-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove admin_enabled #131
remove admin_enabled #131
Conversation
Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-Authored-By: jherrflexion <118225331+jherrflexion@users.noreply.github.com> Co-Authored-By: halprin <halprin@users.noreply.github.com> Co-Authored-By: Samuel Aquino <saquino@flexion.us> Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com>
Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be beneficial to include why Fortify wants this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a question on whether we can remove a small bit of code.
@@ -53,6 +52,8 @@ resource "azurerm_linux_web_app" "sftp" { | |||
health_check_path = "/health" | |||
health_check_eviction_time_in_min = 5 | |||
|
|||
container_registry_use_managed_identity = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Down below on what is currently line 84
and 85
, we have...
DOCKER_REGISTRY_SERVER_USERNAME = azurerm_container_registry.registry.admin_username
DOCKER_REGISTRY_SERVER_PASSWORD = azurerm_container_registry.registry.admin_password
Can we remove those lines and this continues to work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can try it and find out 😅
Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com> Co-Authored-By: halprin <halprin@users.noreply.github.com> Co-Authored-By: Samuel Aquino <saquino@flexion.us>
Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com> Co-Authored-By: halprin <halprin@users.noreply.github.com> Co-Authored-By: Samuel Aquino <saquino@flexion.us>
Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com> Co-Authored-By: halprin <halprin@users.noreply.github.com> Co-Authored-By: Samuel Aquino <saquino@flexion.us>
Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com> Co-Authored-By: halprin <halprin@users.noreply.github.com> Co-Authored-By: Samuel Aquino <saquino@flexion.us>
Co-authored-by: saquino0827 <saquino@flexion.us>
Quality Gate passedIssues Measures |
This reverts commit a25f645.
Description
Fortify wants us to not have
admin_enabled
set totrue
on the container registry. This PR changes that setting and turns oncontainer_registry_use_managed_identity
instead. To test this, we deployed to both a Flexion environment (this PR env) and a CDC one (dev) and confirmed the app deployed successfully and was runningIssue
CDCgov/trusted-intermediary#1209