Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local blobstore now supports TLS #1155

Merged
merged 1 commit into from
Feb 6, 2024
Merged

Local blobstore now supports TLS #1155

merged 1 commit into from
Feb 6, 2024

Conversation

sethboyles
Copy link
Member

@sethboyles sethboyles commented Jan 18, 2024
edited by ameowlia
Loading

Please take a moment to review the questions before submitting the PR

🚫 We only accept PRs to develop branch. If this is an exception, please specify why 🚫

WHAT is this change about?

This limits the singleton-blobstore to only use TLS for all endpoints.

What customer problem is being addressed? Use customer persona to define the problem e.g. Alana is unable to...

Better security on singleton-blobstore droplet & package upload/download endpoints.

Please provide any contextual information.

This PR requires that cloudfoundry/capi-release#377, which is in capi-release 1.171.0. This is already merged into cf-d!

Has a cf-deployment including this change passed cf-acceptance-tests?

  • YES
  • NO

Does this PR introduce a breaking change? Please take a moment to read through the examples before answering the question.

  • YES - please choose the category from below. Feel free to provide additional details.
  • NO

I'm pretty sure it doesn't qualify for 7 as a breaking change? It removes an additional variable from the manifest, but I think that ops file is only meant to work with the same version of cf-deployment.

Types of breaking changes:

  1. modifies the ops-file path, changes the type, changes the values or removes ops-files from the following folders
    • ./operations/ or ./operations/experimental
    • ./addons
    • ./backup-and-restore/

How should this change be described in cf-deployment release notes?

Singleton Blobstore now only uses TLS

Does this PR introduce a new BOSH release into the base cf-deployment.yml manifest or any ops-files?

  • YES - please specify
  • NO

Does this PR make a change to an experimental or GA'd feature/component?

  • experimental feature/component
  • GA'd feature/component

Please provide Acceptance Criteria for this change?

There should be no noticeable behavioral change. This port will now be used for package/droplet uploads and downloads and will be encrypted on the blobstore vm.

What is the level of urgency for publishing this change?

  • Urgent - unblocks current or future work
  • Slightly Less than Urgent

Tag your pair, your PM, and/or team!

@dalvarado

It's helpful to tag a few other folks on your team or your team alias in case we need to follow up later.

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Jan 25, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: sethboyles / name: Seth Boyles (3fac8cf)

@sethboyles sethboyles mentioned this pull request Jan 25, 2024
Merged
11 tasks
@ameowlia ameowlia changed the title DO NOT MERGE: Local blobstore now supports TLS Local blobstore now supports TLS Feb 2, 2024
@ameowlia ameowlia marked this pull request as ready for review February 2, 2024 22:20
johha
johha approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@johha johha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@johha johha merged commit f9fbf52 into cloudfoundry:develop Feb 6, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johha johha johha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sethboyles @johha