Obfuscate execpath from pipeline objects returned to clients (#229)

gaia-pipeline · Dec 10, 2019 · 072ded5 · 072ded5
1 parent c7837a1
commit 072ded5
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/frontend/src/views/pipeline/detail.vue b/frontend/src/views/pipeline/detail.vue
@@ -19,9 +19,11 @@
         <article class="tile is-child notification content-article box">
           <table class="pipeline-detail-table">
             <tr><th>Name</th><td>{{pipeline.name}}</td></tr>
+            <tr><th>Type</th><td>{{pipeline.type}}</td></tr>
             <tr><th>Repo</th><td>{{pipeline.repo.url}}</td></tr>
             <tr><th>Branch</th><td>{{pipeline.repo.selectedbranch}}</td></tr>
-            <tr><th>Location</th><td>{{pipeline.execpath}}</td></tr>
+            <tr><th>Created</th><td><span :title="pipeline.created" v-tippy="{ arrow : true,  animation : 'shift-away'}">{{
+              convertTime(pipeline.created) }}</span></td></tr>
             <tr><th>Trigger Token</th><td>{{pipeline.trigger_token}}</td></tr>
 
             <tr v-if="lastSuccessfulRun">
@@ -124,12 +126,16 @@
 </template>
 
 <script>
+import Vue from 'vue'
 import Vis from 'vis'
 import { Modal } from 'vue-bulma-modal'
 import { VueGoodTable } from 'vue-good-table'
 import 'vue-good-table/dist/vue-good-table.css'
 import moment from 'moment'
 import helper from '../../helper'
+import VueTippy from 'vue-tippy'
+
+Vue.use(VueTippy)
 
 export default {
   components: {
@@ -196,7 +202,9 @@ export default {
           arrows: { to: true }
         }
       },
-      pipeline: null
+      pipeline: null,
+      lastSuccessfulRun: null,
+      lastRun: null
     }
   },
 
@@ -511,6 +519,10 @@ export default {
 
     checkPipelineArgsAndStartPipeline () {
       helper.StartPipelineWithArgsCheck(this, this.pipeline)
+    },
+
+    convertTime (time) {
+      return moment(time).fromNow()
     }
   }
 }

diff --git a/handlers/pipeline.go b/handlers/pipeline.go
@@ -104,6 +104,11 @@ func PipelineGetAll(c echo.Context) error {
 	// Get all active pipelines
 	pipelines := pipeline.GlobalActivePipelines.GetAll()
 
+	// Obscure non-necessary information
+	for id := range pipelines {
+		obscurePipelineData(&pipelines[id])
+	}
+
 	// Return as json
 	return c.JSON(http.StatusOK, pipelines)
 }
@@ -121,6 +126,7 @@ func PipelineGet(c echo.Context) error {
 	// Look up pipeline for the given id
 	for _, p := range pipeline.GlobalActivePipelines.GetAll() {
 		if p.ID == pipelineID {
+			obscurePipelineData(&p)
 			return c.JSON(http.StatusOK, p)
 		}
 	}
@@ -452,6 +458,7 @@ func PipelineGetAllWithLatestRun(c echo.Context) error {
 
 		// Append run if one exists
 		g := getAllWithLatestRun{}
+		obscurePipelineData(&p)
 		g.Pipeline = p
 		if run != nil {
 			g.PipelineRun = *run
@@ -484,3 +491,8 @@ func PipelineCheckPeriodicSchedules(c echo.Context) error {
 	// All entries are valid.
 	return c.JSON(http.StatusOK, nil)
 }
+
+// obscurePipelineData obscures pipeline data from the given pipeline object
+func obscurePipelineData(p *gaia.Pipeline) {
+	p.ExecPath = ""
+}