Skip to content

Commit

Permalink
Merge pull request #5 from kriten-io/feat/secrets
Browse files Browse the repository at this point in the history
Feat/secrets
  • Loading branch information
vkupriya authored Sep 13, 2024
2 parents 3d75ff1 + c70358c commit 256cb41
Show file tree
Hide file tree
Showing 14 changed files with 388 additions and 364 deletions.
12 changes: 9 additions & 3 deletions .github/workflows/version-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
env:
DOCKER_REGISTRY: hub.docker.com
DOCKER_REPOSITORY: kriten
DOCKER_PLATFORM: linux/amd64
DOCKER_PLATFORM: linux/amd64,linux/arm64
steps:
- name: Check out the repo
uses: actions/checkout@v3
Expand All @@ -23,6 +23,12 @@ jobs:
command: init --parseDependency --parseInternal
swagWersion: 1.8.12

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
Expand All @@ -31,12 +37,12 @@ jobs:

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v3
with:
images: ${{ secrets.DOCKER_USERNAME }}/${{ env.DOCKER_REPOSITORY }}

- name: Build and push Docker image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v6
with:
context: .
push: true
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,6 @@ brainiac-core

# Dependency directories (remove the comment below to include it)
# vendor/

# Local inventory file
.env
119 changes: 115 additions & 4 deletions controllers/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ func (rc *RunnerController) SetRunnerRoutes(rg *gin.RouterGroup, config config.C
r.PATCH("/:id", rc.UpdateRunner)
r.PUT("/:id", rc.UpdateRunner)
r.DELETE("/:id", rc.DeleteRunner)

{
r.GET("/:id/secret", rc.GetSecret)
r.POST("/:id/secret", rc.UpdateSecret)
r.PUT("/:id/secret", rc.UpdateSecret)
r.DELETE("/:id/secret", rc.DeleteSecret)
}
}

}
Expand Down Expand Up @@ -150,7 +157,7 @@ func (rc *RunnerController) CreateRunner(ctx *gin.Context) {

audit.EventTarget = runner.Name

configMap, err := rc.RunnerService.CreateRunner(runner)
runnerData, err := rc.RunnerService.CreateRunner(runner)
if err != nil {
if errors.IsAlreadyExists(err) {
rc.AuditService.CreateAudit(audit)
Expand All @@ -164,7 +171,7 @@ func (rc *RunnerController) CreateRunner(ctx *gin.Context) {

audit.Status = "success"
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, configMap.Data)
ctx.JSON(http.StatusOK, runnerData)
}

// UpdateRunner godoc
Expand Down Expand Up @@ -194,7 +201,7 @@ func (rc *RunnerController) UpdateRunner(ctx *gin.Context) {
return
}

configMap, err := rc.RunnerService.UpdateRunner(runner)
runnerData, err := rc.RunnerService.UpdateRunner(runner)
if err != nil {
if errors.IsNotFound(err) {
rc.AuditService.CreateAudit(audit)
Expand All @@ -208,7 +215,7 @@ func (rc *RunnerController) UpdateRunner(ctx *gin.Context) {

audit.Status = "success"
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, configMap.Data)
ctx.JSON(http.StatusOK, runnerData)
}

// DeleteRunner godoc
Expand Down Expand Up @@ -246,3 +253,107 @@ func (rc *RunnerController) DeleteRunner(ctx *gin.Context) {
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, gin.H{"msg": "runner deleted successfully"})
}

// GetSecret godoc
//
// @Summary Get secret
// @Description Get secret associated with runner (passwords are obfuscated)
// @Tags runners
// @Accept json
// @Produce json
// @Param id path string true "Runner name"
// @Success 200 {object} map[string]interface{}
// @Failure 400 {object} helpers.HTTPError
// @Failure 404 {object} helpers.HTTPError
// @Failure 500 {object} helpers.HTTPError
// @Router /tasks/{id}/secret [get]
// @Security Bearer
func (rc *RunnerController) GetSecret(ctx *gin.Context) {
runnerName := ctx.Param("id")
audit := rc.AuditService.InitialiseAuditLog(ctx, "get_secret", rc.AuditCategory, runnerName)
secret, err := rc.RunnerService.GetSecret(runnerName)

if err != nil {
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}

if secret == nil {
ctx.JSON(http.StatusOK, gin.H{"msg": "secret not found"})
return
}

audit.Status = "success"
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, secret)
}

// GetSecret godoc
//
// @Summary Update secret
// @Description Update secret associated with runner
// @Tags runners
// @Accept json
// @Produce json
// @Param id path string true "runner name"
// @Success 200 {object} map[string]interface{}
// @Failure 400 {object} helpers.HTTPError
// @Failure 404 {object} helpers.HTTPError
// @Failure 500 {object} helpers.HTTPError
// @Router /runners/{id}/secret [get]
// @Security Bearer
func (rc *RunnerController) UpdateSecret(ctx *gin.Context) {
runnerName := ctx.Param("id")
audit := rc.AuditService.InitialiseAuditLog(ctx, "update_secret", rc.AuditCategory, runnerName)
var secret map[string]string

if err := ctx.BindJSON(&secret); err != nil {
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}

secretStored, err := rc.RunnerService.UpdateSecret(runnerName, secret)

if err != nil {
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}

audit.Status = "success"
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, secretStored)
}

// DeleteSecret godoc
//
// @Summary Delete secret
// @Description Remove secret associated with runner
// @Tags runners
// @Accept json
// @Produce json
// @Param id path string true "Runner name"
// @Success 200 {object} map[string]interface{}
// @Failure 400 {object} helpers.HTTPError
// @Failure 404 {object} helpers.HTTPError
// @Failure 500 {object} helpers.HTTPError
// @Router /runners/{id}/schema [delete]
// @Security Bearer
func (rc *RunnerController) DeleteSecret(ctx *gin.Context) {
runnerName := ctx.Param("id")
audit := rc.AuditService.InitialiseAuditLog(ctx, "delete_secret", rc.AuditCategory, runnerName)

err := rc.RunnerService.DeleteSecret(runnerName)

if err != nil {
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}

audit.Status = "success"
rc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, gin.H{"msg": "secret deleted successfully"})
}
118 changes: 3 additions & 115 deletions controllers/task.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,6 @@ func (tc *TaskController) SetTaskRoutes(rg *gin.RouterGroup, config config.Confi
r.POST("/:id/schema", tc.UpdateSchema)
r.PUT("/:id/schema", tc.UpdateSchema)
r.DELETE("/:id/schema", tc.DeleteSchema)

r.GET("/:id/secret", tc.GetSecret)
r.POST("/:id/secret", tc.UpdateSecret)
r.PUT("/:id/secret", tc.UpdateSecret)
r.DELETE("/:id/secret", tc.DeleteSecret)
}
}

Expand Down Expand Up @@ -117,7 +112,7 @@ func (tc *TaskController) GetTask(ctx *gin.Context) {
taskName := ctx.Param("id")
audit := tc.AuditService.InitialiseAuditLog(ctx, "get", tc.AuditCategory, taskName)
// username := ctx.MustGet("username").(string)
task, secret, err := tc.TaskService.GetTask(taskName)
task, err := tc.TaskService.GetTask(taskName)

if err != nil {
tc.AuditService.CreateAudit(audit)
Expand All @@ -132,7 +127,6 @@ func (tc *TaskController) GetTask(ctx *gin.Context) {
}
audit.Status = "success"

task["secret"] = secret
// ctx.JSON(http.StatusOK, gin.H{"msg": "task retrieved successfully", "value": task, "secret": secret})
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, task)
Expand Down Expand Up @@ -163,7 +157,7 @@ func (tc *TaskController) CreateTask(ctx *gin.Context) {
}
audit.EventTarget = task.Name

taskConfig, secret, err := tc.TaskService.CreateTask(task)
taskConfig, err := tc.TaskService.CreateTask(task)
if err != nil {
if errors.IsAlreadyExists(err) {
tc.AuditService.CreateAudit(audit)
Expand All @@ -176,7 +170,6 @@ func (tc *TaskController) CreateTask(ctx *gin.Context) {
}

audit.Status = "success"
taskConfig["secret"] = secret
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, taskConfig)
}
Expand Down Expand Up @@ -207,7 +200,7 @@ func (tc *TaskController) UpdateTask(ctx *gin.Context) {
return
}

taskConfig, secret, err := tc.TaskService.UpdateTask(task)
taskConfig, err := tc.TaskService.UpdateTask(task)
if err != nil {
if errors.IsNotFound(err) {
tc.AuditService.CreateAudit(audit)
Expand All @@ -220,7 +213,6 @@ func (tc *TaskController) UpdateTask(ctx *gin.Context) {
}
audit.Status = "success"
tc.AuditService.CreateAudit(audit)
taskConfig["secret"] = secret
ctx.JSON(http.StatusOK, taskConfig)
}

Expand Down Expand Up @@ -362,107 +354,3 @@ func (tc *TaskController) DeleteSchema(ctx *gin.Context) {
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, gin.H{"msg": "schema deleted successfully"})
}

// GetSecret godoc
//
// @Summary Get secret
// @Description Get secret associated to a specific task (passwords are obfuscated)
// @Tags tasks
// @Accept json
// @Produce json
// @Param id path string true "Task name"
// @Success 200 {object} map[string]interface{}
// @Failure 400 {object} helpers.HTTPError
// @Failure 404 {object} helpers.HTTPError
// @Failure 500 {object} helpers.HTTPError
// @Router /tasks/{id}/secret [get]
// @Security Bearer
func (tc *TaskController) GetSecret(ctx *gin.Context) {
taskName := ctx.Param("id")
audit := tc.AuditService.InitialiseAuditLog(ctx, "get_secret", tc.AuditCategory, taskName)
secret, err := tc.TaskService.GetSecret(taskName)

if err != nil {
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}

if secret == nil {
ctx.JSON(http.StatusOK, gin.H{"msg": "secret not found"})
return
}

audit.Status = "success"
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, secret)
}

// GetSecret godoc
//
// @Summary Update secret
// @Description Update secret associated to a specific task
// @Tags tasks
// @Accept json
// @Produce json
// @Param id path string true "Task name"
// @Success 200 {object} map[string]interface{}
// @Failure 400 {object} helpers.HTTPError
// @Failure 404 {object} helpers.HTTPError
// @Failure 500 {object} helpers.HTTPError
// @Router /tasks/{id}/secret [get]
// @Security Bearer
func (tc *TaskController) UpdateSecret(ctx *gin.Context) {
taskName := ctx.Param("id")
audit := tc.AuditService.InitialiseAuditLog(ctx, "update_secret", tc.AuditCategory, taskName)
var secret map[string]string

if err := ctx.BindJSON(&secret); err != nil {
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}

secretStored, err := tc.TaskService.UpdateSecret(taskName, secret)

if err != nil {
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}

audit.Status = "success"
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, secretStored)
}

// DeleteSecret godoc
//
// @Summary Delete secret
// @Description Remove secret associated to a specific task
// @Tags tasks
// @Accept json
// @Produce json
// @Param id path string true "Task name"
// @Success 200 {object} map[string]interface{}
// @Failure 400 {object} helpers.HTTPError
// @Failure 404 {object} helpers.HTTPError
// @Failure 500 {object} helpers.HTTPError
// @Router /tasks/{id}/schema [delete]
// @Security Bearer
func (tc *TaskController) DeleteSecret(ctx *gin.Context) {
taskName := ctx.Param("id")
audit := tc.AuditService.InitialiseAuditLog(ctx, "delete_secret", tc.AuditCategory, taskName)

err := tc.TaskService.DeleteSecret(taskName)

if err != nil {
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}

audit.Status = "success"
tc.AuditService.CreateAudit(audit)
ctx.JSON(http.StatusOK, gin.H{"msg": "secret deleted successfully"})
}
2 changes: 1 addition & 1 deletion controllers/tokens.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"net/http"

"github.com/gin-gonic/gin"
"github.com/satori/go.uuid"
uuid "github.com/satori/go.uuid"
)

type ApiTokenController struct {
Expand Down
Loading

0 comments on commit 256cb41

Please sign in to comment.