Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure debug broker support in release mode #1651

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

Configure debug broker support in release mode #1651

wants to merge 6 commits into from

Conversation

gitaumoses4
Copy link
Contributor

@gitaumoses4 gitaumoses4 commented Dec 9, 2021
edited
Loading

We currently support MSAL trusting debug brokers; however, we need to be sure that people don't set this in error for release builds that we'll be shipped to production.

When the build-type is RELEASE and trust debug brokers is enabled throw a runtime exception.

Implementation

We need to check that the application trusting debug brokers is allowed to do so, hence the BrokerValidator hosts a variable that keeps a record of applications with the ability to trust debug brokers.

shahzaibj
shahzaibj requested changes Dec 9, 2021
View reviewed changes
Copy link
Contributor

@shahzaibj shahzaibj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this PR effectively reverts the work we had done to enable debug broker support in release mode to allow automation to be run with prod MSAL and BrokerHost. With this PR we can no longer to do that. I would still like to have support for that. I think RuntimeException is not the right thing to do here. I suggest you schedule a meeting to discuss this work.

@gitaumoses4 gitaumoses4 removed the request for review from AdamBJohnsonx February 8, 2022 12:39
@gitaumoses4 gitaumoses4 force-pushed the git/configure-debug-broker-support branch from 734a563 to 06ebe3a Compare February 15, 2022 12:35
@gitaumoses4 gitaumoses4 force-pushed the git/configure-debug-broker-support branch from 800f1b1 to 0e7188f Compare February 21, 2022 09:12
@codecov-commenter
Copy link

codecov-commenter commented Feb 21, 2022
edited by codecov bot
Loading

Codecov Report

Merging #1651 (c7f2670) into dev (1c1fcec) will increase coverage by 0.26%.
The diff coverage is 90.00%.

@@             Coverage Diff              @@
##                dev    #1651      +/-   ##
============================================
+ Coverage     15.62%   15.88%   +0.26%     
- Complexity      321      334      +13     
============================================
  Files           164      165       +1     
  Lines          7097     7118      +21     
  Branches        712      716       +4     
============================================
+ Hits           1109     1131      +22     
+ Misses         5815     5814       -1     
  Partials        173      173
Impacted Files Coverage Δ
...common/internal/broker/DebugBrokerTrustingApp.java 80.00% <80.00%> (ø)
...entity/common/internal/broker/BrokerValidator.java 33.78% <95.00%> (+16.32%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3dea002...c7f2670. Read the comment docs.

@gitaumoses4 gitaumoses4 requested a review from shahzaibj March 28, 2022 08:58
shahzaibj
shahzaibj reviewed Apr 26, 2022
View reviewed changes
@shahzaibj
Copy link
Contributor

So what is the plan here? It seems like the only way this is now actually configurable is to first declare trust via BuildConfig, right? So that means the builds that are in Maven central are not actually ever going to be able to trust debug brokers because they are not in debug mode and also don't have trust declared in Build Config. I think that is fine...

My question is how is this debug broker support useful now? I suspect that the plan would be to publish two versions of common going forward to at least the internal maven? One that has debug support declared via BuildConfig and one that doesn't. Is that the correct understanding? If that's the case, I'm not sure if we even need the setShouldTrustDebugBroker method in BrokerValidator at all. I'm not seeing any utility since the functioning is really controlled by build config.

@gitaumoses4 gitaumoses4 force-pushed the git/configure-debug-broker-support branch from 021d704 to 7267c0a Compare May 12, 2022 17:35
@gitaumoses4
Copy link
Contributor Author

@shahzaibj as discussed, we are now checking the application's package name and signature hash before allowing it to trust debug brokers.
For a start we allow only MSAL_TEST_APP and MSAL_AUTOMATION_APP to do so.

@gitaumoses4 gitaumoses4 requested a review from shahzaibj May 12, 2022 20:20
@gitaumoses4 gitaumoses4 requested a review from iamgusain as a code owner May 25, 2022 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rpdome rpdome rpdome approved these changes

@tanmaymanolkar1 tanmaymanolkar1 tanmaymanolkar1 approved these changes

@shoatman shoatman Awaiting requested review from shoatman

@shahzaibj shahzaibj Awaiting requested review from shahzaibj

@iamgusain iamgusain Awaiting requested review from iamgusain

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gitaumoses4 @codecov-commenter @shahzaibj @rpdome @tanmaymanolkar1