-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
B 20256-B main Reapply prevent prime users from accessing pptas #13518
Merged
pambecker
merged 9 commits into
main
from
B-20256-MAIN-Prevent-Prime-users-from-accessing-PPTAS
Aug 21, 2024
Merged
B 20256-B main Reapply prevent prime users from accessing pptas #13518
pambecker
merged 9 commits into
main
from
B-20256-MAIN-Prevent-Prime-users-from-accessing-PPTAS
Aug 21, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joeydoyecaci
requested review from
deandreJones,
cameroncaci,
paulstonebraker,
loganwc,
pambecker and
JonSpight
August 20, 2024 14:27
Bundle StatsHey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle. As this PR is updated, I'll keep you updated on how the bundle size is impacted. Total
Changeset
View detailed bundle breakdownAdded
Removed
Bigger No assets were bigger Smaller No assets were smaller Unchanged
|
joeydoyecaci
changed the title
B 20256 main prevent prime users from accessing pptas
B 20256-B main prevent prime users from accessing pptas
Aug 21, 2024
joeydoyecaci
changed the title
B 20256-B main prevent prime users from accessing pptas
B 20256-B main Reapply prevent prime users from accessing pptas
Aug 21, 2024
pambecker
approved these changes
Aug 21, 2024
paulstonebraker
approved these changes
Aug 21, 2024
pambecker
deleted the
B-20256-MAIN-Prevent-Prime-users-from-accessing-PPTAS
branch
August 21, 2024 16:03
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[B-20256](Prevent Prime users from accessing PPTAS)
Summary
Added Client cert authorization to PPTAS if the "allow_pptas" flag is set to true for a given user, and prevent acess if flag is false. Added pptas-client-api command
Important
Contains both 20256 and 19181 Code
Referencing PRs
Revert "B 19181 create pptas api
Revert "B 20256 main prevent prime users from accessing pptas
B 20256 main prevent prime users from accessing pptas
B 19181 create pptas api
Important
This cannot be tested (unless you have a secure migration already in place locally)
How to test:
1. you will need to get your CAC cert added to the client_cert table. Guide to do so here: How to Create CAC Access2. run make
server_run
and makeclient_run
3. log into adminlocal
4. go to client_certs
5. find your cert. edit to set
allow_pptas
to true, then save6. run the pptas-api-client command, using
go run ./cmd/pptas-api-client --cac --insecure --port 9443 list-moves --since '2024-01-01'
this should return some moves as a json.7. switch
allow_pptas
to false8. run
go run ./cmd/pptas-api-client --cac --insecure --port 9443 list-moves --since '2024-01-01'
again, a forbidden error should be returned9. switch
allow_pptas
back to true10. run
go run ./cmd/pptas-api-client --cac --insecure --port 9443 list-moves --since '2024-01-01'
again, this time moves should be returned as it has previously