Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue #2669 - validate request scopes before read, vread, history, and search #2671

Merged
merged 2 commits into from
Aug 10, 2021
Merged

issue #2669 - validate request scopes before read, vread, history, and search #2671

merged 2 commits into from
Aug 10, 2021

Conversation

lmsurpre
Copy link
Member

@lmsurpre lmsurpre commented Aug 9, 2021

In addition to checking the scopes for each resource on the way out (via
the afterX methods), we now check that the requested interaction is
permitted by the passed scopes on the way in (the beforeX methods).
Two reasons:

  1. We prevent some unnecessary work for invalid requests
  2. We prevent leaking info about the presence/absence of resourceTypes
    for which a given application has not been granted access

The request scopes are already checked before create, update, and
delete.

Signed-off-by: Lee Surprenant lmsurpre@us.ibm.com

@lmsurpre
issue #2669 - validate request scopes before read, vread, history, and
edef7af 
search

In addition to checking the scopes for each resource on the way out (via
the afterX methods), we now check that the requested interaction is
permitted by the passed scopes on the way in (the beforeX methods).
Two reasons:
1. We prevent some unnecessary work for invalid requests
2. We prevent leaking info about the presence/absence of resourceTypes
for which a given application has not been granted access

The request scopes are already checked before create, update, and
delete.

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
@lmsurpre
Added test cases
9b278cd 
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
JohnTimm
JohnTimm approved these changes Aug 9, 2021
View reviewed changes
Copy link
Collaborator

@JohnTimm JohnTimm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

michaelwschroeder
michaelwschroeder approved these changes Aug 10, 2021
View reviewed changes
Copy link
Contributor

@michaelwschroeder michaelwschroeder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lmsurpre lmsurpre merged commit 1c94115 into main Aug 10, 2021
@lmsurpre lmsurpre deleted the issue-2669 branch August 10, 2021 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelwschroeder michaelwschroeder michaelwschroeder approved these changes

@JohnTimm JohnTimm JohnTimm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lmsurpre @JohnTimm @michaelwschroeder