Closed Bug 1041584 Opened 11 years ago Closed 8 years ago

move balrog whitelist checks out of AUSDatabase

Categories

(Release Engineering Graveyard :: Applications: Balrog (backend), defect)

Product:
Release Engineering Graveyard
Component:
Applications: Balrog (backend)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: vjoshi)

References

Details

(Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2750] )

We do some whitelisted domain checks in db.py, which means that we need to give it knowledge of the domain whitelist. These checks are probably better done at the web layer instead, as long as we can factor them out to avoid massive duplication. From Nick's review in bug 1021018: > ::: admin.wsgi > @@ +30,5 @@ > > auslib.log.cef_config = auslib.log.get_cef_config(cfg.getCefLogfile()) > > +dbo.setDb(cfg.getDburi()) > > +dbo.setupChangeMonitors(cfg.getSystemAccounts()) > > +dbo.setDomainWhitelist(cfg.getDomainWhitelist()) > > +application.config['WHITELISTED_DOMAINS'] = cfg.getDomainWhitelist() > > Setting this twice is a little odd. Perhaps we can look at moving > containsForbiddenDomain() into the code that handles API calls. Fodder for a > followup if it's worthwhile.
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2742]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2742] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/2750]
The blob classes might be the best place, actually, since finding the file urls is blob-specific.
Assignee: nobody → varunj.1011
Commit pushed to master at https://github.com/mozilla/balrog https://github.com/mozilla/balrog/commit/53f48d4519df5fc709cbd6b28097af2d57ebef37 Bug 1041584 - move balrog whitelist checks out of AUSDatabase (#121). r=bhearsum
Depends on: 1304054
This is in production now. Thanks Varun!
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: Release Engineering → Release Engineering Graveyard
You need to log in before you can comment on or make changes to this bug.