Skip to content

Commit

Permalink
Change the check with 200 OK for HTTP/2 200
Browse files Browse the repository at this point in the history 
See that we still getting the data as before: https://github.com/operator-framework/catalogd/actions/runs/12322347604/job/34395719725?pr=460
  • Loading branch information
@camilamacedo86
camilamacedo86 committed Dec 13, 2024
1 parent 03c51cf commit ae62f7f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
19 changes: 16 additions & 3 deletions cmd/manager/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,15 +165,28 @@ func main() {
BindAddress: metricsAddr,
}

tlsOpts := func(config *tls.Config) {
config.GetCertificate = cw.GetCertificate

// If the enable-http2 flag is false (the default), http/2 should be disabled
// due to its vulnerabilities. More specifically, disabling http/2 will
// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
// Rapid Reset CVEs. For more information see:
// - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
// - https://github.com/advisories/GHSA-4374-p667-p6c8
// Besides, those CVEs are solved already; the solution is still insufficient, and we need to mitigate
// the risks. More info https://github.com/golang/go/issues/63417
setupLog.Info("disabling http/2")
config.NextProtos = []string{"http/1.1"}
}

if metricsAddr == "0" {
setupLog.Info("metrics server disabled")
} else {
setupLog.Info("enabling metrics server", "address", metricsAddr)
metricsServerOptions.SecureServing = true
metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, func(config *tls.Config) {
config.GetCertificate = cw.GetCertificate
})
metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, tlsOpts)
}

// Create webhook server and configure TLS
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/metrics_endpoint_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,5 +87,5 @@ func TestCatalogdMetricsExportedEndpoint(t *testing.T) {
"curl", "-v", "-k", "-H", "Authorization: Bearer "+token, metricsURL)
output, err = curlCmd.CombinedOutput()
require.NoError(t, err, "Error calling metrics endpoint: %s", string(output))
require.Contains(t, string(output), "200 OK", "Metrics endpoint did not return 200 OK")
require.Contains(t, string(output), "HTTP/2 200", "Metrics endpoint did not return HTTP/2 200")
}

0 comments on commit ae62f7f

Please sign in to comment.