fix(vault): parse pre-v0.23 vault secrets (#1086)

* fix(vault): parse pre-v0.23 vault secrets * linter overlord
go-vela · Mar 15, 2024 · 219ab91 · 219ab91
1 parent 0c3e620
commit 219ab91
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 4 deletions.
diff --git a/secret/vault/vault.go b/secret/vault/vault.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/sts/stsiface"
+	"github.com/go-vela/types/constants"
 	"github.com/go-vela/types/library"
 	"github.com/hashicorp/vault/api"
 	"github.com/pkg/errors"
@@ -157,6 +158,7 @@ func secretFromVault(vault *api.Secret) *library.Secret {
 		}
 	}
 
+	// set allow_events if found in Vault secret
 	v, ok = data["allow_events"]
 	if ok {
 		maskJSON, ok := v.(json.Number)
@@ -166,6 +168,35 @@ func secretFromVault(vault *api.Secret) *library.Secret {
 				s.SetAllowEvents(library.NewEventsFromMask(mask))
 			}
 		}
+	} else {
+		// if not found, convert events to allow_events
+		// this happens when vault secret has not been updated since before v0.23
+		events, ok := data["events"]
+		if ok {
+			allowEventsMask := int64(0)
+
+			for _, element := range events.([]interface{}) {
+				event, ok := element.(string)
+				if ok {
+					switch event {
+					case constants.EventPush:
+						allowEventsMask |= constants.AllowPushBranch
+					case constants.EventPull:
+						allowEventsMask |= constants.AllowPullOpen | constants.AllowPullReopen | constants.AllowPullSync
+					case constants.EventComment:
+						allowEventsMask |= constants.AllowCommentCreate | constants.AllowCommentEdit
+					case constants.EventDeploy:
+						allowEventsMask |= constants.AllowDeployCreate
+					case constants.EventTag:
+						allowEventsMask |= constants.AllowPushTag
+					case constants.EventSchedule:
+						allowEventsMask |= constants.AllowSchedule
+					}
+				}
+			}
+
+			s.SetAllowEvents(library.NewEventsFromMask(allowEventsMask))
+		}
 	}
 
 	// set images if found in Vault secret
@@ -252,6 +283,15 @@ func secretFromVault(vault *api.Secret) *library.Secret {
 		if ok {
 			s.SetAllowSubstitution(substitution)
 		}
+	} else {
+		// set allow_substitution to allow_command value if not found in Vault secret
+		cmd, ok := data["allow_command"]
+		if ok {
+			command, ok := cmd.(bool)
+			if ok {
+				s.SetAllowSubstitution(command)
+			}
+		}
 	}
 
 	// set created_at if found in Vault secret

diff --git a/secret/vault/vault_test.go b/secret/vault/vault_test.go
@@ -105,15 +105,36 @@ func TestVault_secretFromVault(t *testing.T) {
 		},
 	}
 
+	// test vault secret from pre-v0.23 release
+	inputLegacy := &api.Secret{
+		Data: map[string]interface{}{
+			"data": map[string]interface{}{
+				"events":        []interface{}{"push", "tag", "deployment"},
+				"images":        []interface{}{"foo", "bar"},
+				"name":          "bar",
+				"org":           "foo",
+				"repo":          "*",
+				"team":          "foob",
+				"type":          "org",
+				"value":         "baz",
+				"allow_command": true,
+				"created_at":    json.Number("1563474077"),
+				"created_by":    "octocat",
+				"updated_at":    json.Number("1563474079"),
+				"updated_by":    "octocat2",
+			},
+		},
+	}
+
 	want := new(library.Secret)
 	want.SetOrg("foo")
 	want.SetRepo("*")
 	want.SetTeam("foob")
 	want.SetName("bar")
 	want.SetValue("baz")
 	want.SetType("org")
-	want.SetEvents([]string{"foo", "bar"})
-	want.SetAllowEvents(library.NewEventsFromMask(1))
+	want.SetEvents([]string{"push", "tag", "deployment"})
+	want.SetAllowEvents(library.NewEventsFromMask(8195))
 	want.SetImages([]string{"foo", "bar"})
 	want.SetAllowCommand(true)
 	want.SetAllowSubstitution(true)
@@ -132,6 +153,7 @@ func TestVault_secretFromVault(t *testing.T) {
 	}{
 		{"v1", args{secret: inputV1}},
 		{"v2", args{secret: inputV2}},
+		{"legacy", args{secret: inputLegacy}},
 	}
 
 	for _, tt := range tests {
@@ -221,8 +243,8 @@ func TestVault_AccurateSecretFields(t *testing.T) {
 // helper function to return a test Vault secret data.
 func testVaultSecretData() map[string]interface{} {
 	return map[string]interface{}{
-		"events":             []interface{}{"foo", "bar"},
-		"allow_events":       json.Number("1"),
+		"events":             []interface{}{"push", "tag", "deployment"},
+		"allow_events":       json.Number("8195"),
 		"images":             []interface{}{"foo", "bar"},
 		"name":               "bar",
 		"org":                "foo",