{ContainerApp} Replace sharedKey in containerapp test recording#32232
{ContainerApp} Replace sharedKey in containerapp test recording#32232
Conversation
evelyn-ys
requested review from
howang-ms,
yanzhudd and
zhoxing-ms
as code owners
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
There was a problem hiding this comment.
Pull Request Overview
This PR replaces sensitive shared key data in a container app test recording file to address security scanning requirements for the release process.
- Replaces actual shared key values with placeholder values in test recordings
- Ensures credential scanning tasks pass during the release pipeline
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
JennyLawrance,
chinadragon0515,
ebencarek,
jijohn14,
jsntcy,
pagariyaalok,
ruslany,
sanchitmehta,
torosent,
vinisoto,
vturecek,
wangzelin007 and
yonzhan
| null, "vnetConfiguration": null, "appLogsConfiguration": {"destination": "log-analytics", | ||
| "logAnalyticsConfiguration": {"customerId": "cb2f0f8a-0cac-482b-970c-19cf5dc99f73", | ||
| "sharedKey": "nekELXdh55G+3GKnrGk1vtGFXAbRZq98MnekltFLSfU8+Q0MDxZ/mVfPJjEXTryvn+zyBJMB4fbqN4qcxWqbew=="}}, | ||
| "sharedKey": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}}, |
There was a problem hiding this comment.
Hmm, will this work? Not sure about the detection rule, but it's the same length as the real key.
Maybe try a shorter one?
There was a problem hiding this comment.
It has to be the same length because we declared the content-length in request header. The regex for sharedKey detection should be complicated so aaa.... should be fine
There was a problem hiding this comment.
Credential scanner seems to have passed so I think it's fine: https://github.com/Azure/azure-cli/pull/32232/checks?check_run_id=52313108821
There was a problem hiding this comment.
It has to be the same length because we declared the content-length in request header. The regex for sharedKey detection should be complicated so
aaa....should be fine
They're only recordings, no server checks the length mismatch. Could you please push this branch to main repo to verify whether this fixes the credential scanner?
Credential scanner seems to have passed so I think it's fine: https://github.com/Azure/azure-cli/pull/32232/checks?check_run_id=52313108821
This task is skipped in PR: Guardian is not supported for builds from forked GitHub repositories. Current Guardian Task will be skipped
7 participants
Related command
Description
To unblock release, this PR manually replaces the sharedKey in containerapp test recording file so that we can pass Credential Scan task
Testing Guide
History Notes
[Component Name 1] BREAKING CHANGE:
az command a: Make some customer-facing breaking change[Component Name 2]
az command b: Add some customer-facing featureThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.