Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds support for hidden private keys in server tenants #23379

Merged
merged 35 commits into from
Dec 26, 2024
Merged
Show file tree
Hide file tree
Changes from 16 commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
bd5c693
Added support for hidden private keys in Riddler
dhr-verma Dec 17, 2024
76325b6
Added key ordering logic
dhr-verma Dec 17, 2024
518b48d
Added unit tests
dhr-verma Dec 17, 2024
abca9ee
Combined the getKey methods
dhr-verma Dec 18, 2024
b97ae1b
Fixed bug in sinon
dhr-verma Dec 18, 2024
39810d2
Merge branch 'main' of https://github.com/microsoft/FluidFramework in…
dhr-verma Dec 18, 2024
a4b24eb
Fixed unit test bug
dhr-verma Dec 18, 2024
ab12637
Added more unit tests
dhr-verma Dec 18, 2024
604d986
Added more unit tests for TenantManager
dhr-verma Dec 18, 2024
cf3bcd9
FIxed format
dhr-verma Dec 18, 2024
478b5fb
Fixed formatting
dhr-verma Dec 18, 2024
52cbe69
Added new prop to ITenantConfig
dhr-verma Dec 18, 2024
367c841
Lint fixes
dhr-verma Dec 18, 2024
053741c
Fixed bugs
dhr-verma Dec 19, 2024
d6b4c3c
Changed property name from isKeylessAccessEnabled to enableKeylessAccess
dhr-verma Dec 19, 2024
2332f10
Added documentation
dhr-verma Dec 19, 2024
3ae1ebd
Improved readability
dhr-verma Dec 19, 2024
e615875
Fixed format
dhr-verma Dec 19, 2024
70d1fec
Addressed usePrivateKey comment
dhr-verma Dec 19, 2024
cf51d29
Addressed comments about the keyless token claim
dhr-verma Dec 19, 2024
87e451b
Fixed lint errors
dhr-verma Dec 19, 2024
4d63e65
Merge branch 'main' of https://github.com/microsoft/FluidFramework in…
dhr-verma Dec 20, 2024
4108825
Addressed comments about combining the createTenantKeys methods
dhr-verma Dec 20, 2024
e7498a3
Modified keyless access policy API
dhr-verma Dec 20, 2024
3353fab
Fixed format
dhr-verma Dec 20, 2024
4097f71
Added a new tenant config prop enableKeyAccess and made enableKeyless…
dhr-verma Dec 20, 2024
9f58492
Changed logic of checking if key based access is enabled
dhr-verma Dec 20, 2024
89e839f
Changed variable name for readability
dhr-verma Dec 20, 2024
8b5a2b6
Addressed comments
dhr-verma Dec 26, 2024
5fcbd71
Added changesets
dhr-verma Dec 26, 2024
f736d30
Update server/routerlicious/.changeset/six-candles-sneeze.md
dhr-verma Dec 26, 2024
c329bac
Update server/routerlicious/.changeset/six-candles-sneeze.md
dhr-verma Dec 26, 2024
ded23b4
Update server/routerlicious/.changeset/weak-radios-camp.md
dhr-verma Dec 26, 2024
cd8fe82
Addressed comments
dhr-verma Dec 26, 2024
e1f7b20
Merge branch 'vermadhr/keylessAccessWork' of https://github.com/dhr-v…
dhr-verma Dec 26, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions server/routerlicious/packages/routerlicious-base/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,9 @@
"ClassDeclaration_RiddlerResources": {
"forwardCompat": false,
"backCompat": false
},
"ClassDeclaration_TenantManager": {
"forwardCompat": false
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,7 @@ async function generateCreateDocumentResponseBody(
if (token === undefined) {
throw new NetworkError(400, "Authorization header is missing or malformed");
}
const tenantKey = await tenantManager.getKey(tenantId);
newDocumentAccessToken = getCreationToken(token, tenantKey, documentId);
newDocumentAccessToken = await getCreationToken(tenantManager, token, tenantId, documentId);
}
let newDocumentSession: ISession | undefined;
if (enableDiscovery) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,13 @@ export function create(
router.get("/tenants/:id/keys", (request, response) => {
const tenantId = request.params.id;
const includeDisabledTenant = getIncludeDisabledFlag(request);
const tenantP = manager.getTenantKeys(tenantId, includeDisabledTenant);
const getPrivateKeys = getPrivateKeysFlag(request);
dhr-verma marked this conversation as resolved.
Show resolved Hide resolved
const tenantP = manager.getTenantKeys(
tenantId,
includeDisabledTenant,
false,
dhr-verma marked this conversation as resolved.
Show resolved Hide resolved
getPrivateKeys,
);
handleResponse(tenantP, response);
});

Expand All @@ -113,6 +119,18 @@ export function create(
handleResponse(storageP, response);
});

/**
* Updates the keyless access setting for the given tenant
*/
router.put("/tenants/:id/keylessAccess", (request, response) => {
const tenantId = request.params.id;
const enableKeylessAccess = request.body.enableKeylessAccess
? request.body.enableKeylessAccess
: null;
const storageP = manager.updateKeylessAccessPolicy(tenantId, enableKeylessAccess);
dhr-verma marked this conversation as resolved.
Show resolved Hide resolved
handleResponse(storageP, response);
});

/**
* Updates the customData for the given tenant
*/
Expand All @@ -128,7 +146,8 @@ export function create(
router.put("/tenants/:id/key", (request, response) => {
const tenantId = request.params.id;
const keyName = request.body.keyName as string;
const refreshKeyP = manager.refreshTenantKey(tenantId, keyName);
const refreshPrivateKey = request.body.refreshPrivateKey as boolean;
dhr-verma marked this conversation as resolved.
Show resolved Hide resolved
const refreshKeyP = manager.refreshTenantKey(tenantId, keyName, refreshPrivateKey);
handleResponse(refreshKeyP, response);
});

Expand All @@ -142,11 +161,15 @@ export function create(
const tenantCustomData: ITenantCustomData = request.body.customData
? request.body.customData
: {};
const enableKeylessAccess = request.body.enableKeylessAccess
? request.body.enableKeylessAccess
: null;
const tenantP = manager.createTenant(
dhr-verma marked this conversation as resolved.
Show resolved Hide resolved
tenantId,
tenantStorage,
tenantOrderer,
tenantCustomData,
enableKeylessAccess,
);
handleResponse(tenantP, response);
});
Expand All @@ -169,5 +192,10 @@ export function create(
return includeDisabledRaw?.toLowerCase() === "true";
}

function getPrivateKeysFlag(request): boolean {
const getPrivateKeys = request.query.getPrivateKeys as string;
return getPrivateKeys?.toLowerCase() === "true";
}

return router;
}
Loading
Loading