Skip to content

Commit 2e58e77

Browse files
prakash100198prakash100198
authored
fix: Decode secret fix on add update oss (#5695)
* ValidateEncodedDataByDecoding in case add or update secret * wire fix from main * minor refactor * comment
1 parent 4f04d6b commit 2e58e77

File tree

4 files changed

+48
-10
lines changed

4 files changed

+48
-10
lines changed

cmd/external-app/wire_gen.go

+2-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/pipeline/ConfigMapService.go

+35-7
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,9 @@ import (
3434
util2 "github.com/devtron-labs/devtron/util"
3535
"github.com/go-pg/pg"
3636
"go.uber.org/zap"
37+
"net/http"
3738
"regexp"
39+
"strconv"
3840
"time"
3941
)
4042

@@ -504,12 +506,19 @@ func (impl ConfigMapServiceImpl) CSGlobalAddUpdate(configMapRequest *bean.Config
504506
return nil, fmt.Errorf("invalid request multiple config found for add or update")
505507
}
506508
configData := configMapRequest.ConfigData[0]
509+
// validating config/secret data at service layer since this func is consumed in multiple flows, hence preventing code duplication
507510
valid, err := impl.validateConfigData(configData)
508511
if err != nil && !valid {
509512
impl.logger.Errorw("error in validating", "error", err)
510513
return configMapRequest, err
511514
}
512515

516+
valid, err = impl.validateConfigDataForSecretsOnly(configData)
517+
if err != nil && !valid {
518+
impl.logger.Errorw("error in validating secrets only data", "error", err)
519+
return configMapRequest, err
520+
}
521+
513522
valid, err = impl.validateExternalSecretChartCompatibility(configMapRequest.AppId, configMapRequest.EnvironmentId, configData)
514523
if err != nil && !valid {
515524
impl.logger.Errorw("error in validating", "error", err)
@@ -704,11 +713,17 @@ func (impl ConfigMapServiceImpl) CSEnvironmentAddUpdate(configMapRequest *bean.C
704713
}
705714

706715
configData := configMapRequest.ConfigData[0]
716+
// validating config/secret data at service layer since this func is consumed in multiple flows, hence preventing code duplication
707717
valid, err := impl.validateConfigData(configData)
708718
if err != nil && !valid {
709719
impl.logger.Errorw("error in validating", "error", err)
710720
return configMapRequest, err
711721
}
722+
valid, err = impl.validateConfigDataForSecretsOnly(configData)
723+
if err != nil && !valid {
724+
impl.logger.Errorw("error in validating secrets only data", "error", err)
725+
return configMapRequest, err
726+
}
712727

713728
valid, err = impl.validateExternalSecretChartCompatibility(configMapRequest.AppId, configMapRequest.EnvironmentId, configData)
714729
if err != nil && !valid {
@@ -795,13 +810,6 @@ func (impl ConfigMapServiceImpl) CSEnvironmentAddUpdate(configMapRequest *bean.C
795810
}
796811
configMapRequest.Id = configMap.Id
797812
}
798-
//VARIABLE_MAPPING_UPDATE
799-
//sl := bean.SecretsList{}
800-
//data, err := sl.GetTransformedDataForSecretList(model.SecretData, util2.DecodeSecret)
801-
//if err != nil {
802-
// return nil, err
803-
//}
804-
//err = impl.extractAndMapVariables(data, model.Id, repository5.EntityTypeSecretEnvLevel, configMapRequest.UserId)
805813
err = impl.scopedVariableManager.CreateVariableMappingsForSecretEnv(model)
806814
if err != nil {
807815
return nil, err
@@ -1545,6 +1553,26 @@ func (impl ConfigMapServiceImpl) validateConfigData(configData *bean.ConfigData)
15451553
return true, nil
15461554
}
15471555

1556+
func (impl ConfigMapServiceImpl) validateConfigDataForSecretsOnly(configData *bean.ConfigData) (bool, error) {
1557+
1558+
// check encoding in base64 for secret data
1559+
if len(configData.Data) > 0 {
1560+
dataMap := make(map[string]string)
1561+
err := json.Unmarshal(configData.Data, &dataMap)
1562+
if err != nil {
1563+
impl.logger.Errorw("error while unmarshalling secret data ", "error", err)
1564+
return false, err
1565+
}
1566+
err = util2.ValidateEncodedDataByDecoding(dataMap)
1567+
if err != nil {
1568+
impl.logger.Errorw("error in decoding secret data", "error", err)
1569+
return false, util.NewApiError().WithHttpStatusCode(http.StatusUnprocessableEntity).WithCode(strconv.Itoa(http.StatusUnprocessableEntity)).
1570+
WithUserMessage("error in decoding data, make sure the secret data is encoded properly")
1571+
}
1572+
}
1573+
return true, nil
1574+
}
1575+
15481576
func (impl ConfigMapServiceImpl) updateConfigData(configData *bean.ConfigData, syncRequest *bean.BulkPatchRequest) (*bean.ConfigData, error) {
15491577
dataMap := make(map[string]string)
15501578
var updatedData json.RawMessage

util/encoding-utils.go

+10
Original file line numberDiff line numberDiff line change
@@ -53,3 +53,13 @@ func GetDecodedAndEncodedData(data json.RawMessage, transformer SecretTransformM
5353
}
5454
return marshal, nil
5555
}
56+
57+
func ValidateEncodedDataByDecoding(dataMap map[string]string) error {
58+
for _, value := range dataMap {
59+
_, err := base64.StdEncoding.DecodeString(value)
60+
if err != nil {
61+
return err
62+
}
63+
}
64+
return nil
65+
}

wire_gen.go

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)