Commit 28f8fde1 authored by Mike Greiling's avatar Mike Greiling

Merge branch 'sh-loosen-aws-tokens' into 'master'

Remove CI/CD variable validations on AWS keys

Closes #215557

See merge request gitlab-org/gitlab!36679
parents fa06f9b6 061b842c
import { __ } from '~/locale';
import { AWS_ACCESS_KEY_ID, AWS_DEFAULT_REGION, AWS_SECRET_ACCESS_KEY } from '../constants';
export const awsTokens = {
[AWS_ACCESS_KEY_ID]: {
name: AWS_ACCESS_KEY_ID,
/* Checks for exactly twenty characters that match key.
Based on greps suggested by Amazon at:
https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/
*/
validation: val => /^[A-Za-z0-9]{20}$/.test(val),
invalidMessage: __('This variable does not match the expected pattern.'),
},
[AWS_DEFAULT_REGION]: {
name: AWS_DEFAULT_REGION,
},
[AWS_SECRET_ACCESS_KEY]: {
name: AWS_SECRET_ACCESS_KEY,
/* Checks for exactly forty characters that match secret.
Based on greps suggested by Amazon at:
https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/
*/
validation: val => /^[A-Za-z0-9/+=]{40}$/.test(val),
invalidMessage: __('This variable does not match the expected pattern.'),
},
};
......
---
title: Remove CI/CD variable validations on AWS keys
merge_request: 36679
author:
type: fixed
......@@ -233,13 +233,12 @@ be updated or viewed by project members with [maintainer permissions](../../user
### Custom variables validated by GitLab
Some variables are listed in the UI so you can choose them more quickly.
GitLab validates the values of these variables to ensure they are in the correct format.
| Variable | Allowed Values | Introduced in |
|-------------------------|----------------------------------------------------|---------------|
| `AWS_ACCESS_KEY_ID` | 20 characters: letters, digits | 12.10 |
| `AWS_ACCESS_KEY_ID` | Any | 12.10 |
| `AWS_DEFAULT_REGION` | Any | 12.10 |
| `AWS_SECRET_ACCESS_KEY` | 40 characters: letters, digits, special characters | 12.10 |
| `AWS_SECRET_ACCESS_KEY` | Any | 12.10 |
NOTE: **Note:**
When you store credentials, there are security implications. If you are using AWS keys,
......
......@@ -24066,9 +24066,6 @@ msgstr ""
msgid "This variable can not be masked."
msgstr ""
msgid "This variable does not match the expected pattern."
msgstr ""
msgid "This will help us personalize your onboarding experience."
msgstr ""
......
......@@ -4,7 +4,6 @@ import { GlDeprecatedButton } from '@gitlab/ui';
import { AWS_ACCESS_KEY_ID } from '~/ci_variable_list/constants';
import CiVariableModal from '~/ci_variable_list/components/ci_variable_modal.vue';
import CiKeyField from '~/ci_variable_list/components/ci_key_field.vue';
import { awsTokens } from '~/ci_variable_list/components/ci_variable_autocomplete_tokens';
import createStore from '~/ci_variable_list/store';
import mockData from '../services/mock_data';
import ModalStub from '../stubs';
......@@ -176,29 +175,6 @@ describe('Ci variable modal', () => {
describe('Validations', () => {
const maskError = 'This variable can not be masked.';
describe('when the key state is invalid', () => {
beforeEach(() => {
const [variable] = mockData.mockVariables;
const invalidKeyVariable = {
...variable,
key: AWS_ACCESS_KEY_ID,
value: 'AKIAIOSFODNN7EXAMPLEjdhy',
secret_value: 'AKIAIOSFODNN7EXAMPLEjdhy',
};
createComponent(mount);
store.state.variable = invalidKeyVariable;
});
it('disables the submit button', () => {
expect(addOrUpdateButton(1).attributes('disabled')).toBeTruthy();
});
it('shows the correct error text', () => {
const errorText = awsTokens[AWS_ACCESS_KEY_ID].invalidMessage;
expect(findModal().text()).toContain(errorText);
});
});
describe('when the mask state is invalid', () => {
beforeEach(() => {
const [variable] = mockData.mockVariables;
......@@ -222,39 +198,14 @@ describe('Ci variable modal', () => {
});
});
describe('when the mask and key states are invalid', () => {
beforeEach(() => {
const [variable] = mockData.mockVariables;
const invalidMaskandKeyVariable = {
...variable,
key: AWS_ACCESS_KEY_ID,
value: 'AKIAIOSFODNN7EXAMPLEjdhyd:;',
secret_value: 'AKIAIOSFODNN7EXAMPLEjdhyd:;',
masked: true,
};
createComponent(mount);
store.state.variable = invalidMaskandKeyVariable;
});
it('disables the submit button', () => {
expect(addOrUpdateButton(1).attributes('disabled')).toBeTruthy();
});
it('shows the correct error text', () => {
const errorText = awsTokens[AWS_ACCESS_KEY_ID].invalidMessage;
expect(findModal().text()).toContain(maskError);
expect(findModal().text()).toContain(errorText);
});
});
describe('when both states are valid', () => {
beforeEach(() => {
const [variable] = mockData.mockVariables;
const validMaskandKeyVariable = {
...variable,
key: AWS_ACCESS_KEY_ID,
value: 'AKIAIOSFODNN7EXAMPLE',
secret_value: 'AKIAIOSFODNN7EXAMPLE',
value: '12345678',
secret_value: '87654321',
masked: true,
};
createComponent(mount);
......@@ -265,12 +216,6 @@ describe('Ci variable modal', () => {
it('does not disable the submit button', () => {
expect(addOrUpdateButton(1).attributes('disabled')).toBeFalsy();
});
it('shows no error text', () => {
const errorText = awsTokens[AWS_ACCESS_KEY_ID].invalidMessage;
expect(findModal().text()).not.toContain(maskError);
expect(findModal().text()).not.toContain(errorText);
});
});
});
});
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment