From 78eca514b01d626405cc07887eaee1c4e8830352 Mon Sep 17 00:00:00 2001 From: Easton Crupper <65553218+ecrupper@users.noreply.github.com> Date: Fri, 5 Jan 2024 16:54:21 -0500 Subject: [PATCH] enhance(secrets)!: use the same allow_events system as repos for secrets (#1033) * init commit * use allowed instead of eventallowed --- api/secret/create.go | 18 ++++++++++++++++-- api/webhook/post.go | 2 +- database/integration_test.go | 3 +++ database/repo/repo_test.go | 3 +++ database/secret/create_test.go | 21 ++++++++++++--------- database/secret/get_org_test.go | 5 +++-- database/secret/get_repo_test.go | 5 +++-- database/secret/get_team_test.go | 5 +++-- database/secret/get_test.go | 5 +++-- database/secret/list_org_test.go | 8 +++++--- database/secret/list_repo_test.go | 8 +++++--- database/secret/list_team_test.go | 8 +++++--- database/secret/list_test.go | 8 +++++--- database/secret/secret_test.go | 27 +++++++++++++++++++++++++++ database/secret/table.go | 2 ++ database/secret/update_test.go | 21 ++++++++++++--------- go.mod | 2 +- go.sum | 4 ++-- secret/native/create_test.go | 4 ++++ secret/native/get_test.go | 1 + secret/native/list_test.go | 2 ++ secret/native/update.go | 5 +++++ secret/native/update_test.go | 2 ++ secret/vault/vault.go | 13 +++++++++++++ secret/vault/vault_test.go | 5 +++++ 25 files changed, 143 insertions(+), 44 deletions(-) diff --git a/api/secret/create.go b/api/secret/create.go index fc2dca67a..8423bc8cb 100644 --- a/api/secret/create.go +++ b/api/secret/create.go @@ -15,6 +15,7 @@ import ( "github.com/go-vela/server/util" "github.com/go-vela/types/constants" "github.com/go-vela/types/library" + "github.com/go-vela/types/library/actions" "github.com/sirupsen/logrus" ) @@ -207,8 +208,21 @@ func CreateSecret(c *gin.Context) { input.SetImages(util.Unique(input.GetImages())) } - if len(input.GetEvents()) > 0 { - input.SetEvents(util.Unique(input.GetEvents())) + // default event set for secrets + if input.GetAllowEvents().ToDatabase() == 0 { + e := new(library.Events) + + push := new(actions.Push) + push.SetBranch(true) + push.SetTag(true) + + deploy := new(actions.Deploy) + deploy.SetCreated(true) + + e.SetPush(push) + e.SetDeployment(deploy) + + input.SetAllowEvents(e) } if len(input.GetEvents()) == 0 { diff --git a/api/webhook/post.go b/api/webhook/post.go index 7d44689fe..4564b97f1 100644 --- a/api/webhook/post.go +++ b/api/webhook/post.go @@ -258,7 +258,7 @@ func PostWebhook(c *gin.Context) { } // verify the build has a valid event and the repo allows that event type - if !repo.EventAllowed(b.GetEvent(), b.GetEventAction()) { + if !repo.GetAllowEvents().Allowed(b.GetEvent(), b.GetEventAction()) { var actionErr string if len(b.GetEventAction()) > 0 { actionErr = ":" + b.GetEventAction() diff --git a/database/integration_test.go b/database/integration_test.go index 49b844fda..4d3b5104a 100644 --- a/database/integration_test.go +++ b/database/integration_test.go @@ -2311,6 +2311,7 @@ func newResources() *Resources { secretOrg.SetType("org") secretOrg.SetImages([]string{"alpine"}) secretOrg.SetEvents([]string{"push", "tag", "deployment"}) + secretOrg.SetAllowEvents(library.NewEventsFromMask(1)) secretOrg.SetAllowCommand(true) secretOrg.SetCreatedAt(time.Now().UTC().Unix()) secretOrg.SetCreatedBy("octocat") @@ -2327,6 +2328,7 @@ func newResources() *Resources { secretRepo.SetType("repo") secretRepo.SetImages([]string{"alpine"}) secretRepo.SetEvents([]string{"push", "tag", "deployment"}) + secretRepo.SetAllowEvents(library.NewEventsFromMask(1)) secretRepo.SetAllowCommand(true) secretRepo.SetCreatedAt(time.Now().UTC().Unix()) secretRepo.SetCreatedBy("octocat") @@ -2344,6 +2346,7 @@ func newResources() *Resources { secretShared.SetImages([]string{"alpine"}) secretShared.SetEvents([]string{"push", "tag", "deployment"}) secretShared.SetAllowCommand(true) + secretShared.SetAllowEvents(library.NewEventsFromMask(1)) secretShared.SetCreatedAt(time.Now().UTC().Unix()) secretShared.SetCreatedBy("octocat") secretShared.SetUpdatedAt(time.Now().Add(time.Hour * 1).UTC().Unix()) diff --git a/database/repo/repo_test.go b/database/repo/repo_test.go index 3316bb6bf..5e70956d7 100644 --- a/database/repo/repo_test.go +++ b/database/repo/repo_test.go @@ -222,6 +222,9 @@ func testEvents() *library.Events { Created: new(bool), Edited: new(bool), }, + Schedule: &actions.Schedule{ + Run: new(bool), + }, } } diff --git a/database/secret/create_test.go b/database/secret/create_test.go index 2d86fbb0c..b5d0c3ba5 100644 --- a/database/secret/create_test.go +++ b/database/secret/create_test.go @@ -24,6 +24,7 @@ func TestSecret_Engine_CreateSecret(t *testing.T) { _secretRepo.SetCreatedBy("user") _secretRepo.SetUpdatedAt(1) _secretRepo.SetUpdatedBy("user2") + _secretRepo.SetAllowEvents(library.NewEventsFromMask(1)) _secretOrg := testSecret() _secretOrg.SetID(2) @@ -36,6 +37,7 @@ func TestSecret_Engine_CreateSecret(t *testing.T) { _secretOrg.SetCreatedBy("user") _secretOrg.SetUpdatedAt(1) _secretOrg.SetUpdatedBy("user2") + _secretOrg.SetAllowEvents(library.NewEventsFromMask(3)) _secretShared := testSecret() _secretShared.SetID(3) @@ -48,6 +50,7 @@ func TestSecret_Engine_CreateSecret(t *testing.T) { _secretShared.SetCreatedBy("user") _secretShared.SetUpdatedAt(1) _secretShared.SetUpdatedBy("user2") + _secretShared.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() @@ -57,23 +60,23 @@ func TestSecret_Engine_CreateSecret(t *testing.T) { // ensure the mock expects the repo secrets query _mock.ExpectQuery(`INSERT INTO "secrets" -("org","repo","team","name","value","type","images","events","allow_command","created_at","created_by","updated_at","updated_by","id") -VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14) RETURNING "id"`). - WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, false, 1, "user", 1, "user2", 1). +("org","repo","team","name","value","type","images","events","allow_events","allow_command","created_at","created_by","updated_at","updated_by","id") +VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "id"`). + WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, 1, false, 1, "user", 1, "user2", 1). WillReturnRows(_rows) // ensure the mock expects the org secrets query _mock.ExpectQuery(`INSERT INTO "secrets" -("org","repo","team","name","value","type","images","events","allow_command","created_at","created_by","updated_at","updated_by","id") -VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14) RETURNING "id"`). - WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, false, 1, "user", 1, "user2", 2). +("org","repo","team","name","value","type","images","events","allow_events","allow_command","created_at","created_by","updated_at","updated_by","id") +VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "id"`). + WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, 3, false, 1, "user", 1, "user2", 2). WillReturnRows(_rows) // ensure the mock expects the shared secrets query _mock.ExpectQuery(`INSERT INTO "secrets" -("org","repo","team","name","value","type","images","events","allow_command","created_at","created_by","updated_at","updated_by","id") -VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14) RETURNING "id"`). - WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, false, 1, "user", 1, "user2", 3). +("org","repo","team","name","value","type","images","events","allow_events","allow_command","created_at","created_by","updated_at","updated_by","id") +VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "id"`). + WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, 1, false, 1, "user", 1, "user2", 3). WillReturnRows(_rows) _sqlite := testSqlite(t) diff --git a/database/secret/get_org_test.go b/database/secret/get_org_test.go index fbdaf1f17..71b65bf09 100644 --- a/database/secret/get_org_test.go +++ b/database/secret/get_org_test.go @@ -25,14 +25,15 @@ func TestSecret_Engine_GetSecretForOrg(t *testing.T) { _secret.SetCreatedBy("user") _secret.SetUpdatedAt(1) _secret.SetUpdatedBy("user2") + _secret.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND name = $3 LIMIT 1`). diff --git a/database/secret/get_repo_test.go b/database/secret/get_repo_test.go index 5f8678546..b3136ac1b 100644 --- a/database/secret/get_repo_test.go +++ b/database/secret/get_repo_test.go @@ -35,14 +35,15 @@ func TestSecret_Engine_GetSecretForRepo(t *testing.T) { _secret.SetCreatedBy("user") _secret.SetUpdatedAt(1) _secret.SetUpdatedBy("user2") + _secret.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND repo = $3 AND name = $4 LIMIT 1`). diff --git a/database/secret/get_team_test.go b/database/secret/get_team_test.go index 30854550e..696cd2a37 100644 --- a/database/secret/get_team_test.go +++ b/database/secret/get_team_test.go @@ -25,14 +25,15 @@ func TestSecret_Engine_GetSecretForTeam(t *testing.T) { _secret.SetCreatedBy("user") _secret.SetUpdatedAt(1) _secret.SetUpdatedBy("user2") + _secret.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND team = $3 AND name = $4 LIMIT 1`). diff --git a/database/secret/get_test.go b/database/secret/get_test.go index f57232a02..c44175f86 100644 --- a/database/secret/get_test.go +++ b/database/secret/get_test.go @@ -24,14 +24,15 @@ func TestSecret_Engine_GetSecret(t *testing.T) { _secret.SetCreatedBy("user") _secret.SetUpdatedAt(1) _secret.SetUpdatedBy("user2") + _secret.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() // create expected result in mock _rows := sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE id = $1 LIMIT 1`).WithArgs(1).WillReturnRows(_rows) diff --git a/database/secret/list_org_test.go b/database/secret/list_org_test.go index ecde40520..11967cd7d 100644 --- a/database/secret/list_org_test.go +++ b/database/secret/list_org_test.go @@ -25,6 +25,7 @@ func TestSecret_Engine_ListSecretsForOrg(t *testing.T) { _secretOne.SetCreatedBy("user") _secretOne.SetUpdatedAt(1) _secretOne.SetUpdatedBy("user2") + _secretOne.SetAllowEvents(library.NewEventsFromMask(1)) _secretTwo := testSecret() _secretTwo.SetID(2) @@ -37,6 +38,7 @@ func TestSecret_Engine_ListSecretsForOrg(t *testing.T) { _secretTwo.SetCreatedBy("user") _secretTwo.SetUpdatedAt(1) _secretTwo.SetUpdatedBy("user2") + _secretTwo.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() @@ -50,9 +52,9 @@ func TestSecret_Engine_ListSecretsForOrg(t *testing.T) { // create expected name query result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(2, "org", "foo", "*", "", "bar", "baz", nil, nil, false, 1, "user", 1, "user2"). - AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(2, "org", "foo", "*", "", "bar", "baz", nil, nil, 1, false, 1, "user", 1, "user2"). + AddRow(1, "org", "foo", "*", "", "baz", "bar", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the name query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 ORDER BY id DESC LIMIT 10`). diff --git a/database/secret/list_repo_test.go b/database/secret/list_repo_test.go index dece5e57e..77d2d930f 100644 --- a/database/secret/list_repo_test.go +++ b/database/secret/list_repo_test.go @@ -36,6 +36,7 @@ func TestSecret_Engine_ListSecretsForRepo(t *testing.T) { _secretOne.SetCreatedBy("user") _secretOne.SetUpdatedAt(1) _secretOne.SetUpdatedBy("user2") + _secretOne.SetAllowEvents(library.NewEventsFromMask(1)) _secretTwo := testSecret() _secretTwo.SetID(2) @@ -48,6 +49,7 @@ func TestSecret_Engine_ListSecretsForRepo(t *testing.T) { _secretTwo.SetCreatedBy("user") _secretTwo.SetUpdatedAt(1) _secretTwo.SetUpdatedBy("user2") + _secretTwo.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() @@ -61,9 +63,9 @@ func TestSecret_Engine_ListSecretsForRepo(t *testing.T) { // create expected name query result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, false, 1, "user", 1, "user2"). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, 1, false, 1, "user", 1, "user2"). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the name query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND repo = $3 ORDER BY id DESC LIMIT 10`). diff --git a/database/secret/list_team_test.go b/database/secret/list_team_test.go index 40d311805..071ac371b 100644 --- a/database/secret/list_team_test.go +++ b/database/secret/list_team_test.go @@ -26,6 +26,7 @@ func TestSecret_Engine_ListSecretsForTeam(t *testing.T) { _secretOne.SetCreatedBy("user") _secretOne.SetUpdatedAt(1) _secretOne.SetUpdatedBy("user2") + _secretOne.SetAllowEvents(library.NewEventsFromMask(1)) _secretTwo := testSecret() _secretTwo.SetID(2) @@ -38,6 +39,7 @@ func TestSecret_Engine_ListSecretsForTeam(t *testing.T) { _secretTwo.SetCreatedBy("user") _secretTwo.SetUpdatedAt(1) _secretTwo.SetUpdatedBy("user2") + _secretTwo.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() @@ -51,9 +53,9 @@ func TestSecret_Engine_ListSecretsForTeam(t *testing.T) { // create expected name query result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(2, "shared", "foo", "", "bar", "foob", "baz", nil, nil, false, 1, "user", 1, "user2"). - AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(2, "shared", "foo", "", "bar", "foob", "baz", nil, nil, 1, false, 1, "user", 1, "user2"). + AddRow(1, "shared", "foo", "", "bar", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the name query _mock.ExpectQuery(`SELECT * FROM "secrets" WHERE type = $1 AND org = $2 AND team = $3 ORDER BY id DESC LIMIT 10`). diff --git a/database/secret/list_test.go b/database/secret/list_test.go index 22f8ea11f..8077637ee 100644 --- a/database/secret/list_test.go +++ b/database/secret/list_test.go @@ -24,6 +24,7 @@ func TestSecret_Engine_ListSecrets(t *testing.T) { _secretOne.SetCreatedBy("user") _secretOne.SetUpdatedAt(1) _secretOne.SetUpdatedBy("user2") + _secretOne.SetAllowEvents(library.NewEventsFromMask(1)) _secretTwo := testSecret() _secretTwo.SetID(2) @@ -36,6 +37,7 @@ func TestSecret_Engine_ListSecrets(t *testing.T) { _secretTwo.SetCreatedBy("user") _secretTwo.SetUpdatedAt(1) _secretTwo.SetUpdatedBy("user2") + _secretTwo.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() @@ -48,9 +50,9 @@ func TestSecret_Engine_ListSecrets(t *testing.T) { // create expected result in mock _rows = sqlmock.NewRows( - []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). - AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, false, 1, "user", 1, "user2"). - AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, false, 1, "user", 1, "user2") + []string{"id", "type", "org", "repo", "team", "name", "value", "images", "events", "allow_events", "allow_command", "created_at", "created_by", "updated_at", "updated_by"}). + AddRow(1, "repo", "foo", "bar", "", "baz", "foob", nil, nil, 1, false, 1, "user", 1, "user2"). + AddRow(2, "repo", "foo", "bar", "", "foob", "baz", nil, nil, 1, false, 1, "user", 1, "user2") // ensure the mock expects the query _mock.ExpectQuery(`SELECT * FROM "secrets"`).WillReturnRows(_rows) diff --git a/database/secret/secret_test.go b/database/secret/secret_test.go index 5a0e25998..3c6dfc0bd 100644 --- a/database/secret/secret_test.go +++ b/database/secret/secret_test.go @@ -10,6 +10,7 @@ import ( "github.com/DATA-DOG/go-sqlmock" "github.com/go-vela/types/library" + "github.com/go-vela/types/library/actions" "github.com/sirupsen/logrus" "gorm.io/driver/postgres" @@ -218,6 +219,7 @@ func testSecret() *library.Secret { Type: new(string), Images: new([]string), Events: new([]string), + AllowEvents: testEvents(), AllowCommand: new(bool), CreatedAt: new(int64), CreatedBy: new(string), @@ -226,6 +228,31 @@ func testSecret() *library.Secret { } } +func testEvents() *library.Events { + return &library.Events{ + Push: &actions.Push{ + Branch: new(bool), + Tag: new(bool), + }, + PullRequest: &actions.Pull{ + Opened: new(bool), + Edited: new(bool), + Synchronize: new(bool), + Reopened: new(bool), + }, + Deployment: &actions.Deploy{ + Created: new(bool), + }, + Comment: &actions.Comment{ + Created: new(bool), + Edited: new(bool), + }, + Schedule: &actions.Schedule{ + Run: new(bool), + }, + } +} + // This will be used with the github.com/DATA-DOG/go-sqlmock library to compare values // that are otherwise not easily compared. These typically would be values generated // before adding or updating them in the database. diff --git a/database/secret/table.go b/database/secret/table.go index ed10fbdb4..f3d42ea46 100644 --- a/database/secret/table.go +++ b/database/secret/table.go @@ -23,6 +23,7 @@ secrets ( value BYTEA, images VARCHAR(1000), events VARCHAR(1000), + allow_events INTEGER, allow_command BOOLEAN, created_at INTEGER, created_by VARCHAR(250), @@ -47,6 +48,7 @@ secrets ( value TEXT, images TEXT, events TEXT, + allow_events INTEGER, allow_command BOOLEAN, created_at INTEGER, created_by TEXT, diff --git a/database/secret/update_test.go b/database/secret/update_test.go index 74576535e..f26ddaa24 100644 --- a/database/secret/update_test.go +++ b/database/secret/update_test.go @@ -24,6 +24,7 @@ func TestSecret_Engine_UpdateSecret(t *testing.T) { _secretRepo.SetCreatedBy("user") _secretRepo.SetUpdatedAt(1) _secretRepo.SetUpdatedBy("user2") + _secretRepo.SetAllowEvents(library.NewEventsFromMask(1)) _secretOrg := testSecret() _secretOrg.SetID(2) @@ -36,6 +37,7 @@ func TestSecret_Engine_UpdateSecret(t *testing.T) { _secretOrg.SetCreatedBy("user") _secretOrg.SetUpdatedAt(1) _secretOrg.SetUpdatedBy("user2") + _secretOrg.SetAllowEvents(library.NewEventsFromMask(1)) _secretShared := testSecret() _secretShared.SetID(3) @@ -48,29 +50,30 @@ func TestSecret_Engine_UpdateSecret(t *testing.T) { _secretShared.SetCreatedBy("user") _secretShared.SetUpdatedAt(1) _secretShared.SetUpdatedBy("user2") + _secretShared.SetAllowEvents(library.NewEventsFromMask(1)) _postgres, _mock := testPostgres(t) defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }() // ensure the mock expects the repo query _mock.ExpectExec(`UPDATE "secrets" -SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_command"=$9,"created_at"=$10,"created_by"=$11,"updated_at"=$12,"updated_by"=$13 -WHERE "id" = $14`). - WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, false, 1, "user", AnyArgument{}, "user2", 1). +SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"created_at"=$11,"created_by"=$12,"updated_at"=$13,"updated_by"=$14 +WHERE "id" = $15`). + WithArgs("foo", "bar", nil, "baz", AnyArgument{}, "repo", nil, nil, 1, false, 1, "user", AnyArgument{}, "user2", 1). WillReturnResult(sqlmock.NewResult(1, 1)) // ensure the mock expects the org query _mock.ExpectExec(`UPDATE "secrets" -SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_command"=$9,"created_at"=$10,"created_by"=$11,"updated_at"=$12,"updated_by"=$13 -WHERE "id" = $14`). - WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, false, 1, "user", AnyArgument{}, "user2", 2). +SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"created_at"=$11,"created_by"=$12,"updated_at"=$13,"updated_by"=$14 +WHERE "id" = $15`). + WithArgs("foo", "*", nil, "bar", AnyArgument{}, "org", nil, nil, 1, false, 1, "user", AnyArgument{}, "user2", 2). WillReturnResult(sqlmock.NewResult(1, 1)) // ensure the mock expects the shared query _mock.ExpectExec(`UPDATE "secrets" -SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_command"=$9,"created_at"=$10,"created_by"=$11,"updated_at"=$12,"updated_by"=$13 -WHERE "id" = $14`). - WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, false, 1, "user", NowTimestamp{}, "user2", 3). +SET "org"=$1,"repo"=$2,"team"=$3,"name"=$4,"value"=$5,"type"=$6,"images"=$7,"events"=$8,"allow_events"=$9,"allow_command"=$10,"created_at"=$11,"created_by"=$12,"updated_at"=$13,"updated_by"=$14 +WHERE "id" = $15`). + WithArgs("foo", nil, "bar", "baz", AnyArgument{}, "shared", nil, nil, 1, false, 1, "user", NowTimestamp{}, "user2", 3). WillReturnResult(sqlmock.NewResult(1, 1)) _sqlite := testSqlite(t) diff --git a/go.mod b/go.mod index 6ec5cae90..a1fe54c69 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/drone/envsubst v1.0.3 github.com/gin-gonic/gin v1.9.1 github.com/go-playground/assert/v2 v2.2.0 - github.com/go-vela/types v0.22.1-0.20231222174844-26e54c869418 + github.com/go-vela/types v0.22.1-0.20240105182535-a91bd54636bc github.com/golang-jwt/jwt/v5 v5.1.0 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v56 v56.0.0 diff --git a/go.sum b/go.sum index e17adfcee..e583a0a5c 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-vela/types v0.22.1-0.20231222174844-26e54c869418 h1:IzkCTpeEVs0r73mIwDPDdVxBtaUr/oxfJcVjUnNCF6g= -github.com/go-vela/types v0.22.1-0.20231222174844-26e54c869418/go.mod h1:cax3mW1kVz/ioI8qltZE+wl9rOLgOPdwBIvCooL09e4= +github.com/go-vela/types v0.22.1-0.20240105182535-a91bd54636bc h1:S59SXYfqFTJeuIBdwoKQE/oFRPAFU/LuzHCq3mRXe3w= +github.com/go-vela/types v0.22.1-0.20240105182535-a91bd54636bc/go.mod h1:cax3mW1kVz/ioI8qltZE+wl9rOLgOPdwBIvCooL09e4= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= diff --git a/secret/native/create_test.go b/secret/native/create_test.go index dd1b6b0ff..0463e33ff 100644 --- a/secret/native/create_test.go +++ b/secret/native/create_test.go @@ -23,6 +23,7 @@ func TestNative_Create_Org(t *testing.T) { want.SetType("org") want.SetImages([]string{"foo", "bar"}) want.SetEvents([]string{"foo", "bar"}) + want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) want.SetCreatedAt(1) want.SetCreatedBy("user") @@ -70,6 +71,7 @@ func TestNative_Create_Repo(t *testing.T) { want.SetType("repo") want.SetImages([]string{"foo", "bar"}) want.SetEvents([]string{"foo", "bar"}) + want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) want.SetCreatedAt(1) want.SetCreatedBy("user") @@ -117,6 +119,7 @@ func TestNative_Create_Shared(t *testing.T) { want.SetType("shared") want.SetImages([]string{"foo", "bar"}) want.SetEvents([]string{"foo", "bar"}) + want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) want.SetCreatedAt(1) want.SetCreatedBy("user") @@ -164,6 +167,7 @@ func TestNative_Create_Invalid(t *testing.T) { sec.SetType("invalid") sec.SetImages([]string{"foo", "bar"}) sec.SetEvents([]string{"foo", "bar"}) + sec.SetAllowEvents(library.NewEventsFromMask(1)) sec.SetAllowCommand(false) sec.SetCreatedAt(1) sec.SetCreatedBy("user") diff --git a/secret/native/get_test.go b/secret/native/get_test.go index 8272c9e99..a835e1143 100644 --- a/secret/native/get_test.go +++ b/secret/native/get_test.go @@ -23,6 +23,7 @@ func TestNative_Get(t *testing.T) { want.SetType("repo") want.SetImages([]string{"foo", "bar"}) want.SetEvents([]string{"foo", "bar"}) + want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetAllowCommand(false) want.SetCreatedAt(1) want.SetCreatedBy("user") diff --git a/secret/native/list_test.go b/secret/native/list_test.go index f7bba5b81..41dbf1691 100644 --- a/secret/native/list_test.go +++ b/secret/native/list_test.go @@ -23,6 +23,7 @@ func TestNative_List(t *testing.T) { sOne.SetType("repo") sOne.SetImages([]string{"foo", "bar"}) sOne.SetEvents([]string{"foo", "bar"}) + sOne.SetAllowEvents(library.NewEventsFromMask(1)) sOne.SetAllowCommand(false) sOne.SetCreatedAt(1) sOne.SetCreatedBy("user") @@ -39,6 +40,7 @@ func TestNative_List(t *testing.T) { sTwo.SetType("repo") sTwo.SetImages([]string{"foo", "bar"}) sTwo.SetEvents([]string{"foo", "bar"}) + sTwo.SetAllowEvents(library.NewEventsFromMask(1)) sTwo.SetAllowCommand(false) sTwo.SetCreatedAt(1) sTwo.SetCreatedBy("user") diff --git a/secret/native/update.go b/secret/native/update.go index cd928de8c..ece04c5b9 100644 --- a/secret/native/update.go +++ b/secret/native/update.go @@ -24,6 +24,11 @@ func (c *client) Update(ctx context.Context, sType, org, name string, s *library secret.SetEvents(s.GetEvents()) } + // update allow events if set + if s.GetAllowEvents().ToDatabase() > 0 { + secret.SetAllowEvents(s.GetAllowEvents()) + } + // update the images if set if s.Images != nil { secret.SetImages(s.GetImages()) diff --git a/secret/native/update_test.go b/secret/native/update_test.go index 3b4e13172..b5dc82c97 100644 --- a/secret/native/update_test.go +++ b/secret/native/update_test.go @@ -24,6 +24,7 @@ func TestNative_Update(t *testing.T) { original.SetType("repo") original.SetImages([]string{"foo", "baz"}) original.SetEvents([]string{"foob", "bar"}) + original.SetAllowEvents(library.NewEventsFromMask(1)) original.SetAllowCommand(true) original.SetCreatedAt(1) original.SetCreatedBy("user") @@ -40,6 +41,7 @@ func TestNative_Update(t *testing.T) { want.SetType("repo") want.SetImages([]string{"foo", "bar"}) want.SetEvents([]string{"foo", "bar"}) + want.SetAllowEvents(library.NewEventsFromMask(3)) want.SetAllowCommand(false) want.SetCreatedAt(1) want.SetCreatedBy("user") diff --git a/secret/vault/vault.go b/secret/vault/vault.go index c1b0c9508..977ea60f9 100644 --- a/secret/vault/vault.go +++ b/secret/vault/vault.go @@ -156,6 +156,14 @@ func secretFromVault(vault *api.Secret) *library.Secret { } } + v, ok = data["allow_events"] + if ok { + mask, ok := v.(int64) + if ok { + s.SetAllowEvents(library.NewEventsFromMask(mask)) + } + } + // set images if found in Vault secret v, ok = data["images"] if ok { @@ -283,6 +291,11 @@ func vaultFromSecret(s *library.Secret) *api.Secret { vault.Data["events"] = s.GetEvents() } + // set allow events to mask + if s.GetAllowEvents().ToDatabase() != 0 { + vault.Data["allow_events"] = s.GetAllowEvents().ToDatabase() + } + // set images if found in Vela secret if len(s.GetImages()) > 0 { vault.Data["images"] = s.GetImages() diff --git a/secret/vault/vault_test.go b/secret/vault/vault_test.go index 1e61c7941..9cee893d9 100644 --- a/secret/vault/vault_test.go +++ b/secret/vault/vault_test.go @@ -95,6 +95,7 @@ func TestVault_secretFromVault(t *testing.T) { inputV1 := &api.Secret{ Data: map[string]interface{}{ "events": []interface{}{"foo", "bar"}, + "allow_events": int64(1), "images": []interface{}{"foo", "bar"}, "name": "bar", "org": "foo", @@ -114,6 +115,7 @@ func TestVault_secretFromVault(t *testing.T) { Data: map[string]interface{}{ "data": map[string]interface{}{ "events": []interface{}{"foo", "bar"}, + "allow_events": int64(1), "images": []interface{}{"foo", "bar"}, "name": "bar", "org": "foo", @@ -138,6 +140,7 @@ func TestVault_secretFromVault(t *testing.T) { want.SetValue("baz") want.SetType("org") want.SetEvents([]string{"foo", "bar"}) + want.SetAllowEvents(library.NewEventsFromMask(1)) want.SetImages([]string{"foo", "bar"}) want.SetAllowCommand(true) want.SetCreatedAt(1563474077) @@ -178,6 +181,7 @@ func TestVault_vaultFromSecret(t *testing.T) { s.SetValue("baz") s.SetType("org") s.SetEvents([]string{"foo", "bar"}) + s.SetAllowEvents(library.NewEventsFromMask(1)) s.SetImages([]string{"foo", "bar"}) s.SetAllowCommand(true) s.SetCreatedAt(1563474077) @@ -188,6 +192,7 @@ func TestVault_vaultFromSecret(t *testing.T) { want := &api.Secret{ Data: map[string]interface{}{ "events": []string{"foo", "bar"}, + "allow_events": int64(1), "images": []string{"foo", "bar"}, "name": "bar", "org": "foo",