Skip to content

Releases: ministryofjustice/analytics-platform-control-panel

Fixes for OWASP ZAP report items

23 Oct 14:34
d3de9e0
Compare
Choose a tag to compare
  • Disable client-side caching
  • Secure CSRF and session cookies
  • Enable XSS protection
  • Disable content-type sniffing

App error handling and AWS client refactor

23 Oct 12:39
a0e4bde
Compare
Choose a tag to compare
  • Add logging and error handling for Github repo listing
  • Prevent creating App with already registered Github repo
  • Improve create app form validation and errors
  • Validate app customer email addresses
  • Handle Auth0 errors adding and removing customers
  • Set default choice on create app form
  • Refactor AWS client code to use boto3 Resource API
  • Remove redundant AWSClient class
  • Remove redundant IAMRole class (replaced by boto3 Role resource class)
  • Refactor S3AccessPolicy class to operate on boto3 RolePolicy objects - also fixes bug which removes all resources from policy
  • Refactor AppS3Bucket, PolicyS3Bucket and UserS3Bucket to loosen coupling with S3AccessPolicy and ManagedS3AccessPolicy
  • Refactor cluster module to follow @xoen's cluster.App example
  • Test with moto
  • Remove the unused write_to_cluster feature flag

Moved `cluster` functions into `ToolDeployment` class

09 Oct 11:12
3c523d4
Compare
Choose a tag to compare

PR #762 (More refactoring)

  • moved functions in controlpanel.api.cluster module related to a deployed tool into the ToolDeployment class
  • fixed import of HelmError in that module
  • added __repr__() to models.User class

KubernetesClient related refactorings

08 Oct 12:52
28bd1b0
Compare
Choose a tag to compare

PR #761

App logs scroll fix and other minor fixes/refactorings

07 Oct 09:19
5168e53
Compare
Choose a tag to compare

Add back App URL/Fix for k8s race condition

03 Oct 16:08
e29196f
Compare
Choose a tag to compare

This should fix the race condition in the kubernetes configuration.

PR: #756

Don't get App URL until we fix the `KubernetesClient` bug

02 Oct 10:48
4ca591d
Compare
Choose a tag to compare

Sometimes users get a 401 from the Kubernetes API. This seems
to be caused by a bug/race condition in the way the kubernetes module
loads the configuration (this is our best theory so far)

It's annoying for users so avoiding this until we fix the problem.

PR: #754
Part of ticket: https://trello.com/c/D4bpabeD

Fix grant admin access form

02 Oct 10:27
afb559b
Compare
Choose a tag to compare

Missing "admin" option when requesting user is a superadmin

Fix for error when `id_token` not provided

30 Sep 11:30
3a432d6
Compare
Choose a tag to compare

Fix for error raised when id_token not provided

(currently some code relies on KubernetesClient to automagically read the id_token from the request. We're planning to refactor the code to always pass the id_token explicitly and this check was part of that. Unfortunately having this check in master is bad and it'll have to wait)

Group and path specific s3 permissions

30 Sep 10:45
ebbe597
Compare
Choose a tag to compare
  • Adds Groups for s3 permissions
  • Adds paths to the access so user can specify paths that access is given to