Skip to content

CORE-443 deny email patterns from access to auth domains driven by telemetry #1607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 3, 2025
Merged

CORE-443 deny email patterns from access to auth domains driven by telemetry #1607

merged 3 commits into from
Apr 3, 2025

Conversation

dvoet
Copy link
Contributor

@dvoet dvoet commented Apr 3, 2025

https://broadworkbench.atlassian.net/browse/CORE-443

Have you read CONTRIBUTING.md lately? If not, do that first.

I, the developer opening this PR, do solemnly pinky swear that:

  • I've followed the instructions if I've made any changes to the API, especially if they're breaking changes
  • I've updated the FISMA documentation if I've made any security-related changes, including auth, encryption, or auditing

In all cases:

  • Get two thumbsworth of review and PO signoff if necessary
  • Verify all tests go green
  • Squash and merge. Make sure your branch deletes; GitHub should do this for you.
  • Test this change deployed correctly and works on dev environment after deployment

@dvoet dvoet requested a review from a team as a code owner April 3, 2025 19:11
@dvoet dvoet requested review from a team, davidangb and kevinmarete and removed request for a team April 3, 2025 19:11
davidangb
davidangb approved these changes Apr 3, 2025
View reviewed changes
src/main/scala/org/broadinstitute/dsde/firecloud/service/NihService.scala

private def allowedNihMembers(members: Set[WorkbenchEmail]): Set[WorkbenchEmail] =
members.filterNot(email => FireCloudConfig.Nih.denyEmailPatterns.exists(_.matches(email.value)))

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

recommendation, feel free to do in a follow-on PR: log when a user is denied because of this block list so we can follow up with some record of the blocklist behaving

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea

@dvoet dvoet merged commit 9d60517 into develop Apr 3, 2025
13 checks passed
@dvoet dvoet deleted the auth_domain_deny_list branch April 3, 2025 19:49
@davidangb davidangb mentioned this pull request Apr 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidangb davidangb davidangb approved these changes

@kevinmarete kevinmarete kevinmarete approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dvoet @davidangb @kevinmarete