Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UID2-2340 Allow override for enforce_https #329

Merged
merged 7 commits into from
Jan 16, 2024
Merged

UID2-2340 Allow override for enforce_https #329

merged 7 commits into from
Jan 16, 2024

Conversation

cYKatherine
Copy link
Contributor

@cYKatherine cYKatherine commented Jan 12, 2024
edited
Loading

@cYKatherine cYKatherine self-assigned this Jan 12, 2024
@cYKatherine cYKatherine requested a review from yishi-ttd January 12, 2024 04:26
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@cYKatherine cYKatherine force-pushed the kcc-UID2-2340-add-override-for-https branch from a07d787 to 6a2dcd9 Compare January 12, 2024 04:43
@cYKatherine cYKatherine force-pushed the kcc-UID2-2340-add-override-for-https branch from 516994f to 1130715 Compare January 14, 2024 23:55
@cYKatherine cYKatherine force-pushed the kcc-UID2-2340-add-override-for-https branch from 3c0e5f1 to a0076b1 Compare January 15, 2024 04:25
@cYKatherine cYKatherine force-pushed the kcc-UID2-2340-add-override-for-https branch 3 times, most recently from 3a3a046 to 005e3ae Compare January 15, 2024 23:52
@cYKatherine cYKatherine force-pushed the kcc-UID2-2340-add-override-for-https branch 2 times, most recently from ba5187c to f825200 Compare January 16, 2024 00:24
cYKatherine
cYKatherine commented Jan 16, 2024
View reviewed changes
scripts/azure-cc/Dockerfile Outdated
@@ -27,7 +27,6 @@ RUN tar xzvf /app/static.tar.gz --no-same-owner --no-same-permissions && rm -f /
COPY ./entrypoint.sh /app/
RUN chmod a+x /app/entrypoint.sh

RUN adduser -D uid2-operator && mkdir -p /opt/uid2 && chmod 777 -R /opt/uid2 && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads
USER uid2-operator
RUN mkdir -p /opt/uid2 && chmod 777 -R /opt/uid2 && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need this change because with the uid2-operator user it doesn’t have 777 access to the /tmp folder. Remove User to be consistent with gcp-oidc: https://github.com/IABTechLab/uid2-operator/blob/main/scripts/gcp-oidc/Dockerfile#L32

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hold on.. I remember we remove user in GCP for some specific reason: not be able to read token.
If possible let's keep the uid2-operator user.
Can we update jq_inplace_update_json function to put tmp file in same folder with final_config where we should have write permission? ( See comment below )

This was referenced Jan 16, 2024
Merged
Merged
@yishi-ttd yishi-ttd self-requested a review January 16, 2024 01:42
yishi-ttd
yishi-ttd reviewed Jan 16, 2024
View reviewed changes
scripts/azure-cc/entrypoint.sh Outdated
local file=$1
local field=$2
local value=$3
jq --argjson v "$value" ".$field = \$v" "$file" > tmp.json && mv tmp.json "$file"
Copy link
Contributor

@yishi-ttd yishi-ttd Jan 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can it work if we define a local tmp = "$file.tmp", and replace tmp.json with it?

@cYKatherine cYKatherine changed the title Allow override for enforce_https UID2-2340 Allow override for enforce_https Jan 16, 2024
@cYKatherine cYKatherine force-pushed the kcc-UID2-2340-add-override-for-https branch from a1f77ea to 54eb837 Compare January 16, 2024 02:55
@cYKatherine cYKatherine merged commit f2ad288 into main Jan 16, 2024
12 checks passed
@cYKatherine cYKatherine deleted the kcc-UID2-2340-add-override-for-https branch January 16, 2024 02:58
yishi-ttd
yishi-ttd reviewed Jan 16, 2024
View reviewed changes
scripts/azure-cc/entrypoint.sh
local file=$1
local field=$2
local value=$3
jq --argjson v "$value" ".$field = \$v" "$file" > $TMP_FINAL_CONFIG && mv $TMP_FINAL_CONFIG "$file"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better to move the TMP_FINAL_CONFIG path inside this function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yishi-ttd yishi-ttd yishi-ttd approved these changes

@vishalegbert-ttd vishalegbert-ttd Awaiting requested review from vishalegbert-ttd

@gmsdelmundo gmsdelmundo Awaiting requested review from gmsdelmundo

@thomasm-ttd thomasm-ttd Awaiting requested review from thomasm-ttd

Assignees

@cYKatherine cYKatherine

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cYKatherine @yishi-ttd