Skip to content

feat: testing the waf #2515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 20 commits into from
Closed

feat: testing the waf #2515

wants to merge 20 commits into from

Conversation

JacobCoffee
Copy link
Member

@JacobCoffee JacobCoffee commented Aug 26, 2024
edited
Loading

What

  • Pulls our python.org infra into IaC
  • Applys Fastlys NGWAF
  • Manages DNS entires on route53

Creates test service to test all of this under test.python.org

@JacobCoffee

This comment was marked as outdated.

Sign in to view
JacobCoffee
JacobCoffee commented Aug 29, 2024
View reviewed changes
infra/ngwaf/variables.tf Outdated
variable "NGWAF_EMAIL" {
type = string
description = "Email address associated with the token for the NGWAF API."
default = "jacob.coffee@pyfound.org"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bad

JacobCoffee
JacobCoffee commented Aug 29, 2024
View reviewed changes
infra/ngwaf/variables.tf
variable "NGWAF_SITE" {
type = string
description = "Site SHORT name for NGWAF"
default = "test"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bad

JacobCoffee
JacobCoffee commented Aug 29, 2024
View reviewed changes
infra/ngwaf/README.md Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will yank this module into its own PR

JacobCoffee
JacobCoffee commented Aug 29, 2024
View reviewed changes
infra/dns/README.md Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

really need to do a tf import against route53 config for py.org because there is a lot there and dont want to break things

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should remove DNS handling as a concern for this right now. Terraforming DNS for python.org will be a much bigger project. I think the terraform states should only concern themselves with Fastly/NGWaf

ewdurbin
ewdurbin reviewed Sep 3, 2024
View reviewed changes
Copy link
Member

@ewdurbin ewdurbin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't able to do any local testing since vars are missing in terraform cloud, but I did have a few notes!

infra/Makefile Outdated
check:
@tf validate

.PHONY: yolo
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be best to drop this, since we intend to use terraform cloud.

infra/dns/README.md Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should remove DNS handling as a concern for this right now. Terraforming DNS for python.org will be a much bigger project. I think the terraform states should only concern themselves with Fastly/NGWaf

@JacobCoffee JacobCoffee closed this Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewdurbin ewdurbin ewdurbin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JacobCoffee @ewdurbin