Policy merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests2023-08-18T12:25:06Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/61GONRG-4079: Fix job for storing policy helm chart2023-08-18T12:25:06ZYauheni Rykhter (EPAM)GONRG-4079: Fix job for storing policy helm chartM10 - Release 0.13Yauheni Rykhter (EPAM)Yauheni Rykhter (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/62Update GKE SA to follow common naming convention [GONRG-4143]2023-08-18T12:25:04ZMikhail Piatliou (EPAM)Update GKE SA to follow common naming convention [GONRG-4143]M10 - Release 0.13Mikhail Piatliou (EPAM)Mikhail Piatliou (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/63GONRG-4118 Add imagePullPolicy value2023-08-18T12:25:03ZIgor Zimovets (EPAM)GONRG-4118 Add imagePullPolicy valueM10 - Release 0.13https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/64GONRG-4200: Verify dev2 pipeline2023-08-18T12:25:01ZIgor Zimovets (EPAM)GONRG-4200: Verify dev2 pipelineM10 - Release 0.13Igor Zimovets (EPAM)Igor Zimovets (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/65Add AWS README2022-01-21T14:55:15ZYifei XuAdd AWS READMEAdd README.md file under tests/aws for running the service locally and running the integration testsAdd README.md file under tests/aws for running the service locally and running the integration testsM10 - Release 0.13JoeGregYifei XuJoehttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/66Updating NOTICE2022-01-26T12:18:21ZDavid Diederichd.diederich@opengroup.orgUpdating NOTICEM10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/67hotfix: fix-release-rule2023-08-18T12:24:59ZIryna Kurhuzenkava (EPAM)hotfix: fix-release-ruleM11 - Release 0.14Oleksandr Kosse (EPAM)Oleksandr Kosse (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/68Change Python image to alpine2023-08-18T12:24:57ZYifei XuChange Python image to alpineM11 - Release 0.14JoeGregYifei XuJoehttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/69Change AWS python image to alpine and change opa to static version2022-01-28T12:28:24ZYifei XuChange AWS python image to alpine and change opa to static versionChange AWS python image to alpine and change opa to static version
Original MR: !68Change AWS python image to alpine and change opa to static version
Original MR: !68M10 - Release 0.13JoeGregYifei XuJoehttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/70Merge branch 'hotfix-fix-release-rule' into 'master'2022-01-28T14:57:38ZOleksandr Kosse (EPAM)Merge branch 'hotfix-fix-release-rule' into 'master'hotfix: fix-release-rule
See merge request osdu/platform/security-and-compliance/policy!67
(cherry picked from commit 4033e815c1c66a5992efa43b44c423e62f529f1b)
e930d9c4 Update override-stages.ymlhotfix: fix-release-rule
See merge request osdu/platform/security-and-compliance/policy!67
(cherry picked from commit 4033e815c1c66a5992efa43b44c423e62f529f1b)
e930d9c4 Update override-stages.ymlhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/71Hotfix gcp pipeline rules [GONRG-4254]2023-08-18T12:24:54ZMikhail Piatliou (EPAM)Hotfix gcp pipeline rules [GONRG-4254]Hotfix for pipeline rulesHotfix for pipeline rulesM11 - Release 0.14Mikhail Piatliou (EPAM)Mikhail Piatliou (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/72Merge branch 'gcp-hotfix-pipeline' into 'master'2022-01-28T16:18:44ZMikhail Piatliou (EPAM)Merge branch 'gcp-hotfix-pipeline' into 'master'Hotfix gcp pipeline rules [GONRG-4254]
See merge request osdu/platform/security-and-compliance/policy!71
(cherry picked from commit 8c64134c0f5a2bdfb2fde3e894b66b20364ccd75)
d8a36524 GONRG-4254: fix gcp pipeline rules
194935b2 GONRG-4...Hotfix gcp pipeline rules [GONRG-4254]
See merge request osdu/platform/security-and-compliance/policy!71
(cherry picked from commit 8c64134c0f5a2bdfb2fde3e894b66b20364ccd75)
d8a36524 GONRG-4254: fix gcp pipeline rules
194935b2 GONRG-4254: fix gcp pipeline rules
10222e53 GONRG-4254: fix gcp pipeline rules
e74b0d92 GONRG-4254: fix gcp pipeline rules
c40dd1ce GONRG-4254: fix gcp pipeline rules
891b5bff GONRG-4254: fix gcp pipeline rules
0429e8d4 GONRG-4254: fix gcp pipeline rulesMikhail Piatliou (EPAM)Mikhail Piatliou (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/73GONRG-3431 manage bundles2022-04-04T18:00:13ZAleksandr Spivakov (EPAM)GONRG-3431 manage bundles**First approach using Python SDK**
The logic for managing bundles implemented within [OSDU Python SDK](https://community.opengroup.org/osdu/platform/system/sdks/common-python-sdk).
Example of using:
```python
# importing function respo...**First approach using Python SDK**
The logic for managing bundles implemented within [OSDU Python SDK](https://community.opengroup.org/osdu/platform/system/sdks/common-python-sdk).
Example of using:
```python
# importing function responsible for instantiating specific CSP storage client
from osdu_api.providers.blob_storage import get_client
# instantiate storage client
client = get_client()
# uploading file
f = open(<file_name>, 'rb')
client.upload_file(<file_uri>, f, <content_type>)
f.close()
# retrieving file (into file directly)
f = open(<file_name>, 'wb')
client.download_to_file(<file_uri>, f)
f.close()
# retrieving file (as bytes)
content, content_type = client.download_file_as_bytes(<file_uri>)
```
**Second approach using Facade, implemented in this MR**
note: GCP implementation still use Python SDK under the hood. Example of using:
```python
# importing function responsible for instantiating specific CSP storage client
from bundles.storage import get_storage
# instantiate storage client
storage = get_storage()
# uploading file
f = open(<file_uri>, 'rb')
storage.upload_file(<file_uri>, f)
f.close()
# retrieving file (into file directly)
f = open(<file_uri>, 'wb')
storage.download_file(<file_uri>, f)
f.close()
```
Related to https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/50M11 - Release 0.14Hrvoje MarkovicSiarhei Khaletski (EPAM)Yan Sushchynski (EPAM)Hrvoje Markovichttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/74Adding rate limit filter2022-05-26T18:37:12ZSHEFFALI JAINAdding rate limit filter## Type of change
- [ ] Bug Fix
- [x] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [ ] YES
- [x] NO
## Does this introduce a change in the...## Type of change
- [ ] Bug Fix
- [x] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [ ] YES
- [x] NO
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] GCP
- [ ] IBM
## Does this introduce a breaking change?
- [ ] YES
- [x] NO
## Scope and Context
We are trying to provide design via which rate limiting can be applied to any service if enabled via flag and will be disabled by default. By setting a limit on how many requests a consumer is allowed to make in a given unit of time. We reject any requests above the limit with an appropriate response, like HTTP status 429 (Too Many Requests).
## What is the current behavior?
Currently, no rate limiting is applied on service which can limit the count of users accessing it.
## What is the new/expected behavior?
The service will have specific token count which will set limit to restrict number of users using the service per cycle.
## Have you added/updated Unit Tests and Integration Tests?
No.
## Any other useful information
Added Envoy filter to apply rate limiting. Added support to generate yaml file via Helm in deployment itself.
Initially value of applying rate limit filter is set to false.
It can be set while installing helm command using following instruction :
--set envoyFilter.enabled=trueSHEFFALI JAINSHEFFALI JAINhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/75GONRG-3437 starting opa with appropriate configuration2023-08-18T12:24:51ZIgor Zimovets (EPAM)GONRG-3437 starting opa with appropriate configurationM11 - Release 0.14https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/76Gonrg 4370 policy bundle deployment2023-08-18T12:24:48ZDanylo Vanin (EPAM)Gonrg 4370 policy bundle deploymentAdd job for policy bundle deployment to bucketAdd job for policy bundle deployment to bucketM11 - Release 0.14Danylo Vanin (EPAM)Danylo Vanin (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/77GONRG-4309: Cost optimization for service2023-08-18T12:24:47ZNastassia Rabeichykava (EPAM)GONRG-4309: Cost optimization for serviceM11 - Release 0.14Oleksandr Kosse (EPAM)Oleksandr Kosse (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/78GONRG-3870: fix df policy bootstrap2023-08-18T12:24:45ZYauheni Rykhter (EPAM)GONRG-3870: fix df policy bootstrapM11 - Release 0.14Yauheni Rykhter (EPAM)Yauheni Rykhter (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/79GONRG: 4378-update-rules2023-08-18T12:24:43ZIgor Zimovets (EPAM)GONRG: 4378-update-rulesM11 - Release 0.14https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/80Draft: Add new endpoint to convert OPA query to ElasticSearch query2022-04-04T08:42:23ZLH Hon [ExxonMobil]Draft: Add new endpoint to convert OPA query to ElasticSearch queryLicense check:
github.com/open-policy-agent/rego-python = apache license 2.0 - OK
github.com/elastic/elasticsearch-dsl-py = apache license 2.0 - OKLicense check:
github.com/open-policy-agent/rego-python = apache license 2.0 - OK
github.com/elastic/elasticsearch-dsl-py = apache license 2.0 - OK