Nike-Inc / cerberus-management-service

64%

master: 55%

LAST BUILD ON BRANCH v0.24.0-RC3

branch: v0.24.0-RC3

CHANGE BRANCH

x

Reset

• v0.24.0-RC3
• 0.27.0-RC2
• add-hystrix
• add-restore-sdb-to-api-markdown
• add_file_kpis
• add_logging_for_client_header
• add_millis_to_timestamps_in_db
• add_okta_call_and_sms_factors
• add_unsupported_mfa_factors
• audit
• bugfix/aquire_and_release_lock_in_single_thread
• bugfix/assumed_roles_cannot_authenticate
• bugfix/avoid_kms_policy_validation_api_limit
• bugfix/clear_bad_version_data
• bugfix/cms_cannot_delete_kms_keys
• bugfix/disallow_iam_principals_from_ending_in_whitespace_fix_existing_data
• bugfix/disallow_white_space_in_arns_when_restoring_pre_highlander_data
• bugfix/dont-swallow-okta-error-messages
• bugfix/file_download_format
• bugfix/file_support
• bugfix/fix-misnamed-property-in-job
• bugfix/fix_incorrect_error_codes
• bugfix/fix_null_hostname
• bugfix/handle_large_policy_and_metadata_collections
• bugfix/head_call
• bugfix/iam_roles_should_be_case_sensitive
• bugfix/include_sdb_id_everywhere
• bugfix/increase_kms_encrypt_timeout
• bugfix/make_sure_vault_policies_exist_after_restore
• bugfix/non_role_iam_principals_cant_authenticate_with_v2
• bugfix/okta_connector_mfa_required
• bugfix/only_owners_should_be_able_to_delete_an_sdb
• bugfix/paginate_over_user_groups
• bugfix/prevent_duplucate_sdbs_with_same_slug
• bugfix/prioritize_kms_in_current_region_first
• bugfix/remove_extra_slashes
• bugfix/restore-sdb-endpoint
• bugfix/revert_cache_flag_namespace
• bugfix/session-timeout-not-in-focus
• bugfix/user_groups_should_be_case_sensitive
• bugfix/write_should_accept_put
• bugfix/wrong_data_being_versioned
• canary/cache_changes
• coverall
• db-failover
• documentation-cleanup
• dummy-perf-testing
• feat/independent-scrolling
• feat/sidebar-search
• feature/account-wide-permissions
• feature/add_admin_endpoint_for_getting_kms_metadata
• feature/add_api_exception_metrics
• feature/add_principal_event_logging
• feature/add_server_group_and_region
• feature/add_v2_arn_api
• feature/add_v2_arn_sdb_api
• feature/allow_refresh_for_all_principal_types
• feature/allow_setting_region_specific_jdbc_urls
• feature/audit
• feature/audit_logging
• feature/auto_add_partitions
• feature/better_policy_checking
• feature/clean_up_inactive_kms_keys
• feature/data-key-caching
• feature/data-key-rotation
• feature/do_not_call_ec2_metadata_endpoint_for_every_decrypt
• feature/event_logging
• feature/file_support
• feature/flag_user_group_case_sensitivity
• feature/full_crud_for_iam_principals
• feature/highlander_kv_count_kpi
• feature/honor_passed_region_for_sts_auth
• feature/jwt-auth
• feature/jwt-auth-blacklist
• feature/kms-auth-caching
• feature/kms_key_creation_integration_tests
• feature/long_descriptions
• feature/metadata_sdb_name_filter
• feature/metrics-for-datakey-caching
• feature/mfa_btn_text_change_on_click
• feature/more_logging_when_failure_to_create_kms_key
• feature/orphan_kms_key_cleanup_job
• feature/override_any_prop
• feature/parameterize_which_cert_to_use_flatten_folder_structure
• feature/referee_a_b_testing
• feature/riposte_upgrade_and_iam_auth_cache
• feature/secure_data_caching
• feature/secure_data_version_history
• feature/secure_data_version_ux
• feature/send_metrics_to_signalfx
• feature/serve_dashboard_from_cms
• feature/sort_sdbs_alpha_numerically
• feature/split_manage_sdb_page_into_sub_components_with_tabs
• feature/support_iam_role_recreation
• feature/update_props_load
• feature/ux_ui_refreshments
• feature/v3-auth
• fix-api-md
• fix-dashboard-in-safari
• fix-iam-role-growth
• fix-travis
• fix-typo-dashboard-placeholder
• fix/athena-time-format
• fix/conf-key-name
• fix/file-structure
• fix/full-length-dashboard
• fix/header-too-long
• fix/iam_auth_docs
• fix/sts-lost-sdb-access
• fix_dash_width_and_file_list
• fix_okta_verify_mapping
• highlander
• highlander-sdford
• highlander-sdford-test
• highlander_unit_tests
• hystric-sfx-refactor
• hystrix-fix
• iam-auth-cache
• increase_kms_create_key_timeout
• jwt
• jwt-readme
• list-trailing-slash
• master
• migrate_db_to_store_arn
• misc_cleanup
• only_allow_users_to_refresh_token_with_limit
• override-owner
• override-owner-pre-merge
• perf_exp
• performance_rc_mergable
• performance_test_rc
• port_dashboard_code_into_cms
• pre-highlander-master
• refactor/make_riposte_endpoints_annoation_based
• remove_legacy_policy_generation_logic
• riposte-0.11.2.test
• sts-audit
• test-timeout
• timer_logging
• tls-changes
• update-db-dependencies
• update_gradle_and_add_security_deps_checker
• update_v2_api_iam_language
• upgrade_to_latest_riposte
• upgrade_to_signalfx_enabled_riposte
• v0.15.0
• v0.15.0-RC
• v0.15.1
• v0.16.0
• v0.17.0
• v0.18.0
• v0.18.1
• v0.18.2
• v0.18.3
• v0.18.4-RC
• v0.18.4-RC2
• v0.19.0
• v0.20.0
• v0.20.1
• v0.20.3
• v0.21.0
• v0.22.0
• v0.22.0-RC
• v0.23.0
• v0.23.0-RC
• v0.24.0
• v0.24.0-RC
• v0.24.0-RC2
• v0.24.0-RC4
• v0.25.0
• v0.26.0
• v0.26.0-RC1
• v0.27.0
• v0.27.0-RC1
• v0.27.0-RC3
• v0.27.0-RC4
• v0.27.0-RC5
• v0.27.0-RC6
• v0.27.0-RC7
• v0.28.0
• v0.28.0-RC1
• v0.28.0-perf2
• v0.29.0
• v0.29.0-RC1
• v0.29.0-RC2
• v0.29.0-hystrixRC2
• v0.29.0-hystrixRC3
• v0.29.0-hystrixRC4
• v0.29.0-metrics-RC1
• v0.29.0-metrics-RC2
• v0.29.0-metrics-RC3
• v0.29.0-metrics-RC4
• v0.30.0
• v0.30.0-hystrixRC5
• v2.0.0
• v2.0.0-dashboard-RC1
• v2.0.0-dashboard-RC2
• v2.0.0-dashboard-RC3
• v2.0.0-dashboard-RC4
• v2.0.0-dashboard-RC5
• v2.0.1
• v2.0.1-RC1
• v2.0.2
• v2.0.3
• v2.1.0
• v2.1.0-RC1
• v2.1.0-riposte-alpha
• v2.1.1
• v2.1.2
• v2.1.3
• v2.1.4
• v2.2.0
• v2.3.0
• v3.0.0
• v3.0.1
• v3.0.2
• v3.0.3
• v3.0.4
• v3.1.0
• v3.10.0
• v3.10.1
• v3.11.0
• v3.11.1
• v3.11.2
• v3.13.0
• v3.14.0
• v3.14.1
• v3.15.0
• v3.15.1
• v3.15.2
• v3.15.3
• v3.15.4
• v3.15.5
• v3.15.6
• v3.15.7
• v3.16.0
• v3.16.1
• v3.16.2
• v3.17.0
• v3.18.0
• v3.18.1
• v3.18.2
• v3.19.0
• v3.2.0
• v3.2.1
• v3.20.0
• v3.21.0
• v3.22.0
• v3.22.1
• v3.23.0
• v3.24.0
• v3.25.0
• v3.25.1
• v3.25.2
• v3.25.3
• v3.25.3-RC
• v3.25.4
• v3.25.5
• v3.25.5-RC1
• v3.25.6
• v3.25.7
• v3.25.8
• v3.26.0
• v3.27.0
• v3.27.1
• v3.28.0
• v3.29.0
• v3.3.0
• v3.30.0
• v3.31.0
• v3.31.1
• v3.31.2
• v3.32.3
• v3.33.0
• v3.34.0
• v3.35.0
• v3.4.0
• v3.5.0
• v3.6.0
• v3.6.1
• v3.7.0
• v3.7.1
• v3.7.2
• v3.8.0
• v3.9.0
• versioning
• versioning-dev
• widen_secret_key_field
• x-forward-for-logging
• x-refresh-token

Build # 417

Build Type

push

travis-ci

Committed by sdford

Commit Message

Fix issue where key policy is not valid at update

Fix the issue where cleanup fails to give permission for CMS to delete the inactive KMS key.

This is important because sometimes the consumer IAM principal gets deleted in AWS, but the KMS
key policy stays around, in which case, Amazon replaces the princnipal ARN with the princnipal 'ID'
behind the scenes.

If that key policy containing a principal 'ID' is ever updated then the update will fail because
a princnipal 'ID' is not considered to be a valid AWS principal.

Run Details

2180 of 3412 relevant lines covered (63.89%)

0.64 hits per line