Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDP-1032] Add "Secure Operation Manual" section and updated the code to enforce MFA and reCAPTCHA #150

Merged
merged 9 commits into from
Jan 18, 2024
Merged

[SDP-1032] Add "Secure Operation Manual" section and updated the code to enforce MFA and reCAPTCHA #150

merged 9 commits into from
Jan 18, 2024

Conversation

marcelosalloum
Copy link
Collaborator

@marcelosalloum marcelosalloum commented Jan 18, 2024
edited
Loading

What

  • Flip flag names ENABLE_MFA and ENABLE_RECAPTCHA to DISABLE_MFA and DISABLE_RECAPTCHA, because the default behavior is to leave them enabled.
  • If the network is set to pubnet and MFA or reCAPTCHA are disabled, return an error
  • Add a Secure Operation Manual section to the readme, with the following subjects:
    • MFA and reCAPTCHA
    • Approval flow
    • The importance of user management and using the right rolled (financial controller vs owner)

Why

To increase the security of hosts and operators.

Future Steps

Checklist

PR Structure

  • This PR has a reasonably narrow scope (if not, break it down into smaller PRs).
  • This PR title and description are clear enough for anyone to review it.
  • This PR does not mix refactoring changes with feature changes (split into two PRs otherwise).

Thoroughness

  • This PR adds tests for the new functionality or fixes.
  • This PR contains the link to the Jira ticket it addresses.

Configs and Secrets

  • No new CONFIG variables are required -OR- the new required ones were added to the helmchart's values.yaml file.
  • No new CONFIG variables are required -OR- the new required ones were added to the deployments (pr-preview, dev, demo, prd).
  • No new SECRETS variables are required -OR- the new required ones were mentioned in the helmchart's values.yaml file.
  • No new SECRETS variables are required -OR- the new required ones were added to the deployments (pr-preview secrets, dev secrets, demo secrets, prd secrets).

Release

  • This is not a breaking change.
  • This is ready for production.. If your PR is not ready for production, please consider opening additional complementary PRs using this one as the base. Only merge this into develop or main after it's ready for production!

Deployment

  • Does the deployment work after merging?

@marcelosalloum marcelosalloum self-assigned this Jan 18, 2024
@marcelosalloum marcelosalloum had a problem deploying to Anchor Integration Tests January 18, 2024 00:36 — with GitHub Actions Failure
@marcelosalloum marcelosalloum temporarily deployed to Receiver Registration - E2E Integration Tests January 18, 2024 00:36 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr150.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr150.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr150.previews.kube001.services.stellar-ops.com

@marcelosalloum marcelosalloum temporarily deployed to Receiver Registration - E2E Integration Tests January 18, 2024 01:24 — with GitHub Actions Inactive
@marcelosalloum marcelosalloum temporarily deployed to Anchor Integration Tests January 18, 2024 01:24 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr150.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr150.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr150.previews.kube001.services.stellar-ops.com

@marcelosalloum marcelosalloum requested a review from a team January 18, 2024 01:40
@marcelosalloum marcelosalloum marked this pull request as ready for review January 18, 2024 01:40
@marcelosalloum marcelosalloum temporarily deployed to Anchor Integration Tests January 18, 2024 20:47 — with GitHub Actions Inactive
@marcelosalloum marcelosalloum temporarily deployed to Receiver Registration - E2E Integration Tests January 18, 2024 20:47 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr150.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr150.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr150.previews.kube001.services.stellar-ops.com

ziyliu
ziyliu approved these changes Jan 18, 2024
View reviewed changes
Copy link
Contributor

@ziyliu ziyliu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is SDP-1035 really the right ticket for this PR?

@marcelosalloum marcelosalloum changed the title [SDP-1035] Add "Secure Operation Manual" section and updated the code to enforce MFA and reCAPTCHA [SDP-1032] Add "Secure Operation Manual" section and updated the code to enforce MFA and reCAPTCHA Jan 18, 2024
@marcelosalloum
Copy link
Collaborator Author

marcelosalloum commented Jan 18, 2024
edited by jira bot
Loading

Is SDP-1035 really the right ticket for this PR?

Good catch, TY! It's actually SDP-1032.

Fixed it in the title.

marwen-abid
marwen-abid approved these changes Jan 18, 2024
View reviewed changes
Copy link
Collaborator

@marwen-abid marwen-abid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! thank you for this change

helmchart/sdp/README.md Show resolved Hide resolved
internal/serve/serve.go Show resolved Hide resolved
helmchart/sdp/values.yaml Show resolved Hide resolved
This was referenced Jan 18, 2024
Merged
Merged
@marcelosalloum marcelosalloum temporarily deployed to Receiver Registration - E2E Integration Tests January 18, 2024 22:32 — with GitHub Actions Inactive
@marcelosalloum marcelosalloum temporarily deployed to Anchor Integration Tests January 18, 2024 22:32 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr150.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr150.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr150.previews.kube001.services.stellar-ops.com

@marcelosalloum marcelosalloum temporarily deployed to Anchor Integration Tests January 18, 2024 22:45 — with GitHub Actions Inactive
@marcelosalloum marcelosalloum temporarily deployed to Receiver Registration - E2E Integration Tests January 18, 2024 22:45 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr150.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr150.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr150.previews.kube001.services.stellar-ops.com

@marcelosalloum marcelosalloum merged commit 0236e35 into develop Jan 18, 2024
9 checks passed
@marcelosalloum marcelosalloum deleted the marcelo/SDP-1035 branch January 18, 2024 23:22
marcelosalloum added a commit to stellar/helm-charts that referenced this pull request Feb 1, 2024
@marcelosalloum
[SDP-1032] Update helm chart for stellar-disbursement-platform (#77)
307c07a 
### What

Update helm chart for stellar-disbursement-platform

### Why

To keep in sync with stellar/stellar-disbursement-platform-backend#150
marcelosalloum added a commit to stellar/stellar-docs that referenced this pull request Feb 1, 2024
@marcelosalloum
[SDP-1032] Flip SDP's flag usage from ENABLE_RECAPTCHA to `DISABLE_…
3725b67 
…RECAPTCHA` and add a Secure Operation Manual (#292)

### What

Flip SDP's flag usage from `ENABLE_RECAPTCHA` to `DISABLE_RECAPTCHA`.
Also, add a new section for Secure Operation Manual.

### Why

To remain in sync with the change from stellar/stellar-disbursement-platform-backend#150
@marcelosalloum marcelosalloum mentioned this pull request Feb 12, 2024
Merged
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marwen-abid marwen-abid marwen-abid approved these changes

@ziyliu ziyliu ziyliu approved these changes

Assignees

@marcelosalloum marcelosalloum

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marcelosalloum @stellar-jenkins @marwen-abid @ziyliu