_vhosts: require: - 'user documentation' - location4: + provider: location + path: '/docs/api-docs.json' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_user_file: '/etc/httpd/htdigest' + require: + - 'user documentation' + - location5: provider: location path: '/healthcheck' auth_type: Digest @@ -77,7 +86,7 @@ infra::profile::apache::pp_vhosts: auth_user_file: '/etc/httpd/htdigest' require: - 'user healthcheck' - - location5: + - location6: provider: location path: '/version.json' require: -- 2.39.5