Skip to content

Commit

Permalink
Merge pull request #1241 from GSA/deny-package-edit-only-prod
Browse files Browse the repository at this point in the history 
open development and staging for package create
  • Loading branch information
@rshewitt
rshewitt authored Feb 2, 2024
2 parents 7b38c56 + 13f91b0 commit 88a765e
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 3 deletions.
5 changes: 3 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ validate-proxy:
sed -i 's/{{env "PUBLIC_ROUTE"}}/test.com/g' proxy/nginx-cloudfront.conf proxy/nginx-authy.conf
sed -i 's#{{env "S3_URL"}}#http://test.com#g' proxy/nginx-common.conf
sed -i 's#{{env "S3_BUCKET"}}#somebucket#g' proxy/nginx-common.conf
sed -i 's#{{env "DENY_PACKAGE_CREATE"}}#truetodeny#g' proxy/nginx-common.conf
docker run --rm -e nameservers=127.0.0.1 -v $(shell pwd)/proxy:/proxy nginx nginx -t -c /proxy/nginx.conf
sed -i 's/127.0.0.1/{{nameservers}}/g' proxy/nginx.conf
sed -i 's/127.0.0.2/{{env "EXTERNAL_ROUTE"}}/g' proxy/nginx.conf proxy/nginx-cloudfront.conf
Expand All @@ -67,10 +68,10 @@ validate-proxy:
sed -i 's/127.0.0.5/{{env "INTERNAL_ROUTE_ADMIN"}}/g' proxy/nginx.conf
sed -i 's/127.0.0.6/{{env "PUBLIC_ROUTE"}}/g' proxy/nginx.conf proxy/nginx-cloudfront.conf
sed -i 's/1111/{{port}}/g' proxy/nginx.conf proxy/nginx-common.conf
sed -i 's/test.com/{{env "PUBLIC_ROUTE"}}/g' proxy/nginx-cloudfront.conf
sed -i 's/test.com/{{env "PUBLIC_ROUTE"}}/g' proxy/nginx-cloudfront.conf proxy/nginx-authy.conf
sed -i 's#http://test.com#{{env "S3_URL"}}#g' proxy/nginx-common.conf
sed -i 's#somebucket#{{env "S3_BUCKET"}}#g' proxy/nginx-common.conf
sed -i 's/test.com/{{env "PUBLIC_ROUTE"}}/g' proxy/nginx-authy.conf
sed -i 's/truetodeny/{{env "DENY_PACKAGE_CREATE"}}/g' proxy/nginx-common.conf

quick-bat-test:
# if local environment is already build and running
Expand Down
1 change: 1 addition & 0 deletions manifest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ applications:
INTERNAL_ROUTE: ((route-internal))
EXTERNAL_ROUTE_ADMIN: ((route-external-admin))
INTERNAL_ROUTE_ADMIN: ((route-internal-admin))
DENY_PACKAGE_CREATE: ((deny_package_create))

- name: ((app_name))-gather
buildpacks:
Expand Down
6 changes: 5 additions & 1 deletion proxy/nginx-common.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,11 @@ location = /500.html {

# prevent users from accessing: '/dataset/new' route, 'package_create' and 'resource_create' API routes
location ~ ^/(dataset\/new|api\/action\/package_create|api\/action\/resource_create)/?$ {
deny all;
set $deny {{env "DENY_PACKAGE_CREATE"}};
if ($deny = 'true') {
return 403;
}
try_files $uri @proxy_to_app;
}

# use local path for map tiles so that they
Expand Down
2 changes: 2 additions & 0 deletions vars.development.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ saml2_certificate: |
-----END CERTIFICATE-----
googleanalytics_id: UA-00000000-1

deny_package_create: false
2 changes: 2 additions & 0 deletions vars.prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ saml2_certificate: |
-----END CERTIFICATE-----
googleanalytics_id: G-WP7FK9QXZD

deny_package_create: true
2 changes: 2 additions & 0 deletions vars.staging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ saml2_certificate: |
-----END CERTIFICATE-----
googleanalytics_id: UA-00000000-2

deny_package_create: false

0 comments on commit 88a765e

Please sign in to comment.