This repository has been archived by the owner on Mar 21, 2024. It is now read-only.
Reject master keys shorter than 16 bytes in production
#209
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dureuill
changed the title
dureuill
added
Ready For Review
2 tasks
gmourier
suggested changes
Jan 2, 2023
gmourier
suggested changes
Jan 2, 2023
|
Signal: should also solve meilisearch/product#565 |
irevoire
added a commit
that referenced
this pull request
Jan 2, 2023
Associated issue; meilisearch/meilisearch#3287 Associated PR; #209
3 tasks
bors bot
added a commit
to meilisearch/meilisearch
that referenced
this pull request
Jan 3, 2023
3295: Adjust Master Key-related messages r=irevoire a=dureuill # Pull Request ## Related issue Follow up for #3272 ## What does this PR do? - Consistently capitalize "master key" (instead of "Master Key" sometimes) (see meilisearch/specifications#209 (comment)) - Clarify that the counted unit for master key length is bytes, not characters (see meilisearch/documentation#2069 (comment)) ## PR checklist Please check if your PR fulfills the following requirements: - [x] Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)? - [x] Have you read the contributing guidelines? - [x] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: Louis Dureuil <louis@meilisearch.com>
dureuill
changed the title
|
Clarified that the master key length is tested against its size in bytes, not characters |
bors bot
added a commit
to meilisearch/meilisearch
that referenced
this pull request
Jan 4, 2023
3295: Adjust Master Key-related messages r=dureuill a=dureuill # Pull Request ## Related issue Follow up for #3272 ## What does this PR do? - Consistently capitalize "master key" (instead of "Master Key" sometimes) (see meilisearch/specifications#209 (comment)) - Clarify that the counted unit for master key length is bytes, not characters (see meilisearch/documentation#2069 (comment)) ## PR checklist Please check if your PR fulfills the following requirements: - [x] Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)? - [x] Have you read the contributing guidelines? - [x] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: Louis Dureuil <louis@meilisearch.com>
bors bot
added a commit
to meilisearch/meilisearch
that referenced
this pull request
Jan 5, 2023
3295: Adjust Master Key-related messages r=dureuill a=dureuill # Pull Request ## Related issue Follow up for #3272 ## What does this PR do? - Consistently capitalize "master key" (instead of "Master Key" sometimes) (see meilisearch/specifications#209 (comment)) - Clarify that the counted unit for master key length is bytes, not characters (see meilisearch/documentation#2069 (comment)) ## PR checklist Please check if your PR fulfills the following requirements: - [x] Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)? - [x] Have you read the contributing guidelines? - [x] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: Louis Dureuil <louis@meilisearch.com>
gmourier
changed the title
production
|
Thanks for the warning and error messages, @gmourier ! |
gmourier
reviewed
Jan 11, 2023
gmourier
reviewed
Jan 11, 2023
gmourier
reviewed
Jan 11, 2023
gmourier
reviewed
Jan 11, 2023
There was a problem hiding this comment.
@dureuill @brunoocasali I've suggested some changes regarding the error and warning messages. WDYT?
|
@gmourier: answered inline above with a concern in the case of development mode with too short a master key. Other changes look fine to me ❤️ |
Should we give the |
|
The differences I see between the
I'm not sure how to resolve the tension between (1) and (2). I'd say that since the generated master key is already printed to stdout, maybe we can favor usability and suggest the CLI option, and have users who want the best security use another tool to generate their master key? |
|
I agree with you @dureuill; we can favor the I think we need to facilitate the use of this information for docker users (it's a super huge part of utilization) and at the same time, windows users. If we don't have a proper answer before Wednesday, we will move onto the |
|
@dureuill made excellent observations about it. I think the Could we also have some opinions from the docs team? Because maybe by changing the way the message is written, we could avoid misunderstandings. |
|
Hi @maryamsulemani97 👋 Can you check if the text messages are understandable and correct from the doc team's POV? |
Co-authored-by: Maryam <90181761+maryamsulemani97@users.noreply.github.com>
|
Thank you, @maryamsulemani97, for your review! I've integrated all the suggested changes. @dureuill, @brunoocasali I've changed the |
dureuill
commented
Jan 19, 2023
Co-authored-by: Louis Dureuil <louis.dureuil@gmail.com>
Merged
3 tasks
bors bot
added a commit
to meilisearch/meilisearch
that referenced
this pull request
Jan 23, 2023
3406: Master Key: Implements errors and warnings from the specification r=irevoire a=dureuill <sub>Now in technicolor</sub> # Pull Request ## What does this PR do? - Uses `atty` and `termcolor` as dependency - Use these dependencies to print colored background for warning messages - Update messages to match meilisearch/specifications#209 ## PR checklist Please check if your PR fulfills the following requirements: - [ ] Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)? - [ ] Have you read the contributing guidelines? - [ ] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: Louis Dureuil <louis@meilisearch.com>
gmourier
added a commit
that referenced
this pull request
Feb 6, 2023
* Bump open-api spec * Simplify dump version section since v1.0 can import all dumps (#203) * Simplify dump version section since v1.0 can import all dumps * Relax target import version Co-authored-by: Clémentine Urquizar - curqui <clementine@meilisearch.com> --------- Co-authored-by: Clémentine Urquizar - curqui <clementine@meilisearch.com> * Rename dump command from `--dumps-dir` to `--dump-dir` (#204) * Propagate the change to --dumps-dir to the specification * Rename section header in openAPI documentation * Dump destination -> Dump directory * Finish destination -> directory renaming Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> --------- Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> * Update the specification of soft-deleted documents (#206) * Grammarly'd soft-deletion page * Soft-deleted: update the functional specification * Remove `--max-index-size` and `--max-task-db-size` (#207) * Robustify Primary Key Inference - Update related errors (#208) * update inference errors * Add `index_` prefix to newly-introduced error codes Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> * Update error messages following meilisearch/meilisearch#3301 --------- Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> * Reject master keys shorter than 16 bytes in `production` (#209) * Specify what happens when too short a master key is provided * Change error message * Characters -> bytes for master key length * Specify Error and Warning messages regarding the master-key * Update text/0119-instance-options.md * Update text/0119-instance-options.md * Specify warning messages when a master key is missing or lower than 16 bytes in env development * Apply suggestions from code review Co-authored-by: Maryam <90181761+maryamsulemani97@users.noreply.github.com> * Replace export MEILI_MASTER_KEY by --master-key * Apply suggestions from code review Co-authored-by: Louis Dureuil <louis.dureuil@gmail.com> --------- Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> Co-authored-by: Maryam <90181761+maryamsulemani97@users.noreply.github.com> * Add `OFF` log level to spec (#211) * Errors handling enhancement (#212) * Replace invalid_duplicate_index_found error code to invalid_swap_duplicate_index_found * Remove bad_request for settings properties error; replaced with dedicated error codes * cleaning old bad usage of the spec and replaces it with relevant information * Split search bad_request error code to dedicated error code * Catch-up: remove unused dump_not_found error code * Do an update pass on old specs format * Details context, variant cases * Add system type;Split invalid_task_date_filter to dedicated error codes * Precise index API bad_request error code to dedicated one * Precise bad_request to a dedicated code for the swap indexes API * Use invalid_index_primary_key when ?primaryKey is invalid instead of bad_request; + add TODO bad_request we forgot * marking missed bad_request on /keys * Add missed bad_request codes for GET /keys * Add missed bad_request codes for GET /documents * Removes _filter suffix from query parameter error_code for tasks API; Add missing bad_request error_code on GET /tasks * Add missing bad_request error codes on GET /indexes * remove future possibilities * Replace search_Parameter by search into the /search error codes naming * Replace bad_request code when the mandatory uid is missing when posting an index resource; split the generic missing_parameter to dedicated error codes * fix sentence sense * Split immutable_field to dedicated api key fields * Removes missing todo marker; Add missing part * Add suggested review comments * Catch-up/Add when an invalid index uid is gen for the :indexUid path parameter * Add immutable_index_uid error code on PATCH /indexes/:indexUid when uid is specified in the request payload * invalid_settings_ranking_rules can only be synchronous * Details async/sync case for error related to minWordsSizeForTypos object * Add immutable_index_created_at and immutable_index_updated_at for the Index API Resource * Add missing_swap_indexes on the POST swap-indexes resource * Update text/0061-error-format-and-definitions.md Co-authored-by: Bruno Casali <brunoocasali@gmail.com> * merge the :deserr_helper and the :deserr_location * Rephrase and catch-up miss * get rids of the index_not_accessible error code since no one remember about it --------- Co-authored-by: Bruno Casali <brunoocasali@gmail.com> Co-authored-by: Tamo <tamo@meilisearch.com> * Add error message when doing a migration (#213) * Add the migration CLI error * Update text/0105-dumps-api.md --------- Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> * Merge snapshot options (#214) * Merge `--schedule-snapshot` and `--snapshot-interval-sec` options * Update text/0119-instance-options.md --------- Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> * Remove any reference to the disable-auto-batching argument (#215) Co-authored-by: Guillaume Mourier <guillaume@meilisearch.com> * Specify the effect of the `*` value when used in the task filters (#218) --------- Co-authored-by: Louis Dureuil <louis.dureuil@gmail.com> Co-authored-by: Clémentine Urquizar - curqui <clementine@meilisearch.com> Co-authored-by: Maryam <90181761+maryamsulemani97@users.noreply.github.com> Co-authored-by: Bruno Casali <brunoocasali@gmail.com> Co-authored-by: Tamo <tamo@meilisearch.com> Co-authored-by: Clément Renault <clement@meilisearch.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No API change
Summary
Update specs after the changes of meilisearch/meilisearch#3272.
Related to meilisearch/meilisearch#3274.
Changes
Out Of Scope
Warnings emitted in dev mode are considered out of scope as far as the spec is regarded. This is consistent with other specifications that generally leave warnings up to the implementation.
Attention To Reviewers
N/A
Misc
OpenApilabel)Telemetrylabel)