Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Describe enabled processes in the consul.json URL #4845

Merged
merged 1 commit into from
Jun 6, 2022
Merged

Describe enabled processes in the consul.json URL #4845

merged 1 commit into from
Jun 6, 2022

Conversation

javierm
Copy link
Member

@javierm javierm commented Jun 2, 2022

References

Objectives

  • Show the enabled processes in the CONSUL application information
  • Don't show information about settings which might give attackers information about the current status of the application

@javierm
Describe enabled processes in the consul.json URL
201e23d 
The idea to show the status of the existing features was done in commit
7339a98. Back then, we didn't have the separate `process.` prefix,
and so processes were enabled/disabled using settings like
`feature.debates` instead of `process.debates`.

IMHO making the information about the enabled features public could
potentially be a bit risky since it gives too much information about the
current status of the application.

Showing which processes are enabled, on the other hand, is pretty
harmless, and it's the reason why this feature was added in the first
place.
@javierm javierm self-assigned this Jun 2, 2022
@javierm javierm added this to Reviewing in Consul Democracy via automation Jun 2, 2022
github-actions[bot]
github-actions bot reviewed Jun 2, 2022
View reviewed changes
app/controllers/installation_controller.rb
@@ -14,6 +14,6 @@ def consul_installation_details
end

def settings_feature_flags
Setting.where("key LIKE 'feature.%'").each_with_object({}) { |x, n| n[x.key.remove("feature.")] = x.value }
Setting.where("key LIKE 'process.%'").each_with_object({}) { |x, n| n[x.key.remove("process.")] = x.value }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Layout/LineLength: Line is too long. [113/110] (https://rubystyle.guide#max-line-length)

@javierm javierm added the 1.5 label Jun 2, 2022
@taitus taitus self-assigned this Jun 3, 2022
Consul Democracy automation moved this from Reviewing to Testing Jun 6, 2022
@javierm javierm merged commit 9127e56 into master Jun 6, 2022
Consul Democracy automation moved this from Testing to Release 1.5.0 Jun 6, 2022
@javierm javierm deleted the installation_processes branch June 6, 2022 11:19
@javierm javierm removed the 1.5 label Jun 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions left review comments

@taitus taitus taitus approved these changes

Assignees

@taitus taitus

@javierm javierm

Labels
Maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@javierm @taitus