From 970c3c0d61cf0fc65a8617ede0e9f71d8e85c24d Mon Sep 17 00:00:00 2001 From: Julien WITTOUCK Date: Tue, 3 Aug 2021 15:07:45 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8:=20extends=20AzureRM=20Credentials?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_ACCESS_KEY and ARM_ENVIRONMENT as part of the Azure Credentials details resolves #667 --- .../providers/credentials-azurerm.vue | 40 +++++++++++++++++++ .../io/gaia_app/credentials/Credentials.kt | 4 +- .../gaia_app/vault/VaultCredentialsService.kt | 16 ++++++++ .../CredentialsRestControllerIT.java | 9 +++++ .../gaia_app/credentials/CredentialsTest.kt | 6 +-- .../vault/VaultCredentialsServiceTest.kt | 16 ++++++-- 6 files changed, 82 insertions(+), 9 deletions(-) diff --git a/src/main/client/app/pages/credentials/providers/credentials-azurerm.vue b/src/main/client/app/pages/credentials/providers/credentials-azurerm.vue index 9ac43c3d3..58daf7b29 100644 --- a/src/main/client/app/pages/credentials/providers/credentials-azurerm.vue +++ b/src/main/client/app/pages/credentials/providers/credentials-azurerm.vue @@ -22,6 +22,46 @@ /> This field is mandatory + + + This field is mandatory + + + + This field is mandatory + + + + + + + diff --git a/src/main/java/io/gaia_app/credentials/Credentials.kt b/src/main/java/io/gaia_app/credentials/Credentials.kt index f538ba0a4..d4c4c108f 100644 --- a/src/main/java/io/gaia_app/credentials/Credentials.kt +++ b/src/main/java/io/gaia_app/credentials/Credentials.kt @@ -48,8 +48,8 @@ data class GoogleCredentials(var serviceAccountJSONContents:String, var projectI } @Document -data class AzureRMCredentials(var clientId:String, var clientSecret:String):Credentials("azurerm") { - override fun toEnv() = listOf("ARM_CLIENT_ID=$clientId", "ARM_CLIENT_SECRET=$clientSecret") +data class AzureRMCredentials(var clientId:String, var clientSecret:String, var subscriptionId:String, var tenantId:String, var environment:String? = "public", var backendAccessKey:String? = null):Credentials("azurerm") { + override fun toEnv() = listOf("ARM_CLIENT_ID=$clientId", "ARM_CLIENT_SECRET=$clientSecret", "ARM_SUBSCRIPTION_ID=$subscriptionId", "ARM_TENANT_ID=$tenantId", "ARM_ACCESS_KEY=$backendAccessKey", "ARM_ENVIRONMENT=$environment") } @Document diff --git a/src/main/java/io/gaia_app/vault/VaultCredentialsService.kt b/src/main/java/io/gaia_app/vault/VaultCredentialsService.kt index d80f5d2e0..2a05ca02c 100644 --- a/src/main/java/io/gaia_app/vault/VaultCredentialsService.kt +++ b/src/main/java/io/gaia_app/vault/VaultCredentialsService.kt @@ -97,11 +97,27 @@ fun EncryptionService.decryptGoogleCredentials(googleCredentials: GoogleCredenti fun EncryptionService.encryptAzurermCredentials(azureRMCredentials: AzureRMCredentials): Credentials { azureRMCredentials.clientId = this.encrypt(azureRMCredentials.clientId) azureRMCredentials.clientSecret = this.encrypt(azureRMCredentials.clientSecret) + azureRMCredentials.subscriptionId = this.encrypt(azureRMCredentials.subscriptionId) + azureRMCredentials.tenantId = this.encrypt(azureRMCredentials.tenantId) + if (azureRMCredentials.environment != null){ + azureRMCredentials.environment = this.encrypt(azureRMCredentials.environment!!) + } + if (azureRMCredentials.backendAccessKey != null){ + azureRMCredentials.backendAccessKey = this.encrypt(azureRMCredentials.backendAccessKey!!) + } return azureRMCredentials } fun EncryptionService.decryptAzurermCredentials(azureRMCredentials: AzureRMCredentials): Credentials { azureRMCredentials.clientId = this.decrypt(azureRMCredentials.clientId) azureRMCredentials.clientSecret = this.decrypt(azureRMCredentials.clientSecret) + azureRMCredentials.subscriptionId = this.decrypt(azureRMCredentials.subscriptionId) + azureRMCredentials.tenantId = this.decrypt(azureRMCredentials.tenantId) + if (azureRMCredentials.environment != null){ + azureRMCredentials.environment = this.decrypt(azureRMCredentials.environment!!) + } + if (azureRMCredentials.backendAccessKey != null){ + azureRMCredentials.backendAccessKey = this.decrypt(azureRMCredentials.backendAccessKey!!) + } return azureRMCredentials } diff --git a/src/test/java/io/gaia_app/credentials/CredentialsRestControllerIT.java b/src/test/java/io/gaia_app/credentials/CredentialsRestControllerIT.java index ce966837d..9210eee0c 100644 --- a/src/test/java/io/gaia_app/credentials/CredentialsRestControllerIT.java +++ b/src/test/java/io/gaia_app/credentials/CredentialsRestControllerIT.java @@ -1,4 +1,5 @@ package io.gaia_app.credentials; +//src/test/java/io/gaia_app/credentials/CredentialsRestControllerIT.java import io.gaia_app.test.SharedMongoContainerTest; import org.junit.jupiter.api.BeforeEach; @@ -154,6 +155,10 @@ void users_shouldBeAbleToCreate_newAzurermCredentials() throws Exception { " \"provider\": \"azurerm\",\n" + " \"name\": \"Holocron\",\n" + " \"clientId\": \"DEATH_STAR_KEY\",\n" + + " \"subscriptionId\": \"DEATH_STAR_SUBSCRIPTION\",\n" + + " \"tenantId\": \"DEATH_STAR_TENANT\",\n" + + " \"environment\": \"DEATH_STAR_ENVIRONMENT\",\n" + + " \"backendAccessKey\": \"DEATH_STAR_BACKEND\",\n" + " \"clientSecret\": \"DEATH_STAR_SECRET\"\n" + " }")) .andExpect(status().isOk()) @@ -161,6 +166,10 @@ void users_shouldBeAbleToCreate_newAzurermCredentials() throws Exception { .andExpect(jsonPath("provider", is("azurerm"))) .andExpect(jsonPath("clientId", is("DEATH_STAR_KEY"))) .andExpect(jsonPath("clientSecret", is("DEATH_STAR_SECRET"))) + .andExpect(jsonPath("subscriptionId", is("DEATH_STAR_SUBSCRIPTION"))) + .andExpect(jsonPath("tenantId", is("DEATH_STAR_TENANT"))) + .andExpect(jsonPath("environment", is("DEATH_STAR_ENVIRONMENT"))) + .andExpect(jsonPath("backendAccessKey", is("DEATH_STAR_BACKEND"))) .andExpect(jsonPath("createdBy.username", is("Darth Vader"))) .andExpect(jsonPath("id").exists()); } diff --git a/src/test/java/io/gaia_app/credentials/CredentialsTest.kt b/src/test/java/io/gaia_app/credentials/CredentialsTest.kt index e804bd1a9..1367ad848 100644 --- a/src/test/java/io/gaia_app/credentials/CredentialsTest.kt +++ b/src/test/java/io/gaia_app/credentials/CredentialsTest.kt @@ -14,9 +14,9 @@ internal class CredentialsTest { } @Test - fun `toEnv() for AzureRMCredentials should return ARM_CLIENT_ID and ARM_CLIENT_SECRET`() { - assertThat(AzureRMCredentials("clientId", "secret").toEnv()) - .containsExactly("ARM_CLIENT_ID=clientId", "ARM_CLIENT_SECRET=secret") + fun `toEnv() for AzureRMCredentials should return ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_ACCESS_KEY, ARM_ENVIRONMENT`() { + assertThat(AzureRMCredentials("clientId", "secret", "subscriptionId", "tenantId", "environment", "backendAccessKey").toEnv()) + .containsExactly("ARM_CLIENT_ID=clientId", "ARM_CLIENT_SECRET=secret", "ARM_SUBSCRIPTION_ID=subscriptionId", "ARM_TENANT_ID=tenantId", "ARM_ACCESS_KEY=backendAccessKey", "ARM_ENVIRONMENT=environment") } @Test diff --git a/src/test/java/io/gaia_app/vault/VaultCredentialsServiceTest.kt b/src/test/java/io/gaia_app/vault/VaultCredentialsServiceTest.kt index b68f8ac22..09f908587 100644 --- a/src/test/java/io/gaia_app/vault/VaultCredentialsServiceTest.kt +++ b/src/test/java/io/gaia_app/vault/VaultCredentialsServiceTest.kt @@ -65,11 +65,15 @@ class VaultCredentialsServiceTest { @Test fun findAzureRMCredentials_shouldReturnDecryptedCredentials() { - val encryptedAzureRMCredentials = AzureRMCredentials("encryptedClientId", "encryptedSecret") - val plainAzureRMCredentials = AzureRMCredentials("clientId", "secret") + val encryptedAzureRMCredentials = AzureRMCredentials("encryptedClientId", "encryptedSecret", "encryptedSubscriptionId", "encryptedTenantId", "encryptedEnvironment", "encryptedBackendAccessKey") + val plainAzureRMCredentials = AzureRMCredentials("clientId", "secret", "subscriptionId", "tenantId", "environment", "backendAccessKey") `when`(encryptionService.decrypt("encryptedClientId")).thenReturn("clientId") `when`(encryptionService.decrypt("encryptedSecret")).thenReturn("secret") + `when`(encryptionService.decrypt("encryptedSubscriptionId")).thenReturn("subscriptionId") + `when`(encryptionService.decrypt("encryptedTenantId")).thenReturn("tenantId") + `when`(encryptionService.decrypt("encryptedBackendAccessKey")).thenReturn("backendAccessKey") + `when`(encryptionService.decrypt("encryptedEnvironment")).thenReturn("environment") `when`(credentialsRepository.findById("AzureRM")).thenReturn(Optional.of(encryptedAzureRMCredentials)) val credentials = credentialsService.findById("AzureRM").get() @@ -78,11 +82,15 @@ class VaultCredentialsServiceTest { @Test fun saveAzureRMCredentials_shouldReturnEncryptCredentials() { - val plainAzureRMCredentials = AzureRMCredentials("clientId", "secret") - val encryptedAzureRMCredentials = AzureRMCredentials("encryptedClientId", "encryptedSecret") + val plainAzureRMCredentials = AzureRMCredentials("clientId", "secret", "subscriptionId", "tenantId", "environment", "backendAccessKey") + val encryptedAzureRMCredentials = AzureRMCredentials("encryptedClientId", "encryptedSecret", "encryptedSubscriptionId", "encryptedTenantId", "encryptedEnvironment", "encryptedBackendAccessKey") `when`(encryptionService.encrypt("clientId")).thenReturn("encryptedClientId") `when`(encryptionService.encrypt("secret")).thenReturn("encryptedSecret") + `when`(encryptionService.encrypt("subscriptionId")).thenReturn("encryptedSubscriptionId") + `when`(encryptionService.encrypt("tenantId")).thenReturn("encryptedTenantId") + `when`(encryptionService.encrypt("backendAccessKey")).thenReturn("encryptedBackendAccessKey") + `when`(encryptionService.encrypt("environment")).thenReturn("encryptedEnvironment") val credentials = credentialsService.save(plainAzureRMCredentials) assertThat(credentials).isEqualTo(encryptedAzureRMCredentials)