From 98699c94f589e501bc735b621a835bfed241698c Mon Sep 17 00:00:00 2001 From: Paolo Capriotti Date: Fri, 23 Sep 2022 11:53:16 +0200 Subject: [PATCH 1/3] Update nginz whitelists and blacklists --- charts/cannon/conf/static/zauth.acl | 22 +++++++++------------- charts/nginz/static/conf/zauth.acl | 23 +++++++++-------------- 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/charts/cannon/conf/static/zauth.acl b/charts/cannon/conf/static/zauth.acl index 9498b8cc43f..8174372b116 100644 --- a/charts/cannon/conf/static/zauth.acl +++ b/charts/cannon/conf/static/zauth.acl @@ -1,17 +1,13 @@ -a (blacklist (path "/provider") - (path "/provider/**") - (path "/bot") - (path "/bot/**") - (path "/i/**")) +a (blacklist (path "(/v[0-9]+)?/provider(/.*)?") + (path "(/v[0-9]+)?/bot(/.*)?") + (path "(/v[0-9]+)?/i/.*")) -b (whitelist (path "/bot") - (path "/bot/**")) +b (whitelist (regex "(/v[0-9]+)?/bot(/.*)?")) -p (whitelist (path "/provider") - (path "/provider/**")) +p (whitelist (regex "(/v[0-9]+)?/provider(/.*)?")) # LegalHold Access Tokens -la (whitelist (path "/notifications") - (path "/assets/v3/**") - (path "/users") - (path "/users/**")) +la (whitelist (regex "(/v[0-9]+)?/notifications") + (regex "(/v[0-9]+)?/assets/v3/.*") + (regex "(/v[0-9]+)?/users(/.*)?") + (regex "(/v[0-9]+)?/legalhold/conversations/[^/]+")) diff --git a/charts/nginz/static/conf/zauth.acl b/charts/nginz/static/conf/zauth.acl index 3fe4d179e1a..5de1ce5aa19 100644 --- a/charts/nginz/static/conf/zauth.acl +++ b/charts/nginz/static/conf/zauth.acl @@ -1,18 +1,13 @@ -a (blacklist (path "/provider") - (path "/provider/**") - (path "/bot") - (path "/bot/**") - (path "/i/**")) +a (blacklist (regex "(/v[0-9]+)?/provider(/.*)?") + (regex "(/v[0-9]+)?/bot(/.*)?") + (regex "(/v[0-9]+)?/i/.*")) -b (whitelist (path "/bot") - (path "/bot/**")) +b (whitelist (regex "(/v[0-9]+)?/bot(/.*)?")) -p (whitelist (path "/provider") - (path "/provider/**")) +p (whitelist (regex "(/v[0-9]+)?/provider(/.*)?")) # LegalHold Access Tokens -la (whitelist (path "/notifications") - (path "/assets/v3/**") - (path "/users") - (path "/users/**") - (path "/legalhold/conversations/*")) +la (whitelist (regex "(/v[0-9]+)?/notifications") + (regex "(/v[0-9]+)?/assets/v3/.*") + (regex "(/v[0-9]+)?/users(/.*)?") + (regex "(/v[0-9]+)?/legalhold/conversations/[^/]+")) From ec7ef156f39eadc2d28e212d7493682e1cc0898a Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Fri, 23 Sep 2022 13:33:18 +0200 Subject: [PATCH 2/3] Update cannon zauth.acl --- charts/cannon/conf/static/zauth.acl | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/charts/cannon/conf/static/zauth.acl b/charts/cannon/conf/static/zauth.acl index 8174372b116..8e6d629346e 100644 --- a/charts/cannon/conf/static/zauth.acl +++ b/charts/cannon/conf/static/zauth.acl @@ -1,13 +1 @@ -a (blacklist (path "(/v[0-9]+)?/provider(/.*)?") - (path "(/v[0-9]+)?/bot(/.*)?") - (path "(/v[0-9]+)?/i/.*")) - -b (whitelist (regex "(/v[0-9]+)?/bot(/.*)?")) - -p (whitelist (regex "(/v[0-9]+)?/provider(/.*)?")) - -# LegalHold Access Tokens -la (whitelist (regex "(/v[0-9]+)?/notifications") - (regex "(/v[0-9]+)?/assets/v3/.*") - (regex "(/v[0-9]+)?/users(/.*)?") - (regex "(/v[0-9]+)?/legalhold/conversations/[^/]+")) +a (whitelist (regex "/await")) From 68c0f8bbb5fbda4e7dd2657d80a4760247f18efe Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Fri, 23 Sep 2022 13:42:26 +0200 Subject: [PATCH 3/3] Add changelog entry --- changelog.d/5-internal/pr-2725 | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5-internal/pr-2725 diff --git a/changelog.d/5-internal/pr-2725 b/changelog.d/5-internal/pr-2725 new file mode 100644 index 00000000000..8945a4600fd --- /dev/null +++ b/changelog.d/5-internal/pr-2725 @@ -0,0 +1 @@ +Update nginz and cannon ACLs to match api-versioned paths