Protection against misuse with system-wide quota definitions (#670)
* Added quota for meta data per software module Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Added unit test for "meta data per module" quota Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * quota test enhancements Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Verify enforcement of meta data quota via REST Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quota for distribution set meta data Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Verify enforcement of distribution set meta data quota via REST Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * software modules per distribution set quota Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Integration test enhancements for Modules per DistSet quota Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quota for software module types per distribution set type Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quota for max artifacts per software module Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quotas for ActionStatus per Action and Messages per ActionStatus Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quota attributes per target Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quota targets per rollout group Signed-off-by: stefbehl <stefan.behl@bosch-si.com> * Quota max targets per rollout group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per rollout group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per rollout group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per rollout group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * quota max actions per target Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per rollout group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max actions per target Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max actions per target Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per auto assignment Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per manual assignment Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per auto assignment Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per auto assign Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per auto assignment Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max actions per target Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per manual assignment Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix issues caused by merge Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Improve JavaDoc Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Sonar issues Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Sonar findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max artifact size Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Optimize quota configuration Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix test failures Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Improve test coverage Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max rollout groups per rollout Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Configure Rollout UI enhancements Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * UI enhancements Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Minor changes Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Quota max targets per group Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Sonar findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Sonar findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Sonar finding Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix code review findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix review findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * New approach for 'max artifact size' enforcement Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Sonar findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix failing tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Reduce max artifact size for tests Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com> * Fix Kai's review findings Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>
This commit is contained in:
committed by
Kai Zimmermann
parent
fcc15a0484
commit
6dd98d2134
@@ -114,6 +114,58 @@ public class HawkbitSecurityProperties {
|
||||
*/
|
||||
private int maxMessagesPerActionStatus = 50;
|
||||
|
||||
/**
|
||||
* Maximum number of meta data entries per software module
|
||||
*/
|
||||
private int maxMetaDataEntriesPerSoftwareModule = 100;
|
||||
|
||||
/**
|
||||
* Maximum number of meta data entries per distribution set
|
||||
*/
|
||||
private int maxMetaDataEntriesPerDistributionSet = 100;
|
||||
|
||||
/**
|
||||
* Maximum number of software modules per distribution set
|
||||
*/
|
||||
private int maxSoftwareModulesPerDistributionSet = 100;
|
||||
|
||||
/**
|
||||
* Maximum number of software modules per distribution set
|
||||
*/
|
||||
private int maxSoftwareModuleTypesPerDistributionSetType = 50;
|
||||
|
||||
/**
|
||||
* Maximum number of artifacts per software module
|
||||
*/
|
||||
private int maxArtifactsPerSoftwareModule = 50;
|
||||
|
||||
/**
|
||||
* Maximum number of targets per rollout group
|
||||
*/
|
||||
private int maxTargetsPerRolloutGroup = 20000;
|
||||
|
||||
/**
|
||||
* Maximum number of targets per rollout group
|
||||
*/
|
||||
private int maxActionsPerTarget = 500;
|
||||
|
||||
/**
|
||||
* Maximum number of targets for a manual distribution set assignment.
|
||||
* Must be greater than 1000.
|
||||
*/
|
||||
private int maxTargetsPerManualAssignment = 5000;
|
||||
|
||||
/**
|
||||
* Maximum number of targets for an automatic distribution set
|
||||
* assignment
|
||||
*/
|
||||
private int maxTargetsPerAutoAssignment = 5000;
|
||||
|
||||
/**
|
||||
* Maximum size of artifacts in bytes.
|
||||
*/
|
||||
private long maxArtifactSize = 1_000_000_000;
|
||||
|
||||
private final Filter filter = new Filter();
|
||||
private final Filter uiFilter = new Filter();
|
||||
|
||||
@@ -157,6 +209,87 @@ public class HawkbitSecurityProperties {
|
||||
this.maxRolloutGroupsPerRollout = maxRolloutGroupsPerRollout;
|
||||
}
|
||||
|
||||
public int getMaxMetaDataEntriesPerSoftwareModule() {
|
||||
return maxMetaDataEntriesPerSoftwareModule;
|
||||
}
|
||||
|
||||
public void setMaxMetaDataEntriesPerSoftwareModule(final int maxMetaDataEntriesPerSoftwareModule) {
|
||||
this.maxMetaDataEntriesPerSoftwareModule = maxMetaDataEntriesPerSoftwareModule;
|
||||
}
|
||||
|
||||
public int getMaxMetaDataEntriesPerDistributionSet() {
|
||||
return maxMetaDataEntriesPerDistributionSet;
|
||||
}
|
||||
|
||||
public void setMaxMetaDataEntriesPerDistributionSet(final int maxMetaDataEntriesPerDistributionSet) {
|
||||
this.maxMetaDataEntriesPerDistributionSet = maxMetaDataEntriesPerDistributionSet;
|
||||
}
|
||||
|
||||
public int getMaxSoftwareModulesPerDistributionSet() {
|
||||
return maxSoftwareModulesPerDistributionSet;
|
||||
}
|
||||
|
||||
public void setMaxSoftwareModulesPerDistributionSet(final int maxSoftwareModulesPerDistributionSet) {
|
||||
this.maxSoftwareModulesPerDistributionSet = maxSoftwareModulesPerDistributionSet;
|
||||
}
|
||||
|
||||
public int getMaxSoftwareModuleTypesPerDistributionSetType() {
|
||||
return maxSoftwareModuleTypesPerDistributionSetType;
|
||||
}
|
||||
|
||||
public void setMaxSoftwareModuleTypesPerDistributionSetType(
|
||||
final int maxSoftwareModuleTypesPerDistributionSetType) {
|
||||
this.maxSoftwareModuleTypesPerDistributionSetType = maxSoftwareModuleTypesPerDistributionSetType;
|
||||
}
|
||||
|
||||
public int getMaxArtifactsPerSoftwareModule() {
|
||||
return maxArtifactsPerSoftwareModule;
|
||||
}
|
||||
|
||||
public void setMaxArtifactsPerSoftwareModule(final int maxArtifactsPerSoftwareModule) {
|
||||
this.maxArtifactsPerSoftwareModule = maxArtifactsPerSoftwareModule;
|
||||
}
|
||||
|
||||
public int getMaxTargetsPerRolloutGroup() {
|
||||
return maxTargetsPerRolloutGroup;
|
||||
}
|
||||
|
||||
public void setMaxTargetsPerRolloutGroup(final int maxTargetsPerRolloutGroup) {
|
||||
this.maxTargetsPerRolloutGroup = maxTargetsPerRolloutGroup;
|
||||
}
|
||||
|
||||
public int getMaxActionsPerTarget() {
|
||||
return maxActionsPerTarget;
|
||||
}
|
||||
|
||||
public void setMaxActionsPerTarget(final int maxActionsPerTarget) {
|
||||
this.maxActionsPerTarget = maxActionsPerTarget;
|
||||
}
|
||||
|
||||
public int getMaxTargetsPerManualAssignment() {
|
||||
return maxTargetsPerManualAssignment;
|
||||
}
|
||||
|
||||
public void setMaxTargetsPerManualAssignment(final int maxTargetsPerManualAssignment) {
|
||||
this.maxTargetsPerManualAssignment = maxTargetsPerManualAssignment;
|
||||
}
|
||||
|
||||
public int getMaxTargetsPerAutoAssignment() {
|
||||
return maxTargetsPerAutoAssignment;
|
||||
}
|
||||
|
||||
public void setMaxTargetsPerAutoAssignment(final int maxTargetsPerAutoAssignment) {
|
||||
this.maxTargetsPerAutoAssignment = maxTargetsPerAutoAssignment;
|
||||
}
|
||||
|
||||
public void setMaxArtifactSize(final long maxArtifactSize) {
|
||||
this.maxArtifactSize = maxArtifactSize;
|
||||
}
|
||||
|
||||
public long getMaxArtifactSize() {
|
||||
return maxArtifactSize;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configuration for hawkBits DOS prevention filter. This is usually an
|
||||
* infrastructure topic (e.g. Web Application Firewall (WAF)) but might
|
||||
@@ -179,13 +312,13 @@ public class HawkbitSecurityProperties {
|
||||
* # Maximum number of allowed REST read/GET requests per second per
|
||||
* client IP.
|
||||
*/
|
||||
int maxRead = 200;
|
||||
private int maxRead = 200;
|
||||
|
||||
/**
|
||||
* Maximum number of allowed REST write/(PUT/POST/etc.) requests per
|
||||
* second per client IP.
|
||||
*/
|
||||
int maxWrite = 50;
|
||||
private int maxWrite = 50;
|
||||
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
@@ -220,5 +353,6 @@ public class HawkbitSecurityProperties {
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user