Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(storage): add allow list check on S3 creation #858

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

sihamais
Copy link
Member

@sihamais sihamais commented Mar 28, 2024

  • Add a changelog entry in CHANGELOG.md

NCP-555
Fix #804

@sihamais sihamais self-assigned this Mar 28, 2024
@sihamais sihamais force-pushed the feat/NCP-555/storage_allow_list branch from d599d4e to fddf2c5 Compare March 28, 2024 18:18
storage/s3.go Outdated
})
}

func NewS3(cfg S3Config, opts ...s3Opt) *S3 {
func NewS3(cfg S3Config, opts ...S3Opt) (*S3, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue: Usually we don't want New functions to return error. It should only instantiate the object.
In addition, this will break retro-compatibility.

Suggestion: From #804 (comment) suggestion is to log something in run time.
But if you really prefer to throw an error, I'd see either:

  • return it in runtime (e.g. Get, Upload, ...) but not very practical in fact
  • create a dedicated helper to validate the list. But it need to add this check everywhere.
  • keep it like this. In that case take look at the current implementations in our code base

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed the way it's handled. WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay and the change of mind, as we are in a context of configuration issue we should get an error as soon as possible. Hence the need to use an error in constructor (so your proposal in this commit: d599d4e...fddf2c5) 👍

From our implementation in code base (e.g. on database-core) we should make some change to fit the logic, i.e add a BackendGetter struct on boot of the related service.

Note: this will imply to make a major update of the package.

For the record: https://scalingo.slack.com/archives/CRC7L0XM2/p1714063053317099?thread_ts=1714058866.915739&cid=CRC7L0XM2

storage/s3.go Outdated Show resolved Hide resolved
@sihamais sihamais force-pushed the feat/NCP-555/storage_allow_list branch 8 times, most recently from 03e6551 to 9ef694d Compare April 23, 2024 17:22
@sihamais sihamais marked this pull request as ready for review April 23, 2024 17:27
@sihamais sihamais force-pushed the feat/NCP-555/storage_allow_list branch from 9ef694d to fc47dc8 Compare April 23, 2024 17:30
@sihamais sihamais requested a review from curzolapierre April 23, 2024 17:34
Comment on lines +40 to +44
<<<<<<< HEAD
=======
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
>>>>>>> 9ef694d (fix(s3): update go version)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is still a remaining conflict here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh sorry, missed that one

storage/s3.go Outdated
})
}

func NewS3(cfg S3Config, opts ...s3Opt) *S3 {
func NewS3(cfg S3Config, opts ...S3Opt) (*S3, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay and the change of mind, as we are in a context of configuration issue we should get an error as soon as possible. Hence the need to use an error in constructor (so your proposal in this commit: d599d4e...fddf2c5) 👍

From our implementation in code base (e.g. on database-core) we should make some change to fit the logic, i.e add a BackendGetter struct on boot of the related service.

Note: this will imply to make a major update of the package.

For the record: https://scalingo.slack.com/archives/CRC7L0XM2/p1714063053317099?thread_ts=1714058866.915739&cid=CRC7L0XM2

SigningRegion: cfg.Region,
}, nil
})
if endpointIsAllowed(cfg.Endpoint) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion(wording):

Suggested change
if endpointIsAllowed(cfg.Endpoint) {
if isEndpointAllowed(cfg.Endpoint) {

@yanjost
Copy link

yanjost commented May 13, 2024

@curzolapierre when you say "major update", what does this imply ? We're trying to keep a small scope in this change...

@yanjost
Copy link

yanjost commented May 21, 2024

As discussed with @leo-scalingo InfoSec will add the checks in the library and let IST update the projects during normal maintenance cycles

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[NCP-555][storage] Add an allow list of domain names for uploading files to storage
3 participants