Re-implement DNSSEC chain-of-trust test in EKS brokerpak #3751
Comments
mogul
added a commit
to GSA-TTS/datagov-brokerpak-eks
that referenced
this issue
Mar 22, 2022
mogul
added a commit
to GSA-TTS/datagov-brokerpak-eks
that referenced
this issue
Mar 22, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story
In order to reliably verify that DNSSEC is configured properly for provisioned instances, the data.gov team wants to reimplement the
delv-based test in the EKS brokerpak.Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
datagov-brokerpak-ekstestsTHEN I see a test for DNSSEC configuration is invoked
AND the test passes
Background
Our existing delv-based test cannot validate our DNSSEC configuration, even though it's clearly correct when we use external tools to check it. We have commented out that test in order to get the branch merged. This issue captures the need to resolve this technical debt.
Security Considerations (required)
[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]
Sketch
[Notes or a checklist reflecting our understanding of the selected approach]
The text was updated successfully, but these errors were encountered: