Page MenuHomePhabricator
Create Task
Maniphest T229320

Consider removing X-Wikimedia-Security-Audit VCL support
Closed, ResolvedPublic
Actions

Description

There's a feature in VCL added some 4 years ago to send production traffic to labs for security audits (T72181). I initally thought that the current implementation was broken as there are no backends defined for security_audit in operations/puppet, but it turns out that the definitions are in horizon hieradata. Nonetheless, I wonder whether this feature is still in use or if it can be removed.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
varnish: remove X-Wikimedia-Security-Audit leftoveroperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

ema created this task.Jul 30 2019, 10:31 AM
Restricted Application added a project: SRE. · View Herald TranscriptJul 30 2019, 10:31 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
ema triaged this task as Medium priority.Jul 30 2019, 10:31 AM
ema renamed this task from Remove X-Wikimedia-Security-Audit VCL support to Consider removing X-Wikimedia-Security-Audit VCL support.Jul 30 2019, 10:37 AM
ema updated the task description. (Show Details)
ema moved this task from Backlog to Caching on the Traffic board.
Peachey88 added a project: Security-Team.Jul 30 2019, 11:04 AM
ema added a comment.Aug 1 2019, 8:20 AM

@dduvall: any reason not to proceed with the removal?

chasemp moved this task from Incoming to Back Orders on the Security-Team board.Dec 2 2019, 8:52 PM
chasemp moved this task from Back Orders to Watching on the Security-Team board.Dec 23 2019, 5:25 PM
BBlack edited projects, added Traffic-Icebox; removed Traffic.Sep 1 2021, 11:21 PM
BBlack subscribed.

The swap of Traffic for Traffic-Icebox in this ticket's set of tags was based on a bulk action for all such tickets that haven't been updated in 6 months or more. This does not imply any human judgement about the validity or importance of the task, and is simply the first step in a larger task cleanup effort. Further manual triage and/or requests for updates will happen this month for all such tickets. For more detail, have a look at the extended explanation on the main page of Traffic-Icebox . Thank you!

gerritbot added a project: Patch-For-Review.Feb 7 2022, 8:45 AM
Maintenance_bot removed a project: Patch-For-Review.Feb 7 2022, 9:10 AM
gerritbot added a comment.Feb 7 2022, 9:24 AM

Change 760520 merged by Ema:

[operations/puppet@production] varnish: remove X-Wikimedia-Security-Audit leftover

https://gerrit.wikimedia.org/r/760520

sbassett edited projects, added SecTeam-Processed; removed Security-Team.Feb 7 2022, 4:02 PM
Aklapper removed ema as the assignee of this task.Mar 7 2022, 1:12 PM

Resetting inactive assignee

BBlack moved this task from Backlog to Close or Untag? on the Traffic-Icebox board.Apr 7 2022, 9:10 PM
BCornwall closed this task as Resolved.Jan 17 2023, 5:45 PM
BCornwall claimed this task.
BCornwall subscribed.

This seems to have been resolved. git grep -i X-Wikimedia-Security-Audit in the puppet repo returns nothing and wikitech doesn't suggest any other components that need to be updated. I've updated the [[Caching overview]] wiki page to remove X-Wikimedia-Security-Audit from the functionalities section.

BCornwall removed BCornwall as the assignee of this task.Jan 17 2023, 5:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits