Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid using token in testcase #704

Closed
wants to merge 2 commits into from
Closed

Avoid using token in testcase #704

wants to merge 2 commits into from

Conversation

netomi
Copy link

@netomi netomi commented Jul 18, 2024

This PR is triggered by a security alert wrt a token used in a test case.

I updated the testcase to use a dummy value instead.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 18, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: netomi

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

ibuziuk
ibuziuk reviewed Jul 22, 2024
View reviewed changes
...test/java/org/eclipse/che/api/factory/server/bitbucket/HttpBitbucketServerApiClientTest.java
@@ -331,7 +331,7 @@ public void shouldBeAbleToGetExistedPAT()
BitbucketPersonalAccessToken result = bitbucketServer.getPersonalAccessToken("5", "token");
// then
assertNotNull(result);
assertEquals(result.getToken(), "MTU4OTEwNTMyOTA5Ohc88HcY8k7gWOzl2mP5TtdtY5Qs");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc: @artaleks9 isn't it a dummy token?

Copy link
Contributor

@artaleks9 artaleks9 Jul 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess yes..It looks like a dummy token.
Actually it's an unit test/tests, probably @vinokurig can say more.
Anyway the tests of 'git-zero' flow on ci-openshift, where are used actual PATs are hide at all and not visible.

Copy link
Author

@netomi netomi Jul 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fyi: I created that PR due to a secret scanning alert. If the token is a dummy one, this is not necessary, though I suggest to use dummy tokens that are clearly identifiable as such to avoid false alarms, e.g. adding dummy_ as prefix.

@ibuziuk ibuziuk requested a review from artaleks9 July 22, 2024 13:36
@artaleks9
Copy link
Contributor

/retest

@artaleks9
Copy link
Contributor

The tests CI OpenShift are fail on the deploy Che with error:

 Back-off pulling image "quay.io/eclipse/che-server:pr-704"

because the build-pr-check action is failed.

@vinokurig , could you take a look on build-pr-check GitHub action..what could happened?

@vinokurig
Copy link
Contributor

/retest

@vinokurig
Copy link
Contributor

The build-pr-check failed on login to docker.io step. I wonder why this step is skipped in pull requests opened by org members?

@netomi
Copy link
Author

netomi commented Jul 23, 2024

so secrets are not provisioned to workflows running for PRs from outside collaborators, so this step should be skipped in PRs afaict.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 23, 2024

@netomi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/v14-azure-no-pat-oauth-flow-raw-devfile-url e6e586b link true /test v14-azure-no-pat-oauth-flow-raw-devfile-url
ci/prow/v14-azure-no-pat-oauth-flow-ssh-url e6e586b link true /test v14-azure-no-pat-oauth-flow-ssh-url
ci/prow/v14-gitlab-with-pat-setup-flow e6e586b link true /test v14-gitlab-with-pat-setup-flow
ci/prow/v14-azure-no-pat-oauth-flow e6e586b link true /test v14-azure-no-pat-oauth-flow
ci/prow/v14-gitlab-no-pat-oauth-flow-ssh-url e6e586b link true /test v14-gitlab-no-pat-oauth-flow-ssh-url
ci/prow/v14-gitlab-no-pat-oauth-flow e6e586b link true /test v14-gitlab-no-pat-oauth-flow
ci/prow/v14-gitlab-with-oauth-setup-flow e6e586b link true /test v14-gitlab-with-oauth-setup-flow
ci/prow/v14-che-smoke-test e6e586b link true /test v14-che-smoke-test
ci/prow/v14-gitea-no-pat-oauth-flow e6e586b link true /test v14-gitea-no-pat-oauth-flow
ci/prow/v14-azure-with-pat-setup-flow e6e586b link true /test v14-azure-with-pat-setup-flow
ci/prow/v14-bitbucket-no-pat-oauth-flow-ssh-url e6e586b link true /test v14-bitbucket-no-pat-oauth-flow-ssh-url
ci/prow/v14-gitlab-no-pat-oauth-flow-raw-devfile-url e6e586b link true /test v14-gitlab-no-pat-oauth-flow-raw-devfile-url
ci/prow/v14-github-no-pat-oauth-flow-ssh-url e6e586b link true /test v14-github-no-pat-oauth-flow-ssh-url
ci/prow/v14-github-no-pat-oauth-flow-raw-devfile-url e6e586b link true /test v14-github-no-pat-oauth-flow-raw-devfile-url
ci/prow/v14-bitbucket-no-pat-oauth-flow e6e586b link true /test v14-bitbucket-no-pat-oauth-flow
ci/prow/v14-github-no-pat-oauth-flow e6e586b link true /test v14-github-no-pat-oauth-flow
ci/prow/v14-github-with-pat-setup-flow e6e586b link true /test v14-github-with-pat-setup-flow
ci/prow/v14-bitbucket-no-pat-oauth-flow-raw-devfile-url e6e586b link true /test v14-bitbucket-no-pat-oauth-flow-raw-devfile-url
ci/prow/v14-gitea-with-pat-setup-flow e6e586b link true /test v14-gitea-with-pat-setup-flow

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@vinokurig
Copy link
Contributor

closing in favor of #707

@vinokurig vinokurig closed this Jul 23, 2024
@vinokurig vinokurig mentioned this pull request Jul 23, 2024
Open
@vinokurig
Copy link
Contributor

Created an issue about the pull request check: eclipse-che/che#23053

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibuziuk ibuziuk ibuziuk left review comments

@SDawley SDawley Awaiting requested review from SDawley SDawley is a code owner

@vinokurig vinokurig Awaiting requested review from vinokurig vinokurig is a code owner

@tolusha tolusha Awaiting requested review from tolusha tolusha is a code owner

@artaleks9 artaleks9 Awaiting requested review from artaleks9

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@netomi @artaleks9 @vinokurig @ibuziuk