Skip to content

fix:[CORE-1352]Remove ops alert for access denied#1562

Merged
santhosh-challa merged 6 commits into
masterfrom
fix/opsAlert
Sep 7, 2023
Merged

fix:[CORE-1352]Remove ops alert for access denied#1562
santhosh-challa merged 6 commits into
masterfrom
fix/opsAlert

Conversation

@AishwaryaKulkarni97

@AishwaryaKulkarni97 AishwaryaKulkarni97 commented Sep 6, 2023

Copy link
Copy Markdown
Contributor

Description

Ops alert should not be generated for:

  • PHD : AccessDeniedException,SubscriptionRequiredException
  • AWS Managed keys : AccessDeniedException
  • S3: AccessDeniedException
  • Vaults: Access denied for keys, secrets
  • WebApp: DefaultErrorException

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Chore (no code changes)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also
list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • My code follows the style guidelines of this project
  • My commit message/PR follows the contribution guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Other information:

List any documentation updates that are needed for the Wiki

buckets.add(new BucketVH(bucket, "", versionconfig, tags, null, hasWebSiteConfiguration, bucketLoggingConfiguration, null));
} else {
log.info("Exception fetching S3 Bucket", e);
ErrorManageUtil.uploadError(accountId, "", "s3", e.getMessage());

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to review this piece. @AishwaryaKulkarni97 @raviteja-mandala

log.info("Omit exception :{}",errorVH.getException());
errorVHList.remove(errorVH);
}
if(errorVH.getType().equals("kms")&&errorVH.getException().contains("AccessDeniedException"))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 blocks can be merged to one.
errorVH.getException().contains("AccessDeniedException") && Arrays.asList("kms","s3","check").contains(errorVH.getType())

@raviteja-mandala raviteja-mandala left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

@sonarqubecloud

sonarqubecloud Bot commented Sep 7, 2023

Copy link
Copy Markdown

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

0.0% 0.0% Coverage
0.0% 0.0% Duplication

warning The version of Java (11.0.20) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
Read more here

@santhosh-challa santhosh-challa merged commit bd8269c into master Sep 7, 2023
@santhosh-challa santhosh-challa deleted the fix/opsAlert branch September 7, 2023 13:36
@mkinchin-paladin

Copy link
Copy Markdown
Contributor

@AishwaryaKulkarni97 @santhosh-challa Now this PR is closed, and is still labeled as "Do not merge". Should we worried about it?

//if permission is denied to get list of secrets, then do not raise any violation
vaultVH.setSecretExpirationDate(new HashSet<>());
log.info(e.getMessage());
log.error(e.getMessage());

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@santhosh-challa I dont think this should be an error since we are handling a valid scenario. WE should log this as a simple log like along "skipping collecting asset type x. Permissions Denied" and create a record in Notifications with source = Paladin Cloud type = Permission

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants