Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(*): remove sample access key from SDK documentation #102

Merged
merged 8 commits into from
Feb 27, 2024

Conversation

outsinre
Copy link
Collaborator

@outsinre outsinre commented Jan 31, 2024

In the AWS SDK, there is sample access key sample wJalrXUtnFEMI that may trigger CVE report. This PR tries to remove it.

This is a dangerous operation! Before merge, we must ensure only the access key sample is removed!

FTI-5732 FTI-5732

@outsinre
Copy link
Collaborator Author

$ for i in ./delete-me/apis/*.normal.json ; do jdiff "$i" ~/workspace/aws-sdk-js/apis/$(basename $i) ; done
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{"operations": {"GetAccessKeyInfo": {"documentation": "<p>Returns the account identifier for the specified access key ID.</p> <p>Access keys consist of two parts: an access key ID (for example, <code>AKIAIOSFODNN7EXAMPLE</code>) and a secret access key (for example, <code>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</code>). For more information about access keys, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html\">Managing Access Keys for IAM Users</a> in the <i>IAM User Guide</i>.</p> <p>When you pass an access key ID to this operation, it returns the ID of the AWS account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are long-term credentials for an IAM user or the AWS account root user. Access key IDs beginning with <code>ASIA</code> are temporary credentials that are created using STS operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html\">credentials report</a> to learn which IAM user owns the keys. To learn who requested the temporary credentials for an <code>ASIA</code> access key, view the STS events in your <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html\">CloudTrail logs</a> in the <i>IAM User Guide</i>.</p> <p>This operation does not indicate the state of the access key. The key might be active, inactive, or deleted. Active keys might not have permissions to perform an operation. Providing a deleted access key might return an error that the key doesn't exist.</p>"}}}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}

image

@windmgc
Copy link
Member

windmgc commented Feb 1, 2024

I'm considering whether removing all the document fields is a good idea since we don't actually need those things and that could probably also help us maintain smaller JSON files

@outsinre outsinre requested a review from Tieske February 27, 2024 06:50
@outsinre
Copy link
Collaborator Author

@windmgc we can do it. But I try to minimize the change for this case.

windmgc
windmgc previously approved these changes Feb 27, 2024
Tieske
Tieske previously approved these changes Feb 27, 2024
Copy link
Member

@Tieske Tieske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add a chaneglog entry before merging

@outsinre outsinre dismissed stale reviews from Tieske and windmgc via 6b99c6f February 27, 2024 07:33
README.md Show resolved Hide resolved
Co-authored-by: Thijs Schreijer <[email protected]>
@Tieske Tieske merged commit 1d4f676 into Kong:main Feb 27, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants