-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add encode secret string resolver #568
Add encode secret string resolver #568
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #568 +/- ##
=====================================
Coverage 95.84 95.84
=====================================
Files 777 779 +2
Lines 17290 17321 +31
=====================================
+ Hits 16571 16602 +31
Misses 719 719
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Codecov ReportAll modified and coverable lines are covered by tests ✅ ✅ All tests successful. No failed tests found. 📢 Thoughts on this report? Let us know! |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #568 +/- ##
==========================================
+ Coverage 91.35% 91.37% +0.01%
==========================================
Files 599 601 +2
Lines 15972 16003 +31
==========================================
+ Hits 14592 14623 +31
Misses 1380 1380
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found @@ Coverage Diff @@
## main #568 +/- ##
==========================================
+ Coverage 91.35% 91.37% +0.01%
==========================================
Files 599 601 +2
Lines 15972 16003 +31
==========================================
+ Hits 14592 14623 +31
Misses 1380 1380
Flags with carried forward coverage won't be shown. Click here to find out more.
|
644ebad
to
3449308
Compare
if not self.current_user.is_authenticated: | ||
raise Unauthenticated() | ||
if not repo: | ||
raise ValidationError("Repo not found") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- What does the encoded secret string actually do?
- Currently this allows authenticated users not belonging to the org to generate this value as well, is that ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a widget in gazebo that lets us generate a secret string(for any text, but meant to be used for YAML values)
It returns an encrypted string for the text entered. It's basically a big wrapper around the encode_secret_string
function.
Since the user can enter any string, and they will need org validation to see other sensitive data, I am comfortable with allowing any authenticated user to call this.
Let me know if you think I'm missing anything, thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha, as long as this has the same auth validation as the internal REST endpoint its fine.
Adds a resolver to return an encoded secret string. We want to move our REST endpoints to GQL(we are currently using a
POST
request to do this from gazebo).A follow up PR will be made in gazebo to migrate the endpoints.
After that, we will delete the old REST code, once we confirm that it is no longer in use.
This issue closes codecov/engineering-team#1746
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.