uselagoon / lagoon-linter Goto Github PK
View Code? Open in Web Editor NEWLinter for .lagoon.yml
License: Apache License 2.0
Linter for .lagoon.yml
License: Apache License 2.0
As the active/standby route lives in a different array to environment.X.routes
, it will need to be added into the linter as production_routes.X.routes
production_routes:
active:
routes:
- nginx:
- "www.example.com":
tls-acme: true
insecure: Redirect
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
if ($request_uri !~ \"^/abc\") {
return 301 https://dev.example.com$request_uri;
}
standby:
routes:
- nginx:
- "www.standby.example.com":
tls-acme: "false"
insecure: Redirect
Routes could be configured to return the HSTS header by using the hsts
field. The format was:
environments:
main:
routes:
- nginx:
- "www.example.com":
hsts: max-age=31536000
HSTS is still supported, but the field names have changed, so existing hsts
fields should throw a deprecation.
we see some projects that have a .lagoon.yml
yaml with unquoted booleans, aka tls-acme: true
instead of tls-acme: 'true'
. While it's technically valid yaml and lagoon can deploy with it, the linter fails to load the .lagoon.yml
and errors with:
lagoon-linter: error: couldn't unmarshal .lagoon.yml: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal bool into Go struct field Environment.environments.routes of type string
It only affects a small percentage of projects and we are telling all customers about this.
But it would be great if we can somehow catch this and fail with a message that there are unquoted booleans that need to be fixed
We have some code in the build-deploy-tool that will convert routes.insecure
to routes.autogenerate.insecure
and echo a message.
The message should be part of the linter instead.
e.g. in the route definition:
-
beta.example.com:
tls-amce: 'false'
This issue tracks the rollout of application security in CI, including:
Because Lagoons .lagoon.yml
is pretty terrible. There are some cases where the defined yaml passes the Lagoon build phase, but the linter can't decode properly.
For example, the following will deploy a lagoon environment correctly, even though cronjobs:
are defined as an environment.
The linter fails to unmarshal this and errors preventing a build
environments:
cronjobs:
- name: a cronjob defined as environment
schedule: "* * * * *"
command: echo "broken definition"
service: cli
main:
routes:
- nginx:
- example.com
- "www.example.com":
tls-acme: 'true'
insecure: Redirect
hsts: max-age=31536000
Ideally, we could just print a warning message that a section is incorrectly defined.
Routes have an insecure
field that can be set to Allow
, Redirect
, or None
. The None
option used to block any HTTP connections under openshfit, but in kubernetes we've configured it to be the same as Redirect
. We can throw deprecations for None
because it no longer works the way it was documented.
It could be set for autogenerated routes:
routes:
autogenerate:
insecure: None
and/or for manual routes:
environments:
main:
routes:
- nginx:
- "www.example.com":
insecure: None
Essentially the snippet:
nginx.ingress.kubernetes.io/server-snippet: |
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
The use case is JSONAPI to which can have URIs that exceed the default of 8,000 characters.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.