Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable SP to retrieve and provide German umlaut chars #500

Merged
merged 1 commit into from
Feb 15, 2023
Merged

Enable SP to retrieve and provide German umlaut chars #500

merged 1 commit into from
Feb 15, 2023

Conversation

john-odonnell
Copy link
Contributor

@john-odonnell john-odonnell commented Feb 13, 2023
edited
Loading

Desired Outcome

Enable Secrets Provider to deliver secrets with special characters/binary values.

Implemented Changes

In conjur#1989, the /secrets endpoint was updated to allow for the batch retrieval of secrets with binary values - adding the Accept-Encoding header set to base64 means Conjur will base64 encode secret values before attempting to render response JSON.

We can use that functionality here to enable Secrets Provider to deliver binary/special character secrets by switching client.RetrieveBatchSecrets() to client.RetrieveBatchSecretsSafe().

Connected Issue/Story

CNJR-466

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a
    CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code
    changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR
  • A follow-up issue to update official docs has been filed here: [insert issue ID]
  • This PR does not require updating any documentation

Behavior

  • This PR changes product behavior and has been reviewed by a PO, or
  • These changes are part of a larger initiative that will be reviewed later, or
  • No behavior was changed with this PR

Security

  • Security architect has reviewed the changes in this PR,
  • These changes are part of a larger initiative with a separate security review, or
  • There are no security aspects to these changes

@john-odonnell john-odonnell force-pushed the johnodon-umlaut branch 2 times, most recently from 8d7ae2d to 3f6384b Compare February 13, 2023 17:45
@john-odonnell
Enable SP to retrieve and provide German umlaut chars
9c027b9 
Uses the Go API function client.RetrieveBatchSecretsSafe,
which requests base64 encoded secrets from Conjur, and
returns a map of variable IDs to decoded values.

Secrets Provider can now inject binary secret values,
including strings with special characters.
@codeclimate
Copy link

codeclimate bot commented Feb 13, 2023

Code Climate has analyzed commit 9c027b9 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 89.1% (0.0% change).

View more on Code Climate.

@john-odonnell john-odonnell marked this pull request as ready for review February 14, 2023 14:31
@john-odonnell john-odonnell requested a review from a team as a code owner February 14, 2023 14:31
jtuttle
jtuttle reviewed Feb 14, 2023
View reviewed changes
deploy/policy/load_policies.sh
@@ -35,6 +35,7 @@ done
conjur variable values add secrets/test_secret "some-secret"
conjur variable values add "secrets/var with spaces" "some-secret"
conjur variable values add "secrets/var+with+pluses" "some-secret"
conjur variable values add "secrets/umlaut" "some-secret"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you not need an umlaut in this secret value? Or is this just a placeholder that gets replaced later on?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a placeholder that's replaced when a test case runs [test case][CLI variable load].

jtuttle
jtuttle reviewed Feb 14, 2023
View reviewed changes
pkg/secrets/clients/conjur/conjur_client.go
*/
type ConjurClient interface {
RetrieveBatchSecrets([]string) (map[string][]byte, error)
RetrieveBatchSecretsSafe([]string) (map[string][]byte, error)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure it's totally safe now or are there other corner cases that might sneak in? :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Disclaimer: did not come up with the naming here. Having trouble thinking of a better variable name that distinguishes the two without getting into unseen details.

Also, RetrieveBatchSecretsSafe has the same interface as RetrieveBatchSecrets, but doesn't fail on special characters/binary values - maybe RetrieveBatchSecretsSafe should be renamed to RetrieveBatchSecrets, and RetrieveBatchSecrets shouldn't be used?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh right, you're just using a different conjur-api-go method? Nah, that's fine then.

@jtuttle jtuttle requested a review from a team February 14, 2023 14:48
gl-johnson
gl-johnson approved these changes Feb 15, 2023
View reviewed changes
Copy link
Contributor

@gl-johnson gl-johnson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@john-odonnell john-odonnell merged commit d2e296c into main Feb 15, 2023
@john-odonnell john-odonnell deleted the johnodon-umlaut branch February 15, 2023 19:03
@john-odonnell john-odonnell mentioned this pull request Apr 21, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtuttle jtuttle jtuttle left review comments

@gl-johnson gl-johnson gl-johnson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@john-odonnell @jtuttle @gl-johnson