fix: add support for artifactory identity tokens#115
fix: add support for artifactory identity tokens#115dpittner wants to merge 1 commit intoIBM:masterfrom
Conversation
Signed-off-by: Daniel Pittner <dpittner@de.ibm.com>
dpittner
force-pushed
the
tweak-artifactory
branch
from
4ad9d40 to
a285a86
Compare
tefiggins
left a comment
tefiggins
left a comment
There was a problem hiding this comment.
The PR build step is failing ... please debug ... python code is sensitive to spacing .. maybe it is an issue indentation of your code change?
| # artifactory encrypted passwords begin with AP[A-Z] | ||
| re.compile(r'(?:(?<==|:|")|(?<=\s)|(?<=^))AP[\dABCDEF][a-zA-Z0-9]{8,}'), # password | ||
| # artifactory identity tokens are different (base64 encoded reftkn:) and 64 chars | ||
| re.compile(r'(?:(?<==|:|")|(?<=\s)|(?<=^))cmVmdGtuOg{54,54}'), #identity token |
There was a problem hiding this comment.
I have a couple questions: Where did you get the regex that you included in this PR? Also do all artifactory tokens have "cmVmdGtuOg" literal string?
There was a problem hiding this comment.
IF reading this right:
line 15: says: start with AKC then [any lower or upper case alphabet or number char ] and then 10 or more of the same preceding token (ie lower or upper alphabet or number)
line 17: says: start with AP then [any upper case alphabet A-F or number char ] and then [any lower or upper case alphabet or number char ] 8 or more of the same preceding token (ie lower or upper alphabet or number)
line 19 (your new regex) say: starts with c then m then V then m then d then G then t then u the 0 the g then exactly 54 more characters of preceding (ie g)
1st, correct me if I am understanding this wrong. But if I am correct, then this will not work as a general enough regex and it would only make one very specific value.
tefiggins
left a comment
tefiggins
left a comment
There was a problem hiding this comment.
Do not see any additions under the test directory for unit-testing your new toke addiction.
2 participants
What: when using Artifactory identity tokens (https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) which are a recent feature you've the option to make them expiring. So it's desirable to use them instead of pro-active rotation.
However the token format is different from what's currently detected by the plugin, so this PR aims to extend the plugin with the ability to detect identity tokens of artifactory.