Merge pull request #284 from sartography/feature/more-secret-secrets

more secret secrets
This commit is contained in:
Kevin Burnett 2023-05-30 18:55:27 +00:00 committed by GitHub
commit c37a2bf09a
6 changed files with 208 additions and 137 deletions

View File

@ -1,4 +1,5 @@
from dataclasses import dataclass from dataclasses import dataclass
from typing import Any
from marshmallow import Schema from marshmallow import Schema
from sqlalchemy import ForeignKey from sqlalchemy import ForeignKey
@ -20,6 +21,15 @@ class SecretModel(SpiffworkflowBaseDBModel):
updated_at_in_seconds: int = db.Column(db.Integer) updated_at_in_seconds: int = db.Column(db.Integer)
created_at_in_seconds: int = db.Column(db.Integer) created_at_in_seconds: int = db.Column(db.Integer)
# value is not included in the serialized output because it is sensitive
@property
def serialized(self) -> dict[str, Any]:
return {
"id": self.id,
"key": self.key,
"user_id": self.user_id,
}
class SecretModelSchema(Schema): class SecretModelSchema(Schema):
"""SecretModelSchema.""" """SecretModelSchema."""

View File

@ -16,7 +16,12 @@ from spiffworkflow_backend.services.user_service import UserService
def secret_show(key: str) -> Response: def secret_show(key: str) -> Response:
"""Secret_show.""" """Secret_show."""
secret = SecretService.get_secret(key) secret = SecretService.get_secret(key)
return make_response(jsonify(secret), 200)
# normal serialization does not include the secret value, but this is the one endpoint where we want to return the goods
secret_as_dict = secret.serialized
secret_as_dict["value"] = SecretService._decrypt(secret.value)
return make_response(secret_as_dict, 200)
def secret_list( def secret_list(

View File

@ -6,11 +6,9 @@ from flask.testing import FlaskClient
from spiffworkflow_backend.exceptions.api_error import ApiError from spiffworkflow_backend.exceptions.api_error import ApiError
from spiffworkflow_backend.models.process_model import ProcessModelInfo from spiffworkflow_backend.models.process_model import ProcessModelInfo
from spiffworkflow_backend.models.secret_model import SecretModel from spiffworkflow_backend.models.secret_model import SecretModel
from spiffworkflow_backend.models.secret_model import SecretModelSchema
from spiffworkflow_backend.models.user import UserModel from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.services.process_model_service import ProcessModelService from spiffworkflow_backend.services.process_model_service import ProcessModelService
from spiffworkflow_backend.services.secret_service import SecretService from spiffworkflow_backend.services.secret_service import SecretService
from werkzeug.test import TestResponse # type: ignore
from tests.spiffworkflow_backend.helpers.base_test import BaseTest from tests.spiffworkflow_backend.helpers.base_test import BaseTest
@ -163,115 +161,3 @@ class TestSecretService(SecretServiceTestHelpers):
with pytest.raises(ApiError) as ae: with pytest.raises(ApiError) as ae:
SecretService.delete_secret(self.test_key + "x", with_super_admin_user.id) SecretService.delete_secret(self.test_key + "x", with_super_admin_user.id)
assert "Resource does not exist" in ae.value.message assert "Resource does not exist" in ae.value.message
class TestSecretServiceApi(SecretServiceTestHelpers):
"""TestSecretServiceApi."""
def test_add_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test_add_secret."""
secret_model = SecretModel(
key=self.test_key,
value=self.test_value,
user_id=with_super_admin_user.id,
)
data = json.dumps(SecretModelSchema().dump(secret_model))
response: TestResponse = client.post(
"/v1.0/secrets",
headers=self.logged_in_headers(with_super_admin_user),
content_type="application/json",
data=data,
)
assert response.json
secret: dict = response.json
for key in ["key", "value", "user_id"]:
assert key in secret.keys()
assert secret["key"] == self.test_key
assert SecretService._decrypt(secret["value"]) == self.test_value
assert secret["user_id"] == with_super_admin_user.id
def test_get_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test get secret."""
self.add_test_secret(with_super_admin_user)
secret_response = client.get(
f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response
assert secret_response.status_code == 200
assert secret_response.json
assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
def test_update_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test_update_secret."""
self.add_test_secret(with_super_admin_user)
secret: SecretModel | None = SecretService.get_secret(self.test_key)
assert secret
assert SecretService._decrypt(secret.value) == self.test_value
secret_model = SecretModel(
key=self.test_key,
value="new_secret_value",
user_id=with_super_admin_user.id,
)
response = client.put(
f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user),
content_type="application/json",
data=json.dumps(SecretModelSchema().dump(secret_model)),
)
assert response.status_code == 200
secret_model = SecretModel.query.filter(SecretModel.key == self.test_key).first()
assert SecretService._decrypt(secret_model.value) == "new_secret_value"
def test_delete_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test delete secret."""
self.add_test_secret(with_super_admin_user)
secret = SecretService.get_secret(self.test_key)
assert secret
assert SecretService._decrypt(secret.value) == self.test_value
secret_response = client.delete(
f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response.status_code == 200
with pytest.raises(ApiError):
secret = SecretService.get_secret(self.test_key)
def test_delete_secret_bad_key(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test delete secret."""
secret_response = client.delete(
"/v1.0/secrets/bad_secret_key",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response.status_code == 404

View File

@ -0,0 +1,139 @@
import json
import pytest
from flask.app import Flask
from flask.testing import FlaskClient
from spiffworkflow_backend.exceptions.api_error import ApiError
from spiffworkflow_backend.models.secret_model import SecretModel
from spiffworkflow_backend.models.secret_model import SecretModelSchema
from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.services.secret_service import SecretService
from tests.spiffworkflow_backend.integration.test_secret_service import SecretServiceTestHelpers
class TestSecretsController(SecretServiceTestHelpers):
def test_add_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test_add_secret."""
secret_model = SecretModel(
key=self.test_key,
value=self.test_value,
user_id=with_super_admin_user.id,
)
data = json.dumps(SecretModelSchema().dump(secret_model))
response = client.post(
"/v1.0/secrets",
headers=self.logged_in_headers(with_super_admin_user),
content_type="application/json",
data=data,
)
assert response.json
secret: dict = response.json
for key in ["key", "value", "user_id"]:
assert key in secret.keys()
assert secret["key"] == self.test_key
assert SecretService._decrypt(secret["value"]) == self.test_value
assert secret["user_id"] == with_super_admin_user.id
def test_get_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test get secret."""
self.add_test_secret(with_super_admin_user)
secret_response = client.get(
f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response
assert secret_response.status_code == 200
assert secret_response.json
assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
def test_update_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test_update_secret."""
self.add_test_secret(with_super_admin_user)
secret: SecretModel | None = SecretService.get_secret(self.test_key)
assert secret
assert SecretService._decrypt(secret.value) == self.test_value
secret_model = SecretModel(
key=self.test_key,
value="new_secret_value",
user_id=with_super_admin_user.id,
)
response = client.put(
f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user),
content_type="application/json",
data=json.dumps(SecretModelSchema().dump(secret_model)),
)
assert response.status_code == 200
secret_model = SecretModel.query.filter(SecretModel.key == self.test_key).first()
assert SecretService._decrypt(secret_model.value) == "new_secret_value"
def test_delete_secret(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test delete secret."""
self.add_test_secret(with_super_admin_user)
secret = SecretService.get_secret(self.test_key)
assert secret
assert SecretService._decrypt(secret.value) == self.test_value
secret_response = client.delete(
f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response.status_code == 200
with pytest.raises(ApiError):
secret = SecretService.get_secret(self.test_key)
def test_delete_secret_bad_key(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
"""Test delete secret."""
secret_response = client.delete(
"/v1.0/secrets/bad_secret_key",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response.status_code == 404
def test_secret_list(
self,
app: Flask,
client: FlaskClient,
with_db_and_bpmn_file_cleanup: None,
with_super_admin_user: UserModel,
) -> None:
self.add_test_secret(with_super_admin_user)
secret_response = client.get(
"/v1.0/secrets",
headers=self.logged_in_headers(with_super_admin_user),
)
assert secret_response.status_code == 200
first_secret_in_results = secret_response.json["results"][0]
assert first_secret_in_results["key"] == self.test_key
assert "value" not in first_secret_in_results

View File

@ -10,8 +10,8 @@ import { Button } from '@carbon/react';
type OwnProps = { type OwnProps = {
title: string; title: string;
children: React.ReactNode; children?: React.ReactNode;
onClose: (..._args: any[]) => any; onClose: Function;
type?: string; type?: string;
}; };

View File

@ -1,9 +1,10 @@
import { useEffect, useState } from 'react'; import { useEffect, useState } from 'react';
import { useParams, useNavigate } from 'react-router-dom'; import { useParams, useNavigate } from 'react-router-dom';
// @ts-ignore // @ts-ignore
import { Stack, Table, Button } from '@carbon/react'; import { Stack, Table, Button, TextInput } from '@carbon/react';
import HttpService from '../services/HttpService'; import HttpService from '../services/HttpService';
import { Secret } from '../interfaces'; import { Secret } from '../interfaces';
import { Notification } from '../components/Notification';
import ButtonWithConfirmation from '../components/ButtonWithConfirmation'; import ButtonWithConfirmation from '../components/ButtonWithConfirmation';
export default function SecretShow() { export default function SecretShow() {
@ -11,7 +12,9 @@ export default function SecretShow() {
const params = useParams(); const params = useParams();
const [secret, setSecret] = useState<Secret | null>(null); const [secret, setSecret] = useState<Secret | null>(null);
const [secretValue, setSecretValue] = useState(secret?.value); const [displaySecretValue, setDisplaySecretValue] = useState<boolean>(false);
const [showSuccessNotification, setShowSuccessNotification] =
useState<boolean>(false);
useEffect(() => { useEffect(() => {
HttpService.makeCallToBackend({ HttpService.makeCallToBackend({
@ -22,22 +25,21 @@ export default function SecretShow() {
const handleSecretValueChange = (event: any) => { const handleSecretValueChange = (event: any) => {
if (secret) { if (secret) {
setSecretValue(event.target.value); const newSecret = { ...secret, value: event.target.value };
setSecret(newSecret);
} }
}; };
const updateSecretValue = () => { const updateSecretValue = () => {
if (secret && secretValue) { if (secret) {
secret.value = secretValue;
HttpService.makeCallToBackend({ HttpService.makeCallToBackend({
path: `/secrets/${secret.key}`, path: `/secrets/${secret.key}`,
successCallback: () => { successCallback: () => {
setSecret(secret); setShowSuccessNotification(true);
}, },
httpMethod: 'PUT', httpMethod: 'PUT',
postBody: { postBody: {
value: secretValue, value: secret.value,
creator_user_id: secret.creator_user_id,
}, },
}); });
} }
@ -58,9 +60,17 @@ export default function SecretShow() {
}); });
}; };
const successNotificationComponent = (
<Notification
title="Secret updated"
onClose={() => setShowSuccessNotification(false)}
/>
);
if (secret) { if (secret) {
return ( return (
<> <>
{showSuccessNotification && successNotificationComponent}
<h1>Secret Key: {secret.key}</h1> <h1>Secret Key: {secret.key}</h1>
<Stack orientation="horizontal" gap={3}> <Stack orientation="horizontal" gap={3}>
<ButtonWithConfirmation <ButtonWithConfirmation
@ -68,8 +78,14 @@ export default function SecretShow() {
onConfirmation={deleteSecret} onConfirmation={deleteSecret}
buttonLabel="Delete" buttonLabel="Delete"
/> />
<Button variant="warning" onClick={updateSecretValue}> <Button
Update Value disabled={displaySecretValue}
variant="warning"
onClick={() => {
setDisplaySecretValue(true);
}}
>
Retrieve secret value
</Button> </Button>
</Stack> </Stack>
<div> <div>
@ -77,21 +93,36 @@ export default function SecretShow() {
<thead> <thead>
<tr> <tr>
<th>Key</th> <th>Key</th>
{displaySecretValue && (
<>
<th>Value</th> <th>Value</th>
<th>Actions</th>
</>
)}
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td>{params.key}</td> <td>{params.key}</td>
{displaySecretValue && (
<>
<td> <td>
<input <TextInput
id="secret_value" id="secret_value"
name="secret_value" name="secret_value"
type="text" value={secret.value}
value={secretValue || secret.value}
onChange={handleSecretValueChange} onChange={handleSecretValueChange}
/> />
</td> </td>
<td>
{displaySecretValue && (
<Button variant="warning" onClick={updateSecretValue}>
Update Value
</Button>
)}
</td>
</>
)}
</tr> </tr>
</tbody> </tbody>
</Table> </Table>