-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scan GitLab EC2 instance with Amazon Inspector (#4189, #4751) #5058
Conversation
All buckets `have block_public_acls`, `block_public_policy', `ignore_public_acls` and `restrict_public_buckets` set to true. We don't need an explict private ACL. None of the other buckets have it, either.
Codecov Report
@@ Coverage Diff @@
## develop #5058 +/- ##
========================================
Coverage 84.40% 84.40%
========================================
Files 146 146
Lines 17783 17783
========================================
Hits 15010 15010
Misses 2773 2773 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pro forma approval
@hannes-ucsc to investigate the unauthorized error that occurred in anvildev when @danielsotirhos manually deployed the gitlab component there. |
Investigated and filed ticket with AWS. It is not clear what the cause is. It could be this bug in Terraform or a missing service-linked role for SSM. I created a new PR to create the latter. The TF bug may need to be worked around by retrying the deployment of the Disconnecting this PR from the main issue so that I can connect it to the new PR. |
Connected issues: #4189, #4751
Checklist
Author
develop
issues/<GitHub handle of author>/<issue#>-<slug>
partial
label to PR or this PR completely resolves all connected issues1 when the issue title describes a problem, the corresponding PR
title is
Fix:
followed by the issue titleAuthor (reindex, API changes)
r
tag to commit title or this PR does not require reindexingreindex
label to PR or this PR does not require reindexinga
(compatible changes) orA
(incompatible ones) tag to commit title or this PR does not modify the Azul service APIAPI
label to connected issues or this PR does not modify the Azul service APIAuthor (chains)
base
label to the blocking PR or this PR is not chained to another PRchained
label to this PR or this PR is not chained to another PRAuthor (upgrading)
u
tag to commit title or this PR does not require upgradingupgrade
label to PR or this PR does not require upgradingAuthor (operator tasks)
Author (hotfixes)
F
tag to main commit title or this PR does not include permanent fix for a temporary hotfixprod
branch has no temporary hotfixes for any connected issuesAuthor (before every review)
develop
, squashed old fixupsmake requirements_update
or this PR does not touch requirements*.txt, common.mk, Makefile and DockerfileR
tag to commit title or this PR does not touch requirements*.txtreqs
label to PR or this PR does not touch requirements*.txtmake integration_test
passes in personal deployment or this PR does not touch functionality that could break the ITPeer reviewer (after requesting changes)
Uncheck the Author (before every review) checklists.
Peer reviewer (after approval)
Primary reviewer (after requesting changes)
Uncheck the before every review checklists. Update the
N reviews
label.Primary reviewer (after approval)
demo
orno demo
no demo
no sandbox
N reviews
label is accurateOperator (before pushing merge the commit)
reindex
label andr
commit title tagno demo
develop
dev
and addedsandbox
label or PR is labeledno sandbox
anvildev
or PR is labeledno sandbox
sandbox
deployment or PR is labeledno sandbox
anvilbox
deployment or PR is labeledno sandbox
sandbox
deployment or PR is labeledno sandbox
anvilbox
deployment or PR is labeledno sandbox
sandbox
or this PR does not remove catalogs or otherwise causes unreferenced indicesanvilbox
or this PR does not remove catalogs or otherwise causes unreferenced indicessandbox
or this PR does not require reindexingsandbox
anvilbox
or this PR does not require reindexingsandbox
sandbox
or this PR does not require reindexingsandbox
anvilbox
or this PR does not require reindexingsandbox
Operator (after pushing the merge commit)
base
dev.gitlab
dev
or PR is labeledno sandbox
anvildev.gitlab
anvildev
or PR is labeledno sandbox
dev
1dev
1anvildev
1anvildev
1dev
anvildev
1 When pushing the merge commit is skipped due to the PR being
labelled
no sandbox
, the next build triggered by a PR whose merge commit ispushed determines this checklist item.
Operator (reindex)
dev
or this PR does not remove catalogs or otherwise causes unreferenced indicesanvildev
or this PR does not remove catalogs or otherwise causes unreferenced indicesdev
or this PR does not require reindexinganvildev
or this PR does not require reindexingdev
or this PR does not require reindexinganvildev
or this PR does not require reindexingdev
deployment or this PR does not require reindexinganvildev
deployment or this PR does not require reindexingOperator
Added upgrade items to CL of next promotion PRShorthand for review comments
L
line is too longW
line wrapping is wrongQ
bad quotesF
other formatting problem