Check the return code is 401 if basic auth is activated on a vhost (!428) · Merge requests · Platform / Infrastructure / Puppet / puppet-swh-site

Vincent Sellier requested to merge generated-differential-D6597-source into generated-differential-D6597-target Nov 03, 2021

instead of the default 200 An real authentication string can't be specified because the user/pass is displayed in the icinga web ui

Related to T3621

The result in the ui if an auth string is defined:

Test Plan

Nothing detected by octocatalog-diff as it's collected ressources, but tested in vagrant:

objstorage service definition:

object Service "swh objstorage" {
  import "generic-service"

  host_name = "moma.softwareheritage.org"
  check_command = "http"
  vars.http_sni = true
  vars.http_ssl = true
  vars.http_uri = "/"
  vars.http_port = 443
  vars.http_vhost = "objstorage.softwareheritage.org"
  vars.http_expect = "401 Restricted"
  vars.http_address = "objstorage.softwareheritage.org"
  vars.http_onredirect = "sticky"
}

object Service "swh objstorage" {
  import "generic-service"

  host_name = "rp0.internal.staging.swh.network"
  check_command = "http"
  vars.http_sni = true
  vars.http_ssl = true
  vars.http_uri = "/"
  vars.http_port = 443
  vars.http_vhost = "objstorage.staging.swh.network"
  vars.http_expect = "401 Restricted"
  vars.http_address = "objstorage.staging.swh.network"
  vars.http_onredirect = "sticky"
}

Other services are untouched:

object Service "swh deposit" {
  import "generic-service"

  host_name = "moma.softwareheritage.org"
  check_command = "http"
  vars.http_sni = true
  vars.http_ssl = true
  vars.http_uri = "/"
  vars.http_port = 443
  vars.http_vhost = "deposit.softwareheritage.org"
  vars.http_address = "deposit.softwareheritage.org"
  vars.http_onredirect = "sticky"
}

Migrated from D6597 (view on Phabricator)

Check the return code is 401 if basic auth is activated on a vhost

Test Plan

Merge request reports