From a645c822da1d91e1f4159b69685224232683bebb Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Tue, 12 Mar 2024 14:42:44 -0400 Subject: [PATCH] Merge pull request from GHSA-69p4-j5v5-x234 * fix(secrets): add new field allow_substitution * pull in types and integration testing --- api/secret/create.go | 8 ++++ api/secret/update.go | 4 ++ database/integration_test.go | 3 ++ database/secret/create_test.go | 18 ++++----- database/secret/get_org_test.go | 4 +- database/secret/get_repo_test.go | 4 +- database/secret/get_team_test.go | 4 +- database/secret/get_test.go | 4 +- database/secret/list_org_test.go | 6 +-- database/secret/list_repo_test.go | 6 +-- database/secret/list_team_test.go | 6 +-- database/secret/list_test.go | 6 +-- database/secret/secret_test.go | 31 ++++++++-------- database/secret/table.go | 62 ++++++++++++++++--------------- database/secret/update_test.go | 18 ++++----- go.mod | 2 +- go.sum | 4 +- mock/server/secret.go | 1 + secret/native/create_test.go | 4 ++ secret/native/get_test.go | 1 + secret/native/list_test.go | 2 + secret/native/update.go | 5 +++ secret/native/update_test.go | 2 + 23 files changed, 119 insertions(+), 86 deletions(-) diff --git a/api/secret/create.go b/api/secret/create.go index 8423bc8cb..3845f4b7c 100644 --- a/api/secret/create.go +++ b/api/secret/create.go @@ -234,6 +234,14 @@ func CreateSecret(c *gin.Context) { input.SetAllowCommand(true) } + // default to not allow substitution for shared secrets + if strings.EqualFold(input.GetType(), constants.SecretShared) && input.AllowSubstitution == nil { + input.SetAllowSubstitution(false) + input.SetAllowCommand(false) + } else if input.AllowSubstitution == nil { + input.SetAllowSubstitution(true) + } + // check if secret is a shared secret if strings.EqualFold(t, constants.SecretShared) { // update the team instead of repo diff --git a/api/secret/update.go b/api/secret/update.go index 86870d03d..98c78e031 100644 --- a/api/secret/update.go +++ b/api/secret/update.go @@ -152,6 +152,10 @@ func UpdateSecret(c *gin.Context) { input.SetAllowCommand(input.GetAllowCommand()) } + if input.AllowSubstitution != nil { + input.SetAllowSubstitution(input.GetAllowSubstitution()) + } + // check if secret is a shared secret if strings.EqualFold(t, constants.SecretShared) { // update the team instead of repo diff --git a/database/integration_test.go b/database/integration_test.go index 16ca38062..585cc4134 100644 --- a/database/integration_test.go +++ b/database/integration_test.go @@ -2314,6 +2314,7 @@ func newResources() *Resources { secretOrg.SetEvents([]string{"push", "tag", "deployment"}) secretOrg.SetAllowEvents(library.NewEventsFromMask(1)) secretOrg.SetAllowCommand(true) + secretOrg.SetAllowSubstitution(true) secretOrg.SetCreatedAt(time.Now().UTC().Unix()) secretOrg.SetCreatedBy("octocat") secretOrg.SetUpdatedAt(time.Now().Add(time.Hour * 1).UTC().Unix()) @@ -2331,6 +2332,7 @@ func newResources() *Resources { secretRepo.SetEvents([]string{"push", "tag", "deployment"}) secretRepo.SetAllowEvents(library.NewEventsFromMask(1)) secretRepo.SetAllowCommand(true) + secretRepo.SetAllowSubstitution(true) secretRepo.SetCreatedAt(time.Now().UTC().Unix()) secretRepo.SetCreatedBy("octocat") secretRepo.SetUpdatedAt(time.Now().Add(time.Hour * 1).UTC().Unix()) @@ -2347,6 +2349,7 @@ func newResources() *Resources { secretShared.SetImages([]string{"alpine"}) secretShared.SetEvents([]string{"push", "tag", "deployment"}) secretShared.SetAllowCommand(true) + secretShared.SetAllowSubstitution(true) secretShared.SetAllowEvents(library.NewEventsFromMask(1)) secretShared.SetCreatedAt(time.Now().UTC().Unix()) secretShared.SetCreatedBy("octocat") diff --git a/database/secret/create_test.go b/database/secret/create_test.go index b5d0c3ba5..eeec4c363 100644 --- a/database/secret/create_test.go +++ b/database/secret/create_test.go @@ -60,23 +60,23 @@ func TestSecret_Engine_CreateSecret(t *testing.T) { // ensure the mock expects the repo secrets query _mock.ExpectQuery(`INSERT INTO "secrets" -("org","repo","team","name","value","type","images","events","allow_events","allow_command","created_at","created_by","updated_at","updated_by","id") -VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "id"`). - WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, 1, false, 1, "user", 1, "user2", 1). +("org","repo","team","name","value","type","images","events","allow_events","allow_command","allow_substitution","created_at","created_by","updated_at","updated_by","id") +VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16) RETURNING "id"`). + WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, 1, false, false, 1, "user", 1, "user2", 1). WillReturnRows(_rows) // ensure the mock expects the org secrets query _mock.ExpectQuery(`INSERT INTO "secrets" -("org","repo","team","name","value","type","images","events","allow_events","allow_command","created_at","created_by","updated_at","updated_by","id") -VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "id"`). - WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, 3, false, 1, "user", 1, "user2", 2). +("org","repo","team","name","value","type","images","events","allow_events","allow_command","allow_substitution","created_at","created_by","updated_at","updated_by","id") +VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16) RETURNING "id"`). + WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, 3, false, false, 1, "user", 1, "user2", 2). WillReturnRows(_rows) // ensure the mock expects the shared secrets query _mock.ExpectQuery(`INSERT INTO "secrets" -("org","repo","team","name","value","type","images","events","allow_events","allow_command","created_at","created_by","updated_at","updated_by","id") -VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "id"`). - WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, 1, false, 1, "user", 1, "user2", 3). +("org","repo","team","name","value","type","images","events","allow_events","allow_command","allow_substitution","created_at","created_by","updated_at","updated_by","id") +VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16) RETURNING "id"`). + WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, 1, false, false, 1, "user", 1, "user2", 3). WillReturnRows(_rows) _sqlite := testSqlite(t) diff --git a/database/secret/get_org_test.go b/database/secret/get_org_test.go index dec38ba8a..840fa2f91 100644 --- a/database/secret/get_org_test.go +++ b/database/secret/get_org_test.go @@ -32,8 +32,8 @@ func TestSecret_Engine_GetSecretForOrg(t *testing.T) { // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND name = $3 LIMIT $4`). diff --git a/database/secret/get_repo_test.go b/database/secret/get_repo_test.go index 3f0282a6b..c4ed2c472 100644 --- a/database/secret/get_repo_test.go +++ b/database/secret/get_repo_test.go @@ -42,8 +42,8 @@ func TestSecret_Engine_GetSecretForRepo(t *testing.T) { // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND repo = $3 AND name = $4 LIMIT $5`). diff --git a/database/secret/get_team_test.go b/database/secret/get_team_test.go index e36674a35..a39012c26 100644 --- a/database/secret/get_team_test.go +++ b/database/secret/get_team_test.go @@ -32,8 +32,8 @@ func TestSecret_Engine_GetSecretForTeam(t *testing.T) { // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND team = $3 AND name = $4 LIMIT $5`). diff --git a/database/secret/get_test.go b/database/secret/get_test.go index 979f626e0..8b8d4d9c5 100644 --- a/database/secret/get_test.go +++ b/database/secret/get_test.go @@ -31,8 +31,8 @@ func TestSecret_Engine_GetSecret(t *testing.T) { // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE id = $1 LIMIT $2`).WithArgs(1, 1).WillReturnRows(_rows) diff --git a/database/secret/list_org_test.go b/database/secret/list_org_test.go index 9fe2da2e1..024d7a05a 100644 --- a/database/secret/list_org_test.go +++ b/database/secret/list_org_test.go @@ -52,9 +52,9 @@ func TestSecret_Engine_ListSecretsForOrg(t *testing.T) { // create expected name query result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(2, "org", "foo", "*", "", "bar", "baz", nil, nil, 1, false, 1, "user", 1, "user2"). - AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(2, "org", "foo", "*", "", "bar", "baz", nil, nil, 1, false, false, 1, "user", 1, "user2"). + AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the name query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 ORDER BY id DESC LIMIT $3`). diff --git a/database/secret/list_repo_test.go b/database/secret/list_repo_test.go index 838dd96f9..eb97e4c52 100644 --- a/database/secret/list_repo_test.go +++ b/database/secret/list_repo_test.go @@ -63,9 +63,9 @@ func TestSecret_Engine_ListSecretsForRepo(t *testing.T) { // create expected name query result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, 1, false, 1, "user", 1, "user2"). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, 1, false, false, 1, "user", 1, "user2"). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the name query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND repo = $3 ORDER BY id DESC LIMIT $4`). diff --git a/database/secret/list_team_test.go b/database/secret/list_team_test.go index bed709312..fd925935e 100644 --- a/database/secret/list_team_test.go +++ b/database/secret/list_team_test.go @@ -53,9 +53,9 @@ func TestSecret_Engine_ListSecretsForTeam(t *testing.T) { // create expected name query result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(2, "shared", "foo", "", "bar", "foob", "baz", nil, nil, 1, false, 1, "user", 1, "user2"). - AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(2, "shared", "foo", "", "bar", "foob", "baz", nil, nil, 1, false, false, 1, "user", 1, "user2"). + AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the name query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND team = $3 ORDER BY id DESC LIMIT $4`). diff --git a/database/secret/list_test.go b/database/secret/list_test.go index 8077637ee..a1a0e9e38 100644 --- a/database/secret/list_test.go +++ b/database/secret/list_test.go @@ -50,9 +50,9 @@ func TestSecret_Engine_ListSecrets(t *testing.T) { // create expected result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2"). - AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, 1, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "allow_substitution", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, false, 1, "user", 1, "user2"). + AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, 1, false, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets"`).WillReturnRows(_rows) diff --git a/database/secret/secret_test.go b/database/secret/secret_test.go index 31156ebca..e4b74ec9a 100644 --- a/database/secret/secret_test.go +++ b/database/secret/secret_test.go @@ -210,21 +210,22 @@ func testRepo() *library.Repo { // Secret type with all fields set to their zero values. func testSecret() *library.Secret { return &library.Secret{ - ID: new(int64), - Org: new(string), - Repo: new(string), - Team: new(string), - Name: new(string), - Value: new(string), - Type: new(string), - Images: new([]string), - Events: new([]string), - AllowEvents: testEvents(), - AllowCommand: new(bool), - CreatedAt: new(int64), - CreatedBy: new(string), - UpdatedAt: new(int64), - UpdatedBy: new(string), + ID: new(int64), + Org: new(string), + Repo: new(string), + Team: new(string), + Name: new(string), + Value: new(string), + Type: new(string), + Images: new([]string), + Events: new([]string), + AllowEvents: testEvents(), + AllowCommand: new(bool), + AllowSubstitution: new(bool), + CreatedAt: new(int64), + CreatedBy: new(string), + UpdatedAt: new(int64), + UpdatedBy: new(string), } } diff --git a/database/secret/table.go b/database/secret/table.go index f3d42ea46..67fd6b8b9 100644 --- a/database/secret/table.go +++ b/database/secret/table.go @@ -14,21 +14,22 @@ const ( CREATE TABLE IF NOT EXISTS secrets ( - id SERIAL PRIMARY KEY, - type VARCHAR(100), - org VARCHAR(250), - repo VARCHAR(250), - team VARCHAR(250), - name VARCHAR(250), - value BYTEA, - images VARCHAR(1000), - events VARCHAR(1000), - allow_events INTEGER, - allow_command BOOLEAN, - created_at INTEGER, - created_by VARCHAR(250), - updated_at INTEGER, - updated_by VARCHAR(250), + id SERIAL PRIMARY KEY, + type VARCHAR(100), + org VARCHAR(250), + repo VARCHAR(250), + team VARCHAR(250), + name VARCHAR(250), + value BYTEA, + images VARCHAR(1000), + events VARCHAR(1000), + allow_events INTEGER, + allow_command BOOLEAN, + allow_substitution BOOLEAN, + created_at INTEGER, + created_by VARCHAR(250), + updated_at INTEGER, + updated_by VARCHAR(250), UNIQUE(type, org, repo, name), UNIQUE(type, org, team, name) ); @@ -39,21 +40,22 @@ secrets ( CREATE TABLE IF NOT EXISTS secrets ( - id INTEGER PRIMARY KEY AUTOINCREMENT, - type TEXT, - org TEXT, - repo TEXT, - team TEXT, - name TEXT, - value TEXT, - images TEXT, - events TEXT, - allow_events INTEGER, - allow_command BOOLEAN, - created_at INTEGER, - created_by TEXT, - updated_at INTEGER, - updated_by TEXT, + id INTEGER PRIMARY KEY AUTOINCREMENT, + type TEXT, + org TEXT, + repo TEXT, + team TEXT, + name TEXT, + value TEXT, + images TEXT, + events TEXT, + allow_events INTEGER, + allow_command BOOLEAN, + allow_substitution BOOLEAN, + created_at INTEGER, + created_by TEXT, + updated_at INTEGER, + updated_by TEXT, UNIQUE(type, org, repo, name), UNIQUE(type, org, team, name) ); diff --git a/database/secret/update_test.go b/database/secret/update_test.go index f26ddaa24..5797471f2 100644 --- a/database/secret/update_test.go +++ b/database/secret/update_test.go @@ -57,23 +57,23 @@ func TestSecret_Engine_UpdateSecret(t *testing.T) { // ensure the mock expects the repo query _mock.ExpectExec(`UPDATE "secrets" -SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"created_at"=$11,"created_by"=$12,"updated_at"=$13,"updated_by"=$14 -WHERE "id" = $15`). - WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, 1, false, 1, "user", AnyArgument{}, "user2", 1). +SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"allow_substitution"=$11,"created_at"=$12,"created_by"=$13,"updated_at"=$14,"updated_by"=$15 +WHERE "id" = $16`). + WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, 1, false, false, 1, "user", AnyArgument{}, "user2", 1). WillReturnResult(sqlmock.NewResult(1, 1)) // ensure the mock expects the org query _mock.ExpectExec(`UPDATE "secrets" -SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"created_at"=$11,"created_by"=$12,"updated_at"=$13,"updated_by"=$14 -WHERE "id" = $15`). - WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, 1, false, 1, "user", AnyArgument{}, "user2", 2). +SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"allow_substitution"=$11,"created_at"=$12,"created_by"=$13,"updated_at"=$14,"updated_by"=$15 +WHERE "id" = $16`). + WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, 1, false, false, 1, "user", AnyArgument{}, "user2", 2). WillReturnResult(sqlmock.NewResult(1, 1)) // ensure the mock expects the shared query _mock.ExpectExec(`UPDATE "secrets" -SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"created_at"=$11,"created_by"=$12,"updated_at"=$13,"updated_by"=$14 -WHERE "id" = $15`). - WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, 1, false, 1, "user", NowTimestamp{}, "user2", 3). +SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"allow_substitution"=$11,"created_at"=$12,"created_by"=$13,"updated_at"=$14,"updated_by"=$15 +WHERE "id" = $16`). + WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, 1, false, false, 1, "user", NowTimestamp{}, "user2", 3). WillReturnResult(sqlmock.NewResult(1, 1)) _sqlite := testSqlite(t) diff --git a/go.mod b/go.mod index 3cfaeb5fb..902d50a32 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/drone/envsubst v1.0.3 github.com/gin-gonic/gin v1.9.1 github.com/go-playground/assert/v2 v2.2.0 - github.com/go-vela/types v0.23.1 + github.com/go-vela/types v0.23.2-0.20240312183632-2e046fceb8fe github.com/golang-jwt/jwt/v5 v5.2.0 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v59 v59.0.0 diff --git a/go.sum b/go.sum index d2dde2a27..940468eaa 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,8 @@ github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-vela/types v0.23.1 h1:st4BeDcYVyaaFqblU1YroztNvmYLBgmfZpWq0En0Sg0= -github.com/go-vela/types v0.23.1/go.mod h1:AAqgxIw1aRBgPkE/5juGuiwh/JZuOtL8fcPaEkjFWwQ= +github.com/go-vela/types v0.23.2-0.20240312183632-2e046fceb8fe h1:Fb28yre0nrX1GNeyPN8i8rruTlW8MnPVF3Fo5xTuOkg= +github.com/go-vela/types v0.23.2-0.20240312183632-2e046fceb8fe/go.mod h1:AAqgxIw1aRBgPkE/5juGuiwh/JZuOtL8fcPaEkjFWwQ= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= diff --git a/mock/server/secret.go b/mock/server/secret.go index 1747fbcf4..34fcd4b76 100644 --- a/mock/server/secret.go +++ b/mock/server/secret.go @@ -49,6 +49,7 @@ const ( } }, "allow_command": true, + "allow_substitution": true, "created_at": 1, "created_by": "Octocat", "updated_at": 2, diff --git a/secret/native/create_test.go b/secret/native/create_test.go index 0463e33ff..02a114976 100644 --- a/secret/native/create_test.go +++ b/secret/native/create_test.go @@ -25,6 +25,7 @@ func TestNative_Create_Org(t *testing.T) { want.SetEvents([]string{"foo", "bar"}) want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) + want.SetAllowSubstitution(false) want.SetCreatedAt(1) want.SetCreatedBy("user") want.SetUpdatedAt(1) @@ -73,6 +74,7 @@ func TestNative_Create_Repo(t *testing.T) { want.SetEvents([]string{"foo", "bar"}) want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) + want.SetAllowSubstitution(false) want.SetCreatedAt(1) want.SetCreatedBy("user") want.SetUpdatedAt(1) @@ -121,6 +123,7 @@ func TestNative_Create_Shared(t *testing.T) { want.SetEvents([]string{"foo", "bar"}) want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) + want.SetAllowSubstitution(false) want.SetCreatedAt(1) want.SetCreatedBy("user") want.SetUpdatedAt(1) @@ -169,6 +172,7 @@ func TestNative_Create_Invalid(t *testing.T) { sec.SetEvents([]string{"foo", "bar"}) sec.SetAllowEvents(library.NewEventsFromMask(1)) sec.SetAllowCommand(false) + sec.SetAllowSubstitution(false) sec.SetCreatedAt(1) sec.SetCreatedBy("user") sec.SetUpdatedAt(1) diff --git a/secret/native/get_test.go b/secret/native/get_test.go index a835e1143..b9b56e51e 100644 --- a/secret/native/get_test.go +++ b/secret/native/get_test.go @@ -25,6 +25,7 @@ func TestNative_Get(t *testing.T) { want.SetEvents([]string{"foo", "bar"}) want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) + want.SetAllowSubstitution(false) want.SetCreatedAt(1) want.SetCreatedBy("user") want.SetUpdatedAt(1) diff --git a/secret/native/list_test.go b/secret/native/list_test.go index 41dbf1691..b01e3a546 100644 --- a/secret/native/list_test.go +++ b/secret/native/list_test.go @@ -25,6 +25,7 @@ func TestNative_List(t *testing.T) { sOne.SetEvents([]string{"foo", "bar"}) sOne.SetAllowEvents(library.NewEventsFromMask(1)) sOne.SetAllowCommand(false) + sOne.SetAllowSubstitution(false) sOne.SetCreatedAt(1) sOne.SetCreatedBy("user") sOne.SetUpdatedAt(1) @@ -42,6 +43,7 @@ func TestNative_List(t *testing.T) { sTwo.SetEvents([]string{"foo", "bar"}) sTwo.SetAllowEvents(library.NewEventsFromMask(1)) sTwo.SetAllowCommand(false) + sTwo.SetAllowSubstitution(false) sTwo.SetCreatedAt(1) sTwo.SetCreatedBy("user") sTwo.SetUpdatedAt(1) diff --git a/secret/native/update.go b/secret/native/update.go index ece04c5b9..7e2c92d0c 100644 --- a/secret/native/update.go +++ b/secret/native/update.go @@ -44,6 +44,11 @@ func (c *client) Update(ctx context.Context, sType, org, name string, s *library secret.SetAllowCommand(s.GetAllowCommand()) } + // update allow_substitution if set + if s.AllowSubstitution != nil { + secret.SetAllowSubstitution(s.GetAllowSubstitution()) + } + // update updated_at if set secret.SetUpdatedAt(s.GetUpdatedAt()) diff --git a/secret/native/update_test.go b/secret/native/update_test.go index b5dc82c97..38d7a3b5b 100644 --- a/secret/native/update_test.go +++ b/secret/native/update_test.go @@ -26,6 +26,7 @@ func TestNative_Update(t *testing.T) { original.SetEvents([]string{"foob", "bar"}) original.SetAllowEvents(library.NewEventsFromMask(1)) original.SetAllowCommand(true) + original.SetAllowSubstitution(true) original.SetCreatedAt(1) original.SetCreatedBy("user") original.SetUpdatedAt(time.Now().UTC().Unix()) @@ -43,6 +44,7 @@ func TestNative_Update(t *testing.T) { want.SetEvents([]string{"foo", "bar"}) want.SetAllowEvents(library.NewEventsFromMask(3)) want.SetAllowCommand(false) + want.SetAllowSubstitution(false) want.SetCreatedAt(1) want.SetCreatedBy("user") want.SetUpdatedAt(time.Now().UTC().Unix())