New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #18972: API to use secret database #3534
Fixes #18972: API to use secret database #3534
Conversation
…dF/rudder into ust_18972/api_to_use_secret_database
af4ba0e
to
9a812c4
Compare
Commit modified |
I think you should rename secretVault into secret or secrets depending on the case. I don't to make think it could be related to hashicorp Vault |
Currently, Delete and Update actions doesn't return an error if the secret doesn't exists |
...rudder/rudder-rest/src/main/scala/com/normation/rudder/web/services/SecretVaultService.scala
Outdated
Show resolved
Hide resolved
...rudder/rudder-rest/src/main/scala/com/normation/rudder/web/services/SecretVaultService.scala
Outdated
Show resolved
Hide resolved
...rudder/rudder-rest/src/main/scala/com/normation/rudder/web/services/SecretVaultService.scala
Outdated
Show resolved
Hide resolved
|
||
import java.nio.charset.StandardCharsets | ||
|
||
final case class Metadata(author: Option[String], formatVersion: Option[String], date: Option[String]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't need those metadata, author and date
format should not be optionnal, and i think it should not be a parameter
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fanf mentionned that it could be interesting to have extra metadas, but nothing for the moment, I can remove it, should we keep formatVersion
anyway ?
...rudder/rudder-rest/src/main/scala/com/normation/rudder/web/services/SecretVaultService.scala
Outdated
Show resolved
Hide resolved
…dF/rudder into ust_18972/api_to_use_secret_database
...rudder/rudder-rest/src/main/scala/com/normation/rudder/web/services/SecretVaultService.scala
Outdated
Show resolved
Hide resolved
…om:ElaadF/rudder into ust_18972/api_to_use_secret_database Fixes #18972: API to use secret database
Commit modified |
0a0ce76
to
d2bfa92
Compare
Commit modified |
d2bfa92
to
8478a27
Compare
JString(id) | ||
} | ||
|
||
RestUtils.response(restExtractor, "secretName", None)(res, req, "Error when trying to delete a secret") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should always send back the whole secret structure with the same container than the rest of the api
Secret.serializeSecret(secret) | ||
} | ||
|
||
RestUtils.response(restExtractor, "secret", None)(res, req, "Error when trying to add a secret") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be secrets and in an array
Secret.serializeSecret(secret) | ||
} | ||
|
||
RestUtils.response(restExtractor, "secret", None)(res, req, s"Error when trying to update a secret") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be secrets and in an array
</ul> | ||
{( | ||
"#name" #> modDiff.name & | ||
"#value" #> mapSimpleDiff(modDiff.modValue) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should state that value has changed and (diff strucure should only have a boolean, stating it has changed or not
_ <- oldSecret match { | ||
case Some(oldSec) => | ||
if(oldSec.value == newSecret.value) { | ||
logger.warn(s"Trying to update secret `${oldSec.name}` with the same value") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log level should not be warn and it don't even think we need to log it
} | ||
|
||
class FileSystemSecretRepository( | ||
jsonDbPath : String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it should be configuration-repository path, and the end of the path should be in the repository
btw, the secrets.json should be in a secrets directory
PR updated with a new commit |
// value <- (secret \ "value").headOption.map( _.text ) ?~! ("Missing attribute 'value' in entry type secret : " + entry) | ||
description <- (secret \ "description").headOption.map( _.text ) ?~! ("Missing attribute 'description' in entry type secret : " + entry) | ||
} yield { | ||
Secret(name, "", description) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not the best solution, maybe create a SecretInfo(name: String, description: String)
and used it instead of Secret
and transform Secret(name: String, value: String, description: String)
into Secret(value: String, info: SecretInfo)
b4e6438
to
690f3bb
Compare
Commit modified |
690f3bb
to
9a98782
Compare
Commit modified |
Fixes #18972: API to use secret database
PR updated with a new commit |
Fixes #18972: API to use secret database
PR updated with a new commit |
This PR should not be in rudder main project, it will be moved in rudder-plugins |
https://issues.rudder.io/issues/18972