Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-pycloudlib): handle required files for external configuration backends #9389

Merged
merged 4 commits into from
Sep 6, 2024
Merged

feat(jans-pycloudlib): handle required files for external configuration backends #9389

merged 4 commits into from
Sep 6, 2024

Conversation

iromli
Copy link
Contributor

@iromli iromli commented Sep 5, 2024
edited
Loading

Prepare

Description

Added methods in jans-pycloudlib to bootstrap required assets for external configuration backends (AWS/Google/Vault). A separate PR is needed to sync OCI images to use this new version of jans-pycloudlib.

Target issue

closes #9368

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@iromli
feat(jans-pycloudlib): handle required files for external configurati…
99735d0 
…on backends

Signed-off-by: iromli <isman.firmansyah@gmail.com>
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 5, 2024
edited
Loading

DryRun Security Summary

The pull request covers various updates to the jans-pycloudlib Python package, including changes to the setup.py file, testing of the decode_file and decode_string functions, integration with the Google Spanner database, and refactoring of the ConfigManager and SecretManager classes, all of which contribute to a more secure and maintainable codebase.

Expand for full summary

Summary:

The code changes in this pull request cover various aspects of the jans-pycloudlib Python package, including updates to the setup.py file, testing of the decode_file and decode_string functions, integration with the Google Spanner database, and refactoring of the ConfigManager and SecretManager classes.

From an application security perspective, the changes do not introduce any obvious security concerns. The addition of a new dependency, the improvements to the testing coverage, the proper handling of Google Application Credentials, and the refactoring of the manager classes all contribute to a more secure and maintainable codebase.

However, it's important to note that the overall security of the application would depend on how the jans-pycloudlib package is used and integrated into the larger application. Proper management of secrets, input validation, and secure deployment practices are crucial to ensuring the security of the application.

Files Changed:

  1. jans-pycloudlib/setup.py: The changes include the addition of a new dependency, grpc-interceptor>=0.15.4, which is required for the google-cloud-secret-manager library. This change does not introduce any obvious security concerns.

  2. jans-pycloudlib/tests/test_cli.py: The changes involve modifying the way the Manager class is instantiated in the tests, which helps ensure the robustness and reliability of the encoding/decoding functionality. The changes cover various scenarios for providing the salt value, which is important for the security of encrypted data.

  3. jans-pycloudlib/jans/pycloudlib/persistence/spanner.py: The changes are related to the integration of the Google Spanner database, including the management of Google Application Credentials and the rendering of Spanner connection properties. These changes help ensure the proper handling of the required credentials and configuration.

  4. jans-pycloudlib/jans/pycloudlib/manager.py: The changes include refactoring of the adapter resolution, handling of unsupported adapters, bootstrapping of assets, and removal of the dataclass decorator. These changes improve the overall structure and maintainability of the ConfigManager and SecretManager classes, without introducing any obvious security concerns.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added comp-jans-pycloudlib kind-feature Issue or PR is a new feature request labels Sep 5, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 5, 2024
View reviewed changes
@iromli
feat(jans-pycloudlib): populate google credentials if using spanner p…
2ae94ab 
…ersistence

Signed-off-by: iromli <isman.firmansyah@gmail.com>
@iromli iromli marked this pull request as ready for review September 5, 2024 19:34
@iromli iromli requested a review from moabu as a code owner September 5, 2024 19:34
@iromli iromli self-assigned this Sep 5, 2024
@iromli
fix(jans-pycloudlib): resolve broken dependency for google-cloud-secr…
5ef6365 
…et-manager lib

Signed-off-by: iromli <isman.firmansyah@gmail.com>
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Sep 5, 2024

Quality Gate Passed Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@moabu moabu merged commit 3c14434 into main Sep 6, 2024
10 checks passed
@moabu moabu deleted the cn-ext-configuration branch September 6, 2024 09:19
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Sep 6, 2024

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Sep 6, 2024

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@iromli @moabu
feat(jans-pycloudlib): handle required files for external configurati…
4ddcc83 
…on backends (#9389)

* feat(jans-pycloudlib): handle required files for external configuration backends

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* feat(jans-pycloudlib): populate google credentials if using spanner persistence

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* fix(jans-pycloudlib): resolve broken dependency for google-cloud-secret-manager lib

Signed-off-by: iromli <isman.firmansyah@gmail.com>

---------

Signed-off-by: iromli <isman.firmansyah@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Former-commit-id: 3c14434
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

Assignees

@iromli iromli

Labels
comp-jans-pycloudlib kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-pycloudlib): handle required files for external configuration backends
3 participants
@iromli @moabu @mo-auto