Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add /cache-clear authenticated endpoint #2278

Merged
merged 15 commits into from
Sep 5, 2024
Merged

Add /cache-clear authenticated endpoint #2278

merged 15 commits into from
Sep 5, 2024

Conversation

andrewleith
Copy link
Member

Summary | Résumé

This PR adds a new endpoint, /cache-clear that can only be called using the cache-clear secret. This endpoint will be called upon deployment to ensure our redis cache gets flushed each time.

Related Issues | Cartes liées

Test instructions | Instructions pour tester la modification

  • /cache-clear can be called when authenticated using a JWT using the specific secret
  • /cache-clear CANNOT BE called unauthenticated
  • /cache-clear CANNOT BE called when authenticated with the admin secret
  • /cache-clear CANNOT BE called when authenticated with the SRE secret

Release Instructions | Instructions pour le déploiement

None.

Reviewer checklist | Liste de vérification du réviseur

  • This PR does not break existing functionality.
  • This PR does not violate GCNotify's privacy policies.
  • This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
  • This PR does not significantly alter performance.
  • Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 29, 2024
View reviewed changes
app/cache/rest.py Fixed Show fixed Hide fixed
app/cache/rest.py Fixed Show fixed Hide fixed
@andrewleith andrewleith mentioned this pull request Aug 30, 2024
Closed
2 tasks
whabanks
whabanks approved these changes Sep 5, 2024
View reviewed changes
Copy link
Contributor

@whabanks whabanks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
✅ Able to hit the endpoint with the new CACHE_CLEAR_CLIENT_SECRET
✅ JWT tokens using the Admin and SRE secrets do not allow access
✅ Cache keys clear as expected

@jzbahrai jzbahrai merged commit aacc2f7 into main Sep 5, 2024
4 checks passed
@jzbahrai jzbahrai deleted the feat/add-cache-clear-endpoint branch September 5, 2024 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzbahrai jzbahrai jzbahrai left review comments

@whabanks whabanks whabanks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewleith @whabanks @jzbahrai