Update Security Samples #301
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bart-vmware
reviewed
Jul 18, 2023
Security/src/CloudFoundrySingleSignon/Controllers/HomeController.cs
Outdated
Show resolved
Hide resolved
| After authenticating, add a new `user` and `group` to the UAA Server database. Do NOT change the group name: `testgroup` as it is used for policy based authorization in the sample application. Feel free to change the username and password to anything you would like. | ||
|
|
||
| 1. uaac group add testgroup | ||
| 1. uaac user add dave --given_name Dave --family_name Tillman --emails dave@testcloud.com --password Password1! |
There was a problem hiding this comment.
Perhaps replace 'dave' with something else? (multiple places in this file and others)
|
|
||
| ### Add User-Provided Service with OAuth Details | ||
|
|
||
| Last, we will create a user-provide service that includes the appropriate UAA server configuration data. Use the sample below to pass the parameters directly to the `cf cups` command, replacing `<YOUR-CLOUDFOUNDRY-SYSTEM-DOMAIN>` with your domain. |
There was a problem hiding this comment.
Suggested change
| Last, we will create a user-provide service that includes the appropriate UAA server configuration data. Use the sample below to pass the parameters directly to the `cf cups` command, replacing `<YOUR-CLOUDFOUNDRY-SYSTEM-DOMAIN>` with your domain. | |
| Last, we will create a user-provided service that includes the appropriate UAA server configuration data. Use the sample below to pass the parameters directly to the `cf cups` command, replacing `<YOUR-CLOUDFOUNDRY-SYSTEM-DOMAIN>` with your domain. |
| * `cf push -f manifest.yml -p bin/Debug/netcoreapp3.1/linux-x64/publish` | ||
| * `cf push -f manifest-windows.yml -p bin/Debug/netcoreapp3.1/win10-x64/publish` | ||
|
|
||
| > Note: The provided manifest(s) will create an app named `single-signon` and attempt to bind it to the user-provided service `myOAuthService`. |
There was a problem hiding this comment.
It looks like this was renamed to mySSOService in other places. Should this be renamed accordingly?
Suggested change
| > Note: The provided manifest(s) will create an app named `single-signon` and attempt to bind it to the user-provided service `myOAuthService`. | |
| > Note: The provided manifest(s) will create an app named `single-signon` and attempt to bind it to the user-provided service `mySSOService`. |
Comment on lines
38
to
39
| var options = serviceProvider.GetService<IOptions<CertificateOptions>>(); | ||
| if (options?.Value.Certificate != null) |
There was a problem hiding this comment.
I don't think GetService for an IOptions<> ever returns null. If there's no configuration, you'll get a default instance.
Suggested change
| var options = serviceProvider.GetService<IOptions<CertificateOptions>>(); | |
| if (options?.Value.Certificate != null) | |
| var options = serviceProvider.GetRequiredService<IOptions<CertificateOptions>>(); | |
| if (options.Value.Certificate != null) |
The same suggestion applies to other places in this PR, which I haven't marked.
| options.AddPolicy("testgroup1", policy => policy.RequireClaim("scope", "testgroup1")); | ||
| }); | ||
|
|
||
| // Add Redis to allow scaling beyond a single instance |
There was a problem hiding this comment.
Suggested change
| // Add Redis to allow scaling beyond a single instance | |
| // Uncomment the code below to add Redis to allow scaling beyond a single instance |
| } | ||
| else | ||
| { | ||
| serviceHostname = serviceName + hostName.Substring(indx); | ||
| serviceHostname = string.Concat(serviceName, hostName.AsSpan(indexOfHost)); |
There was a problem hiding this comment.
Just out of curiosity, did you get this suggestion from an analyzer? Resharper suggests using range indexer syntax.
Suggested change
| serviceHostname = string.Concat(serviceName, hostName.AsSpan(indexOfHost)); | |
| serviceHostname = $"{serviceName}{hostName[indx..]}"; |
There was a problem hiding this comment.
This was probably a Visual Studio suggestion, Resharper's preference is fine with me
TimHess
force-pushed
the
security-refresh
branch
from
5d03e26
to
f605ce4
Compare
TimHess
force-pushed
the
security-refresh
branch
from
f605ce4
to
77ee2e2
Compare
TimHess
force-pushed
the
security-refresh
branch
from
d1db821
to
b1d7f3d
Compare
Bumps [MongoDB.Driver](https://github.com/mongodb/mongo-csharp-driver) from 2.18.0 to 2.19.0. - [Release notes](https://github.com/mongodb/mongo-csharp-driver/releases) - [Commits](mongodb/mongo-csharp-driver@v2.18.0...v2.19.0) --- updated-dependencies: - dependency-name: MongoDB.Driver dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.28.2...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
See https://hub.docker.com/_/consul: > Upcoming in Consul 1.16, we will stop publishing official Dockerhub images and publish only our Verified Publisher images. Users of Docker images should pull from hashicorp/consul instead of consul. Verified Publisher images can be found at https://hub.docker.com/r/hashicorp/consul.
Bumps [mechanicalsoup](https://github.com/MechanicalSoup/MechanicalSoup) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/MechanicalSoup/MechanicalSoup/releases) - [Changelog](https://github.com/MechanicalSoup/MechanicalSoup/blob/main/docs/ChangeLog.rst) - [Commits](MechanicalSoup/MechanicalSoup@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: mechanicalsoup dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.2 to 2.0.6. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.0.2...2.0.6) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.5.0 to 1.10.2. - [Release notes](https://github.com/Azure/azure-sdk-for-net/releases) - [Commits](Azure/azure-sdk-for-net@Azure.Identity_1.5.0...Azure.Identity_1.10.2) --- updated-dependencies: - dependency-name: Azure.Identity dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.5.0 to 1.10.2. - [Release notes](https://github.com/Azure/azure-sdk-for-net/releases) - [Commits](Azure/azure-sdk-for-net@Azure.Identity_1.5.0...Azure.Identity_1.10.2) --- updated-dependencies: - dependency-name: Azure.Identity dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.5.0 to 1.10.2. - [Release notes](https://github.com/Azure/azure-sdk-for-net/releases) - [Commits](Azure/azure-sdk-for-net@Azure.Identity_1.5.0...Azure.Identity_1.10.2) --- updated-dependencies: - dependency-name: Azure.Identity dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [Azure.Identity](https://github.com/Azure/azure-sdk-for-net) from 1.5.0 to 1.10.2. - [Release notes](https://github.com/Azure/azure-sdk-for-net/releases) - [Commits](Azure/azure-sdk-for-net@Azure.Identity_1.5.0...Azure.Identity_1.10.2) --- updated-dependencies: - dependency-name: Azure.Identity dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Use minimal API, add actuators, only listen over HTTPS, improve usability
|
I will reopen a new PR, this history is probably not worth saving |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use minimal API, add actuators, only listen over HTTPS, improve usability
TODO: update integration test, help users understand how to enable UAA as a user store for the tile