Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement blocklisting mechanism #1964

Closed
lbarcziova opened this issue Mar 16, 2023 · 0 comments · Fixed by #2046
Closed

Implement blocklisting mechanism #1964

lbarcziova opened this issue Mar 16, 2023 · 0 comments · Fixed by #2046
Assignees
@lbarcziova

Comments

@lbarcziova
Copy link
Member

lbarcziova commented Mar 16, 2023
edited
Loading

With the upcoming changes regarding per-job permission checks (#1850), we should be able to restrict someone from using Packit Service.

  • The previous implementation or existing allowlist can be used.
  • Make sure the process on how to blocklist someone is documented and available to Packit maintainers so that everyone is aware of how to do it (it could be done similarly as previously, via some script
    accessing DB), link it also from the Community Shepherd card (and/or other places where it makes sense).
  • We should probably be able to blacklist both URLs pointing to namespace/project and specific users.
  • Add the check of these into the permission checking code.

Part of #1850 epic.
@lbarcziova lbarcziova mentioned this issue Mar 16, 2023
Open
6 tasks
@lachmanfrantisek lachmanfrantisek moved this from new to ready-to-refine in Packit Kanban Board Mar 16, 2023
@TomasTomecek TomasTomecek mentioned this issue Mar 24, 2023
Closed
3 tasks
@nforro nforro moved this from ready-to-refine to refined in Packit Kanban Board Mar 30, 2023
@lachmanfrantisek lachmanfrantisek mentioned this issue Apr 4, 2023
Open
@lbarcziova lbarcziova self-assigned this May 3, 2023
@lbarcziova lbarcziova moved this from refined to in-progress in Packit Kanban Board May 3, 2023
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 10, 2023
@lbarcziova
Implement checking of denied project and actor
ac8367f 
We already had the 'denied' value in allowlist, let's utilise it both
for checking the project and actor.
For project, check all parent namespaces for denied value.
Related to packit#1964
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 10, 2023
@lbarcziova
Update allowlisting script to be able to deny namespaces
ed54337 
Related to packit#1964
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 10, 2023
@lbarcziova
Implement checking of denied project and actor
dcdd727 
We already had the 'denied' value in allowlist, let's utilise it both
for checking the project and actor.
For project, check all parent namespaces for denied value.
Related to packit#1964
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 10, 2023
@lbarcziova
Update allowlisting script to be able to deny namespaces
21cb272 
Related to packit#1964
@lbarcziova lbarcziova mentioned this issue May 10, 2023
Merged
@lbarcziova lbarcziova moved this from in-progress to in-review in Packit Kanban Board May 10, 2023
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 10, 2023
@lbarcziova
Implement checking of denied project and actor
2e1fed7 
We already had the 'denied' value in allowlist, let's utilise it both
for checking the project and actor.
For project, check all parent namespaces for denied value.
Related to packit#1964
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 10, 2023
@lbarcziova
Update allowlisting script to be able to deny namespaces
0c925d3 
Related to packit#1964
@lbarcziova lbarcziova mentioned this issue May 11, 2023
Open
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 17, 2023
@lbarcziova
Implement checking of denied project and actor
312ed89 
We already had the 'denied' value in allowlist, let's utilise it both
for checking the project and actor.
For project, check all parent namespaces for denied value.
Related to packit#1964
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 17, 2023
@lbarcziova
Update allowlisting script to be able to deny namespaces
32fdcf2 
Related to packit#1964
lbarcziova added a commit to lbarcziova/packit-service that referenced this issue May 17, 2023
@lbarcziova
Update allowlisting script to be able to deny namespaces
a14b966 
Related to packit#1964
softwarefactory-project-zuul bot added a commit that referenced this issue May 17, 2023
@softwarefactory-project-zuul
Implement denylisting (#2046)
01cbaf4 
Implement denylisting

Fixes #1964

RELEASE NOTES BEGIN
We have implemented a denylisting mechanism allowing us to denylist namespaces/projects to prevent misuse of our service.
RELEASE NOTES END

Reviewed-by: Jiri Popelka
@github-project-automation github-project-automation bot moved this from in-review to done in Packit Kanban Board May 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lbarcziova lbarcziova

Labels
None yet
Projects
Packit Kanban Board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement denylisting lbarcziova/packit-service
1 participant
@lbarcziova