Skip to content
This repository was archived by the owner on Mar 13, 2025. It is now read-only.

Commit a2dbb5e

Browse files
jmgasperjmgasper
authored
Merge pull request #4 from topcoder-platform/issue-131
For #131: Port self-signed cert changes over to AWS DLP
2 parents f027959 + 8dd5fb5 commit a2dbb5e

File tree

5 files changed

+55
-7
lines changed

5 files changed

+55
-7
lines changed

DLPTrigger/utils/presidio.ts

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
import axios, { AxiosRequestConfig } from 'axios'
2+
import https from 'https'
3+
4+
const httpsAgent = new https.Agent({ rejectUnauthorized: false })
25

36
/**
47
* Presidio Analyze Response item
@@ -26,8 +29,12 @@ export async function identifyPII (dataString: string): Promise<PresidioRes> {
2629
data: {
2730
text: dataString,
2831
language: 'en'
29-
}
32+
},
33+
headers: {
34+
Host: 'tcx-presidio.svc'
35+
},
36+
httpsAgent
3037
}
31-
const res = await axios(requestConfig)
32-
return res.data as PresidioRes
38+
const res = await axios.request<PresidioRes>(requestConfig)
39+
return res.data
3340
}

deployment/charts/presidio/templates/_helpers.tpl

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
2424
{{- define "presidio.anonymizerimage.fullname" -}}
2525
{{ include "presidio.fullname" . | printf "%s-image-redactor" }}
2626
{{- end -}}
27+
{{- define "presidio.ingress.fullname" -}}
28+
{{ include "presidio.fullname" . | printf "%s-ingress" }}
29+
{{- end -}}
30+
{{- define "presidio.ingress.cert.secretname" -}}
31+
{{ include "presidio.fullname" . | printf "%s-ingress-cert" }}
32+
{{- end -}}
2733

2834
{{- define "presidio.analyzer.address" -}}
2935
{{template "presidio.analyzer.fullname" .}}:{{.Values.analyzer.service.externalPort}}
@@ -37,4 +43,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
3743
{{template "presidio.anonymizerimage.fullname" .}}:{{.Values.anonymizerimage.service.externalPort}}
3844
{{- end -}}
3945

40-
{{- define "presidio.rbac.version" }}rbac.authorization.k8s.io/v1{{ end -}}
46+
{{- define "presidio.rbac.version" }}rbac.authorization.k8s.io/v1{{ end -}}
47+
48+
{{/* Generate certificates for custom-metrics api server */}}
49+
{{- define "tcx-presidio.gen-certs" -}}
50+
{{- $ca := genCA (.Values.caCommonName) 365 -}}
51+
{{- $altNames := list (.Values.certDomainName) -}}
52+
{{- $cert := genSignedCert (.Values.certDomainName) nil $altNames 365 $ca -}}
53+
tls.crt: {{ $cert.Cert | b64enc }}
54+
tls.key: {{ $cert.Key | b64enc }}
55+
{{- end -}}

deployment/charts/presidio/templates/ingress-cert.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
{{- $ingressCertSecretName := include "presidio.ingress.cert.secretname" . -}}
2+
apiVersion: v1
3+
kind: Secret
4+
type: kubernetes.io/tls
5+
metadata:
6+
name: {{ $ingressCertSecretName }}
7+
labels:
8+
app: {{ $ingressCertSecretName }}
9+
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
10+
release: {{ .Release.Name }}
11+
heritage: {{ .Release.Service }}
12+
annotations:
13+
"helm.sh/hook": "pre-install"
14+
"helm.sh/hook-delete-policy": "before-hook-creation"
15+
data:
16+
{{ ( include "tcx-presidio.gen-certs" . ) | indent 2 }}

deployment/charts/presidio/templates/ingress.yaml

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,29 @@
11
{{- if and (.Values.ingress.enabled) (eq .Values.ingress.class "nginx") -}}
2+
{{- $ingressName := include "presidio.ingress.fullname" . -}}
3+
{{- $ingressCertSecretName := include "presidio.ingress.cert.secretname" . -}}
24
{{- $analyzerfullname := include "presidio.analyzer.fullname" . -}}
35
{{- $anonymizerfullname := include "presidio.anonymizer.fullname" . -}}
46
{{- $anonymizerimagefullname := include "presidio.anonymizerimage.fullname" . -}}
57
apiVersion: networking.k8s.io/v1beta1
68
kind: Ingress
79
metadata:
8-
name: presidio-ingress
10+
name: {{ $ingressName }}
911
labels:
10-
app: presidio-ingress
12+
app: {{ $ingressName }}
1113
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
1214
release: {{ .Release.Name }}
1315
heritage: {{ .Release.Service }}
1416
annotations:
1517
kubernetes.io/ingress.class: {{ .Values.ingress.class }}
1618
nginx.ingress.kubernetes.io/rewrite-target: "/$2"
1719
spec:
20+
tls:
21+
- hosts:
22+
- "{{ .Values.certDomainName }}"
23+
secretName: {{ $ingressCertSecretName }}
1824
rules:
19-
- http:
25+
- host: "{{ .Values.certDomainName }}"
26+
http:
2027
paths:
2128
- backend:
2229
serviceName: {{ $analyzerfullname }}

deployment/charts/presidio/values.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,3 +66,6 @@ anonymizerimage:
6666
externalPort: 80
6767
internalPort: 8080
6868
name: http
69+
70+
certDomainName: tcx-presidio.svc
71+
caCommonName: tcx-presidio.ca

0 commit comments

Comments
 (0)