security(v3): implement IDAA-baseline maximum lockdown
This commit is contained in:
Scott Idem
@@ -26,66 +26,65 @@ cms_obj_li = {
|
|||||||
'created_on', 'updated_on'
|
'created_on', 'updated_on'
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
'post': {
|
'post': {
|
||||||
'tbl': 'post',
|
'tbl': 'post',
|
||||||
'tbl_default': 'v_post',
|
'tbl_default': 'v_post',
|
||||||
'tbl_alt': 'v_post_detail',
|
'tbl_alt': 'v_post_detail',
|
||||||
'tbl_update': 'post',
|
'tbl_update': 'post',
|
||||||
'mdl': Post_Base,
|
'mdl': Post_Base,
|
||||||
'mdl_default': Post_Base,
|
'mdl_default': Post_Base,
|
||||||
'mdl_in': Post_Base,
|
'mdl_in': Post_Base,
|
||||||
'mdl_out': Post_Base,
|
'mdl_out': Post_Base,
|
||||||
# Legacy V2 keys:
|
# Legacy V2 keys:
|
||||||
'table_name': 'v_post',
|
'table_name': 'v_post',
|
||||||
'table_name_alt': 'v_post_detail',
|
'table_name_alt': 'v_post_detail',
|
||||||
'tbl_name_update': 'post',
|
'tbl_name_update': 'post',
|
||||||
'base_name': Post_Base,
|
'base_name': Post_Base,
|
||||||
'public_read': True,
|
'exp_default': [
|
||||||
'exp_default': [
|
'post_id_random',
|
||||||
'post_id_random',
|
'account_id_random',
|
||||||
'account_id_random',
|
'title', 'content',
|
||||||
'title', 'content',
|
'enable', 'hide', 'priority', 'sort', 'group', 'notes', 'created_on', 'updated_on',
|
||||||
'enable', 'hide', 'priority', 'sort', 'group', 'notes', 'created_on', 'updated_on',
|
],
|
||||||
|
# V3 Search Security:
|
||||||
|
'searchable_fields': [
|
||||||
|
'id', 'account_id', 'person_id', 'user_id', 'external_person_id',
|
||||||
|
'post_id_random', 'account_id_random', 'organization_id_random',
|
||||||
|
'person_id_random', 'user_id_random', 'external_person_id', 'title', 'content',
|
||||||
|
'type_code', 'topic_code', 'category_code', 'tags', 'location',
|
||||||
|
'enable', 'hide', 'priority', 'sort', 'group', 'notes',
|
||||||
|
'archive_on', 'created_on', 'updated_on'
|
||||||
],
|
],
|
||||||
# V3 Search Security:
|
},
|
||||||
'searchable_fields': [
|
'post_comment': {
|
||||||
'id', 'account_id', 'person_id', 'user_id', 'external_person_id',
|
'tbl': 'post_comment',
|
||||||
'post_id_random', 'account_id_random', 'organization_id_random',
|
'tbl_default': 'v_post_comment',
|
||||||
'person_id_random', 'user_id_random', 'external_person_id', 'title', 'content',
|
'tbl_alt': 'v_post_comment_detail',
|
||||||
'type_code', 'topic_code', 'category_code', 'tags', 'location',
|
'tbl_update': 'post_comment',
|
||||||
'enable', 'hide', 'priority', 'sort', 'group', 'notes',
|
'mdl': Post_Comment_Base,
|
||||||
'archive_on', 'created_on', 'updated_on'
|
'mdl_default': Post_Comment_Base,
|
||||||
],
|
'mdl_in': Post_Comment_Base,
|
||||||
},
|
'mdl_out': Post_Comment_Base,
|
||||||
'post_comment': {
|
# Legacy V2 keys:
|
||||||
'tbl': 'post_comment',
|
'table_name': 'v_post_comment',
|
||||||
'tbl_default': 'v_post_comment',
|
'table_name_alt': 'v_post_comment_detail',
|
||||||
'tbl_alt': 'v_post_comment_detail',
|
'tbl_name_update': 'post_comment',
|
||||||
'tbl_update': 'post_comment',
|
'base_name': Post_Comment_Base,
|
||||||
'mdl': Post_Comment_Base,
|
'exp_default': [
|
||||||
'mdl_default': Post_Comment_Base,
|
'post_comment_id_random',
|
||||||
'mdl_in': Post_Comment_Base,
|
'account_id_random', 'post_id_random',
|
||||||
'mdl_out': Post_Comment_Base,
|
'content',
|
||||||
# Legacy V2 keys:
|
'enable', 'hide', 'priority', 'sort', 'group', 'notes', 'created_on', 'updated_on',
|
||||||
'table_name': 'v_post_comment',
|
],
|
||||||
'table_name_alt': 'v_post_comment_detail',
|
# V3 Search Security:
|
||||||
'tbl_name_update': 'post_comment',
|
'searchable_fields': [
|
||||||
'base_name': Post_Comment_Base,
|
'id', 'post_id', 'account_id', 'person_id', 'user_id', 'external_person_id',
|
||||||
'public_read': True,
|
'post_comment_id_random', 'account_id_random', 'post_id_random',
|
||||||
'exp_default': [
|
'person_id_random', 'user_id_random', 'content', 'enable', 'hide',
|
||||||
'post_comment_id_random',
|
'priority', 'sort', 'group', 'notes', 'created_on', 'updated_on'
|
||||||
'account_id_random', 'post_id_random',
|
|
||||||
'content',
|
|
||||||
'enable', 'hide', 'priority', 'sort', 'group', 'notes', 'created_on', 'updated_on',
|
|
||||||
],
|
],
|
||||||
# V3 Search Security:
|
},
|
||||||
'searchable_fields': [
|
|
||||||
'id', 'post_id', 'account_id', 'person_id', 'user_id', 'external_person_id',
|
|
||||||
'post_comment_id_random', 'account_id_random', 'post_id_random',
|
|
||||||
'person_id_random', 'user_id_random', 'content', 'enable', 'hide',
|
|
||||||
'priority', 'sort', 'group', 'notes', 'created_on', 'updated_on'
|
|
||||||
],
|
|
||||||
},
|
|
||||||
'site': {
|
'site': {
|
||||||
'tbl': 'site',
|
'tbl': 'site',
|
||||||
'tbl_default': 'site',
|
'tbl_default': 'site',
|
||||||
|
|||||||
@@ -20,7 +20,6 @@ events_general_obj_li = {
|
|||||||
'tbl_name_update': 'event',
|
'tbl_name_update': 'event',
|
||||||
'base_name': Event_Base,
|
'base_name': Event_Base,
|
||||||
'base_name_alt': Event_Meeting_Flat_Base,
|
'base_name_alt': Event_Meeting_Flat_Base,
|
||||||
'public_read': True,
|
|
||||||
'exp_default': [
|
'exp_default': [
|
||||||
'event_id_random',
|
'event_id_random',
|
||||||
'conference', 'type',
|
'conference', 'type',
|
||||||
@@ -66,7 +65,6 @@ events_general_obj_li = {
|
|||||||
'table_name_alt': 'v_event_file',
|
'table_name_alt': 'v_event_file',
|
||||||
'tbl_name_update': 'event_file',
|
'tbl_name_update': 'event_file',
|
||||||
'base_name': Event_File_Base,
|
'base_name': Event_File_Base,
|
||||||
'public_read': True,
|
|
||||||
# V3 Search Security:
|
# V3 Search Security:
|
||||||
'searchable_fields': [
|
'searchable_fields': [
|
||||||
'event_id', 'event_file_id', 'hosted_file_id',
|
'event_id', 'event_file_id', 'hosted_file_id',
|
||||||
|
|||||||
@@ -61,7 +61,6 @@ events_presentation_obj_li = {
|
|||||||
'table_name_alt': 'v_event_presentation_w_file_count',
|
'table_name_alt': 'v_event_presentation_w_file_count',
|
||||||
'tbl_name_update': 'event_presentation',
|
'tbl_name_update': 'event_presentation',
|
||||||
'base_name': Event_Presentation_Base,
|
'base_name': Event_Presentation_Base,
|
||||||
'public_read': True,
|
|
||||||
# V3 Search Security:
|
# V3 Search Security:
|
||||||
'searchable_fields': [
|
'searchable_fields': [
|
||||||
'event_presentation_id_random', 'event_id_random',
|
'event_presentation_id_random', 'event_id_random',
|
||||||
@@ -86,7 +85,6 @@ events_presentation_obj_li = {
|
|||||||
'table_name_alt': 'v_event_presenter_w_file_count',
|
'table_name_alt': 'v_event_presenter_w_file_count',
|
||||||
'tbl_name_update': 'event_presenter',
|
'tbl_name_update': 'event_presenter',
|
||||||
'base_name': Event_Presenter_Base,
|
'base_name': Event_Presenter_Base,
|
||||||
'public_read': True,
|
|
||||||
'exp_default': [
|
'exp_default': [
|
||||||
'event_presenter_id_random',
|
'event_presenter_id_random',
|
||||||
'title_names', 'given_name', 'middle_name', 'family_name', 'designations',
|
'title_names', 'given_name', 'middle_name', 'family_name', 'designations',
|
||||||
@@ -123,7 +121,6 @@ events_presentation_obj_li = {
|
|||||||
'table_name': 'v_event_session',
|
'table_name': 'v_event_session',
|
||||||
'tbl_name_update': 'event_session',
|
'tbl_name_update': 'event_session',
|
||||||
'base_name': Event_Session_Base,
|
'base_name': Event_Session_Base,
|
||||||
'public_read': True,
|
|
||||||
# V3 Search Security:
|
# V3 Search Security:
|
||||||
'searchable_fields': [
|
'searchable_fields': [
|
||||||
'event_session_id_random', 'event_id_random',
|
'event_session_id_random', 'event_id_random',
|
||||||
|
|||||||
@@ -104,7 +104,6 @@ other_obj_li = {
|
|||||||
'table_name': 'v_archive_content',
|
'table_name': 'v_archive_content',
|
||||||
'tbl_name_update': 'archive_content',
|
'tbl_name_update': 'archive_content',
|
||||||
'base_name': Archive_Content_Base,
|
'base_name': Archive_Content_Base,
|
||||||
'public_read': True,
|
|
||||||
# V3 Search Security:
|
# V3 Search Security:
|
||||||
'searchable_fields': [
|
'searchable_fields': [
|
||||||
'id', 'account_id', 'archive_id', 'hosted_file_id',
|
'id', 'account_id', 'archive_id', 'hosted_file_id',
|
||||||
@@ -126,7 +125,6 @@ other_obj_li = {
|
|||||||
'table_name': 'v_hosted_file',
|
'table_name': 'v_hosted_file',
|
||||||
'tbl_name_update': 'hosted_file',
|
'tbl_name_update': 'hosted_file',
|
||||||
'base_name': Hosted_File_Base,
|
'base_name': Hosted_File_Base,
|
||||||
'public_read': True,
|
|
||||||
'exp_default': [
|
'exp_default': [
|
||||||
'hosted_file_id_random',
|
'hosted_file_id_random',
|
||||||
'hash_sha256',
|
'hash_sha256',
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ These consolidated scripts are the primary verification tool for the V3 API.
|
|||||||
| Script | Description |
|
| Script | Description |
|
||||||
| :--- | :--- |
|
| :--- | :--- |
|
||||||
| `test_e2e_v3_search_engine.py` | **Primary Search**: Basic operators, Registry fields, Nested search, and Filter bypass. |
|
| `test_e2e_v3_search_engine.py` | **Primary Search**: Basic operators, Registry fields, Nested search, and Filter bypass. |
|
||||||
|
| `test_e2e_v3_security_audit.py` | **Core Security**: Verifies multi-tenant isolation, cross-account write blocking, and ID Vision compliance. |
|
||||||
| `test_e2e_v3_auth_security.py` | **Primary Auth**: Site bootstrap, Passcode-to-JWT, and permission boundaries. |
|
| `test_e2e_v3_auth_security.py` | **Primary Auth**: Site bootstrap, Passcode-to-JWT, and permission boundaries. |
|
||||||
| `test_e2e_v3_actions_file_lifecycle.py` | **Primary Actions**: Upload, Download (ID/Hash/Streaming), and physical Deletion. |
|
| `test_e2e_v3_actions_file_lifecycle.py` | **Primary Actions**: Upload, Download (ID/Hash/Streaming), and physical Deletion. |
|
||||||
| `test_e2e_v3_data_store_lookup.py` | **V3 Parity**: Verifies code-based lookups and latency simulation. |
|
| `test_e2e_v3_data_store_lookup.py` | **V3 Parity**: Verifies code-based lookups and latency simulation. |
|
||||||
|
|||||||
Reference in New Issue
Block a user