Remove hard-coded values for modSecurity: (!47) · Merge requests · GitLab.org / cluster-integration / auto-deploy-image

Zamir Martins requested to merge leave_modsecurity_unset_for_auto_deploy_app into master Jan 28, 2020

Currently

modSecurity.enabled and modSecurity.secRuleEngine are set even when the related environmental variable (AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE) is not set. This doesn't give the option of using values from auto-deploy-app.

With this MR

modSecurity.enabled and modSecurity.secRuleEngine are only set when AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE is set.

Additional information

This issue was prematurely diagnosed as related to auto-deploy-app.

Found while working on this issue.

Expected results

When AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE is set to On

NAME:   erstwhile-seahorse
REVISION: 1
RELEASED: Tue Jan 28 10:10:47 2020
CHART: auto-deploy-app-0.4.1
USER-SUPPLIED VALUES:
ingress:
  modSecurity:
    enabled: true
    secRuleEngine: "On"

When AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE is not set

NAME:   oily-rattlesnake
REVISION: 1
RELEASED: Tue Jan 28 10:15:00 2020
CHART: auto-deploy-app-0.4.1
USER-SUPPLIED VALUES:
{}

Edited Jul 02, 2020 by Rémy Coutable

Remove hard-coded values for modSecurity:

Currently

With this MR

Additional information

Expected results

Merge request reports