Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support CWL Secrets requirement #511

Closed
4 tasks
fmigneault opened this issue Dec 2, 2022 · 0 comments · Fixed by #639
Closed
4 tasks

Support CWL Secrets requirement #511

fmigneault opened this issue Dec 2, 2022 · 0 comments · Fixed by #639
Assignees
@fmigneault
Labels
feature/CWL Issue related to CWL support process/workflow Related to a Workflow process. project/OGC-OSPD Related to OGC Open Science Persistent Demonstrator. triage/enhancement New feature or request triage/feature New requested feature. triage/security Issue related to authorization or general security vulnerability

Comments

@fmigneault
Copy link
Collaborator

fmigneault commented Dec 2, 2022
edited

Description

This requirement can be used to obfuscate the tool inputs such as credentials from the logs.

Although cwltool should be doing its job when the execution is handed off to it, the actual inputs submitted to the Weaver Job might still leak some information in logs. Also, those inputs should be omitted from places where they are normally readable.

  • ensure inputs are not reported in logs when they are specified with Secrets requirement
  • ensure inputs are not listed in plain text on /jobs/{JobID}/inputs endpoints
    (use obfuscated representation instead, see inspiration from https://github.com/common-workflow-language/cwltool/blob/main/cwltool/secrets.py#L8)
  • add the definition to the CWL JSON schema (in swagger_definitions).
  • add the typing name to allowed/known requirements

References
@fmigneault fmigneault added triage/enhancement New feature or request triage/feature New requested feature. feature/CWL Issue related to CWL support triage/security Issue related to authorization or general security vulnerability labels Dec 2, 2022
@fmigneault fmigneault self-assigned this Dec 2, 2022
@fmigneault fmigneault added the project/OGC-OSPD Related to OGC Open Science Persistent Demonstrator. label May 6, 2024
@github-actions github-actions bot added the process/workflow Related to a Workflow process. label May 6, 2024
This was referenced May 7, 2024
Open
Open
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmigneault fmigneault

Labels
feature/CWL Issue related to CWL support process/workflow Related to a Workflow process. project/OGC-OSPD Related to OGC Open Science Persistent Demonstrator. triage/enhancement New feature or request triage/feature New requested feature. triage/security Issue related to authorization or general security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

support CWL cwltool:Secrets crim-ca/weaver
1 participant
@fmigneault