Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Tour Of Beam] persistence_key for Pg::SaveSnippet #24287

Merged
merged 10 commits into from
Nov 28, 2022

Conversation

eantyshev
Copy link
Contributor

@eantyshev eantyshev commented Nov 21, 2022

This is to reuse user's snippets on Playground side

  • generate a random persistence_key so it would be hard to guess and rewrite via Pg::SaveSnippet for malicious third party
  • simulate Pg::GetSnippet call in integration_tests, to check how snippets are updated
  • fix trigger type and paths in ToB Examples CI

adresses #22691

spec


Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

  • Choose reviewer(s) and mention them in a comment (R: @username).
  • Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
  • Update CHANGES.md with noteworthy changes.
  • If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

Build python source distribution and wheels
Python tests
Java tests
Go tests

See CI.md for more information about GitHub Actions CI.

@github-actions github-actions bot added the build label Nov 21, 2022
@@ -16,10 +16,10 @@
name: Tour Of Beam Examples CI

on:
push:
pull_request:
paths:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this prevented ToB Examples CI from running

[]string{os.Getenv("PERSISTENCE_KEY_SALT"), sdk.String(), unitId, uid},
"|")
_, err := h.Write([]byte(plainKey))
if err != nil {
Copy link
Contributor Author

@eantyshev eantyshev Nov 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

failing to write to in-memory structure is bad enough to panic

@eantyshev eantyshev marked this pull request as ready for review November 22, 2022 09:01
@github-actions
Copy link
Contributor

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @damccorm for label build.

Available commands:

  • stop reviewer notifications - opt out of the automated review tooling
  • remind me after tests pass - tag the comment author after tests pass
  • waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

- set environment variables:
* PROJECT_ID: GCP id
* REGION: the region, "us-central1" fe
- existing setup of Playground backend in a project
- create a secret `persistence_key_salt` in Secret Manager
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eantyshev what are the requirements for the key salt value?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for bringing up, added to README

learning/tour-of-beam/backend/README.md Outdated Show resolved Hide resolved
--trigger-http --set-env-vars="DATASTORE_PROJECT_ID=$PROJECT_ID,GOOGLE_PROJECT_ID=$PROJECT_ID"
--trigger-http \
--set-env-vars="DATASTORE_PROJECT_ID=$PROJECT_ID,GOOGLE_PROJECT_ID=$PROJECT_ID" \
--set-secrets 'PERSISTENCE_KEY_SALT=persistence_key_salt:latest"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we have some kind of fallback in case we will decide to go without a salt from secrets? just asking ))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we don't set PERSISTENCE_KEY_SALT in postUserCode CF, then empty salt is used, and everything works but with some minor security risks:
It would be possible to calculate the persistence_key for another user as sha256(SDK, unitID, userID)
But Firebase User ID isn't exposed too, unless someone is already eavesdropping on another user's session. Quite a minor risk, maybe

But, if at some point we decide to set PERSISTENCE_KEY_SALT non-empty, there'll be no way to keep user progresses, so better to decide now

Copy link
Collaborator

@olehborysevych olehborysevych left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (except one nit regarding README)

@@ -101,7 +103,9 @@ gcloud datastore indexes create ./internal/storage/index.yaml
for endpoint in getSdkList getContentTree getUnitComplete getUserProgress postUnitComplete postUserCode; do
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eantyshev could you please also fix getUnitComplete -> getUnitContent here please
and also TOB_LEARNING_PATH -> TOB_LEARNING_ROOT below

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@olehborysevych
Copy link
Collaborator

R: @damccorm

@github-actions
Copy link
Contributor

Stopping reviewer notifications for this pull request: review requested by someone other than the bot, ceding control

Copy link
Contributor

@damccorm damccorm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one question, otherwise LGTM

@eantyshev
Copy link
Contributor Author

eantyshev commented Nov 27, 2022

After some thought, decided to get rid of service-wide secret completely
First, having a system-wide secret is not a good practice owasp guidelines for storing passwords

Second, we don't have to re-caclulate persistence_key every call: we can calculate it once and store in tb_user_progress entity.
It's not only safer, but also removes over-complication in generatePersistenceKey, as it doesn't need to depend on (SDK, unitID, userID), if we choose a secure random source.

@eantyshev eantyshev requested review from damccorm and olehborysevych and removed request for damccorm and olehborysevych November 28, 2022 06:24
Copy link
Contributor

@damccorm damccorm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

@damccorm damccorm merged commit 0fe001e into apache:master Nov 28, 2022
ruslan-ikhsan pushed a commit to ruslan-ikhsan/beam that referenced this pull request Nov 30, 2022
* restore CI

* gen fix

* mock_helper

* tests

* persistent_key

* nit

* README

* README

* review

* no secrets
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants