search

aws-deadline / deadline-cloud-worker-agent

The AWS Deadline Cloud worker agent can be used to run a worker in an AWS Deadline Cloud fleet.
Apache License 2.0
15 stars 21 forks source link

test: add test to verify queue credentials are locked down #487

Closed YutongLi291 closed 5 days ago

YutongLi291 commented 6 days ago

What was the problem/requirement? (What/Why)

Queue credentials on the worker should only be able to be able to be accessed by the queue user.

We should verify this to prevent security concerns and regressions in the future.

What was the solution? (How)

Add a test that verifies this behaviour that other users on the worker instance cannot access the queue credentials.

Also verify that a different queue also cannot access another queue's credentials.

What is the impact of this change?

Better verification that other users cannot access queue credentials.

How was this change tested?

# Linux
source .e2e_linux_infra.sh
hatch run e2e-test

# Windows
source .e2e_windows_infra.sh
hatch run e2e-test

Multiple times to verify not flaky.

Was this change documented?

No

Is this a breaking change?

No

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

sonarcloud[bot] commented 5 days ago

Quality Gate Failed Quality Gate failed

Failed conditions
31.0% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud