Skip to content

Commit 85bb8ff

Browse files
samrosesamrose
authored
Merge branch 'develop' into sam/wal-g-3
2 parents 7af56db + 79c663b commit 85bb8ff

File tree

3 files changed

+19
-67
lines changed

3 files changed

+19
-67
lines changed

ansible/files/envoy_config/lds.supabase.yaml

Lines changed: 4 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -37,51 +37,6 @@ resources:
3737
rules:
3838
action: DENY
3939
policies:
40-
api_key_missing:
41-
permissions:
42-
- any: true
43-
principals:
44-
- not_id:
45-
or_ids:
46-
ids:
47-
- header:
48-
name: apikey
49-
present_match: true
50-
- header:
51-
name: ':path'
52-
string_match:
53-
contains: apikey=
54-
api_key_not_valid:
55-
permissions:
56-
- any: true
57-
principals:
58-
- not_id:
59-
or_ids:
60-
ids:
61-
- header:
62-
name: apikey
63-
string_match:
64-
exact: anon_key
65-
- header:
66-
name: apikey
67-
string_match:
68-
exact: service_key
69-
- header:
70-
name: apikey
71-
string_match:
72-
exact: supabase_admin_key
73-
- header:
74-
name: ':path'
75-
string_match:
76-
contains: apikey=anon_key
77-
- header:
78-
name: ':path'
79-
string_match:
80-
contains: apikey=service_key
81-
- header:
82-
name: ':path'
83-
string_match:
84-
contains: apikey=supabase_admin_key
8540
origin_protection_key_missing:
8641
permissions:
8742
- any: true
@@ -234,6 +189,10 @@ resources:
234189
prefix: /metrics/aggregated
235190
invert_match: true
236191
status_code: 401
192+
headers_to_add:
193+
- header:
194+
key: x-sb-error-code
195+
value: '%RESPONSE_CODE_DETAILS%'
237196
body_format_override:
238197
json_format:
239198
message: >-
@@ -383,24 +342,6 @@ resources:
383342
route:
384343
cluster: admin_api
385344
prefix_rewrite: /privileged/
386-
typed_per_filter_config:
387-
envoy.filters.http.rbac:
388-
'@type': >-
389-
type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute
390-
rbac:
391-
rules:
392-
action: DENY
393-
policies:
394-
basic_auth:
395-
permissions:
396-
- any: true
397-
principals:
398-
- header:
399-
name: authorization
400-
invert_match: true
401-
string_match:
402-
exact: Basic c2VydmljZV9yb2xlOnNlcnZpY2Vfa2V5
403-
treat_missing_header_as_empty: true
404345
- match:
405346
prefix: /metrics/aggregated
406347
request_headers_to_remove:

ansible/files/envoy_config/lds.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,10 @@ resources:
215215
prefix: /metrics/aggregated
216216
invert_match: true
217217
status_code: 401
218+
headers_to_add:
219+
- header:
220+
key: x-sb-error-code
221+
value: '%RESPONSE_CODE_DETAILS%'
218222
body_format_override:
219223
json_format:
220224
message: >-

scripts/nix-provision.sh

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,18 @@ set -o pipefail
66
set -o xtrace
77

88
function install_packages {
9-
# Setup Ansible on host VM
10-
sudo apt-get update && sudo apt-get install software-properties-common -y
11-
sudo add-apt-repository --yes --update ppa:ansible/ansible && sudo apt-get install ansible -y
12-
ansible-galaxy collection install community.general
9+
# Setup Ansible on host VM
10+
sudo apt-get update && sudo apt-get install -y software-properties-common
1311

12+
# Manually add GPG key with explicit keyserver
13+
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
14+
15+
# Add repository and install
16+
sudo add-apt-repository --yes ppa:ansible/ansible
17+
sudo apt-get update
18+
sudo apt-get install -y ansible
19+
20+
ansible-galaxy collection install community.general
1421
}
1522

1623

0 commit comments

Comments
 (0)