Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject invalid script_payload credential_fields #1241

Merged
merged 1 commit into from
Sep 25, 2023
Merged

Reject invalid script_payload credential_fields #1241

merged 1 commit into from
Sep 25, 2023

Conversation

agrare
Copy link
Member

@agrare agrare commented Sep 25, 2023
edited
Loading

When mapping credentials ensure that only valid credential fields are used.

Ref: ManageIQ/manageiq-ui-classic#8905 (review)

@agrare agrare requested a review from bdunne as a code owner September 25, 2023 15:14
@agrare
Reject invalid script_payload credential_fields
8f1509b 
When mapping credentials ensure that only valid credential fields are
used.
@agrare agrare force-pushed the reject_invalid_configuration_script_payload_credentials_credential_field branch from 9b5b98d to 8f1509b Compare September 25, 2023 15:26
@miq-bot
Copy link
Member

miq-bot commented Sep 25, 2023

Checked commit agrare@8f1509b with ruby 2.6.10, rubocop 1.28.2, haml-lint 0.35.0, and yamllint
2 files checked, 0 offenses detected
Everything looks fine. 🏆

@agrare agrare mentioned this pull request Sep 25, 2023
Merged
agrare
agrare commented Sep 25, 2023
View reviewed changes
app/controllers/api/configuration_script_payloads_controller.rb
credential_ref, credential_field = ref.values_at("credential_ref", "credential_field")

credential_class = credentials_by_ems_ref[credential_ref].class
allowed_credential_fields = defined?(credential_class::API_ATTRIBUTES) ? credential_class::API_ATTRIBUTES.pluck(:id) : []
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

credential_class::API_ATTRIBUTES.pluck(:id) - This seems like something we could expose in core

@kbrock kbrock merged commit dfca21a into ManageIQ:master Sep 25, 2023
3 of 4 checks passed
@agrare agrare deleted the reject_invalid_configuration_script_payload_credentials_credential_field branch September 25, 2023 16:39
@agrare agrare assigned kbrock and unassigned Fryguy Sep 25, 2023
@Fryguy
Copy link
Member

Fryguy commented Sep 27, 2023

Backported to quinteros in commit 098199d.

commit 098199db2e5957d3f552ee0e008e78d25af4aa1a
Author: Keenan Brock <[email protected]>
Date:   Mon Sep 25 12:22:27 2023 -0400

    Merge pull request #1241 from agrare/reject_invalid_configuration_script_payload_credentials_credential_field
    
    Reject invalid script_payload credential_fields
    
    (cherry picked from commit dfca21a18151af608e8d14f5ded3d5664e441c3a)

Fryguy pushed a commit that referenced this pull request Sep 27, 2023
@kbrock @Fryguy
Merge pull request #1241 from agrare/reject_invalid_configuration_scr…
098199d 
…ipt_payload_credentials_credential_field

Reject invalid script_payload credential_fields

(cherry picked from commit dfca21a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdunne bdunne Awaiting requested review from bdunne bdunne is a code owner

Assignees

@kbrock kbrock

Labels
bug quinteros/backported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@agrare @miq-bot @Fryguy @kbrock