Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugins/rest: masks more headers in decision logs #6421

Closed
wants to merge 6 commits into from
Closed

plugins/rest: masks more headers in decision logs #6421

wants to merge 6 commits into from

Commits on Nov 20, 2023

  1. plugins/rest: masks X-AMZ-SECURITY-TOKEN header in decision logs 

    Decision logs had previously been configured to hide the value of the
Authorization header, as that is considered sensitive information.
However, there are cases when additional headers are provided that
contain sensitive information, such as the X-AMZ-SECURITY-TOKEN header.
This PR creates an internal map of headers that should be masked, which
can be expanded if additional headers are required. It then loops over
the headers in a request, and performs a lookup on the internal map
to see if any of them match those that should be masked. If so, it
replaces their values with "REDACTED". An existing test was added to
check both the header keys that should be masked, as well as a key
that should not.

Additional work, out of scope for this PR, would be to open a config
setting that would allow users to pass in a list of headers that should
be masked.

Fixes: open-policy-agent#5848

Signed-off-by: Colin Lacy <[email protected]>
    @colinjlacy
    colinjlacy committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    0c82a1c View commit details
    Browse the repository at this point in the history

  2. sdk_test: add environment variable tests (open-policy-agent#6420) 

    Add two environment variable tests which illustrate how an environment variable can be used in OPA to verify a JWT.

Signed-off-by: Robert Hafner <[email protected]>
Signed-off-by: Colin Lacy <[email protected]>
    @robhafner @colinjlacy
    robhafner authored and colinjlacy committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    1c5e15c View commit details
    Browse the repository at this point in the history

  3. build(deps): bump the go-opentelemetry-io group with 3 updates 

    Bumps the go-opentelemetry-io group with 3 updates: [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib), [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go).

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.46.0 to 0.46.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.46.0...zpages/v0.46.1)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.20.0...v1.21.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.20.0...v1.21.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-opentelemetry-io
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-opentelemetry-io
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-opentelemetry-io
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Colin Lacy <[email protected]>
    @dependabot @colinjlacy
    dependabot[bot] authored and colinjlacy committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    0a3e682 View commit details
    Browse the repository at this point in the history

  4. feat(builtins): add a new builtin function strings.render_template to… 

    … render templated strings

This adds support for rendering of templated strings utilizing Golang's text/template library.
For a given templated string and key/value mapping of template var inputs, this builtin will
inject the values into the template where they are referenced by key.

Fixes open-policy-agent#6371
Signed-off-by: Rohan Vasavada <[email protected]>
Signed-off-by: Colin Lacy <[email protected]>
    @RDVasavada @colinjlacy
    RDVasavada authored and colinjlacy committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    e8c56bf View commit details
    Browse the repository at this point in the history

  5. parameterizes test string 

    Signed-off-by: Colin Lacy <[email protected]>
    @colinjlacy
    colinjlacy committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    197ac8e View commit details
    Browse the repository at this point in the history

  6. modifies test error message, signs commit 

    Signed-off-by: Colin Lacy <[email protected]>
    @colinjlacy
    colinjlacy committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    5fc2b2e View commit details
    Browse the repository at this point in the history