Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(jans-pycloudlib)!: remove spanner support from pycloudlib #10049

Merged
merged 2 commits into from
Nov 6, 2024
Merged

chore(jans-pycloudlib)!: remove spanner support from pycloudlib #10049

merged 2 commits into from
Nov 6, 2024

Conversation

iromli
Copy link
Contributor

@iromli iromli commented Nov 5, 2024

Prepare

Description

Target issue

closes #10047

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@iromli iromli requested a review from moabu as a code owner November 5, 2024 16:23
@iromli iromli self-assigned this Nov 5, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 5, 2024
edited
Loading

DryRun Security Summary

The pull request primarily focuses on removing support for the Spanner database from the jans-pycloudlib library, while also including updates to the handling of JSON data types in SQL databases, improvements to the lock management functionality, and addressing a known security vulnerability in the oauthlib dependency.

Expand for full summary

Summary:

The changes in this pull request are primarily focused on removing support for the Spanner database from the jans-pycloudlib library. This includes the removal of Spanner-related functionality, tests, and configuration options across various files. The removal of unused or unsupported functionality is generally considered a positive security practice, as it reduces the attack surface and potential vulnerabilities in the application.

However, it is important to ensure that the removal of Spanner support does not have any unintended consequences or introduce new security risks. The changes should be reviewed to verify that the application's overall data persistence and storage mechanisms are still secure and meet the necessary requirements.

Additionally, the code changes include updates to the handling of JSON data types in SQL databases, improvements to the lock management functionality, and addressing a known security vulnerability (CVE-2022-36087) in the oauthlib dependency. These changes are generally positive from a security perspective, as they demonstrate the developers' efforts to maintain the security and reliability of the application.

Files Changed:

  1. jans-pycloudlib/docs/api/wait.md: Removal of the wait_for_spanner and wait_for_spanner_conn functions.
  2. jans-pycloudlib/jans/pycloudlib/persistence/__init__.py: Removal of Spanner-related imports and references.
  3. jans-pycloudlib/jans/pycloudlib/lock/__init__.py: Removal of the SpannerLock class and modification of the adapter method to remove Spanner support.
  4. jans-pycloudlib/jans/pycloudlib/persistence/utils.py: Removal of the "spanner" persistence type from the PERSISTENCE_TYPES and corresponding references.
  5. jans-pycloudlib/jans/pycloudlib/validators.py: Removal of the "spanner" option from the validate_persistence_type function.
  6. jans-pycloudlib/mkdocs.yml: Removal of the "Spanner" section from the "Persistence" section of the navigation menu.
  7. jans-pycloudlib/jans/pycloudlib/wait.py: Removal of the wait_for_spanner_conn and wait_for_spanner functions.
  8. jans-pycloudlib/jans/pycloudlib/persistence/sql.py: Improvements to the handling of JSON data types in SQL databases.
  9. jans-pycloudlib/setup.py: Removal of the google-cloud-spanner dependency and addition of a comment to "handle CVE-2022-36087".
  10. jans-pycloudlib/tests/test_validators.py: Removal of the "spanner" persistence type from the test cases.
  11. jans-pycloudlib/tests/test_persistence.py: Updates to the hybrid storage configuration tests.
  12. jans-pycloudlib/tests/conftest.py: Removal of the spanner_client fixture and updates to other fixtures.
  13. jans-pycloudlib/tests/test_wait.py: Removal of the Spanner-related test cases.

Code Analysis

We ran 9 analyzers against 16 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added area-documentation Documentation needs to change as part of issue or PR comp-docs Touching folder /docs comp-jans-pycloudlib kind-dependencies Pull requests that update a dependency file labels Nov 5, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@moabu moabu merged commit 33f7818 into main Nov 6, 2024
19 of 23 checks passed
@moabu moabu deleted the cn-pycloudlib-rm-spanner branch November 6, 2024 03:20
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@iromli @moabu
chore(jans-pycloudlib)!: remove spanner support from pycloudlib (#10049)
5185f23 
Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Former-commit-id: 33f7818
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

Assignees

@iromli iromli

Labels
area-documentation Documentation needs to change as part of issue or PR comp-docs Touching folder /docs comp-jans-pycloudlib kind-dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

chore(jans-pycloudlib)!: remove spanner support from pycloudlib
3 participants
@iromli @moabu @mo-auto