Page MenuHomePhabricator
Create Task
Maniphest T301351

Add TLS support for Snapshots service
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

We need to add encryption in transit and authentication to make sure we can avoid man in the middle attacks when scheduler is communicating with Exports service.

Acceptance criteria
Snapshots service communicates via TLS with the scheduler.

To-Do

  • add ability to accept INTERNAL_ROOT_CA_PEM, TLS_CERT_PEM and TLS_PRIVATE_KEY_PEM and pass them to grpc server, refer to services/hourly as example
  • make sure infrastructure generates client certificate
  • move this to a separate package that can be included as a submodule
  • modify hourlys service to use this new package

Related Objects
Search...

Event Timeline

Protsack.stephan created this task.Feb 9 2022, 2:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 9 2022, 2:16 PM
Protsack.stephan triaged this task as Low priority.Feb 9 2022, 2:18 PM
Protsack.stephan added a parent task: T301348: Docker Setup For Exports Service.
Protsack.stephan set the point value for this task to 8.May 4 2022, 3:15 PM
Protsack.stephan moved this task from Incoming to To Be Estimated/To Be Discussed on the Wikimedia Enterprise board.Oct 11 2022, 7:28 PM
Protsack.stephan renamed this task from Add TLS Support For Exports Service to Add TLS support for snapshots service.Oct 12 2022, 9:38 AM
Protsack.stephan renamed this task from Add TLS support for snapshots service to Add TLS support for Snapshots service.
Protsack.stephan raised the priority of this task from Low to Needs Triage.Oct 12 2022, 9:40 AM
Protsack.stephan added a project: Wikimedia Enterprise Engineering.
Protsack.stephan updated the task description. (Show Details)Oct 12 2022, 1:42 PM
Protsack.stephan removed the point value for this task.
Protsack.stephan updated the task description. (Show Details)Nov 23 2022, 3:45 PM
Protsack.stephan updated the task description. (Show Details)Nov 23 2022, 3:48 PM
Protsack.stephan set the point value for this task to 5.Nov 23 2022, 3:51 PM
Protsack.stephan moved this task from To Be Estimated/To Be Discussed to Estimated /Discussed on the Wikimedia Enterprise board.Dec 1 2022, 9:50 AM
Protsack.stephan triaged this task as Medium priority.Dec 1 2022, 10:25 AM
Protsack.stephan moved this task from Estimated /Discussed to To Be Estimated/To Be Discussed on the Wikimedia Enterprise board.Dec 15 2022, 11:06 AM
Protsack.stephan moved this task from To Be Estimated/To Be Discussed to Incoming on the Wikimedia Enterprise board.Jan 26 2023, 12:30 PM
Protsack.stephan moved this task from Incoming to Blocked on the Wikimedia Enterprise board.Feb 8 2023, 12:12 PM
Protsack.stephan moved this task from Blocked to Done Sprint 31 (Jan 11-25) on the Wikimedia Enterprise board.
Protsack.stephan moved this task from Done Sprint 31 (Jan 11-25) to Done Sprint 32 (Jan 26 - Feb 16) on the Wikimedia Enterprise board.
JArguello-WMF moved this task from Done Sprint 32 (Jan 26 - Feb 16) to Done 31 on the Wikimedia Enterprise board.Jul 14 2023, 3:33 PM
JArguello-WMF closed this task as Resolved.Jul 14 2023, 3:36 PM
JArguello-WMF claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL