-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Tour Of Beam] persistence_key for Pg::SaveSnippet #24287
Conversation
@@ -16,10 +16,10 @@ | |||
name: Tour Of Beam Examples CI | |||
|
|||
on: | |||
push: | |||
pull_request: | |||
paths: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this prevented ToB Examples CI from running
[]string{os.Getenv("PERSISTENCE_KEY_SALT"), sdk.String(), unitId, uid}, | ||
"|") | ||
_, err := h.Write([]byte(plainKey)) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
failing to write to in-memory structure is bad enough to panic
Assigning reviewers. If you would like to opt out of this review, comment R: @damccorm for label build. Available commands:
The PR bot will only process comments in the main thread (not review comments). |
- set environment variables: | ||
* PROJECT_ID: GCP id | ||
* REGION: the region, "us-central1" fe | ||
- existing setup of Playground backend in a project | ||
- create a secret `persistence_key_salt` in Secret Manager |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@eantyshev what are the requirements for the key salt value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for bringing up, added to README
--trigger-http --set-env-vars="DATASTORE_PROJECT_ID=$PROJECT_ID,GOOGLE_PROJECT_ID=$PROJECT_ID" | ||
--trigger-http \ | ||
--set-env-vars="DATASTORE_PROJECT_ID=$PROJECT_ID,GOOGLE_PROJECT_ID=$PROJECT_ID" \ | ||
--set-secrets 'PERSISTENCE_KEY_SALT=persistence_key_salt:latest" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we have some kind of fallback in case we will decide to go without a salt from secrets? just asking ))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we don't set PERSISTENCE_KEY_SALT in postUserCode CF, then empty salt is used, and everything works but with some minor security risks:
It would be possible to calculate the persistence_key for another user as sha256(SDK, unitID, userID)
But Firebase User ID isn't exposed too, unless someone is already eavesdropping on another user's session. Quite a minor risk, maybe
But, if at some point we decide to set PERSISTENCE_KEY_SALT non-empty, there'll be no way to keep user progresses, so better to decide now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM (except one nit regarding README)
@@ -101,7 +103,9 @@ gcloud datastore indexes create ./internal/storage/index.yaml | |||
for endpoint in getSdkList getContentTree getUnitComplete getUserProgress postUnitComplete postUserCode; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@eantyshev could you please also fix getUnitComplete -> getUnitContent here please
and also TOB_LEARNING_PATH -> TOB_LEARNING_ROOT below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
R: @damccorm |
Stopping reviewer notifications for this pull request: review requested by someone other than the bot, ceding control |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one question, otherwise LGTM
learning/tour-of-beam/backend/internal/service/persistence_key.go
Outdated
Show resolved
Hide resolved
After some thought, decided to get rid of service-wide secret completely Second, we don't have to re-caclulate persistence_key every call: we can calculate it once and store in tb_user_progress entity. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SGTM
* restore CI * gen fix * mock_helper * tests * persistent_key * nit * README * README * review * no secrets
This is to reuse user's snippets on Playground side
persistence_key
so it would be hard to guess and rewrite via Pg::SaveSnippet for malicious third partyadresses #22691
spec
Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
R: @username
).addresses #123
), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, commentfixes #<ISSUE NUMBER>
instead.CHANGES.md
with noteworthy changes.See the Contributor Guide for more tips on how to make review process smoother.
To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md
GitHub Actions Tests Status (on master branch)
See CI.md for more information about GitHub Actions CI.