Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to unset backward-compatible-eol in HttpSignProvider #3907

Closed
janotav opened this issue Feb 22, 2022 · 5 comments
Closed

Unable to unset backward-compatible-eol in HttpSignProvider #3907

janotav opened this issue Feb 22, 2022 · 5 comments
Assignees
@spericas
Labels
bug Something isn't working P2 security
Projects
Backlog
Milestone
2.5.0

Comments

@janotav
Copy link

janotav commented Feb 22, 2022

Environment Details

  • Helidon Version: 2.4.2
  • Helidon SE
  • JDK version: 14.0.2
  • OS: Linux
  • Docker version (if applicable):

Problem Description

Unable to perform OCI signed requests. Due to typo in OutboundTargetDefinition the backward-comptabible-eol is always enabled even when config explicitly disables it.

 public Builder config(Config config) {
            Builder builder = new Builder();

            // mandatory
            builder.keyId(config.get("key-id").asString().get());
            config.get("header").asString().map(HttpSignHeader::valueOf).ifPresent(builder::header);
            config.get("sign-headers").as(SignedHeadersConfig::create).ifPresent(builder::signedHeaders);
            config.get("private-key").as(KeyConfig::create).ifPresent(builder::privateKeyConfig);
            config.get("hmac.secret").asString().ifPresent(builder::hmacSecret);

            // last, as we configure defaults based on configuration
            config.get("algorithm").asString().ifPresent(builder::algorithm);

            // backward compatibility with previous Helidon versions
            config.get("backward-compatible-eol").asBoolean().ifPresent(this::backwardCompatibleEol); // <--- should be builder::backwardCompatibleEol instead of this::backwardCompatibleEol, correct?

            return builder;
        }
@github-actions github-actions bot added this to Triage in Backlog Feb 22, 2022
@spericas
Copy link
Member

@tomas-langer Could you comment on this one? I does indeed look odd that we use this on that line. But I'm also not sure why this config method creates and returns a new builder.

@spericas spericas self-assigned this Feb 22, 2022
@tomas-langer
Copy link
Member

That is indeed a bug. The method should update the current instance, never create a new one.

@tomas-langer tomas-langer added bug Something isn't working P1 security P2 and removed P1 labels Feb 23, 2022
@tomas-langer
Copy link
Member

What kind of OCI requests are you doing? We do have a separate framework for calling OCI that works (it uses a dedicated OCI specific security provider).
We have implementations for vault, object storage and a few other APIs for Helidon SE.
There is more to the OCI communication than the signatures, and we should be covering that.

@janotav
Copy link
Author

janotav commented Feb 23, 2022
edited

In the bigger picture, we need the ability to call various OCI services. Our primary scenario is calling OCI Datascience Model Deployment prediction service using Resource Principals (2.2). Unfortunately this functionality is not implemented as of Helidon SE 2.4.2

@spericas spericas moved this from Triage to Normal priority in Backlog Feb 23, 2022
@spericas spericas added this to the 2.4.3 milestone Feb 23, 2022
@spericas
Copy link
Member

PR #3913

Backlog automation moved this from Normal priority to Closed Feb 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spericas spericas

Labels
bug Something isn't working P2 security
Projects
Backlog
  
Closed
Milestone
2.5.0
Development

No branches or pull requests
3 participants
@janotav @spericas @tomas-langer