Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modifying the Allowed Users settings to use env.ALLOWED_USERS #16335

Merged
merged 3 commits into from
Oct 25, 2024
Merged

Modifying the Allowed Users settings to use env.ALLOWED_USERS #16335

merged 3 commits into from
Oct 25, 2024

Conversation

emvaldes
Copy link
Collaborator

@emvaldes emvaldes commented Oct 23, 2024
edited
Loading

This PR is aimed to fix the existing hardcoded configuration of allowed users for deployment's rollback to be driven by an environment variable which will in time allow for this variable to be modified without affecting or triggering any build process and enhance compliance with active-users.

Note: This is not an exploitable issue or any security concerns but rather an administrative functionality that must be addressed to maintain accuracy on which resources are actively involved in the process considering the dynamics of resources management in this project.

Configuration Steps:

  • Created an repository variable ALLOWED_USERS with the existing users to avoid any process disruption.

Changes

  • Requesting feedback from all teams on who should be added to this list (it must be updated A.S.A.P.)
    Current users: lucasdze,jeremy-page,JosiahSiegel,snesm,supriyaaddagada

Checklist

Testing

  • No testing is involved in this PR other than notifying all involved parties.

Process

  • Creating the repository variable ALLOWED_USERS
  • Updating the repository variable with the correct and authorized users
  • Updated the performed changes to the workflow with relevant notes
  • Development and DevSecOps team has been notified

Linked Issues

  • This is not a fix to any existing issue.

To Be Done

Security-related subjects:

  • This PR does not introduce any new dependencies that need vetting and it does not log any sensitive data but it does provide certain level of masking to those users allowed to rollback deployments.

@emvaldes emvaldes added the DevSecOps Team Aq DevSecOps work label label Oct 23, 2024
@emvaldes emvaldes added this to the in progress milestone Oct 23, 2024
@emvaldes emvaldes requested a review from devopsmatt October 23, 2024 15:32
@emvaldes emvaldes self-assigned this Oct 23, 2024
@emvaldes emvaldes added reportstream tech-debt Anything that is purely a technical issue and does not affect functionality labels Oct 23, 2024
@emvaldes emvaldes mentioned this pull request Oct 23, 2024
Closed
@devopsmatt devopsmatt marked this pull request as ready for review October 23, 2024 19:10
@devopsmatt devopsmatt requested a review from a team as a code owner October 23, 2024 19:10
@emvaldes
Update deployment_rollback.yml
421b716 
Updating the ALLOWED_USERS list with current resources authorized to perform deployment rollbacks.
devopsmatt
devopsmatt approved these changes Oct 25, 2024
View reviewed changes
Copy link
Collaborator

@devopsmatt devopsmatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@emvaldes emvaldes merged commit 7c97376 into master Oct 25, 2024
17 checks passed
@emvaldes emvaldes deleted the allowed_users branch October 25, 2024 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devopsmatt devopsmatt devopsmatt approved these changes

Assignees

@emvaldes emvaldes

Labels
DevSecOps Team Aq DevSecOps work label reportstream tech-debt Anything that is purely a technical issue and does not affect functionality
Projects
None yet
Milestone
in progress
Development

Successfully merging this pull request may close these issues.
2 participants
@emvaldes @devopsmatt