Skip to content

Commit

Permalink
Merge pull request #454 from kube-tarian/secretpath-in-api-resp
Browse files Browse the repository at this point in the history
adding secrep paths for resoueces get response
  • Loading branch information
vramk23 authored Apr 6, 2024
2 parents f9f20c5 + 766ba4a commit 8738fb1
Show file tree
Hide file tree
Showing 14 changed files with 1,367 additions and 1,143 deletions.
4 changes: 2 additions & 2 deletions capten/agent/internal/api/capten_sdk_apis.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ func (a *Agent) GetGitProjectById(ctx context.Context, request *captensdkpb.GetG
}, nil
}

accessToken, _, err := a.getGitProjectCredential(ctx, res.Id)
accessToken, _, _, _, err := a.getGitProjectCredential(ctx, res.Id)
if err != nil {
a.log.Errorf("failed to get git credential for project Id: %s, %v", request.Id, err)
return &captensdkpb.GetGitProjectByIdResponse{
Expand Down Expand Up @@ -84,7 +84,7 @@ func (a *Agent) GetContainerRegistryById(ctx context.Context, request *captensdk
RegistryType: res.RegistryType,
}

cred, err := a.getContainerRegCredential(ctx, res.Id)
cred, _, _, err := a.getContainerRegCredential(ctx, res.Id)
if err != nil {
a.log.Errorf("failed to get container registry credential for %s, %v", request.Id, err)
return &captensdkpb.GetContainerRegistryByIdResponse{
Expand Down
18 changes: 12 additions & 6 deletions capten/agent/internal/api/container_registry.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,16 +149,17 @@ func (a *Agent) GetContainerRegistry(ctx context.Context, request *captenplugins
}

for _, r := range res {
cred, err := a.getContainerRegCredential(ctx, r.Id)
cred, secretPath, secretKeys, err := a.getContainerRegCredential(ctx, r.Id)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.GetContainerRegistryResponse{
Status: captenpluginspb.StatusCode_INTERNAL_ERROR,
StatusMessage: "failed to fetch container registry",
}, err
}

r.RegistryAttributes = cred
r.SecretePath = secretPath
r.SecreteKeys = secretKeys
}

a.log.Infof("Found %d container registry", len(res))
Expand All @@ -170,21 +171,26 @@ func (a *Agent) GetContainerRegistry(ctx context.Context, request *captenplugins

}

func (a *Agent) getContainerRegCredential(ctx context.Context, id string) (map[string]string, error) {
func (a *Agent) getContainerRegCredential(ctx context.Context, id string) (map[string]string, string, []string, error) {
credPath := fmt.Sprintf("%s/%s/%s", credentials.GenericCredentialType, containerRegEntityName, id)
credAdmin, err := credentials.NewCredentialAdmin(ctx)
if err != nil {
a.log.Audit("security", "storecred", "failed", "system", "failed to intialize credentials client for %s", credPath)
a.log.Errorf("failed to get crendential for %s, %v", credPath, err)
return nil, err
return nil, "", nil, err
}

cred, err := credAdmin.GetCredential(ctx, credentials.GenericCredentialType, containerRegEntityName, id)
if err != nil {
a.log.Errorf("failed to get credential for %s, %v", credPath, err)
return nil, err
return nil, "", nil, err
}

secretKeys := []string{}
for key := range cred {
secretKeys = append(secretKeys, key)
}
return cred, nil
return cred, credPath, secretKeys, nil
}

func (a *Agent) storeContainerRegCredential(ctx context.Context, id string, credentialMap map[string]string) error {
Expand Down
2 changes: 1 addition & 1 deletion capten/agent/internal/api/plugin_argocd_apis.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func (a *Agent) RegisterArgoCDProject(ctx context.Context, request *captenplugin
}, nil
}

accessToken, userID, err := a.getGitProjectCredential(ctx, argoCDProject.GitProjectId)
accessToken, userID, _, _, err := a.getGitProjectCredential(ctx, argoCDProject.GitProjectId)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.RegisterArgoCDProjectResponse{
Expand Down
21 changes: 15 additions & 6 deletions capten/agent/internal/api/plugin_cloud_provider_apis.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ func (a *Agent) GetCloudProviders(ctx context.Context, request *captenpluginspb.
}

for _, r := range res {
cloudAttributes, err := a.getCloudProviderCredential(ctx, r.Id)
cloudAttributes, secretPath, secretKeys, err := a.getCloudProviderCredential(ctx, r.Id)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.GetCloudProvidersResponse{
Expand All @@ -154,6 +154,8 @@ func (a *Agent) GetCloudProviders(ctx context.Context, request *captenpluginspb.
}, nil
}
r.CloudAttributes = cloudAttributes
r.SecretePath = secretPath
r.SecreteKeys = secretKeys
}

a.log.Infof("Found %d cloud providers", len(res))
Expand Down Expand Up @@ -186,7 +188,7 @@ func (a *Agent) GetCloudProvidersWithFilter(ctx context.Context, request *capten
}

for _, r := range res {
cloudAttributes, err := a.getCloudProviderCredential(ctx, r.Id)
cloudAttributes, secretPath, secretKeys, err := a.getCloudProviderCredential(ctx, r.Id)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.GetCloudProvidersWithFilterResponse{
Expand All @@ -195,6 +197,8 @@ func (a *Agent) GetCloudProvidersWithFilter(ctx context.Context, request *capten
}, nil
}
r.CloudAttributes = cloudAttributes
r.SecretePath = secretPath
r.SecreteKeys = secretKeys
}

a.log.Infof("Found %d cloud providers for lables %v and cloud type %v", len(res), request.Labels, request.CloudType)
Expand All @@ -205,21 +209,26 @@ func (a *Agent) GetCloudProvidersWithFilter(ctx context.Context, request *capten
}, nil
}

func (a *Agent) getCloudProviderCredential(ctx context.Context, id string) (map[string]string, error) {
func (a *Agent) getCloudProviderCredential(ctx context.Context, id string) (map[string]string, string, []string, error) {
credPath := fmt.Sprintf("%s/%s/%s", credentials.GenericCredentialType, cloudProviderEntityName, id)
credAdmin, err := credentials.NewCredentialAdmin(ctx)
if err != nil {
a.log.Audit("security", "storecred", "failed", "system", "failed to intialize credentials client for %s", credPath)
a.log.Errorf("failed to get crendential for %s, %v", credPath, err)
return nil, err
return nil, "", nil, err
}

cred, err := credAdmin.GetCredential(ctx, credentials.GenericCredentialType, cloudProviderEntityName, id)
if err != nil {
a.log.Errorf("failed to get credential for %s, %v", credPath, err)
return nil, err
return nil, "", nil, err
}
return cred, nil

secretKeys := []string{}
for key := range cred {
secretKeys = append(secretKeys, key)
}
return cred, credPath, secretKeys, nil
}

func (a *Agent) storeCloudProviderCredential(ctx context.Context, id string, credentialMap map[string]string) error {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func (a *Agent) RegisterCrossplaneProject(ctx context.Context, request *captenpl
}

if ok, err := a.isProjectRegisteredWithArgoCD(ctx, crossplaneProject.GitProjectUrl); !ok && err == nil {
accessToken, userID, err := a.getGitProjectCredential(ctx, crossplaneProject.GitProjectId)
accessToken, userID, _, _, err := a.getGitProjectCredential(ctx, crossplaneProject.GitProjectId)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.RegisterCrossplaneProjectResponse{
Expand Down
21 changes: 15 additions & 6 deletions capten/agent/internal/api/plugin_git_apis.go
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ func (a *Agent) GetGitProjects(ctx context.Context, request *captenpluginspb.Get
}

for _, r := range res {
accessToken, userID, err := a.getGitProjectCredential(ctx, r.Id)
accessToken, userID, secretPath, secretKeys, err := a.getGitProjectCredential(ctx, r.Id)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.GetGitProjectsResponse{
Expand All @@ -177,6 +177,8 @@ func (a *Agent) GetGitProjects(ctx context.Context, request *captenpluginspb.Get
}
r.AccessToken = accessToken
r.UserID = userID
r.SecretePath = secretPath
r.SecreteKeys = secretKeys
}

a.log.Infof("Found %d git projects", len(res))
Expand Down Expand Up @@ -209,7 +211,7 @@ func (a *Agent) GetGitProjectsForLabels(ctx context.Context, request *captenplug
}

for _, r := range res {
accessToken, userID, err := a.getGitProjectCredential(ctx, r.Id)
accessToken, userID, secretPath, secretKeys, err := a.getGitProjectCredential(ctx, r.Id)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.GetGitProjectsForLabelsResponse{
Expand All @@ -219,6 +221,8 @@ func (a *Agent) GetGitProjectsForLabels(ctx context.Context, request *captenplug
}
r.AccessToken = accessToken
r.UserID = userID
r.SecretePath = secretPath
r.SecreteKeys = secretKeys
}

a.log.Infof("Found %d git projects for lables %v", len(res), request.Labels)
Expand All @@ -229,21 +233,26 @@ func (a *Agent) GetGitProjectsForLabels(ctx context.Context, request *captenplug
}, nil
}

func (a *Agent) getGitProjectCredential(ctx context.Context, id string) (string, string, error) {
func (a *Agent) getGitProjectCredential(ctx context.Context, id string) (string, string, string, []string, error) {
credPath := fmt.Sprintf("%s/%s/%s", credentials.GenericCredentialType, gitProjectEntityName, id)
credAdmin, err := credentials.NewCredentialAdmin(ctx)
if err != nil {
a.log.Audit("security", "storecred", "failed", "system", "failed to intialize credentials client for %s", credPath)
a.log.Errorf("failed to get crendential for %s, %v", credPath, err)
return "", "", err
return "", "", "", nil, err
}

cred, err := credAdmin.GetCredential(ctx, credentials.GenericCredentialType, gitProjectEntityName, id)
if err != nil {
a.log.Errorf("failed to get credential for %s, %v", credPath, err)
return "", "", err
return "", "", "", nil, err
}
return cred["accessToken"], cred["userID"], nil

secretKeys := []string{}
for key := range cred {
secretKeys = append(secretKeys, key)
}
return cred["accessToken"], cred["userID"], credPath, secretKeys, nil
}

func (a *Agent) storeGitProjectCredential(ctx context.Context, id string, userID string, accessToken string) error {
Expand Down
28 changes: 23 additions & 5 deletions capten/agent/internal/api/plugin_managed_clusters_apis.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,19 @@ func (a *Agent) GetManagedClusters(ctx context.Context, request *captenpluginspb
}, nil
}

for _, r := range managedClusters {
_, secretPath, secretKeys, err := a.getContainerRegCredential(ctx, r.Id)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.GetManagedClustersResponse{
Status: captenpluginspb.StatusCode_INTERNAL_ERROR,
StatusMessage: "failed to fetch managed clusters",
}, err
}
r.SecretePath = secretPath
r.SecreteKeys = secretKeys
}

a.log.Infof("Fetched %d Managed Clusters", len(managedClusters))
return &captenpluginspb.GetManagedClustersResponse{
Status: captenpluginspb.StatusCode_OK,
Expand All @@ -43,7 +56,7 @@ func (a *Agent) GetManagedClusterKubeconfig(ctx context.Context, request *capten

a.log.Infof("Get Managed Cluster %s kubeconfig request recieved", request.Id)

creds, err := a.getManagedClusterCredential(ctx, request.GetId())
creds, _, _, err := a.getManagedClusterCredential(ctx, request.GetId())
if err != nil {
a.log.Errorf("failed to get managedClusters kubeconfig from vault, %v", err)
return &captenpluginspb.GetManagedClusterKubeconfigResponse{
Expand All @@ -60,21 +73,26 @@ func (a *Agent) GetManagedClusterKubeconfig(ctx context.Context, request *capten
}, nil
}

func (a *Agent) getManagedClusterCredential(ctx context.Context, id string) (map[string]string, error) {
func (a *Agent) getManagedClusterCredential(ctx context.Context, id string) (map[string]string, string, []string, error) {
credPath := fmt.Sprintf("%s/%s/%s", credentials.GenericCredentialType, ManagedClusterEntityName, id)
credAdmin, err := credentials.NewCredentialAdmin(ctx)
if err != nil {
a.log.Audit("security", "storecred", "failed", "system", "failed to intialize credentials client for %s", credPath)
a.log.Errorf("failed to get crendential for %s, %v", credPath, err)
return nil, err
return nil, "", nil, err
}

cred, err := credAdmin.GetCredential(ctx, credentials.GenericCredentialType, ManagedClusterEntityName, id)
if err != nil {
a.log.Errorf("failed to get credential for %s, %v", credPath, err)
return nil, err
return nil, "", nil, err
}

secretKeys := []string{}
for key := range cred {
secretKeys = append(secretKeys, key)
}
return cred, nil
return cred, credPath, secretKeys, nil
}

// store managed cluster kubeconfig and endpoint in vault
Expand Down
2 changes: 1 addition & 1 deletion capten/agent/internal/api/plugin_tekton_apis.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (a *Agent) RegisterTektonProject(ctx context.Context, request *captenplugin
}

if ok, err := a.isProjectRegisteredWithArgoCD(ctx, project.GitProjectUrl); !ok && err == nil {
accessToken, userID, err := a.getGitProjectCredential(ctx, project.GitProjectId)
accessToken, userID, _, _, err := a.getGitProjectCredential(ctx, project.GitProjectId)
if err != nil {
a.log.Errorf("failed to get credential, %v", err)
return &captenpluginspb.RegisterTektonProjectResponse{
Expand Down
Loading

0 comments on commit 8738fb1

Please sign in to comment.