Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

guessSchema the encrypted secretValue should be decrypted when used #2841

Merged
merged 1 commit into from
May 20, 2024
Merged

guessSchema the encrypted secretValue should be decrypted when used #2841

merged 1 commit into from
May 20, 2024

Conversation

yanfeng1992
Copy link
Contributor

Purpose

The encrypted secretValue should be decrypted when used

Remarks

PR introduces (a) breaking change(s): <yes/no>
no
PR introduces (a) deprecation(s): <yes/no>
no

@github-actions github-actions bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code backend Everything that is related to the StreamPipes backend installer Affects the StreamPipes installer helm Affects the StreamPipes helm chart labels May 8, 2024
@dominikriemer
Copy link
Member

Hi @yanfeng1992 did you have any problem with the current setup?
Secrets should be decrypted by the core before they are sent to the extension service (to avoid that the extensions need to be aware of the encryption passcode) so that no decryption should be necessary when extracting a secret value.

@yanfeng1992
Copy link
Contributor Author

I discovered that the current secret was not decrypted by the core before being sent to the extension service, and the extension service still received the encrypted password. @dominikriemer

@dominikriemer
Copy link
Member

Thanks for the explanation! Does this happen for adapters and processors/sinks or only for a specific resource? We can probably add the decryption fix directly to the core so that we don't need to pull in the streampipes-user-management dependency into the SDK.

@yanfeng1992
Copy link
Contributor Author

I discovered it when adapting and modifying the configuration. Can it be fixed in core? I haven't found a way to fix it in core.
Is it possible to add the decryption fix directly to the core?

@dominikriemer
Copy link
Member

Hi @yanfeng1992 thanks for asking!
For pipeline elements, decryption is handled in streampipes-pipeline-management in the SecretEncryptionTask, which calls a SecretService that loops over all configuration and decrypts secrets. For adapters, this class is used within the WorkerRestClient of streampipes-connect-management. In which cases did you experience the problem? Does this occur always or only for nested structures or something like that?

@github-actions github-actions bot removed dependencies Pull requests that update a dependency file installer Affects the StreamPipes installer helm Affects the StreamPipes helm chart labels May 11, 2024
@yanfeng1992 yanfeng1992 changed the title The encrypted secretValue should be decrypted when used guessSchema the encrypted secretValue should be decrypted when used May 11, 2024
@yanfeng1992
Copy link
Contributor Author

Hi @yanfeng1992 thanks for asking! For pipeline elements, decryption is handled in streampipes-pipeline-management in the SecretEncryptionTask, which calls a SecretService that loops over all configuration and decrypts secrets. For adapters, this class is used within the WorkerRestClient of streampipes-connect-management. In which cases did you experience the problem? Does this occur always or only for nested structures or something like that?

Thanks for your answer, I found the cause of the problem. It is in the guessSchema function that the secretValue is not decrypted. We can fix this problem in core. Please review my latest commit @dominikriemer

@yanfeng1992
guessSchema need to decrypt adapterDescription
fc6c019 
Signed-off-by: huangyanfeng <huangyanfeng1992@gmail.com>
@bossenti bossenti added this to the 0.97.0 milestone May 13, 2024
@dominikriemer dominikriemer merged commit e2bdfdd into apache:dev May 20, 2024
21 checks passed
dominikriemer pushed a commit that referenced this pull request May 20, 2024
@yanfeng1992 @dominikriemer
guessSchema need to decrypt adapterDescription (#2841)
e8e5087 
Signed-off-by: huangyanfeng <huangyanfeng1992@gmail.com>
@bossenti bossenti modified the milestones: 0.97.0, 0.95.0 May 21, 2024
@bossenti bossenti added the bug Something isn't working label May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bossenti bossenti bossenti approved these changes

Assignees
No one assigned
Labels
backend Everything that is related to the StreamPipes backend bug Something isn't working java Pull requests that update Java code
Projects
None yet
Milestone
0.95.0
Development

Successfully merging this pull request may close these issues.
3 participants
@yanfeng1992 @dominikriemer @bossenti