-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: jwe-decrypt secret length restriction #10928
fix: jwe-decrypt secret length restriction #10928
Conversation
Signed-off-by: Vacant2333 <[email protected]>
Signed-off-by: Vacant2333 <[email protected]>
Signed-off-by: Vacant2333 <[email protected]>
the previos ci was wrong, i will fix it on here 7052e25 and i will remove the schema min length, because the length of |
@kayx23 @shreemaan-abhishek can u help me take a look~~ |
@@ -44,6 +44,12 @@ For Consumer: | |||
| secret | string | True | | | The decryption key. Must be 32 characters. The key could be saved in a secret manager using the [Secret](../terminology/secret.md) resource. | | |||
| is_base64_encoded | boolean | False | false | | Set to true if the secret is base64 encoded. | | |||
|
|||
:::note | |||
|
|||
After enabling `is_base64_encoded`, your `secret` length may exceed 32 chars. You only need to make sure that the length after Decode is still 32 chars. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After enabling `is_base64_encoded`, your `secret` length may exceed 32 chars. You only need to make sure that the length after Decode is still 32 chars. | |
After enabling `is_base64_encoded`, your `secret` length may exceed 32 chars. You only need to make sure that the length after decoding is still 32 chars. |
tbh i think this info should go into the description of secret
, rather than a note at the bottom (if its not too difficult to read)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we add this description to secret
it will be too long i think
Signed-off-by: Vacant2333 <[email protected]>
Signed-off-by: Vacant2333 <[email protected]>
@@ -74,13 +74,13 @@ done | |||
|
|||
|
|||
|
|||
=== TEST 3: wrong type of string | |||
=== TEST 3: wrong type of secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why change this test case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hi, i have explan this at here #10928 (comment), the test name was wrong, Test 3&4 was test for the wrong type of secret
& key
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description
add restriction for
jwe-decrypt
pluginthe secret length should be 32 chars only, it will be checked on the
check_scheme
Fixes #
#10883 (comment)
Checklist