fix(api): set min TLS version 1.3, secure HTTP-only cookie (#596)

* fix(api): set min TLS version 1.3, secure HTTP-only cookie * remove `all-tests-passed` job --------- Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
2025-08-23 03:48:35 +00:00 · 2023-10-01 14:19:51 -04:00 · 2023-10-01 14:19:51 -04:00 · 16ebf30a79
commit 16ebf30a79
parent bd09fd3d6e
5 changed files with 10 additions and 13 deletions
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -18,9 +18,9 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 1
+          fetch-depth: 0

-      - uses: dorny/paths-filter@v2.2.1
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1
        id: filter
        with:
          filters: |
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -18,7 +18,7 @@ jobs:
        with:
          fetch-depth: 1

-      - uses: dorny/paths-filter@v2.2.1
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1
        id: filter
        with:
          filters: |
@ -49,7 +49,7 @@ jobs:
        with:
          fetch-depth: 1

-      - uses: dorny/paths-filter@v2.2.1
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1
        id: filter
        with:
          filters: |
@ -70,10 +70,3 @@ jobs:
        if: steps.filter.outputs.go == 'true'
        timeout-minutes: 10
        run: go test -v -cover ./...
-
-  all-tests-passed:
-    name: All Tests Passed
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "PASS"
--- a/proxmox/api/client.go
+++ b/proxmox/api/client.go
@ -75,6 +75,7 @@ func NewConnection(endpoint string, insecure bool) (*Connection, error) {

 	var transport http.RoundTripper = &http.Transport{
 		TLSClientConfig: &tls.Config{
+			MinVersion:         tls.VersionTLS13,
 			InsecureSkipVerify: insecure, //nolint:gosec
 		},
 	}
--- a/proxmox/api/ticket_auth.go
+++ b/proxmox/api/ticket_auth.go
@ -125,8 +125,10 @@ func (t *ticketAuthenticator) AuthenticateRequest(ctx context.Context, req *http
 	}

 	req.AddCookie(&http.Cookie{
-		Name:  "PVEAuthCookie",
-		Value: *a.Ticket,
+		HttpOnly: true,
+		Name:     "PVEAuthCookie",
+		Secure:   true,
+		Value:    *a.Ticket,
 	})

 	if req.Method != http.MethodGet {
--- a/proxmoxtf/resource/file.go
+++ b/proxmoxtf/resource/file.go
@ -382,6 +382,7 @@ func fileCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag
 			httpClient := http.Client{
 				Transport: &http.Transport{
 					TLSClientConfig: &tls.Config{
+						MaxVersion:         tls.VersionTLS13,
 						InsecureSkipVerify: sourceFileInsecure,
 					},
 				},