Skip to content

docs(jans-lock): update schema locations #9122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 13, 2024
Merged

docs(jans-lock): update schema locations #9122

merged 5 commits into from
Aug 13, 2024

Conversation

SafinWasi
Copy link
Contributor

Prepare

Description

Target issue

closes #9121

Implementation Details

Test and Document the changes

N/A

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@SafinWasi
docs(jans-lock): update schema locations
adafdb6 
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
@SafinWasi SafinWasi requested a review from yurem as a code owner August 5, 2024 17:21
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 5, 2024
edited
Loading

DryRun Security Summary

The pull request focuses on defining and managing access control rules for the "Application" resource type, with the addition of a comprehensive set of actions that can be granted to users and roles, and the removal of previous action definitions, which raises security concerns and requires a thorough review to ensure the application's security is not compromised.

Expand for full summary

Summary:

The code changes in this pull request focus on the definition and management of access control rules for an application's resources, particularly the "Application" resource type. The changes involve the addition and removal of schema files that define various actions that can be performed on the "Application" resource by different principals (Users and Roles) within a specific context.

The addition of the "20-actions-filesystem-core.schema" file introduces a comprehensive set of actions, such as "Compare", "Execute", "Monitor", "Read", "Search", "Share", "Tag", and "Write", that can be granted to Users and Roles. This suggests a robust and flexible access control system is being implemented.

However, the removal of these action definitions from the "00-cedarling_core_schema.schema" and "00-cedarling_core_schema.json" files raises some security concerns. The removal of these actions could potentially impact the existing access control policies and authorization logic within the application, which should be carefully reviewed to ensure that the application's security posture is maintained.

Overall, these changes are focused on the core security and access control mechanisms of the application, and it is crucial to thoroughly review the implementation and implications to ensure that the application's security is not compromised.

Files Changed:

  1. jans-lock/cedarling/schema/human/20-actions-filesystem-core.schema:

    • This file adds a new schema that defines a set of actions that can be performed on an "Application" resource by a "User" or "Role" principal within a specific "Context".
    • The actions include "Compare", "Execute", "Monitor", "Read", "Search", "Share", "Tag", and "Write".
    • This change introduces a comprehensive access control system that should be reviewed to ensure proper implementation and alignment with security best practices.

  2. jans-lock/cedarling/schema/json/00-cedarling_core_schema.json:

    • This file removes the previous "actions" section that defined the same set of actions as the new "20-actions-filesystem-core.schema" file.
    • The removal of these action definitions could potentially impact the existing access control policies and authorization logic within the application, and should be carefully reviewed.

  3. jans-lock/cedarling/schema/human/00-cedarling_core_schema.schema:

    • This file also removes the same set of action definitions as the "00-cedarling_core_schema.json" file.
    • The implications of this removal should be thoroughly understood to ensure that the application's security is not compromised.

  4. jans-lock/cedarling/schema/json/20-actions-filesystem-core.json:

    • This file defines the actions and their corresponding permissions for the "Application" resource type in the context of the "Jans" application.
    • The defined actions, principals, and context are consistent with the new "20-actions-filesystem-core.schema" file, and should be reviewed for proper implementation and alignment with security best practices.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added the area-documentation Documentation needs to change as part of issue or PR label Aug 5, 2024
@SafinWasi
docs(jans-lock): factor out actions
1784d8a 
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
@SafinWasi
docs: update location
cbe6468 
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
nynymike
nynymike previously approved these changes Aug 6, 2024
View reviewed changes
Copy link
Contributor

@nynymike nynymike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like this!

@SafinWasi
docs(jans-lock): rename core schema
8931a11 
Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
nynymike
nynymike approved these changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@nynymike nynymike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@moabu moabu merged commit eafe308 into main Aug 13, 2024
5 of 6 checks passed
@moabu moabu deleted the docs-jans-lock-schema-folders branch August 13, 2024 07:28
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'Jans-Keycloak-Link'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-core'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'orm'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'SCIM API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'Fido2 API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@SafinWasi @moabu
docs(jans-lock): update schema locations (#9122)
2624b11 
* docs(jans-lock): update schema locations

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

* docs(jans-lock): factor out actions

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

* docs: update location

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

* docs(jans-lock): rename core schema

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

---------

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Former-commit-id: eafe308
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nynymike nynymike nynymike approved these changes

@moabu moabu moabu approved these changes

@yurem yurem Awaiting requested review from yurem yurem is a code owner

Assignees
No one assigned
Labels
area-documentation Documentation needs to change as part of issue or PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

docs(jans-lock): change schema location and number
4 participants
@SafinWasi @nynymike @moabu @mo-auto