-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
B 20256-B Reapply int prevent prime users from accessing pptas #13517
Merged
joeydoyecaci
merged 33 commits into
integrationTesting
from
B-20256-INT-Prevent-Prime-users-from-accessing-PPTAS
Aug 21, 2024
Merged
B 20256-B Reapply int prevent prime users from accessing pptas #13517
joeydoyecaci
merged 33 commits into
integrationTesting
from
B-20256-INT-Prevent-Prime-users-from-accessing-PPTAS
Aug 21, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
B-20723 / B-20726
… incident info separately
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…org/x/tools-0.24.0
B 20639 b 20606 nts loa main
Bumps [github.com/aws/aws-sdk-go-v2/service/ses](https://github.com/aws/aws-sdk-go-v2) from 1.22.7 to 1.25.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/mq/v1.22.7...v1.25.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ses dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
MAIN B-20791 refactor evaluation report to a route
…-go-v2/service/ses-1.25.3
…com/aws/aws-sdk-go-v2/service/ses-1.25.3
Bumps [go.opentelemetry.io/otel/exporters/stdout/stdouttrace](https://github.com/open-telemetry/opentelemetry-go) from 1.17.0 to 1.28.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.17.0...v1.28.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/exporters/stdout/stdouttrace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…telemetry.io/otel/exporters/stdout/stdouttrace-1.28.0 Bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.17.0 to 1.28.0
This reverts commit c76d6f7.
This reverts commit 0b46fb5.
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
….org/zap-1.27.0
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0. - [Commits](golang/oauth2@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…org/x/oauth2-0.22.0
…into B-20256-INT-Prevent-Prime-users-from-accessing-PPTAS
joeydoyecaci
added
G-Unit
Scrum Team G
INTEGRATION
Slated for Integration Testing
labels
Aug 20, 2024
joeydoyecaci
requested review from
deandreJones,
cameroncaci,
paulstonebraker,
loganwc,
pambecker and
JonSpight
August 20, 2024 14:11
pambecker
reviewed
Aug 20, 2024
…into B-20256-INT-Prevent-Prime-users-from-accessing-PPTAS
…s-from-accessing-PPTAS
…into B-20256-INT-Prevent-Prime-users-from-accessing-PPTAS
pambecker
approved these changes
Aug 20, 2024
paulstonebraker
approved these changes
Aug 21, 2024
joeydoyecaci
deleted the
B-20256-INT-Prevent-Prime-users-from-accessing-PPTAS
branch
August 21, 2024 12:53
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[B-20256](Prevent Prime users from accessing PPTAS)
Summary
Added Client cert authorization to PPTAS if the "allow_pptas" flag is set to true for a given user, and prevent acess if flag is false. Added pptas-client-api command
Important
Contains both 20256 and 19181 Code
Referencing PRs
Revert "B 19181 create pptas api
Revert "B 20256 main prevent prime users from accessing pptas
B 20256 main prevent prime users from accessing pptas
B 19181 create pptas api
Important
This cannot be tested (unless you have a secure migration already in place).
How to test:
1. you will need to get your CAC cert added to the client_cert table. Guide to do so here: How to Create CAC Access2. run make
server_run
and makeclient_run
3. log into adminlocal
4. go to client_certs
5. find your cert. edit to set
allow_pptas
to true, then save6. run the pptas-api-client command, using
go run ./cmd/pptas-api-client --cac --insecure --port 9443 list-moves --since '2024-01-01'
this should return some moves as a json.7. switch
allow_pptas
to false8. run
go run ./cmd/pptas-api-client --cac --insecure --port 9443 list-moves --since '2024-01-01'
again, a forbidden error should be returned9. switch
allow_pptas
back to true10. run
go run ./cmd/pptas-api-client --cac --insecure --port 9443 list-moves --since '2024-01-01'
again, this time moves should be returned as it has previously