explicit files blacklist

Former-commit-id: e11df83d697fbaf39101819a3123efbbc7880590
F5Networks · Nov 12, 2019 · 0c4e8f2 · 0c4e8f2
1 parent a2876ee
commit 0c4e8f2
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 5 deletions.
diff --git a/docs/userguide/gcp.rst b/docs/userguide/gcp.rst
@@ -31,8 +31,9 @@ These are the minimum requirements for setting up Cloud Failover in Google Cloud
 - **Route(s) in a route table tagged with**:
 
   - a key/value corresponding to the key/value(s) provided in the `failoverRoutes.scopingTags` section of the Cloud Failover extension configuration
-  - a special key call `f5_self_ips` containing a comma-separated list of addresses mapping to a self IP address on each instance in the cluster that the routes should be pointed at. Example: `10.0.0.10,10.0.0.11`
-
+  - a special key called `f5_self_ips` containing a comma-separated list of addresses mapping to a self IP address on each instance in the cluster that the routes should be pointed at. Example: `10.0.0.10,10.0.0.11`
+
+  Note: Since GCP routes don't support GCP labels a JSON blob MUST be added to the description, here is an example: f5_cloud_failover_labels={"f5_cloud_failover_label":"mydeployment","f5_self_ips":"10.0.0.10,10.0.0.11"}
   Note: The failover extension configuration `failoverRoutes.scopingAddressRanges` contains a list of destination routes to update.
 
 

diff --git a/files_blacklist.yml b/files_blacklist.yml
@@ -0,0 +1,40 @@
+# Note: This list is checked only if settings.repository.push_rules.prevent_secrets is true
+
+# Any file ending which contains 'credentials'
+- '*credentials*'
+
+# Private RSA SSH keys
+- /ssh/id_rsa
+- /.ssh/personal_rsa
+- /config/server_rsa
+- id_rsa
+- .id_rsa
+
+# Private DSA SSH keys
+- /ssh/id_dsa
+- /.ssh/personal_dsa
+- /config/server_dsa
+- id_dsa
+- .id_dsa
+
+# Private ed25519 SSH keys
+- /ssh/id_ed25519
+- /.ssh/personal_ed25519
+- /config/server_ed25519
+- id_ed25519
+- .id_ed25519
+
+# Private ECDSA SSH keys
+- /ssh/id_ecdsa
+- /.ssh/personal_ecdsa
+- /config/server_ecdsa
+- id_ecdsa
+- .id_ecdsa
+
+# Any file with .pem or .key extensions
+- '*.pem'
+- '*.key'
+
+# Any file ending with _history or .history extension
+- '*.history'
+- '*_history'
diff --git a/test/functional/deployment/terraform/gcp/main.tf b/test/functional/deployment/terraform/gcp/main.tf
@@ -68,8 +68,8 @@ resource "google_compute_subnetwork" "int_subnetwork" {
   description   = "${var.reaper_tag}"
 }
 
-resource "google_compute_forwarding_rule" "vm02-forwarding-rule" {
-  name = "tf-func-test-forwarding-rule-vm02-us-west1-${module.utils.env_prefix}"
+resource "google_compute_forwarding_rule" "forwarding-rule" {
+  name = "tf-func-test-forwarding-rule-us-west1-${module.utils.env_prefix}"
   ip_protocol = "TCP"
   load_balancing_scheme = "EXTERNAL"
   target = "${google_compute_target_instance.vm02.self_link}"
@@ -405,7 +405,7 @@ resource "null_resource" "create_virtual01" {
 
 resource "null_resource" "create_virtual02" {
   provisioner "local-exec" {
-    command = "curl -skvvu ${var.admin_username}:${module.utils.admin_password} -X POST -H \"Content-Type: application/json\" https://${google_compute_instance.vm02.network_interface.1.access_config.0.nat_ip}/mgmt/tm/ltm/virtual -d '{\"name\":\"external-pool\",\"destination\":\"${google_compute_forwarding_rule.vm02-forwarding-rule.ip_address}:80\"}'"
+    command = "curl -skvvu ${var.admin_username}:${module.utils.admin_password} -X POST -H \"Content-Type: application/json\" https://${google_compute_instance.vm02.network_interface.1.access_config.0.nat_ip}/mgmt/tm/ltm/virtual -d '{\"name\":\"external-pool\",\"destination\":\"${google_compute_forwarding_rule.forwarding-rule.ip_address}:80\"}'"
   }
   triggers = {
     always_run = timestamp()