conjur icon indicating copy to clipboard operation
conjur copied to clipboard
verified publisher icon cyberark

Add read-only configuration

Open codihuston opened this issue 2 years ago • 3 comments

  • When read-only mode is enabled via rails config, controller endpoints that are explicitly enrolled into a read_safe list return a HTTP 405 Method Not Allowed when invoked, also throwing Conjur error code: CONJ00153E
  • Implemented using module prepending

Desired Outcome

Please describe the desired outcome for this PR. Said another way, what was the original request that resulted in these code changes? Feel free to copy this information from the connected issue.

Implemented Changes

Describe how the desired outcome above has been achieved with this PR. In particular, consider:

  • What's changed? Why were these changes made?
  • How should the reviewer approach this PR, especially if manual tests are required?
  • Are there relevant screenshots you can add to the PR description?

Connected Issue/Story

Resolves #[relevant GitHub issue(s), e.g. 76]

CyberArk internal issue ID: [insert issue ID]

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be merged.

Changelog

  • [ ] The CHANGELOG has been updated, or
  • [ ] This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

  • [ ] This PR includes new unit and integration tests to go with the code changes, or
  • [ ] The changes in this PR do not require tests

Documentation

  • [ ] Docs (e.g. READMEs) were updated in this PR
  • [ ] A follow-up issue to update official docs has been filed here: [insert issue ID]
  • [ ] This PR does not require updating any documentation

Behavior

  • [ ] This PR changes product behavior and has been reviewed by a PO, or
  • [ ] These changes are part of a larger initiative that will be reviewed later, or
  • [ ] No behavior was changed with this PR

Security

  • [ ] Security architect has reviewed the changes in this PR,
  • [ ] These changes are part of a larger initiative with a separate security review, or
  • [ ] There are no security aspects to these changes

codihuston avatar Aug 08 '23 22:08 codihuston

Sample output with Rails.configuration.read_only_api=true

root@86de487fed92:/# conjur policy load root /src/conjur-server/dev/policies/example.yml
{"error":{"code":"method_not_allowed","message":"CONJ00153E This action is not permitted when the server is in read-only mode"}}
error: 405 Method Not Allowed
root@86de487fed92:/# conjur variable values add test-variable test-value
{"error":{"code":"method_not_allowed","message":"CONJ00153E This action is not permitted when the server is in read-only mode"}}
error: 405 Method Not Allowed
root@86de487fed92:/# conjur variable value test-variable
test-value

Sample output with Rails.configuration.read_only_api=false

root@86de487fed92:/# conjur policy load root /src/conjur-server/dev/policies/example.yml
Loaded policy 'root'
{
  "created_roles": {
  },
  "version": 2
}
root@86de487fed92:/# conjur variable values add test-variable test-value
Value added

root@86de487fed92:/# conjur variable value test-variable
test-value

codihuston avatar Aug 08 '23 22:08 codihuston

Code Climate has analyzed commit 380bb0a3 and detected 9 issues on this pull request.

Here's the issue category breakdown:

Category Count
Complexity 2
Style 7

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 87.4% (-0.7% change).

View more on Code Climate.

qlty-cloud-legacy[bot] avatar Aug 15 '23 14:08 qlty-cloud-legacy[bot]