Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Added security policy settings for GraphQL #550

Merged
merged 19 commits into from
Jan 9, 2023
Merged

Added security policy settings for GraphQL #550

merged 19 commits into from
Jan 9, 2023

Conversation

buraksekili
Copy link
Collaborator

@buraksekili buraksekili commented Dec 19, 2022
edited
Loading

Description

This PR adds support to policy fields that apply to GraphQL.

Related Issue

https://tyktech.atlassian.net/browse/TT-5209

Motivation and Context

Previously, there was no way to set GraphQL-specific policies through CR. This PR adds corresponding fields to SecurityPolicy CR.

Added support of allowed_types, restricted_types, disable_introspection and field_access_rights fields of SecurityPolicy.

Test Coverage For This Change

Added e2e tests to ensure that corresponding fields are appropriately set on Tyk and K8s.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • Make sure you are requesting to pull a topic/feature/bugfix branch (right side). If PRing from your fork, don't come from your master!
  • Make sure you are making a pull request against our master branch (left side). Also, it would be best if you started your change off our latest master.
  • Make sure you are updating CHANGELOG.md based on your changes.
  • My change requires a change to the documentation.
    • If you've changed APIs, describe what needs to be updated in the documentation.
  • I have updated the documentation accordingly.
  • If you've changed API models, please update CRDs.
    • make manifests
    • make helm
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • Check your code additions will not fail linting checks:
    • gofmt -s -w .
    • go vet ./...
    • golangci-lint run

@buraksekili
Added security policy settings for GraphQL.
ea06454 
Updated graphql-go-tools package - so, use Tyk's fork.
Updated go.mod dependencies.
Added required DeepCopy functions for external graphql.Type field.

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili buraksekili changed the title Added security policy settings for GraphQL. Added security policy settings for GraphQL Dec 20, 2022
@buraksekili
Add e2e tests
ca1c8fb 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
remove extra lines
e803679 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
updated changelog
93df791 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
Move GW specific fields to out of comparison
c7dbbb2 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili buraksekili marked this pull request as ready for review December 20, 2022 12:29
@buraksekili buraksekili requested a review from a team as a code owner December 20, 2022 12:29
@buraksekili buraksekili requested review from komalsukhani and removed request for a team December 20, 2022 12:29
@buraksekili
Merge branch 'master' into feature/TT-5209/graphql-policies
71bd835 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
buraksekili and others added 13 commits December 27, 2022 11:06
@buraksekili
Remove redundant docs links from CRD manifests
b2095bf 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
Add example manifest for Restricted Types
32298ce 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
Merge branch 'master' into feature/TT-5209/graphql-policies
a59593e
@buraksekili
Update sample manifest; so, it includes GraphQL API with authorization
b33af81 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
Merge branch 'feature/TT-5209/graphql-policies' of github.com:TykTech…
e16c809 
…nologies/tyk-operator into feature/TT-5209/graphql-policies
@buraksekili
Merge branch 'master' into feature/TT-5209/graphql-policies
044aaf9
@buraksekili
Update restricted-types-policy.yaml
dd6f8e3 
Remove leftover description on sample manifest and update the sample description accordingly.
@singhpr
Merge branch 'master' into feature/TT-5209/graphql-policies
4df7c73
@buraksekili
Merge branch 'master' into feature/TT-5209/graphql-policies
37fb0b7
@buraksekili
Merge branch 'feature/TT-5209/graphql-policies' of github.com:TykTech…
c186bbf 
…nologies/tyk-operator into feature/TT-5209/graphql-policies
@buraksekili
Run policy tests in CE too
55230de 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
Update Tyk version to v4.3 for SecurityPolicy API
09931bd 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@buraksekili
Skip tests in versions below v4.3
578c805 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 9, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@singhpr singhpr merged commit 380a878 into master Jan 9, 2023
@singhpr singhpr deleted the feature/TT-5209/graphql-policies branch January 9, 2023 09:59
buger pushed a commit that referenced this pull request May 22, 2024
@buraksekili @singhpr
Added security policy settings for GraphQL (#550)
f5d30bf 
* Added security policy settings for GraphQL.
Updated graphql-go-tools package - so, use Tyk's fork.
Updated go.mod dependencies.
Added required DeepCopy functions for external graphql.Type field.

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Add e2e tests

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* remove extra lines

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* updated changelog

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Move GW specific fields to out of comparison

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Remove redundant docs links from CRD manifests

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Add example manifest for Restricted Types

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update sample manifest; so, it includes GraphQL API with authorization

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update restricted-types-policy.yaml

Remove leftover description on sample manifest and update the sample description accordingly.

* Run policy tests in CE too

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Update Tyk version to v4.3 for SecurityPolicy API

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

* Skip tests in versions below v4.3

Signed-off-by: Burak Sekili <buraksekili@gmail.com>

Signed-off-by: Burak Sekili <buraksekili@gmail.com>
Co-authored-by: Pranshu <104971506+singhpr@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@komalsukhani komalsukhani komalsukhani approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@buraksekili @komalsukhani @singhpr