Merge pull request #284 from sartography/feature/more-secret-secrets
more secret secrets
This commit is contained in:
commit
c37a2bf09a
|
@ -1,4 +1,5 @@
|
||||||
from dataclasses import dataclass
|
from dataclasses import dataclass
|
||||||
|
from typing import Any
|
||||||
|
|
||||||
from marshmallow import Schema
|
from marshmallow import Schema
|
||||||
from sqlalchemy import ForeignKey
|
from sqlalchemy import ForeignKey
|
||||||
|
@ -20,6 +21,15 @@ class SecretModel(SpiffworkflowBaseDBModel):
|
||||||
updated_at_in_seconds: int = db.Column(db.Integer)
|
updated_at_in_seconds: int = db.Column(db.Integer)
|
||||||
created_at_in_seconds: int = db.Column(db.Integer)
|
created_at_in_seconds: int = db.Column(db.Integer)
|
||||||
|
|
||||||
|
# value is not included in the serialized output because it is sensitive
|
||||||
|
@property
|
||||||
|
def serialized(self) -> dict[str, Any]:
|
||||||
|
return {
|
||||||
|
"id": self.id,
|
||||||
|
"key": self.key,
|
||||||
|
"user_id": self.user_id,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
class SecretModelSchema(Schema):
|
class SecretModelSchema(Schema):
|
||||||
"""SecretModelSchema."""
|
"""SecretModelSchema."""
|
||||||
|
|
|
@ -16,7 +16,12 @@ from spiffworkflow_backend.services.user_service import UserService
|
||||||
def secret_show(key: str) -> Response:
|
def secret_show(key: str) -> Response:
|
||||||
"""Secret_show."""
|
"""Secret_show."""
|
||||||
secret = SecretService.get_secret(key)
|
secret = SecretService.get_secret(key)
|
||||||
return make_response(jsonify(secret), 200)
|
|
||||||
|
# normal serialization does not include the secret value, but this is the one endpoint where we want to return the goods
|
||||||
|
secret_as_dict = secret.serialized
|
||||||
|
secret_as_dict["value"] = SecretService._decrypt(secret.value)
|
||||||
|
|
||||||
|
return make_response(secret_as_dict, 200)
|
||||||
|
|
||||||
|
|
||||||
def secret_list(
|
def secret_list(
|
||||||
|
|
|
@ -6,11 +6,9 @@ from flask.testing import FlaskClient
|
||||||
from spiffworkflow_backend.exceptions.api_error import ApiError
|
from spiffworkflow_backend.exceptions.api_error import ApiError
|
||||||
from spiffworkflow_backend.models.process_model import ProcessModelInfo
|
from spiffworkflow_backend.models.process_model import ProcessModelInfo
|
||||||
from spiffworkflow_backend.models.secret_model import SecretModel
|
from spiffworkflow_backend.models.secret_model import SecretModel
|
||||||
from spiffworkflow_backend.models.secret_model import SecretModelSchema
|
|
||||||
from spiffworkflow_backend.models.user import UserModel
|
from spiffworkflow_backend.models.user import UserModel
|
||||||
from spiffworkflow_backend.services.process_model_service import ProcessModelService
|
from spiffworkflow_backend.services.process_model_service import ProcessModelService
|
||||||
from spiffworkflow_backend.services.secret_service import SecretService
|
from spiffworkflow_backend.services.secret_service import SecretService
|
||||||
from werkzeug.test import TestResponse # type: ignore
|
|
||||||
|
|
||||||
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||||
|
|
||||||
|
@ -163,115 +161,3 @@ class TestSecretService(SecretServiceTestHelpers):
|
||||||
with pytest.raises(ApiError) as ae:
|
with pytest.raises(ApiError) as ae:
|
||||||
SecretService.delete_secret(self.test_key + "x", with_super_admin_user.id)
|
SecretService.delete_secret(self.test_key + "x", with_super_admin_user.id)
|
||||||
assert "Resource does not exist" in ae.value.message
|
assert "Resource does not exist" in ae.value.message
|
||||||
|
|
||||||
|
|
||||||
class TestSecretServiceApi(SecretServiceTestHelpers):
|
|
||||||
"""TestSecretServiceApi."""
|
|
||||||
|
|
||||||
def test_add_secret(
|
|
||||||
self,
|
|
||||||
app: Flask,
|
|
||||||
client: FlaskClient,
|
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
|
||||||
with_super_admin_user: UserModel,
|
|
||||||
) -> None:
|
|
||||||
"""Test_add_secret."""
|
|
||||||
secret_model = SecretModel(
|
|
||||||
key=self.test_key,
|
|
||||||
value=self.test_value,
|
|
||||||
user_id=with_super_admin_user.id,
|
|
||||||
)
|
|
||||||
data = json.dumps(SecretModelSchema().dump(secret_model))
|
|
||||||
response: TestResponse = client.post(
|
|
||||||
"/v1.0/secrets",
|
|
||||||
headers=self.logged_in_headers(with_super_admin_user),
|
|
||||||
content_type="application/json",
|
|
||||||
data=data,
|
|
||||||
)
|
|
||||||
assert response.json
|
|
||||||
secret: dict = response.json
|
|
||||||
for key in ["key", "value", "user_id"]:
|
|
||||||
assert key in secret.keys()
|
|
||||||
assert secret["key"] == self.test_key
|
|
||||||
assert SecretService._decrypt(secret["value"]) == self.test_value
|
|
||||||
assert secret["user_id"] == with_super_admin_user.id
|
|
||||||
|
|
||||||
def test_get_secret(
|
|
||||||
self,
|
|
||||||
app: Flask,
|
|
||||||
client: FlaskClient,
|
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
|
||||||
with_super_admin_user: UserModel,
|
|
||||||
) -> None:
|
|
||||||
"""Test get secret."""
|
|
||||||
self.add_test_secret(with_super_admin_user)
|
|
||||||
secret_response = client.get(
|
|
||||||
f"/v1.0/secrets/{self.test_key}",
|
|
||||||
headers=self.logged_in_headers(with_super_admin_user),
|
|
||||||
)
|
|
||||||
assert secret_response
|
|
||||||
assert secret_response.status_code == 200
|
|
||||||
assert secret_response.json
|
|
||||||
assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
|
|
||||||
|
|
||||||
def test_update_secret(
|
|
||||||
self,
|
|
||||||
app: Flask,
|
|
||||||
client: FlaskClient,
|
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
|
||||||
with_super_admin_user: UserModel,
|
|
||||||
) -> None:
|
|
||||||
"""Test_update_secret."""
|
|
||||||
self.add_test_secret(with_super_admin_user)
|
|
||||||
secret: SecretModel | None = SecretService.get_secret(self.test_key)
|
|
||||||
assert secret
|
|
||||||
assert SecretService._decrypt(secret.value) == self.test_value
|
|
||||||
secret_model = SecretModel(
|
|
||||||
key=self.test_key,
|
|
||||||
value="new_secret_value",
|
|
||||||
user_id=with_super_admin_user.id,
|
|
||||||
)
|
|
||||||
response = client.put(
|
|
||||||
f"/v1.0/secrets/{self.test_key}",
|
|
||||||
headers=self.logged_in_headers(with_super_admin_user),
|
|
||||||
content_type="application/json",
|
|
||||||
data=json.dumps(SecretModelSchema().dump(secret_model)),
|
|
||||||
)
|
|
||||||
assert response.status_code == 200
|
|
||||||
|
|
||||||
secret_model = SecretModel.query.filter(SecretModel.key == self.test_key).first()
|
|
||||||
assert SecretService._decrypt(secret_model.value) == "new_secret_value"
|
|
||||||
|
|
||||||
def test_delete_secret(
|
|
||||||
self,
|
|
||||||
app: Flask,
|
|
||||||
client: FlaskClient,
|
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
|
||||||
with_super_admin_user: UserModel,
|
|
||||||
) -> None:
|
|
||||||
"""Test delete secret."""
|
|
||||||
self.add_test_secret(with_super_admin_user)
|
|
||||||
secret = SecretService.get_secret(self.test_key)
|
|
||||||
assert secret
|
|
||||||
assert SecretService._decrypt(secret.value) == self.test_value
|
|
||||||
secret_response = client.delete(
|
|
||||||
f"/v1.0/secrets/{self.test_key}",
|
|
||||||
headers=self.logged_in_headers(with_super_admin_user),
|
|
||||||
)
|
|
||||||
assert secret_response.status_code == 200
|
|
||||||
with pytest.raises(ApiError):
|
|
||||||
secret = SecretService.get_secret(self.test_key)
|
|
||||||
|
|
||||||
def test_delete_secret_bad_key(
|
|
||||||
self,
|
|
||||||
app: Flask,
|
|
||||||
client: FlaskClient,
|
|
||||||
with_db_and_bpmn_file_cleanup: None,
|
|
||||||
with_super_admin_user: UserModel,
|
|
||||||
) -> None:
|
|
||||||
"""Test delete secret."""
|
|
||||||
secret_response = client.delete(
|
|
||||||
"/v1.0/secrets/bad_secret_key",
|
|
||||||
headers=self.logged_in_headers(with_super_admin_user),
|
|
||||||
)
|
|
||||||
assert secret_response.status_code == 404
|
|
||||||
|
|
|
@ -0,0 +1,139 @@
|
||||||
|
import json
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
from flask.app import Flask
|
||||||
|
from flask.testing import FlaskClient
|
||||||
|
from spiffworkflow_backend.exceptions.api_error import ApiError
|
||||||
|
from spiffworkflow_backend.models.secret_model import SecretModel
|
||||||
|
from spiffworkflow_backend.models.secret_model import SecretModelSchema
|
||||||
|
from spiffworkflow_backend.models.user import UserModel
|
||||||
|
from spiffworkflow_backend.services.secret_service import SecretService
|
||||||
|
|
||||||
|
from tests.spiffworkflow_backend.integration.test_secret_service import SecretServiceTestHelpers
|
||||||
|
|
||||||
|
|
||||||
|
class TestSecretsController(SecretServiceTestHelpers):
|
||||||
|
def test_add_secret(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
"""Test_add_secret."""
|
||||||
|
secret_model = SecretModel(
|
||||||
|
key=self.test_key,
|
||||||
|
value=self.test_value,
|
||||||
|
user_id=with_super_admin_user.id,
|
||||||
|
)
|
||||||
|
data = json.dumps(SecretModelSchema().dump(secret_model))
|
||||||
|
response = client.post(
|
||||||
|
"/v1.0/secrets",
|
||||||
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
content_type="application/json",
|
||||||
|
data=data,
|
||||||
|
)
|
||||||
|
assert response.json
|
||||||
|
secret: dict = response.json
|
||||||
|
for key in ["key", "value", "user_id"]:
|
||||||
|
assert key in secret.keys()
|
||||||
|
assert secret["key"] == self.test_key
|
||||||
|
assert SecretService._decrypt(secret["value"]) == self.test_value
|
||||||
|
assert secret["user_id"] == with_super_admin_user.id
|
||||||
|
|
||||||
|
def test_get_secret(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
"""Test get secret."""
|
||||||
|
self.add_test_secret(with_super_admin_user)
|
||||||
|
secret_response = client.get(
|
||||||
|
f"/v1.0/secrets/{self.test_key}",
|
||||||
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
)
|
||||||
|
assert secret_response
|
||||||
|
assert secret_response.status_code == 200
|
||||||
|
assert secret_response.json
|
||||||
|
assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
|
||||||
|
|
||||||
|
def test_update_secret(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
"""Test_update_secret."""
|
||||||
|
self.add_test_secret(with_super_admin_user)
|
||||||
|
secret: SecretModel | None = SecretService.get_secret(self.test_key)
|
||||||
|
assert secret
|
||||||
|
assert SecretService._decrypt(secret.value) == self.test_value
|
||||||
|
secret_model = SecretModel(
|
||||||
|
key=self.test_key,
|
||||||
|
value="new_secret_value",
|
||||||
|
user_id=with_super_admin_user.id,
|
||||||
|
)
|
||||||
|
response = client.put(
|
||||||
|
f"/v1.0/secrets/{self.test_key}",
|
||||||
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
content_type="application/json",
|
||||||
|
data=json.dumps(SecretModelSchema().dump(secret_model)),
|
||||||
|
)
|
||||||
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
secret_model = SecretModel.query.filter(SecretModel.key == self.test_key).first()
|
||||||
|
assert SecretService._decrypt(secret_model.value) == "new_secret_value"
|
||||||
|
|
||||||
|
def test_delete_secret(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
"""Test delete secret."""
|
||||||
|
self.add_test_secret(with_super_admin_user)
|
||||||
|
secret = SecretService.get_secret(self.test_key)
|
||||||
|
assert secret
|
||||||
|
assert SecretService._decrypt(secret.value) == self.test_value
|
||||||
|
secret_response = client.delete(
|
||||||
|
f"/v1.0/secrets/{self.test_key}",
|
||||||
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
)
|
||||||
|
assert secret_response.status_code == 200
|
||||||
|
with pytest.raises(ApiError):
|
||||||
|
secret = SecretService.get_secret(self.test_key)
|
||||||
|
|
||||||
|
def test_delete_secret_bad_key(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
"""Test delete secret."""
|
||||||
|
secret_response = client.delete(
|
||||||
|
"/v1.0/secrets/bad_secret_key",
|
||||||
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
)
|
||||||
|
assert secret_response.status_code == 404
|
||||||
|
|
||||||
|
def test_secret_list(
|
||||||
|
self,
|
||||||
|
app: Flask,
|
||||||
|
client: FlaskClient,
|
||||||
|
with_db_and_bpmn_file_cleanup: None,
|
||||||
|
with_super_admin_user: UserModel,
|
||||||
|
) -> None:
|
||||||
|
self.add_test_secret(with_super_admin_user)
|
||||||
|
secret_response = client.get(
|
||||||
|
"/v1.0/secrets",
|
||||||
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
)
|
||||||
|
assert secret_response.status_code == 200
|
||||||
|
first_secret_in_results = secret_response.json["results"][0]
|
||||||
|
assert first_secret_in_results["key"] == self.test_key
|
||||||
|
assert "value" not in first_secret_in_results
|
|
@ -10,8 +10,8 @@ import { Button } from '@carbon/react';
|
||||||
|
|
||||||
type OwnProps = {
|
type OwnProps = {
|
||||||
title: string;
|
title: string;
|
||||||
children: React.ReactNode;
|
children?: React.ReactNode;
|
||||||
onClose: (..._args: any[]) => any;
|
onClose: Function;
|
||||||
type?: string;
|
type?: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
import { useEffect, useState } from 'react';
|
import { useEffect, useState } from 'react';
|
||||||
import { useParams, useNavigate } from 'react-router-dom';
|
import { useParams, useNavigate } from 'react-router-dom';
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
import { Stack, Table, Button } from '@carbon/react';
|
import { Stack, Table, Button, TextInput } from '@carbon/react';
|
||||||
import HttpService from '../services/HttpService';
|
import HttpService from '../services/HttpService';
|
||||||
import { Secret } from '../interfaces';
|
import { Secret } from '../interfaces';
|
||||||
|
import { Notification } from '../components/Notification';
|
||||||
import ButtonWithConfirmation from '../components/ButtonWithConfirmation';
|
import ButtonWithConfirmation from '../components/ButtonWithConfirmation';
|
||||||
|
|
||||||
export default function SecretShow() {
|
export default function SecretShow() {
|
||||||
|
@ -11,7 +12,9 @@ export default function SecretShow() {
|
||||||
const params = useParams();
|
const params = useParams();
|
||||||
|
|
||||||
const [secret, setSecret] = useState<Secret | null>(null);
|
const [secret, setSecret] = useState<Secret | null>(null);
|
||||||
const [secretValue, setSecretValue] = useState(secret?.value);
|
const [displaySecretValue, setDisplaySecretValue] = useState<boolean>(false);
|
||||||
|
const [showSuccessNotification, setShowSuccessNotification] =
|
||||||
|
useState<boolean>(false);
|
||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
HttpService.makeCallToBackend({
|
HttpService.makeCallToBackend({
|
||||||
|
@ -22,22 +25,21 @@ export default function SecretShow() {
|
||||||
|
|
||||||
const handleSecretValueChange = (event: any) => {
|
const handleSecretValueChange = (event: any) => {
|
||||||
if (secret) {
|
if (secret) {
|
||||||
setSecretValue(event.target.value);
|
const newSecret = { ...secret, value: event.target.value };
|
||||||
|
setSecret(newSecret);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
const updateSecretValue = () => {
|
const updateSecretValue = () => {
|
||||||
if (secret && secretValue) {
|
if (secret) {
|
||||||
secret.value = secretValue;
|
|
||||||
HttpService.makeCallToBackend({
|
HttpService.makeCallToBackend({
|
||||||
path: `/secrets/${secret.key}`,
|
path: `/secrets/${secret.key}`,
|
||||||
successCallback: () => {
|
successCallback: () => {
|
||||||
setSecret(secret);
|
setShowSuccessNotification(true);
|
||||||
},
|
},
|
||||||
httpMethod: 'PUT',
|
httpMethod: 'PUT',
|
||||||
postBody: {
|
postBody: {
|
||||||
value: secretValue,
|
value: secret.value,
|
||||||
creator_user_id: secret.creator_user_id,
|
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -58,9 +60,17 @@ export default function SecretShow() {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const successNotificationComponent = (
|
||||||
|
<Notification
|
||||||
|
title="Secret updated"
|
||||||
|
onClose={() => setShowSuccessNotification(false)}
|
||||||
|
/>
|
||||||
|
);
|
||||||
|
|
||||||
if (secret) {
|
if (secret) {
|
||||||
return (
|
return (
|
||||||
<>
|
<>
|
||||||
|
{showSuccessNotification && successNotificationComponent}
|
||||||
<h1>Secret Key: {secret.key}</h1>
|
<h1>Secret Key: {secret.key}</h1>
|
||||||
<Stack orientation="horizontal" gap={3}>
|
<Stack orientation="horizontal" gap={3}>
|
||||||
<ButtonWithConfirmation
|
<ButtonWithConfirmation
|
||||||
|
@ -68,8 +78,14 @@ export default function SecretShow() {
|
||||||
onConfirmation={deleteSecret}
|
onConfirmation={deleteSecret}
|
||||||
buttonLabel="Delete"
|
buttonLabel="Delete"
|
||||||
/>
|
/>
|
||||||
<Button variant="warning" onClick={updateSecretValue}>
|
<Button
|
||||||
Update Value
|
disabled={displaySecretValue}
|
||||||
|
variant="warning"
|
||||||
|
onClick={() => {
|
||||||
|
setDisplaySecretValue(true);
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
Retrieve secret value
|
||||||
</Button>
|
</Button>
|
||||||
</Stack>
|
</Stack>
|
||||||
<div>
|
<div>
|
||||||
|
@ -77,21 +93,36 @@ export default function SecretShow() {
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>Key</th>
|
<th>Key</th>
|
||||||
<th>Value</th>
|
{displaySecretValue && (
|
||||||
|
<>
|
||||||
|
<th>Value</th>
|
||||||
|
<th>Actions</th>
|
||||||
|
</>
|
||||||
|
)}
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<tr>
|
<tr>
|
||||||
<td>{params.key}</td>
|
<td>{params.key}</td>
|
||||||
<td>
|
{displaySecretValue && (
|
||||||
<input
|
<>
|
||||||
id="secret_value"
|
<td>
|
||||||
name="secret_value"
|
<TextInput
|
||||||
type="text"
|
id="secret_value"
|
||||||
value={secretValue || secret.value}
|
name="secret_value"
|
||||||
onChange={handleSecretValueChange}
|
value={secret.value}
|
||||||
/>
|
onChange={handleSecretValueChange}
|
||||||
</td>
|
/>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
{displaySecretValue && (
|
||||||
|
<Button variant="warning" onClick={updateSecretValue}>
|
||||||
|
Update Value
|
||||||
|
</Button>
|
||||||
|
)}
|
||||||
|
</td>
|
||||||
|
</>
|
||||||
|
)}
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</Table>
|
</Table>
|
||||||
|
|
Loading…
Reference in New Issue