Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use built-in Pulumi bcrypt #1740

Merged
merged 5 commits into from
Feb 14, 2024
Merged

Use built-in Pulumi bcrypt #1740

merged 5 commits into from
Feb 14, 2024

Conversation

jemrobinson
Copy link
Member

@jemrobinson jemrobinson commented Feb 13, 2024
edited
Loading

✅ Checklist

  • You have given your pull request a meaningful title (e.g. Enable foobar integration rather than 515 foobar).
  • You are targeting the appropriate branch. If you're not certain which one this is, it should be develop.
  • Your branch is up-to-date with the target branch (it probably was when you started, but it may have changed since then).
  • You have marked this pull request as a draft and added '[WIP]' to the title if needed (if you're not yet ready to merge).
  • You have formatted your code using appropriate automated tools (for example ./tests/AutoFormat_Powershell.ps1 -TargetPath <path to file or directory> for Powershell).

⤴️ Summary

Replace use of python bcrypt library with the bcrypt functionality built into pulumi.RandomPassword.

Previously we generated admin_password_salt for the DNS server ourselves and stored it as a Pulumi secret. We replace this with use of the bcrypt_hash property of pulumi.RandomPassword which means that we don't need to handle our own salt generation or the combination of salt+password into a bcrypt hash.

🌂 Related issues

Closes #1644

🔬 Tests

Tested on a new SRE deployment

@jemrobinson jemrobinson requested a review from a team February 13, 2024 10:31
JimMadge
JimMadge approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@JimMadge JimMadge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@jemrobinson jemrobinson merged commit d105de0 into alan-turing-institute:python-migration Feb 14, 2024
9 checks passed
@jemrobinson jemrobinson mentioned this pull request Apr 16, 2024
Closed
5 tasks
@jemrobinson jemrobinson deleted the 1644-simplify-bcrypt-password branch April 19, 2024 11:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JimMadge JimMadge JimMadge approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jemrobinson @JimMadge