Skip to content

Commit

Permalink
modified logic and test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
@saksham-postman
saksham-postman committed Oct 22, 2024
1 parent d03a680 commit 98e7f52
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 22 deletions.
32 changes: 18 additions & 14 deletions lib/runner/extensions/event.command.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,8 +245,6 @@ module.exports = {
events,
isVaultAccessAllowed;

// Explicitly enable tracking for vault secrets here as this will
// not be sent to sandbox who otherwise takes care of mutation tracking

// @todo: find a better place to code this so that event is not aware of such options
if (abortOnFailure) {
Expand Down Expand Up @@ -394,26 +392,32 @@ module.exports = {
}.bind(this));

this.host.on(EXECUTION_VAULT_BASE + executionId, async function (id, cmd, ...args) {
try {
if (typeof isVaultAccessInScriptsAllowed === 'function') {
isVaultAccessAllowed = await isVaultAccessInScriptsAllowed(item.id);
}
else {
isVaultAccessAllowed = isVaultAccessInScriptsAllowed;
let currentIsVaultAccessAllowed = false;

Check warning on line 395 in lib/runner/extensions/event.command.js

View check run for this annotation

Codecov / codecov/patch

lib/runner/extensions/event.command.js#L394-L395 

Added lines #L394 - L395 were not covered by tests

if (isVaultAccessAllowed === undefined) {
try {
currentIsVaultAccessAllowed = Boolean(await isVaultAccessInScriptsAllowed(item.id));

Check warning on line 399 in lib/runner/extensions/event.command.js

View check run for this annotation

Codecov / codecov/patch

lib/runner/extensions/event.command.js#L398-L399 

Added lines #L398 - L399 were not covered by tests
}
if (isVaultAccessAllowed) {
vaultSecrets.enableTracking({ autoCompact: true });
catch (error) {
currentIsVaultAccessAllowed = false;

Check warning on line 402 in lib/runner/extensions/event.command.js

View check run for this annotation

Codecov / codecov/patch

lib/runner/extensions/event.command.js#L402 

Added line #L402 was not covered by tests
}
// eslint-disable-next-line require-atomic-updates
isVaultAccessAllowed = currentIsVaultAccessAllowed;

Check warning on line 405 in lib/runner/extensions/event.command.js

View check run for this annotation

Codecov / codecov/patch

lib/runner/extensions/event.command.js#L405 

Added line #L405 was not covered by tests
}
else {
currentIsVaultAccessAllowed = isVaultAccessAllowed;

Check warning on line 408 in lib/runner/extensions/event.command.js

View check run for this annotation

Codecov / codecov/patch

lib/runner/extensions/event.command.js#L408 

Added line #L408 was not covered by tests
}
catch (error) {
console.error(error.message);
isVaultAccessAllowed = false;

// Explicitly enable tracking for vault secrets here as this will
// not be sent to sandbox who otherwise takes care of mutation tracking
if (currentIsVaultAccessAllowed) {
vaultSecrets.enableTracking({ autoCompact: true });

Check warning on line 414 in lib/runner/extensions/event.command.js

View check run for this annotation

Codecov / codecov/patch

lib/runner/extensions/event.command.js#L414 

Added line #L414 was not covered by tests
}
// Ensure error is string
// TODO identify why error objects are not being serialized correctly
const dispatch = (e, r) => { this.host.dispatch(EXECUTION_VAULT_BASE + executionId, id, e, r); };

if (!isVaultAccessAllowed) {
if (!currentIsVaultAccessAllowed) {
return dispatch('Vault access denied');
}

Expand Down
24 changes: 16 additions & 8 deletions test/integration/sanity/vaultSecrets.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1061,7 +1061,7 @@ describe('vaultSecrets', function () {
});
});

describe('should handle _allowScriptAccess as a boolean for backward compatibility', function () {
describe('should fail if _allowScriptAccess is not a function', function () {
var testrun;

before(function (done) {
Expand All @@ -1083,8 +1083,12 @@ describe('vaultSecrets', function () {
listen: 'prerequest',
script: {
exec: `
const v = await pm.vault.get('var1');
console.log(v);
try {
const v = await pm.vault.get('var1');
console.log('Vault value:', v);
} catch (error) {
console.error('Vault error:', error.message);
}
`
}
}],
Expand All @@ -1097,21 +1101,25 @@ describe('vaultSecrets', function () {
});
});

it('should allow vault access when _allowScriptAccess is true', function () {
var prConsoleArgs = testrun.console.getCall(0).args.slice(2);
it('should deny vault access when _allowScriptAccess is not a function', function () {
expect(testrun.console.called).to.be.true;

expect(prConsoleArgs).to.deep.equal(['value1']);
var consoleArgs = testrun.console.getCall(0).args.slice(2);

expect(consoleArgs[0]).to.equal('Vault error:');
expect(consoleArgs[1]).to.equal('Vault access denied');
});
});

describe('should handle _allowScriptAccess as undefined for backward compatibility', function () {
describe('should handle when _allowScriptAccess function throws', function () {
var testrun;

before(function (done) {
this.run({
vaultSecrets: {
id: 'vault',
prefix: 'vault:',
_allowScriptAccess: function () { throw new Error('Custom error'); },
values: [
{
key: 'vault:var1',
Expand Down Expand Up @@ -1143,7 +1151,7 @@ describe('vaultSecrets', function () {
});
});

it('should deny vault access when _allowScriptAccess is undefined', function () {
it('should deny vault access when _allowScriptAccess function throws', function () {
expect(testrun.console.called).to.be.true;

var consoleArgs = testrun.console.getCall(0).args.slice(2);
Expand Down

0 comments on commit 98e7f52

Please sign in to comment.