ROX-21679: add rotate secret backup feature to admin API (#1540)

* add rotate secret backup feature to admin API * add e2e test for secret backup rotation * should always reconcile if secretsstored is empty * fix hash test
stackrox · Jan 12, 2024 · d08a4f8 · d08a4f8
1 parent 5cb0c28
commit d08a4f8
Show file tree

Hide file tree

Showing 13 changed files with 319 additions and 81 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -20,6 +20,9 @@
     {
       "name": "CloudantDetector"
     },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
     {
       "name": "GitHubTokenDetector"
     },
@@ -122,8 +125,7 @@
         "filename": "config/jwks-file-static.json",
         "hashed_secret": "551c2aa179bc3c0e2e8176d4b458d077ed358e25",
         "is_verified": false,
-        "line_number": 8,
-        "is_secret": false
+        "line_number": 8
       },
       {
         "type": "Base64 High Entropy String",
@@ -137,8 +139,7 @@
         "filename": "config/jwks-file-static.json",
         "hashed_secret": "f05bf8a9b8521955a5fa259abd1d5a6d269273ec",
         "is_verified": false,
-        "line_number": 16,
-        "is_secret": false
+        "line_number": 16
       },
       {
         "type": "Base64 High Entropy String",
@@ -152,8 +153,7 @@
         "filename": "config/jwks-file-static.json",
         "hashed_secret": "e23d321e76d1144e48b7f1d05dfd0d5036031003",
         "is_verified": false,
-        "line_number": 24,
-        "is_secret": false
+        "line_number": 24
       },
       {
         "type": "Base64 High Entropy String",
@@ -167,16 +167,14 @@
         "filename": "config/jwks-file-static.json",
         "hashed_secret": "9b87ab16703bb0ccd78aee2f69bd0e604f7a42dc",
         "is_verified": false,
-        "line_number": 32,
-        "is_secret": false
+        "line_number": 32
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "config/jwks-file-static.json",
         "hashed_secret": "3744e3d32aa35c3bb53d76d1832699b723f07812",
         "is_verified": false,
-        "line_number": 41,
-        "is_secret": false
+        "line_number": 41
       }
     ],
     "config/jwks-file.json": [
@@ -192,8 +190,7 @@
         "filename": "config/jwks-file.json",
         "hashed_secret": "551c2aa179bc3c0e2e8176d4b458d077ed358e25",
         "is_verified": false,
-        "line_number": 8,
-        "is_secret": false
+        "line_number": 8
       },
       {
         "type": "Base64 High Entropy String",
@@ -207,8 +204,7 @@
         "filename": "config/jwks-file.json",
         "hashed_secret": "f05bf8a9b8521955a5fa259abd1d5a6d269273ec",
         "is_verified": false,
-        "line_number": 16,
-        "is_secret": false
+        "line_number": 16
       },
       {
         "type": "Base64 High Entropy String",
@@ -222,8 +218,7 @@
         "filename": "config/jwks-file.json",
         "hashed_secret": "e23d321e76d1144e48b7f1d05dfd0d5036031003",
         "is_verified": false,
-        "line_number": 24,
-        "is_secret": false
+        "line_number": 24
       },
       {
         "type": "Base64 High Entropy String",
@@ -237,8 +232,7 @@
         "filename": "config/jwks-file.json",
         "hashed_secret": "9b87ab16703bb0ccd78aee2f69bd0e604f7a42dc",
         "is_verified": false,
-        "line_number": 32,
-        "is_secret": false
+        "line_number": 32
       }
     ],
     "db_setup_docker.sql": [
@@ -247,8 +241,7 @@
         "filename": "db_setup_docker.sql",
         "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
         "is_verified": false,
-        "line_number": 1,
-        "is_secret": false
+        "line_number": 1
       }
     ],
     "dev/env/manifests/shared/03-configmap-config.yaml": [
@@ -334,6 +327,15 @@
         "line_number": 7
       }
     ],
+    "e2e/e2e_test.go": [
+      {
+        "type": "Secret Keyword",
+        "filename": "e2e/e2e_test.go",
+        "hashed_secret": "7f38822bc2b03e97325ff310099f457f6f788daf",
+        "is_verified": false,
+        "line_number": 267
+      }
+    ],
     "fleetshard/pkg/central/cloudprovider/dbclient_moq.go": [
       {
         "type": "Secret Keyword",
@@ -352,30 +354,66 @@
         "line_number": 1531
       }
     ],
+    "internal/dinosaur/pkg/services/dinosaurservice_moq.go": [
+      {
+        "type": "Secret Keyword",
+        "filename": "internal/dinosaur/pkg/services/dinosaurservice_moq.go",
+        "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
+        "is_verified": false,
+        "line_number": 982
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "internal/dinosaur/pkg/services/dinosaurservice_moq.go",
+        "hashed_secret": "d035c0406b3e8286d3427e91db3497e0e17f0f83",
+        "is_verified": false,
+        "line_number": 983
+      }
+    ],
+    "pkg/client/fleetmanager/api_moq.go": [
+      {
+        "type": "Secret Keyword",
+        "filename": "pkg/client/fleetmanager/api_moq.go",
+        "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
+        "is_verified": false,
+        "line_number": 567
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "pkg/client/fleetmanager/api_moq.go",
+        "hashed_secret": "0ff50155b4f57adeccae93f27dc23efe2a8b7824",
+        "is_verified": false,
+        "line_number": 568
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "pkg/client/fleetmanager/api_moq.go",
+        "hashed_secret": "5ce1b8d4fb9dae5c02b2017e39e7267a21cea37f",
+        "is_verified": false,
+        "line_number": 577
+      }
+    ],
     "pkg/client/iam/client_moq.go": [
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/client_moq.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 649,
-        "is_secret": false
+        "line_number": 649
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/client_moq.go",
         "hashed_secret": "4595e0fe3be13544e523e5f6c1145f15007f7b58",
         "is_verified": false,
-        "line_number": 650,
-        "is_secret": false
+        "line_number": 650
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/client_moq.go",
         "hashed_secret": "539fbe365f6c0db26d473d85a736d318c2f565e5",
         "is_verified": false,
-        "line_number": 991,
-        "is_secret": false
+        "line_number": 991
       }
     ],
     "pkg/client/iam/gocloak_moq.go": [
@@ -384,48 +422,42 @@
         "filename": "pkg/client/iam/gocloak_moq.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 9711,
-        "is_secret": false
+        "line_number": 9711
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/gocloak_moq.go",
         "hashed_secret": "7f0b58c8f07c09a5ed45a784a8e1ea4d3e983d59",
         "is_verified": false,
-        "line_number": 9712,
-        "is_secret": false
+        "line_number": 9712
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/gocloak_moq.go",
         "hashed_secret": "9b8b876c2782fa992fab14095267bb8757b9fabc",
         "is_verified": false,
-        "line_number": 13092,
-        "is_secret": false
+        "line_number": 13092
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/gocloak_moq.go",
         "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
         "is_verified": false,
-        "line_number": 13095,
-        "is_secret": false
+        "line_number": 13095
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/gocloak_moq.go",
         "hashed_secret": "eb1b883e199141e362a143c51178ab8f09c87751",
         "is_verified": false,
-        "line_number": 13716,
-        "is_secret": false
+        "line_number": 13716
       },
       {
         "type": "Secret Keyword",
         "filename": "pkg/client/iam/gocloak_moq.go",
         "hashed_secret": "1b46ecc8fb47b1b39a420f00f08dbd58e0313188",
         "is_verified": false,
-        "line_number": 14023,
-        "is_secret": false
+        "line_number": 14023
       }
     ],
     "pkg/client/redhatsso/api/api/openapi.yaml": [
@@ -443,8 +475,7 @@
         "filename": "pkg/shared/secrets/secrets_test.go",
         "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
         "is_verified": false,
-        "line_number": 113,
-        "is_secret": false
+        "line_number": 113
       }
     ],
     "templates/envoy-config-configmap.yml": [
@@ -549,8 +580,7 @@
         "filename": "test/support/certs.json",
         "hashed_secret": "d59844c767c4c6c3840f8cabbc04b1e5ed2acc22",
         "is_verified": false,
-        "line_number": 8,
-        "is_secret": false
+        "line_number": 8
       }
     ],
     "test/support/jwt_private_key.pem": [
@@ -559,10 +589,9 @@
         "filename": "test/support/jwt_private_key.pem",
         "hashed_secret": "be4fc4886bd949b369d5e092eb87494f12e57e5b",
         "is_verified": false,
-        "line_number": 1,
-        "is_secret": false
+        "line_number": 1
       }
     ]
   },
-  "generated_at": "2024-01-10T15:22:39Z"
+  "generated_at": "2024-01-11T17:41:29Z"
 }