Secrets redaction #9
Conversation
Change all calls to SMO to include option 8 for secrets redaction. Drop methods that contain potentially sensitive information as soon as they are no longer necessary. Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
Check to ensure new redaction eliminates password and password phrase information within the result Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
-changes the way secrets are redacted on input -no longer stores copy of secrets for replacement Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
-customers can add new secrets to redact -cannot overwrite existing secrets for security Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
-add set_passphrase settr to UserAdmin -add unit testing for this feature Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
-add functionality to redact secrets beyond default -cannot change defaults as this is security concern, once something is added, a new instance would be necessary - unit test for this must be run after all other user tests as it redacts UID's and this cannot be reversed for the life of the SecurityAdmin object Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
|
One other thing to note is that now that IRRSMO00 handles redacting sensitive data from results, the password and passphrase redaction tests are actually now redundant. We only really need to verify that all secrets in debug logging are redacted and that request xml returned when using |
I would like to keep the redaction tests as they serve as validation of the redaction of the result xml. While we now rely on IRRSMO00's redaction somewhat, ours is a bit more comprehensive, and testing us allows to ensure that this functionality persists with future releases. |
-minor typo fixes and name changes -convert options parameter to precheck keyword. Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
-Fix docstrings -Clean up positional/keyword arguments -Clean unit testing and code bits Signed-off-by: Elijah Swift <elijah.swift@ibm.com> Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
Re-introduce assertNotIn and assertIn unit testing Add simplified unit testing for "simple" password redaction Fix docstrings and minor errors Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
ElijahSwiftIBM
force-pushed
the
secrets-redaction
branch
from
c433dce
to
e653b85
Compare
-clean type hints -added assertnotin for additional secrets unit testing Signed-off-by: Elijah Swift <elijah.swift@ibm.com>
lcarcaramo
added
enhancement
💡 Issue Reference
Issue: #6
💻 What does this address?
Leverages existing IRRSMO00 functionality to better redact passwords, password phrases and other fields. Also better cleans up references to secrets in the python code, and allows for adding to the list of redacted secrets (password and password phrase). Also adds UserAdmin.set_passphrase function.
📟 Implementation Details
Changed options to always include option 8 in IRRSMO00. Drop references to parameter lists and strings containing input information when no longer used. Redact using regex rather than character replacement.
📋 Is there a test case?
Added a test case and made adjustments to existing test case suite for password and password phrase redaction
Either include the path to the test case file, or details on a manual test