caddy-frontend: Fix strict-transport-security parameter

It's available only on the slave, so it is not part of master partition configuration. Due to the cleanup change the parameter parsing logic has to be improved.

caddy-frontend: Fix strict-transport-security parameter
It's available only on the slave, so it is not part of master partition configuration. Due to the cleanup change the parameter parsing logic has to be improved.
01d7e9d0 · Łukasz Nowak · e938bfc9 · 01d7e9d0 · 01d7e9d0 · 01d7e9d0
Commit 01d7e9d0 authored Feb 16, 2021 by Łukasz Nowak
7 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = de69a8c408ce4f228fc22eacb7e96657
+md5sum = 04015a7a552285984d091293ef573fb9

 [profile-common]
 filename = instance-common.cfg.in
@@ -26,11 +26,11 @@ md5sum = a6a626fd1579fd1d4b80ea67433ca16a

 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 9cc78e7ce1960691e37f103855ff0dc9
+md5sum = 1ab3fc07bb186601b54c584a3ccaf1c3

 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = eb98ffd96b2768cc6a5cf664b23aabd3
+md5sum = 9eb14b83ee6fc8a5afa8267d9bcf4772

 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in

--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -21,7 +21,6 @@
        'ciphers',
        'request-timeout',
        'authenticate-to-backend',
-        'strict-transport-security',
    ]
 %}
 {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}

--- a/software/caddy-frontend/instance-caddy-input-schema.json
+++ b/software/caddy-frontend/instance-caddy-input-schema.json
@@ -107,12 +107,6 @@
      ],
      "title": "Authenticate to backend",
      "type": "string"
-    },
-    "strict-transport-security": {
-      "title": "Strict Transport Security",
-      "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
-      "default": "0",
-      "type": "integer"
    }
  },
  "title": "Input Parameters",

--- a/software/caddy-frontend/instance-slave-caddy-input-schema.json
+++ b/software/caddy-frontend/instance-slave-caddy-input-schema.json
@@ -288,7 +288,7 @@
    },
    "strict-transport-security": {
      "title": "Strict Transport Security",
-      "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
+      "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
      "default": "0",
      "type": "integer"
    },

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -106,4 +106,3 @@ configuration.backend-haproxy-statistic-port = 21444
 configuration.authenticate-to-backend = False
 configuration.rotate-num = 4000
 configuration.slave-introspection-https-port = 22443
-configuration.strict-transport-security = 0
--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -68,7 +68,7 @@ context =
 {%-   for key in ['disabled-cookie-list'] %}
 {%-     do slave_instance.__setitem__(key, slave_instance.get(key, '').split()) %}
 {%-   endfor %}
-{%-   for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443')] %}
+{%-   for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443'), ('strict-transport-security', '0')] %}
 {%-     do slave_instance.__setitem__(key, int(slave_instance.get(key, default))) %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
@@ -128,7 +128,7 @@ context =
 {%-   do part_list.extend([slave_section_title]) %}
 {%-   set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
 {#-   Pass backend timeout values #}
-{%-   for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend', 'strict-transport-security'] %}
+{%-   for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
 {%-     if slave_instance.get(key, '') == '' %}
 {%-       do slave_instance.__setitem__(key, configuration[key]) %}
 {%-     endif %}

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -6814,7 +6814,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
      'ciphers': 'ciphers',
      'request-timeout': 100,
      'authenticate-to-backend': True,
-      'strict-transport-security': 200,
      # specific parameters
      '-frontend-config-1-ram-cache-size': '512K',
      '-frontend-config-2-ram-cache-size': '256K',
@@ -6912,8 +6911,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        u'ram-cache-size': u'512K',
        u're6st-verification-url': u're6st-verification-url',
        u'request-timeout': u'100',
-        u'slave-kedifa-information': u'{}',
-        u'strict-transport-security': u'200'
+        u'slave-kedifa-information': u'{}'
      },
      'caddy-frontend-2': {
        'X-software_release_url': self.frontend_2_sr,
@@ -6940,8 +6938,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        u'ram-cache-size': u'256K',
        u're6st-verification-url': u're6st-verification-url',
        u'request-timeout': u'100',
-        u'slave-kedifa-information': u'{}',
-        u'strict-transport-security': u'200'
+        u'slave-kedifa-information': u'{}'
      },
      'caddy-frontend-3': {
        'X-software_release_url': self.frontend_3_sr,
@@ -6967,8 +6964,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        u'port': u'11443',
        u're6st-verification-url': u're6st-verification-url',
        u'request-timeout': u'100',
-        u'slave-kedifa-information': u'{}',
-        u'strict-transport-security': u'200'
+        u'slave-kedifa-information': u'{}'
      },
      'kedifa': {
        'X-software_release_url': self.kedifa_sr,
@@ -7014,8 +7010,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'request-timeout': '100',
        'root_instance_title': 'testing partition 0',
        'slap_software_type': 'RootSoftwareInstance',
-        'slave_instance_list': [],
-        'strict-transport-security': '200'
+        'slave_instance_list': []
      }
    }
    self.assertEqual(