Protection against misuse with system-wide quota definitions (#670)

* Added quota for meta data per software module

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Added unit test for "meta data per module" quota

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* quota test enhancements

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Verify enforcement of meta data quota via REST

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quota for distribution set meta data

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Verify enforcement of distribution set meta data quota via REST

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* software modules per distribution set quota

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Integration test enhancements for Modules per DistSet quota

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quota for software module types per distribution set type

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quota for max artifacts per software module

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quotas for ActionStatus per Action and Messages per ActionStatus

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quota attributes per target

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quota targets per rollout group

Signed-off-by: stefbehl <stefan.behl@bosch-si.com>

* Quota max targets per rollout group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per rollout group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per rollout group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per rollout group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* quota max actions per target

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per rollout group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max actions per target

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max actions per target

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per auto assignment

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per manual assignment

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per auto assignment

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per auto assign

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per auto assignment

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max actions per target

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per manual assignment

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix issues caused by merge

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Improve JavaDoc

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Sonar issues

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Sonar findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max artifact size

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Optimize quota configuration

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix test failures

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Improve test coverage

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max rollout groups per rollout

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Configure Rollout UI enhancements

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* UI enhancements

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Minor changes

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Quota max targets per group

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Sonar findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Sonar findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Sonar finding

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix code review findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix review findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* New approach for 'max artifact size' enforcement

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Sonar findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix failing tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Reduce max artifact size for tests

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>

* Fix Kai's review findings

Signed-off-by: Stefan Behl <stefan.behl@bosch-si.com>
This commit is contained in:
Stefan Behl
2018-05-02 12:09:29 +02:00
committed by Kai Zimmermann
parent fcc15a0484
commit 6dd98d2134
63 changed files with 2383 additions and 523 deletions

View File

@@ -114,6 +114,58 @@ public class HawkbitSecurityProperties {
*/
private int maxMessagesPerActionStatus = 50;
/**
* Maximum number of meta data entries per software module
*/
private int maxMetaDataEntriesPerSoftwareModule = 100;
/**
* Maximum number of meta data entries per distribution set
*/
private int maxMetaDataEntriesPerDistributionSet = 100;
/**
* Maximum number of software modules per distribution set
*/
private int maxSoftwareModulesPerDistributionSet = 100;
/**
* Maximum number of software modules per distribution set
*/
private int maxSoftwareModuleTypesPerDistributionSetType = 50;
/**
* Maximum number of artifacts per software module
*/
private int maxArtifactsPerSoftwareModule = 50;
/**
* Maximum number of targets per rollout group
*/
private int maxTargetsPerRolloutGroup = 20000;
/**
* Maximum number of targets per rollout group
*/
private int maxActionsPerTarget = 500;
/**
* Maximum number of targets for a manual distribution set assignment.
* Must be greater than 1000.
*/
private int maxTargetsPerManualAssignment = 5000;
/**
* Maximum number of targets for an automatic distribution set
* assignment
*/
private int maxTargetsPerAutoAssignment = 5000;
/**
* Maximum size of artifacts in bytes.
*/
private long maxArtifactSize = 1_000_000_000;
private final Filter filter = new Filter();
private final Filter uiFilter = new Filter();
@@ -157,6 +209,87 @@ public class HawkbitSecurityProperties {
this.maxRolloutGroupsPerRollout = maxRolloutGroupsPerRollout;
}
public int getMaxMetaDataEntriesPerSoftwareModule() {
return maxMetaDataEntriesPerSoftwareModule;
}
public void setMaxMetaDataEntriesPerSoftwareModule(final int maxMetaDataEntriesPerSoftwareModule) {
this.maxMetaDataEntriesPerSoftwareModule = maxMetaDataEntriesPerSoftwareModule;
}
public int getMaxMetaDataEntriesPerDistributionSet() {
return maxMetaDataEntriesPerDistributionSet;
}
public void setMaxMetaDataEntriesPerDistributionSet(final int maxMetaDataEntriesPerDistributionSet) {
this.maxMetaDataEntriesPerDistributionSet = maxMetaDataEntriesPerDistributionSet;
}
public int getMaxSoftwareModulesPerDistributionSet() {
return maxSoftwareModulesPerDistributionSet;
}
public void setMaxSoftwareModulesPerDistributionSet(final int maxSoftwareModulesPerDistributionSet) {
this.maxSoftwareModulesPerDistributionSet = maxSoftwareModulesPerDistributionSet;
}
public int getMaxSoftwareModuleTypesPerDistributionSetType() {
return maxSoftwareModuleTypesPerDistributionSetType;
}
public void setMaxSoftwareModuleTypesPerDistributionSetType(
final int maxSoftwareModuleTypesPerDistributionSetType) {
this.maxSoftwareModuleTypesPerDistributionSetType = maxSoftwareModuleTypesPerDistributionSetType;
}
public int getMaxArtifactsPerSoftwareModule() {
return maxArtifactsPerSoftwareModule;
}
public void setMaxArtifactsPerSoftwareModule(final int maxArtifactsPerSoftwareModule) {
this.maxArtifactsPerSoftwareModule = maxArtifactsPerSoftwareModule;
}
public int getMaxTargetsPerRolloutGroup() {
return maxTargetsPerRolloutGroup;
}
public void setMaxTargetsPerRolloutGroup(final int maxTargetsPerRolloutGroup) {
this.maxTargetsPerRolloutGroup = maxTargetsPerRolloutGroup;
}
public int getMaxActionsPerTarget() {
return maxActionsPerTarget;
}
public void setMaxActionsPerTarget(final int maxActionsPerTarget) {
this.maxActionsPerTarget = maxActionsPerTarget;
}
public int getMaxTargetsPerManualAssignment() {
return maxTargetsPerManualAssignment;
}
public void setMaxTargetsPerManualAssignment(final int maxTargetsPerManualAssignment) {
this.maxTargetsPerManualAssignment = maxTargetsPerManualAssignment;
}
public int getMaxTargetsPerAutoAssignment() {
return maxTargetsPerAutoAssignment;
}
public void setMaxTargetsPerAutoAssignment(final int maxTargetsPerAutoAssignment) {
this.maxTargetsPerAutoAssignment = maxTargetsPerAutoAssignment;
}
public void setMaxArtifactSize(final long maxArtifactSize) {
this.maxArtifactSize = maxArtifactSize;
}
public long getMaxArtifactSize() {
return maxArtifactSize;
}
/**
* Configuration for hawkBits DOS prevention filter. This is usually an
* infrastructure topic (e.g. Web Application Firewall (WAF)) but might
@@ -179,13 +312,13 @@ public class HawkbitSecurityProperties {
* # Maximum number of allowed REST read/GET requests per second per
* client IP.
*/
int maxRead = 200;
private int maxRead = 200;
/**
* Maximum number of allowed REST write/(PUT/POST/etc.) requests per
* second per client IP.
*/
int maxWrite = 50;
private int maxWrite = 50;
public boolean isEnabled() {
return enabled;
@@ -220,5 +353,6 @@ public class HawkbitSecurityProperties {
}
}
}
}