SecretService.get_secret returns the entire object, not just the value

Fixed the model so it also returns the allowed processes
2022-09-28 16:29:55 -04:00 · 2022-09-28 16:29:55 -04:00 · 906f4d5346
parent 88347a5384
commit 906f4d5346
6 changed files with 34 additions and 32 deletions
--- a/src/spiffworkflow_backend/api.yml
+++ b/src/spiffworkflow_backend/api.yml
@ -1100,7 +1100,7 @@ paths:
        schema:
          type: string
    get:
-      operationId: spiffworkflow_backend.routes.process_api_blueprint.get_secret_value
+      operationId: spiffworkflow_backend.routes.process_api_blueprint.get_secret
      summary: Return a secret value for a key
      tags:
        - Secrets
@ -1110,7 +1110,7 @@ paths:
          content:
            application/json:
              schema:
-                type: string
+                $ref: "#/components/schemas/Secret"
    delete:
      operationId: spiffworkflow_backend.routes.process_api_blueprint.delete_secret
      summary: Delete an existing secret
--- a/src/spiffworkflow_backend/models/secret_model.py
+++ b/src/spiffworkflow_backend/models/secret_model.py
@ -20,19 +20,10 @@ class SecretModel(SpiffworkflowBaseDBModel):
    value: str = db.Column(db.String(255), nullable=False)
    creator_user_id: int = db.Column(ForeignKey(UserModel.id), nullable=False)

-    allowed_processes = relationship("SecretAllowedProcessPathModel", cascade="delete")
-
-
-class SecretModelSchema(Schema):
-    """SecretModelSchema."""
-
-    class Meta:
-        """Meta."""
-
-        model = SecretModel
-        fields = ["key", "value", "creator_user_id"]
+    allowed_processes: list["SecretAllowedProcessPathModel"] = relationship("SecretAllowedProcessPathModel", cascade="delete")


+@dataclass()
 class SecretAllowedProcessPathModel(SpiffworkflowBaseDBModel):
    """Allowed processes can be Process Groups or Process Models.

@ -51,6 +42,16 @@ class SecretAllowedProcessPathModel(SpiffworkflowBaseDBModel):
    allowed_relative_path: str = db.Column(db.String(500), nullable=False)


+class SecretModelSchema(Schema):
+    """SecretModelSchema."""
+
+    class Meta:
+        """Meta."""
+
+        model = SecretModel
+        fields = ["key", "value", "creator_user_id", "allowed_processes"]
+
+
 class SecretAllowedProcessSchema(Schema):
    """SecretAllowedProcessSchema."""

--- a/src/spiffworkflow_backend/routes/process_api_blueprint.py
+++ b/src/spiffworkflow_backend/routes/process_api_blueprint.py
@ -1116,9 +1116,9 @@ def get_spiff_task_from_process_instance(
 #
 # Methods for secrets CRUD - maybe move somewhere else:
 #
-def get_secret_value(key: str) -> Optional[str]:
+def get_secret(key: str) -> Optional[str]:
    """Get_secret."""
-    return SecretService.get_secret_value(key)
+    return SecretService.get_secret(key)


 def secret_list(
--- a/src/spiffworkflow_backend/services/secret_service.py
+++ b/src/spiffworkflow_backend/services/secret_service.py
@ -54,13 +54,14 @@ class SecretService:
        return secret_model

    @staticmethod
-    def get_secret_value(key: str) -> Optional[str]:
+    def get_secret(key: str) -> Optional[str]:
        """Get_secret."""
        secret: SecretModel = (
-            db.session.query(SecretModel).filter(SecretModel.key == key).first()
+            db.session.query(SecretModel).filter(SecretModel.key == key)
+            .first()
        )
        if secret is not None:
-            return secret.value
+            return secret

    @staticmethod
    def update_secret(
--- a/src/spiffworkflow_backend/services/service_task_service.py
+++ b/src/spiffworkflow_backend/services/service_task_service.py
@ -23,7 +23,7 @@ class ServiceTaskDelegate:
        secret_prefix = "secret:"  # noqa: S105
        if value.startswith(secret_prefix):
            key = value.removeprefix(secret_prefix)
-            value = SecretService().get_secret_value(key)
+            value = SecretService().get_secret(key).value
        return value

    @staticmethod
--- a/tests/spiffworkflow_backend/integration/test_secret_service.py
+++ b/tests/spiffworkflow_backend/integration/test_secret_service.py
@ -101,9 +101,9 @@ class TestSecretService(SecretServiceTestHelpers):
        user = self.find_or_create_user()
        self.add_test_secret(user)

-        secret = SecretService().get_secret_value(self.test_key)
+        secret = SecretService().get_secret(self.test_key)
        assert secret is not None
-        assert secret == self.test_value
+        assert secret.value == self.test_value

    def test_get_secret_bad_key_fails(
        self, app: Flask, with_db_and_bpmn_file_cleanup: None
@ -112,7 +112,7 @@ class TestSecretService(SecretServiceTestHelpers):
        user = self.find_or_create_user()
        self.add_test_secret(user)

-        bad_secret = SecretService().get_secret_value("bad_key")
+        bad_secret = SecretService().get_secret("bad_key")
        assert bad_secret is None

    def test_update_secret(
@ -121,11 +121,11 @@ class TestSecretService(SecretServiceTestHelpers):
        """Test update secret."""
        user = self.find_or_create_user()
        self.add_test_secret(user)
-        secret = SecretService.get_secret_value(self.test_key)
-        assert secret == self.test_value
+        secret = SecretService.get_secret(self.test_key)
+        assert secret.value == self.test_value
        SecretService.update_secret(self.test_key, "new_secret_value", user.id)
-        new_secret = SecretService.get_secret_value(self.test_key)
-        assert new_secret == "new_secret_value"  # noqa: S105
+        new_secret = SecretService.get_secret(self.test_key)
+        assert new_secret.value == "new_secret_value"  # noqa: S105

    def test_update_secret_bad_user_fails(
        self, app: Flask, client: FlaskClient, with_db_and_bpmn_file_cleanup: None
@ -370,7 +370,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
        )
        assert secret_response
        assert secret_response.status_code == 200
-        assert secret_response.json == self.test_value
+        assert secret_response.json['value'] == self.test_value

    def test_update_secret(
        self, app: Flask, client: FlaskClient, with_db_and_bpmn_file_cleanup: None
@ -378,8 +378,8 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
        """Test_update_secret."""
        user = self.find_or_create_user()
        self.add_test_secret(user)
-        secret = SecretService.get_secret_value(self.test_key)
-        assert secret == self.test_value
+        secret = SecretService.get_secret(self.test_key)
+        assert secret.value == self.test_value
        secret_model = SecretModel(
            key=self.test_key, value="new_secret_value", creator_user_id=user.id
        )
@ -402,15 +402,15 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
        """Test delete secret."""
        user = self.find_or_create_user()
        self.add_test_secret(user)
-        secret = SecretService.get_secret_value(self.test_key)
+        secret = SecretService.get_secret(self.test_key)
        assert secret
-        assert secret == self.test_value
+        assert secret.value == self.test_value
        secret_response = client.delete(
            f"/v1.0/secrets/{self.test_key}",
            headers=self.logged_in_headers(user),
        )
        assert secret_response.status_code == 204
-        secret = SecretService.get_secret_value(self.test_key)
+        secret = SecretService.get_secret(self.test_key)
        assert secret is None

    def test_delete_secret_bad_user(