Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: re-introduce clientCertificateValiditySeconds config #401

Merged
merged 2 commits into from
Sep 13, 2023

Conversation

jcosentino11
Copy link
Member

Issue #, if available:

Description of changes:
Same as #61, with a modification lowering the minimum validity seconds value to 1 minute. The reason for this is to allow UATs to test rotation within a reasonable period.

Why is this change necessary:

How was this change tested:

Any additional information or context required to review the change:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

jbutler and others added 2 commits September 13, 2023 13:48
This change introduces a clientCertificateValiditySeconds configuration for
controlling how long client certificates are valid for. Currently this value is only
configurable up to 10 days.

(cherry picked from commit 43ac5f0)
@github-actions
Copy link

Unit Tests Coverage Report

File Coverage Lines Branches
All files 73% 80% 66%
com.aws.greengrass.clientdevices.auth.PermissionEvaluationUtils 78% 82% 74%
com.aws.greengrass.clientdevices.auth.PermissionEvaluationUtils$Operation 100% 100% 0%
com.aws.greengrass.clientdevices.auth.PermissionEvaluationUtils$Resource 100% 100% 0%
com.aws.greengrass.clientdevices.auth.CertificateManager 80% 90% 69%
com.aws.greengrass.clientdevices.auth.ClientDevicesAuthService 79% 90% 67%
com.aws.greengrass.clientdevices.auth.DeviceAuthClient 73% 83% 64%
com.aws.greengrass.clientdevices.auth.certificate.ClientCertificateGenerator 95% 90% 100%
com.aws.greengrass.clientdevices.auth.certificate.CertificateHelper$ProviderType 100% 100% 0%
com.aws.greengrass.clientdevices.auth.certificate.CertificateHelper 74% 92% 56%
com.aws.greengrass.clientdevices.auth.certificate.CertificateStore 72% 85% 60%
com.aws.greengrass.clientdevices.auth.certificate.CertificateExpiryMonitor 77% 87% 67%
com.aws.greengrass.clientdevices.auth.certificate.ServerCertificateGenerator 93% 87% 100%
com.aws.greengrass.clientdevices.auth.certificate.CertificateGenerator 70% 90% 50%
com.aws.greengrass.clientdevices.auth.certificate.CertificateStore$CAType 100% 100% 0%
com.aws.greengrass.clientdevices.auth.certificate.CertificateExpiryMonitor$CertRotationDecider 90% 100% 80%
com.aws.greengrass.clientdevices.auth.certificate.CertificatesConfig 100% 100% 100%
com.aws.greengrass.clientdevices.auth.session.events.SessionCreationEvent$SessionCreationStatus 100% 100% 0%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyIotCertificate 94% 88% 100%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyThingAttachedToCertificate 89% 91% 88%
com.aws.greengrass.clientdevices.auth.iot.usecases.CreateIoTThingSession 88% 93% 83%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyCertificateValidityPeriod 88% 88% 0%
com.aws.greengrass.clientdevices.auth.iot.usecases.VerifyThingAttachedToCertificate$Result$VerificationSource 100% 100% 0%
com.aws.greengrass.clientdevices.auth.certificate.infra.ClientCertificateStore 100% 100% 100%
com.aws.greengrass.clientdevices.auth.certificate.infra.BackgroundCertificateRefresh 83% 85% 82%
com.aws.greengrass.clientdevices.auth.iot.infra.ThingRegistry 92% 97% 88%
com.aws.greengrass.clientdevices.auth.certificate.usecases.ConfigureManagedCertificateAuthority 85% 85% 0%
com.aws.greengrass.clientdevices.auth.certificate.usecases.ConfigureCustomCertificateAuthority 83% 83% 0%
com.aws.greengrass.clientdevices.auth.certificate.usecases.RegisterCertificateAuthorityUseCase 65% 81% 50%
com.aws.greengrass.clientdevices.auth.configuration.MetricsConfiguration 83% 100% 67%
com.aws.greengrass.clientdevices.auth.configuration.AuthorizationPolicyStatement$Effect 100% 100% 0%
com.aws.greengrass.clientdevices.auth.configuration.GroupManager 89% 94% 83%
com.aws.greengrass.clientdevices.auth.configuration.ConfigurationFormatVersion 100% 100% 0%
com.aws.greengrass.clientdevices.auth.configuration.CAConfiguration 96% 100% 92%
com.aws.greengrass.clientdevices.auth.configuration.RuntimeConfiguration 83% 96% 70%
com.aws.greengrass.clientdevices.auth.configuration.SecurityConfiguration 80% 93% 67%
com.aws.greengrass.clientdevices.auth.configuration.CDAConfiguration 100% 100% 100%
com.aws.greengrass.clientdevices.auth.configuration.GroupDefinition 75% 100% 50%
com.aws.greengrass.clientdevices.auth.configuration.ExpressionVisitor 84% 94% 75%
com.aws.greengrass.clientdevices.auth.configuration.GroupConfiguration 90% 95% 86%
com.aws.greengrass.clientdevices.auth.api.ServiceErrorEvent 100% 100% 0%
com.aws.greengrass.clientdevices.auth.api.ClientDevicesAuthServiceApi 90% 80% 100%
com.aws.greengrass.clientdevices.auth.api.DomainEvents 100% 100% 100%
com.aws.greengrass.clientdevices.auth.api.AuthorizeClientDeviceActionEvent$AuthorizationStatus 100% 100% 0%
com.aws.greengrass.clientdevices.auth.api.UseCases 71% 92% 50%
com.aws.greengrass.clientdevices.auth.api.DomainEvent 100% 100% 0%
com.aws.greengrass.clientdevices.auth.api.GetCertificateRequestOptions$CertificateType 100% 100% 0%
com.aws.greengrass.clientdevices.auth.session.attribute.StringLiteralAttribute 100% 100% 0%
com.aws.greengrass.clientdevices.auth.session.attribute.WildcardSuffixAttribute 88% 100% 75%
com.aws.greengrass.clientdevices.auth.certificate.events.CertificateSubscriptionEvent$SubscriptionStatus 100% 100% 0%
com.aws.greengrass.clientdevices.auth.certificate.events.CACertificateChainChanged 100% 100% 0%
com.aws.greengrass.clientdevices.auth.iot.Certificate$Status 100% 100% 0%
com.aws.greengrass.clientdevices.auth.iot.IotAuthClient$Default 56% 47% 64%
com.aws.greengrass.clientdevices.auth.iot.Thing 87% 93% 82%
com.aws.greengrass.clientdevices.auth.iot.Certificate 78% 89% 67%
com.aws.greengrass.clientdevices.auth.iot.GreengrassV2DataClientFactory 18% 18% 0%
com.aws.greengrass.clientdevices.auth.iot.CertificateRegistry 95% 90% 100%
com.aws.greengrass.clientdevices.auth.iot.Component 100% 100% 0%
com.aws.greengrass.clientdevices.auth.iot.events.VerifyClientDeviceIdentityEvent$VerificationStatus 100% 100% 0%
com.aws.greengrass.clientdevices.auth.infra.NetworkStateProvider$Default$1 100% 100% 0%
com.aws.greengrass.clientdevices.auth.infra.NetworkStateProvider$ConnectionState 100% 100% 0%
com.aws.greengrass.clientdevices.auth.infra.NetworkStateProvider$Default 75% 90% 60%
com.aws.greengrass.ipc.IPCUtils 83% 67% 100%
com.aws.greengrass.ipc.VerifyClientDeviceIdentityOperationHandler 60% 69% 50%
com.aws.greengrass.ipc.GetClientDeviceAuthTokenOperationHandler 86% 98% 75%
com.aws.greengrass.ipc.AuthorizeClientDeviceActionOperationHandler 79% 92% 67%
com.aws.greengrass.ipc.SubscribeToCertificateUpdatesOperationHandler 81% 88% 75%
com.aws.greengrass.clientdevices.auth.session.SessionConfig 92% 100% 83%
com.aws.greengrass.clientdevices.auth.session.SessionManager$1 100% 100% 100%
com.aws.greengrass.clientdevices.auth.session.MqttSessionFactory 100% 100% 100%
com.aws.greengrass.clientdevices.auth.session.SessionCreator 100% 100% 100%
com.aws.greengrass.clientdevices.auth.session.SessionManager 88% 100% 75%
com.aws.greengrass.clientdevices.auth.session.SessionImpl 100% 100% 100%
com.aws.greengrass.clientdevices.auth.session.SessionCreator$SessionFactorySingleton 100% 100% 0%
com.aws.greengrass.clientdevices.auth.session.MqttSessionFactory$MqttCredential 100% 100% 0%
com.aws.greengrass.clientdevices.auth.certificate.handlers.CACertificateChainChangedHandler 100% 100% 0%
com.aws.greengrass.clientdevices.auth.certificate.handlers.CAConfigurationChangedHandler 93% 87% 100%
com.aws.greengrass.clientdevices.auth.certificate.handlers.CertificateRotationHandler 96% 91% 100%
com.aws.greengrass.clientdevices.auth.certificate.handlers.SecurityConfigurationChangedHandler 100% 100% 0%
com.aws.greengrass.clientdevices.auth.metrics.handlers.SessionCreationEventHandler 88% 100% 75%
com.aws.greengrass.clientdevices.auth.metrics.handlers.MetricsConfigurationChangedHandler 70% 90% 50%
com.aws.greengrass.clientdevices.auth.metrics.handlers.AuthorizeClientDeviceActionsMetricHandler 88% 100% 75%
com.aws.greengrass.clientdevices.auth.metrics.handlers.VerifyClientDeviceIdentityEventHandler 88% 100% 75%
com.aws.greengrass.clientdevices.auth.metrics.handlers.CertificateSubscriptionEventHandler 83% 100% 67%
com.aws.greengrass.clientdevices.auth.metrics.handlers.ServiceErrorEventHandler 100% 100% 0%
com.aws.greengrass.clientdevices.auth.iot.dto.CertificateV1DTO$Status 100% 100% 0%
com.aws.greengrass.clientdevices.auth.connectivity.usecases.GetConnectivityInformationUseCase 100% 100% 0%
com.aws.greengrass.clientdevices.auth.connectivity.usecases.RecordConnectivityChangesUseCase 100% 100% 100%
com.aws.greengrass.clientdevices.auth.util.ResizableLinkedBlockingQueue 90% 80% 100%
com.aws.greengrass.clientdevices.auth.util.ParseIPAddress 90% 95% 84%
com.aws.greengrass.clientdevices.auth.metrics.ClientDeviceAuthMetrics 100% 100% 100%
com.aws.greengrass.clientdevices.auth.metrics.MetricsEmitter 100% 100% 100%
com.aws.greengrass.clientdevices.auth.connectivity.ConnectivityInfoCache 100% 100% 0%
com.aws.greengrass.clientdevices.auth.connectivity.CISShadowMonitor 68% 79% 57%
com.aws.greengrass.clientdevices.auth.connectivity.RecordConnectivityChangesResponse 100% 100% 100%
com.aws.greengrass.clientdevices.auth.connectivity.HostAddress 67% 67% 0%
com.aws.greengrass.clientdevices.auth.connectivity.RecordConnectivityChangesRequest 100% 100% 0%
com.aws.greengrass.clientdevices.auth.connectivity.ConnectivityInformation 100% 100% 100%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionConstants 100% 100% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.TokenMgrError 22% 32% 12%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionTokenManager 61% 65% 58%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTStart 33% 33% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTAnd 67% 67% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.Token 58% 58% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionDefaultVisitor 0% 0% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTOr 67% 67% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.SimpleCharStream 28% 31% 25%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpressionTreeConstants 0% 0% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.JJTRuleExpressionState 67% 65% 70%
com.aws.greengrass.clientdevices.auth.configuration.parser.ASTThing 67% 67% 0%
com.aws.greengrass.clientdevices.auth.configuration.parser.RuleExpression 63% 63% 62%
com.aws.greengrass.clientdevices.auth.configuration.parser.SimpleNode 27% 35% 19%

Minimum allowed coverage is 50%

Generated by 🐒 cobertura-action against 9d737b7

@jcosentino11 jcosentino11 merged commit 7128217 into main Sep 13, 2023
4 checks passed
@jcosentino11 jcosentino11 deleted the client-cert-validity branch September 13, 2023 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants