Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1354061

Summary: Secure cookie for GEARUID while keeping session affinity
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: NetworkingAssignee: Abhishek Gupta <abhgupta>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED WONTFIX Docs Contact:
Severity: high    
Priority: high CC: agrimm, aos-bugs, bvincell, erich, jokerman, mmccomas, rhowe
Version: 2.2.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-07 19:09:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1366461    

Description Ryan Howe 2016-07-08 22:11:25 UTC 
Looking to set GEARID as secure in response header and remove while it is sent to backend instance, while still keeping session affinity.


https://github.com/openshift/origin-server/blob/master/cartridges/openshift-origin-cartridge-haproxy/usr/bin/update-cluster#L76

https://cbonte.github.io/haproxy-dconv/configuration-1.4.html#4-cookie
   - Note the secure option. 



    1. Proposed title of this feature request  
         Secure cookie for GEARUID 
      
    2. Who is the customer behind the request?  
    Account: Cisco 	5255846
      
    TAM customer: no  
    SRM customer: yes  
    Strategic: yes  
      
    3. What is the nature and description of the request?  

Configure GEARID as secure in response header and remove while it is sent to backend instance, with out hitting session affinity issues. 
      
    4. Why does the customer need this? (List the business requirements here)  
Infosec security compliance       

    5. How would the customer like to achieve this? (List the functional requirements here)  
Making the necessary changes to haproxy's template
      
    8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? 
- Before EOL
Comment 10 Kurt Seifried 2016-09-07 19:09:26 UTC 
As per IRC closing WONTFIX since this is out of scope for support and blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1092005