-
Notifications
You must be signed in to change notification settings - Fork 250
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add an auth filter for PinDeploy pipeline (#1719)
This PR implements an auth filter that will replace the principal if both of the conditions are met 1. Request is sent from a list of spiffe ids 2. Request contains a special header. 3. Because the principal name has a SPIFFE prefix, it's more likely to exceed the DB column limit. Introduced a method to trim the string to avoid updating the DB. ## Test and validations test coverage and some manual tests 1. Start the service with updated configuration 2. Craft a request with the spiffe ID and special header 4. Verify in the debugger that the principal is replaced.
- Loading branch information
1 parent
948ba02
commit d6258b0
Showing
20 changed files
with
327 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
deploy-service/common/src/main/java/com/pinterest/deployservice/bean/BaseBean.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package com.pinterest.deployservice.bean; | ||
|
||
public class BaseBean { | ||
|
||
/** | ||
* Trims the input string to the specified size limit. If the input string's length | ||
* exceeds the limit, the method returns the substring from the end of the string | ||
* with the specified limit. Otherwise returns the original string. | ||
* | ||
* @param value the input string to be trimmed | ||
* @param limit the maximum length of the returned string | ||
* @return the trimmed string if the input string's length exceeds the limit, | ||
* otherwise the original string | ||
*/ | ||
protected String getStringWithinSizeLimit(String value, int limit) { | ||
if (value != null && value.length() > limit) { | ||
return value.substring(value.length() - limit, value.length()); | ||
} | ||
return value; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
deploy-service/common/src/test/java/com/pinterest/deployservice/bean/BaseBeanTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package com.pinterest.deployservice.bean; | ||
|
||
|
||
import static org.junit.Assert.assertSame; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.junit.jupiter.api.Assertions.assertNull; | ||
|
||
import org.junit.jupiter.api.Test; | ||
|
||
public class BaseBeanTest { | ||
@Test | ||
void testGetStringWithinSizeLimitInputNull() { | ||
BaseBean baseBean = new BaseBean(); | ||
String result = baseBean.getStringWithinSizeLimit(null, 10); | ||
assertNull(result); | ||
} | ||
|
||
@Test | ||
void testGetStringWithinSizeLimitInputWithinLimit() { | ||
BaseBean baseBean = new BaseBean(); | ||
String input = "test"; | ||
String result = baseBean.getStringWithinSizeLimit(input, 10); | ||
assertSame(input, result); | ||
} | ||
@Test | ||
void testGetStringWithinSizeLimitInputExceedsLimit() { | ||
BaseBean baseBean = new BaseBean(); | ||
String result = baseBean.getStringWithinSizeLimit("0123456789", 5); | ||
assertEquals("56789", result); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.