Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SecretGroup common policy path #392

Merged
merged 1 commit into from
Nov 19, 2021
Merged

Fix SecretGroup common policy path #392

merged 1 commit into from
Nov 19, 2021

Conversation

john-odonnell
Copy link
Contributor

@john-odonnell john-odonnell commented Nov 18, 2021
edited
Loading

Desired Outcome

From ONYX-14902:

We added the secrets-policy-path annotation but it does not appear to be working as intended.
Write some unit tests to cover the functionality (mostly here) and make sure the annotation is documented in PUSH_TO_FILE.md.

When the annotation conjur.org/conjur-secrets-policy-path.{secret-group} is set, it defines a common policy path prefix, assumed to be relative to the root policy. Policy paths defined in conjur.org/conjur-secrets.{secret-group} are relative to this common path.

When the annotation is not set, the policy paths defined in conjur.org/conjur-secrets.{secret-group} are themselves relative to the root policy.

Implemented Changes

  • The function newSecretGroup constructs a new SecretGroup sg, then makes a call to sg.resolveSecretSpecs().
    • If a common policy path has been provided by with the annotation conjur.org/conjur-secret-policy-path.{secret-group}, then the SecretSpecs field is replaced by a copy of itself, with all secret paths being prepended with the common policy path.
    • If a common policy path has NOT been provided, then existing slice in field SecretSpecs is assumed to contain fully-qualified policy paths to Conjur secrets, and it not updated.
  • Updated happy path test cases in secret_group_test.go
  • PUSH_TO_FILE.md updated to describe conjur.org/conjur-secret-policy-path.{secret-group} annotation. Included an example to show two functionally identical annotation sets, one with a common policy prefix, and one without.

Connected Issue/Story

CyberArk internal issue link: ONYX-14092

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a
    CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code
    changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR
  • A follow-up issue to update official docs has been filed here: insert issue ID
  • This PR does not require updating any documentation

Behavior

  • This PR changes product behavior and has been reviewed by a PO, or
  • These changes are part of a larger initiative that will be reviewed later, or
  • No behavior was changed with this PR

Security

  • Security architect has reviewed the changes in this PR,
  • These changes are part of a larger initiative with a separate security review, or
  • There are no security aspects to these changes

@john-odonnell john-odonnell force-pushed the ONYX-14092 branch 2 times, most recently from d3db712 to ba13478 Compare November 18, 2021 19:38
@codeclimate
Copy link

codeclimate bot commented Nov 18, 2021

Code Climate has analyzed commit 586c74a and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 92.8% (1.3% change).

View more on Code Climate.

@john-odonnell john-odonnell marked this pull request as ready for review November 18, 2021 21:17
@john-odonnell john-odonnell requested review from a team as code owners November 18, 2021 21:17
diverdane
diverdane approved these changes Nov 19, 2021
View reviewed changes
Copy link
Contributor

@diverdane diverdane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!!

@john-odonnell john-odonnell merged commit 25b2bc5 into main Nov 19, 2021
@john-odonnell john-odonnell deleted the ONYX-14092 branch November 19, 2021 14:01
@rpothier rpothier restored the ONYX-14092 branch November 26, 2021 16:01
@rpothier rpothier deleted the ONYX-14092 branch November 26, 2021 16:01
@jtuttle jtuttle mentioned this pull request Dec 14, 2021
Closed
@jtuttle jtuttle mentioned this pull request Jan 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diverdane diverdane diverdane approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@john-odonnell @diverdane