From 400095f070cbfcec0489fcfe47bd74ff109af52c Mon Sep 17 00:00:00 2001 From: Neil Grogan Date: Tue, 21 Oct 2025 16:29:42 +0100 Subject: [PATCH 1/4] Added SECURITY.md - how to report vulns. (#50) Added SECURITY.md following examples of other Ericsson repositories on Github. Co-authored-by: Neil Grogan --- SECURITY.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..ed28bfb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security Policy + +## Supported Versions + +Only the latest release version of _python-sample-app_ is supported by security +updates. + +| Version | Supported | +| ---------------- | ------------------ | +| Latest Release | :white_check_mark: | +| Earlier Releases | :x: | + +## Reporting a Vulnerability + +If you find a vulnerability in _python-sample-app_, please report it as a security +vulnerability on GitHub: + From 042d0132cb36bdbcdfc6e99f402c16949c91e276 Mon Sep 17 00:00:00 2001 From: ekievin Date: Fri, 31 Oct 2025 16:46:13 +0000 Subject: [PATCH 2/4] Removed eric-eo-api-gateway from network-policy.yaml --- .../templates/network-policy/network-policy.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/eric-oss-hello-world-python-app/templates/network-policy/network-policy.yaml b/charts/eric-oss-hello-world-python-app/templates/network-policy/network-policy.yaml index 6dc9da5..913974b 100644 --- a/charts/eric-oss-hello-world-python-app/templates/network-policy/network-policy.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/network-policy/network-policy.yaml @@ -15,9 +15,6 @@ spec: app: eric-oss-hello-world-python-app ingress: - from: - - podSelector: - matchLabels: - app: eric-eo-api-gateway - podSelector: matchLabels: app: eric-sef-exposure-api-gateway From 5db823f0068d6c83e856864ba01fdcd1a64cd43c Mon Sep 17 00:00:00 2001 From: Vincent Kiely Date: Wed, 12 Nov 2025 15:00:32 +0000 Subject: [PATCH 3/4] Renamed IAM_BASE_URL to EIC_HOST_URL (#59) Renaming all instances of Iam Base Url to Eic Host Url. --- .../templates/deployment/deployment.yaml | 4 ++-- eric-oss-hello-world-python-app/config.py | 4 ++-- eric-oss-hello-world-python-app/login.py | 2 +- eric-oss-hello-world-python-app/tests/conftest.py | 4 ++-- eric-oss-hello-world-python-app/tests/test_login.py | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index e4523a8..a50b737 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -115,8 +115,8 @@ spec: value: {{ index .Values "clientId" | quote }} - name: IAM_CLIENT_SECRET value: {{ index .Values "clientSecret" | quote }} - - name: IAM_BASE_URL - value: {{ index .Values "iamBaseUrl" | quote }} + - name: EIC_HOST_URL + value: {{ index .Values "eicHostUrl" | quote }} - name: LOG_ENDPOINT value: {{ index .Values "logEndpoint" | quote }} - name: CA_CERT_FILE_PATH diff --git a/eric-oss-hello-world-python-app/config.py b/eric-oss-hello-world-python-app/config.py index 28266c4..5122923 100644 --- a/eric-oss-hello-world-python-app/config.py +++ b/eric-oss-hello-world-python-app/config.py @@ -7,7 +7,7 @@ def get_config(): """get env and return config with all env vals required""" iam_client_id = get_os_env_string("IAM_CLIENT_ID", "") iam_client_secret = get_os_env_string("IAM_CLIENT_SECRET", "") - iam_base_url = get_os_env_string("IAM_BASE_URL", "") + eic_host_url = get_os_env_string("EIC_HOST_URL", "") ca_cert_file_name = get_os_env_string("CA_CERT_FILE_NAME", "") ca_cert_file_path = get_os_env_string("CA_CERT_FILE_PATH", "") log_ctrl_file = get_os_env_string("LOG_CTRL_FILE", "") @@ -21,7 +21,7 @@ def get_config(): config = { "iam_client_id": iam_client_id, "iam_client_secret": iam_client_secret, - "iam_base_url": iam_base_url, + "eic_host_url": eic_host_url, "ca_cert_file_name": ca_cert_file_name, "ca_cert_file_path": ca_cert_file_path, "log_ctrl_file": log_ctrl_file, diff --git a/eric-oss-hello-world-python-app/login.py b/eric-oss-hello-world-python-app/login.py index 9e100a7..4cbfe07 100644 --- a/eric-oss-hello-world-python-app/login.py +++ b/eric-oss-hello-world-python-app/login.py @@ -22,7 +22,7 @@ def login(): """ config = get_config() login_path = "/auth/realms/master/protocol/openid-connect/token" - login_url = urljoin(config.get("iam_base_url"), login_path) + login_url = urljoin(config.get("eic_host_url"), login_path) headers = {"Content-Type": "application/x-www-form-urlencoded"} resp = tls_login(login_url, headers) resp = json.loads(resp.decode("utf-8")) diff --git a/eric-oss-hello-world-python-app/tests/conftest.py b/eric-oss-hello-world-python-app/tests/conftest.py index 28eb8fb..372472a 100644 --- a/eric-oss-hello-world-python-app/tests/conftest.py +++ b/eric-oss-hello-world-python-app/tests/conftest.py @@ -48,7 +48,7 @@ def match_request_data(request): @pytest.fixture(name="mock_login_api") def fixture_mock_login_api(config): login_endpoint = urljoin( - config.get("iam_base_url"), "/auth/realms/master/protocol/openid-connect/token" + config.get("eic_host_url"), "/auth/realms/master/protocol/openid-connect/token" ) with requests_mock.Mocker() as request_mocker: request_mocker.post( @@ -111,7 +111,7 @@ def no_log_certs(): def populate_environment_variables(): os.environ["IAM_CLIENT_ID"] = "IAM_CLIENT_ID" os.environ["IAM_CLIENT_SECRET"] = "IAM_CLIENT_SECRET" - os.environ["IAM_BASE_URL"] = "https://www.iam-base-url.com" + os.environ["EIC_HOST_URL"] = "https://www.eic-host-url.com" os.environ["CA_CERT_FILE_NAME"] = "CA_CERT_FILE_NAME" os.environ["CA_CERT_FILE_PATH"] = "CA_CERT_MOUNT_PATH" os.environ["LOG_ENDPOINT"] = "LOG_ENDPOINT" diff --git a/eric-oss-hello-world-python-app/tests/test_login.py b/eric-oss-hello-world-python-app/tests/test_login.py index be0a91d..7f23bee 100644 --- a/eric-oss-hello-world-python-app/tests/test_login.py +++ b/eric-oss-hello-world-python-app/tests/test_login.py @@ -15,7 +15,7 @@ def test_login_receives_token_x509(mock_login_api, config): def test_login_bad_credentials(requests_mock, config): """Ensure we get an error if credentials are bad""" login_url = urljoin( - config.get("iam_base_url"), "/auth/realms/master/protocol/openid-connect/token" + config.get("eic_host_url"), "/auth/realms/master/protocol/openid-connect/token" ) requests_mock.post( login_url, status_code=400, json={"error": "invalid_request"} From fb1ca2b7c395ee0e2ec2c69b0d1b76f9811780fb Mon Sep 17 00:00:00 2001 From: surendarraju Date: Thu, 20 Nov 2025 13:27:01 +0000 Subject: [PATCH 4/4] Removed unused environmental variables (#61) * Removed unused environmental variables * Modified testcases and the config file * Reverted test files * Removed unused testcase Signed-off-by: erjxsrn * Removed unused code --------- Signed-off-by: erjxsrn --- .../templates/deployment/deployment.yaml | 4 ---- eric-oss-hello-world-python-app/config.py | 4 ---- eric-oss-hello-world-python-app/tests/conftest.py | 15 +-------------- 3 files changed, 1 insertion(+), 22 deletions(-) diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index a50b737..5eb87d6 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -111,10 +111,6 @@ spec: mountPath: {{ index .Values "clientCredsMountPath" | default .Values.instantiationDefaults.clientCredsMountPath | quote }} readOnly: true env: - - name: IAM_CLIENT_ID - value: {{ index .Values "clientId" | quote }} - - name: IAM_CLIENT_SECRET - value: {{ index .Values "clientSecret" | quote }} - name: EIC_HOST_URL value: {{ index .Values "eicHostUrl" | quote }} - name: LOG_ENDPOINT diff --git a/eric-oss-hello-world-python-app/config.py b/eric-oss-hello-world-python-app/config.py index 5122923..39a7e9a 100644 --- a/eric-oss-hello-world-python-app/config.py +++ b/eric-oss-hello-world-python-app/config.py @@ -5,8 +5,6 @@ def get_config(): """get env and return config with all env vals required""" - iam_client_id = get_os_env_string("IAM_CLIENT_ID", "") - iam_client_secret = get_os_env_string("IAM_CLIENT_SECRET", "") eic_host_url = get_os_env_string("EIC_HOST_URL", "") ca_cert_file_name = get_os_env_string("CA_CERT_FILE_NAME", "") ca_cert_file_path = get_os_env_string("CA_CERT_FILE_PATH", "") @@ -19,8 +17,6 @@ def get_config(): client_id_file_name = get_os_env_string("CLIENT_ID_FILE_NAME", "") config = { - "iam_client_id": iam_client_id, - "iam_client_secret": iam_client_secret, "eic_host_url": eic_host_url, "ca_cert_file_name": ca_cert_file_name, "ca_cert_file_path": ca_cert_file_path, diff --git a/eric-oss-hello-world-python-app/tests/conftest.py b/eric-oss-hello-world-python-app/tests/conftest.py index 372472a..d0b60bb 100644 --- a/eric-oss-hello-world-python-app/tests/conftest.py +++ b/eric-oss-hello-world-python-app/tests/conftest.py @@ -31,18 +31,7 @@ def match_request_data(request): ] ] ) - uses_legacy = all( - [ - parameter in request.text - for parameter in [ - "grant_type=client_credentials", - "tenant_id=master", - "client_id=IAM_CLIENT_ID", - "client_secret=IAM_CLIENT_SECRET", - ] - ] - ) - return uses_x509 or uses_legacy + return uses_x509 @pytest.fixture(name="mock_login_api") @@ -109,8 +98,6 @@ def no_log_certs(): def populate_environment_variables(): - os.environ["IAM_CLIENT_ID"] = "IAM_CLIENT_ID" - os.environ["IAM_CLIENT_SECRET"] = "IAM_CLIENT_SECRET" os.environ["EIC_HOST_URL"] = "https://www.eic-host-url.com" os.environ["CA_CERT_FILE_NAME"] = "CA_CERT_FILE_NAME" os.environ["CA_CERT_FILE_PATH"] = "CA_CERT_MOUNT_PATH"