Merge branch 'master' into fix/google_primary

.secrets.baseline

@@ -5,15 +5,18 @@
   },
   "generated_at": "2021-05-25T21:22:19Z",
   "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
     {
       "name": "AWSKeyDetector"
     },
     {
-      "name": "ArtifactoryDetector"
+      "name": "AzureStorageKeyDetector"
     },
     {
-      "base64_limit": 4.5,
-      "name": "Base64HighEntropyString"
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
     },
     {
       "name": "BasicAuthDetector"
@@ -22,8 +25,8 @@
       "name": "CloudantDetector"
     },
     {
-      "hex_limit": 3,
-      "name": "HexHighEntropyString"
+      "name": "HexHighEntropyString",
+      "limit": 3.0
     },
     {
       "name": "IbmCloudIamDetector"
@@ -35,12 +38,15 @@
       "name": "JwtTokenDetector"
     },
     {
-      "keyword_exclude": null,
-      "name": "KeywordDetector"
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
     },
     {
       "name": "MailchimpDetector"
     },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
@@ -50,164 +56,263 @@
     {
       "name": "SoftlayerDetector"
     },
+    {
+      "name": "SquareOAuthDetector"
+    },
     {
       "name": "StripeDetector"
     },
     {
       "name": "TwilioKeyDetector"
     }
   ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
   "results": {
     "fence/blueprints/storage_creds/google.py": [
       {
+        "type": "Private Key",
+        "filename": "fence/blueprints/storage_creds/google.py",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_verified": false,
-        "line_number": 139,
-        "type": "Private Key"
+        "line_number": 139
       }
     ],
     "fence/blueprints/storage_creds/other.py": [
       {
+        "type": "Base64 High Entropy String",
+        "filename": "fence/blueprints/storage_creds/other.py",
         "hashed_secret": "98c144f5ecbb4dbe575147a39698b6be1a5649dd",
         "is_verified": false,
-        "line_number": 66,
-        "type": "Base64 High Entropy String"
+        "line_number": 66
       }
     ],
     "fence/config-default.yaml": [
       {
+        "type": "Basic Auth Credentials",
+        "filename": "fence/config-default.yaml",
         "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
         "is_verified": false,
-        "line_number": 31,
-        "type": "Basic Auth Credentials"
+        "line_number": 31
       },
       {
-        "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db",
+        "type": "Secret Keyword",
+        "filename": "fence/config-default.yaml",
+        "hashed_secret": "dd29ecf524b030a65261e3059c48ab9e1ecb2585",
         "is_verified": false,
-        "line_number": 545,
-        "type": "Secret Keyword"
+        "line_number": 101
       }
     ],
     "fence/local_settings.example.py": [
       {
+        "type": "Basic Auth Credentials",
+        "filename": "fence/local_settings.example.py",
         "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
         "is_verified": false,
-        "line_number": 6,
-        "type": "Basic Auth Credentials"
+        "line_number": 6
       },
       {
+        "type": "Secret Keyword",
+        "filename": "fence/local_settings.example.py",
         "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db",
         "is_verified": false,
-        "line_number": 63,
-        "type": "Secret Keyword"
+        "line_number": 63
       }
     ],
     "fence/resources/google/utils.py": [
       {
+        "type": "Private Key",
+        "filename": "fence/resources/google/utils.py",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_verified": false,
-        "line_number": 277,
-        "type": "Private Key"
+        "line_number": 125
       }
     ],
     "fence/utils.py": [
       {
+        "type": "Secret Keyword",
+        "filename": "fence/utils.py",
         "hashed_secret": "8318df9ecda039deac9868adf1944a29a95c7114",
         "is_verified": false,
-        "line_number": 104,
-        "type": "Secret Keyword"
+        "line_number": 104
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "fence/utils.py",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_verified": false,
+        "line_number": 248
       }
     ],
     "openapis/swagger.yaml": [
       {
+        "type": "Private Key",
+        "filename": "openapis/swagger.yaml",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_verified": false,
-        "line_number": 1927,
-        "type": "Private Key"
+        "line_number": 1927
       },
       {
-        "hashed_secret": "bb8e48bd1e73662027a0f0b876b695d4c18f5ed4",
+        "type": "Secret Keyword",
+        "filename": "openapis/swagger.yaml",
+        "hashed_secret": "8cb81a55dff48721f04fe341f33ee5b623dd9144",
         "is_verified": false,
-        "line_number": 1927,
-        "type": "Secret Keyword"
+        "line_number": 1927
       },
       {
-        "hashed_secret": "7861ab65194de92776ab9cd06d4d7e7e1ec2c36d",
+        "type": "Secret Keyword",
+        "filename": "openapis/swagger.yaml",
+        "hashed_secret": "41c39979fd01095376b3e9456f1058c33483dbbe",
         "is_verified": false,
-        "line_number": 2007,
-        "type": "Secret Keyword"
+        "line_number": 1994
       },
       {
+        "type": "JSON Web Token",
+        "filename": "openapis/swagger.yaml",
         "hashed_secret": "d6b66ddd9ea7dbe760114bfe9a97352a5e139134",
         "is_verified": false,
-        "line_number": 2029,
-        "type": "JSON Web Token"
+        "line_number": 1994
       },
       {
+        "type": "Base64 High Entropy String",
+        "filename": "openapis/swagger.yaml",
         "hashed_secret": "98c144f5ecbb4dbe575147a39698b6be1a5649dd",
         "is_verified": false,
-        "line_number": 2041,
-        "type": "Base64 High Entropy String"
+        "line_number": 2041
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "openapis/swagger.yaml",
+        "hashed_secret": "2f58edc671a89190115ecebddf4c70bdd87e3267",
+        "is_verified": false,
+        "line_number": 2084
       }
     ],
-    "tests/conftest.py": [
+    "poetry.lock": [
       {
-        "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
+        "type": "Hex High Entropy String",
+        "filename": "poetry.lock",
+        "hashed_secret": "640e60795f08744221f6816fe9dc949c58465256",
         "is_verified": false,
         "line_number": 1177,
         "type": "Private Key"
       },
       {
-        "hashed_secret": "227dea087477346785aefd575f91dd13ab86c108",
+        "type": "Hex High Entropy String",
+        "filename": "poetry.lock",
+        "hashed_secret": "6642e431aaa417100a91214385af6657acb3fab7",
+        "is_verified": false,
+        "line_number": 1368
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "poetry.lock",
+        "hashed_secret": "205b95ce89ff252c6045d78ca9d007e73b45dc00",
         "is_verified": false,
         "line_number": 1200,
         "type": "Base64 High Entropy String"
       }
     ],
-    "tests/credentials/google/test_credentials.py": [
+    "tests/conftest.py": [
+      {
+        "type": "Private Key",
+        "filename": "tests/conftest.py",
+        "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
+        "is_verified": false,
+        "line_number": 1151
+      },
       {
-        "hashed_secret": "22afbfecd4124e2eb0e2a79fafdf62b207a8f8c7",
+        "type": "Base64 High Entropy String",
+        "filename": "tests/conftest.py",
+        "hashed_secret": "227dea087477346785aefd575f91dd13ab86c108",
         "is_verified": false,
-        "line_number": 579,
-        "type": "Secret Keyword"
+        "line_number": 1174
       }
     ],
     "tests/keys/2018-05-01T21:29:02Z/jwt_private_key.pem": [
       {
+        "type": "Private Key",
+        "filename": "tests/keys/2018-05-01T21:29:02Z/jwt_private_key.pem",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_verified": false,
-        "line_number": 1,
-        "type": "Private Key"
+        "line_number": 1
       }
     ],
     "tests/login/test_fence_login.py": [
       {
+        "type": "Secret Keyword",
+        "filename": "tests/login/test_fence_login.py",
         "hashed_secret": "d300421e208bfd0d432294de15169fd9b8975def",
         "is_verified": false,
-        "line_number": 41,
-        "type": "Secret Keyword"
+        "line_number": 41
       }
     ],
     "tests/ras/test_ras.py": [
       {
+        "type": "Hex High Entropy String",
+        "filename": "tests/ras/test_ras.py",
         "hashed_secret": "d9db6fe5c14dc55edd34115cdf3958845ac30882",
         "is_verified": false,
-        "line_number": 327,
-        "type": "Hex High Entropy String"
+        "line_number": 90
+      }
+    ],
+    "tests/scripting/test_fence-create.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/scripting/test_fence-create.py",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 1117
       }
     ],
     "tests/test-fence-config.yaml": [
       {
+        "type": "Basic Auth Credentials",
+        "filename": "tests/test-fence-config.yaml",
         "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
         "is_verified": false,
-        "line_number": 31,
-        "type": "Basic Auth Credentials"
+        "line_number": 31
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/test-fence-config.yaml",
+        "hashed_secret": "dd29ecf524b030a65261e3059c48ab9e1ecb2585",
+        "is_verified": false,
+        "line_number": 85
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/test-fence-config.yaml",
+        "hashed_secret": "1627df13b5cd8b3521d02bd8eb2ca31334b3aef2",
+        "is_verified": false,
+        "line_number": 472
       }
     ]
   },
-  "version": "0.13.1",
-  "word_list": {
-    "file": null,
-    "hash": null
-  }
+  "generated_at": "2021-05-26T14:24:12Z"
 }

Dockerfile

@@ -1,7 +1,7 @@
 # To run: docker run --rm -d -v /path/to/fence-config.yaml:/var/www/fence/fence-config.yaml --name=fence -p 80:80 fence
 # To check running container: docker exec -it fence /bin/bash
 
-FROM quay.io/cdis/python-nginx:pybase3-1.5.0
+FROM quay.io/cdis/python-nginx:pybase3-1.5.1
 
 ENV appname=fence
 

fence/config-default.yaml

@@ -425,6 +425,15 @@ RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION: false
 # PRIVACY_POLICY_URL, or default to the `static/privacy_policy.md` file in fence.
 PRIVACY_POLICY_URL: null
 
+# //////////////////////////////////////////////////////////////////////////////////////
+# RELIABILITY OPTS
+# //////////////////////////////////////////////////////////////////////////////////////
+# Configurations related to resiliency, fault-tolerance and availability
+# This is the number of requests per second that the Nginx proxy will accept before reaching fence
+# The value defined in fence-config-public.yaml takes precedence over this one
+# In the absence of this OVERRIDE prefixed config, the legacy NGINX_RATE_LIMIT from the k8s deployment yaml is applied
+OVERRIDE_NGINX_RATE_LIMIT: 18
+
 # //////////////////////////////////////////////////////////////////////////////////////
 # SUPPORT INFO
 # //////////////////////////////////////////////////////////////////////////////////////

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "fence"
-version = "4.29.0"
+version = "4.29.1"
 description = "Gen3 AuthN/AuthZ OIDC Service"
 authors = ["CTDS UChicago <cdis@uchicago.edu>"]
 license = "Apache-2.0"