From aa468c6c8cfcaa44ead2fcd9078114f4b56e187a Mon Sep 17 00:00:00 2001
From: Jerry Mao <j-mao@users.noreply.github.com>
Date: Tue, 10 Jan 2023 12:30:41 +1100
Subject: [PATCH 1/3] Always create HTTPS backend

---
 deploy/main.tf              | 4 ++--
 deploy/network/main.tf      | 4 ++--
 deploy/network/variables.tf | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/deploy/main.tf b/deploy/main.tf
index 229f513b3..3596cef94 100644
--- a/deploy/main.tf
+++ b/deploy/main.tf
@@ -105,7 +105,7 @@ module "production_network" {
   gcp_region  = var.gcp_region
   gcp_zone    = var.gcp_zone
 
-  use_ssl               = true
+  https_redirect        = true
   subdomain             = ""
   cloudrun_service_name = module.production.run_service_name
   sql_instance_ip       = module.production.sql_instance_ip
@@ -134,7 +134,7 @@ module "staging_network" {
   gcp_region  = var.gcp_region
   gcp_zone    = var.gcp_zone
 
-  use_ssl               = false
+  https_redirect        = false
   subdomain             = "staging."
   cloudrun_service_name = module.staging.run_service_name
   sql_instance_ip       = module.staging.sql_instance_ip
diff --git a/deploy/network/main.tf b/deploy/network/main.tf
index 2df7b5a8e..73c293fc4 100644
--- a/deploy/network/main.tf
+++ b/deploy/network/main.tf
@@ -39,10 +39,10 @@ module "lb" {
 
   url_map           = google_compute_url_map.this.self_link
   create_url_map    = false
-  https_redirect    = var.use_ssl
+  https_redirect    = var.https_redirect
   firewall_networks = []
 
-  ssl                             = var.use_ssl
+  ssl                             = true
   use_ssl_certificates            = false
   managed_ssl_certificate_domains = [for subdomain in local.subdomains : "${subdomain}battlecode.org" ]
 
diff --git a/deploy/network/variables.tf b/deploy/network/variables.tf
index 283ea64ae..c5f5b2bcf 100644
--- a/deploy/network/variables.tf
+++ b/deploy/network/variables.tf
@@ -23,8 +23,8 @@ variable "subdomain" {
   type        = string
 }
 
-variable "use_ssl" {
-  description = "Whether to use and redirect to SSL."
+variable "https_redirect" {
+  description = "Whether to redirect to SSL."
   type        = bool
 }
 

From 0acc66cc7699d036fa07b6e6ceb04f46cbc5b62f Mon Sep 17 00:00:00 2001
From: Jerry Mao <j-mao@users.noreply.github.com>
Date: Tue, 10 Jan 2023 12:29:42 +1100
Subject: [PATCH 2/3] Revert "Follow redirects on POST requests"

This reverts commit c42a92e0f8a47657c36df9ed598fe1c213254672.
---
 saturn/pkg/saturn/report.go | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/saturn/pkg/saturn/report.go b/saturn/pkg/saturn/report.go
index 64a0dbac1..65011ac24 100644
--- a/saturn/pkg/saturn/report.go
+++ b/saturn/pkg/saturn/report.go
@@ -29,24 +29,6 @@ func NewGCPTokenedReporter(
 	if err != nil {
 		return nil, fmt.Errorf("idtoken.NewClient: %v", err)
 	}
-
-	// Allow following redirect for POST requests
-	client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
-		if len(via) >= 10 {
-			return fmt.Errorf("stopped after 10 redirects")
-		}
-		if via[0].GetBody == nil {
-			return fmt.Errorf("could not get original body")
-		}
-
-		var err error
-		req.Method = http.MethodPost
-		req.Body, err = via[0].GetBody()
-		if err != nil {
-			return fmt.Errorf("GetBody: %v", err)
-		}
-		return nil
-	}
 	return &GCPTokenedReporter{client, userAgent}, nil
 }
 

From 867c410d301bcc15d332a8a6ba31a6496f0d6991 Mon Sep 17 00:00:00 2001
From: Jerry Mao <j-mao@users.noreply.github.com>
Date: Tue, 10 Jan 2023 12:30:04 +1100
Subject: [PATCH 3/3] Revert "Default to http for the sake of staging"

This reverts commit b1c3ad9a951626fc9034322aa8c3349f778d15ca.
---
 backend/siarnaq/api/compete/models.py   | 4 ++--
 backend/siarnaq/api/episodes/signals.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/siarnaq/api/compete/models.py b/backend/siarnaq/api/compete/models.py
index 23aef701f..9b7d02517 100644
--- a/backend/siarnaq/api/compete/models.py
+++ b/backend/siarnaq/api/compete/models.py
@@ -163,7 +163,7 @@ def for_saturn(self):
 
     def enqueue_options(self):
         """Return the options to be submitted to the compilation queue."""
-        report_url = "http://{}{}".format(
+        report_url = "https://{}{}".format(
             settings.ALLOWED_HOSTS[0],
             reverse(
                 "submission-report",
@@ -257,7 +257,7 @@ def for_saturn(self):
 
     def enqueue_options(self):
         """Return the options to be submitted to the execution queue."""
-        report_url = "http://{}{}".format(
+        report_url = "https://{}{}".format(
             settings.ALLOWED_HOSTS[0],
             reverse(
                 "match-report",
diff --git a/backend/siarnaq/api/episodes/signals.py b/backend/siarnaq/api/episodes/signals.py
index 85702ee55..492b375e6 100644
--- a/backend/siarnaq/api/episodes/signals.py
+++ b/backend/siarnaq/api/episodes/signals.py
@@ -50,7 +50,7 @@ def update_autoscrim_schedule(instance, update_fields, **kwargs):
         f"{parent}/jobs/"
         f"{settings.GCLOUD_SCHEDULER_PREFIX}-autoscrim-{instance.name_short}"
     )
-    url = "http://{}{}".format(
+    url = "https://{}{}".format(
         settings.ALLOWED_HOSTS[0],
         reverse("episode-autoscrim", kwargs={"pk": instance.pk}),
     )