woodpecker/server/model/secret.go

// Copyright 2021 Woodpecker Authors
// Copyright 2018 Drone.IO Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package model

import (
	"errors"
	"path/filepath"
)

var (
	errSecretNameInvalid  = errors.New("Invalid Secret Name")
	errSecretValueInvalid = errors.New("Invalid Secret Value")
	errSecretEventInvalid = errors.New("Invalid Secret Event")
)

// SecretService defines a service for managing secrets.
type SecretService interface {
	SecretFind(*Repo, string) (*Secret, error)
	SecretList(*Repo) ([]*Secret, error)
	SecretListBuild(*Repo, *Build) ([]*Secret, error)
	SecretCreate(*Repo, *Secret) error
	SecretUpdate(*Repo, *Secret) error
	SecretDelete(*Repo, string) error
}

// SecretStore persists secret information to storage.
type SecretStore interface {
	SecretFind(*Repo, string) (*Secret, error)
	SecretList(*Repo) ([]*Secret, error)
	SecretCreate(*Secret) error
	SecretUpdate(*Secret) error
	SecretDelete(*Secret) error
}

// Secret represents a secret variable, such as a password or token.
// swagger:model registry
type Secret struct {
	ID         int64          `json:"id"              xorm:"pk autoincr 'secret_id'"`
	RepoID     int64          `json:"-"               xorm:"UNIQUE(s) INDEX 'secret_repo_id'"`
	Name       string         `json:"name"            xorm:"UNIQUE(s) INDEX 'secret_name'"`
	Value      string         `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
	Images     []string       `json:"image"           xorm:"json 'secret_images'"`
	Events     []WebhookEvent `json:"event"           xorm:"json 'secret_events'"`
	SkipVerify bool           `json:"-"               xorm:"secret_skip_verify"`
	Conceal    bool           `json:"-"               xorm:"secret_conceal"`
}

// TableName return database table name for xorm
func (Secret) TableName() string {
	return "secrets"
}

// Match returns true if an image and event match the restricted list.
func (s *Secret) Match(event WebhookEvent) bool {
	if len(s.Events) == 0 {
		return true
	}
	for _, pattern := range s.Events {
		if match, _ := filepath.Match(string(pattern), string(event)); match {
			return true
		}
	}
	return false
}

// Validate validates the required fields and formats.
func (s *Secret) Validate() error {
	for _, event := range s.Events {
		if !ValidateWebhookEvent(event) {
			return errSecretEventInvalid
		}
	}

	switch {
	case len(s.Name) == 0:
		return errSecretNameInvalid
	case len(s.Value) == 0:
		return errSecretValueInvalid
	default:
		return nil
	}
}

// Copy makes a copy of the secret without the value.
func (s *Secret) Copy() *Secret {
	return &Secret{
		ID:     s.ID,
		RepoID: s.RepoID,
		Name:   s.Name,
		Images: s.Images,
		Events: s.Events,
	}
}
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			`// Copyright 2021 Woodpecker Authors`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Copyright 2018 Drone.IO Inc.`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// http://www.apache.org/licenses/LICENSE-2.0`
Just fixed format with go fmt ./... 2018-03-21 13:02:17 +00:00			`//`
add apache license header to files 2018-02-19 22:24:10 +00:00			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

ability to store per-repository secrets & sign yaml 2016-03-31 19:01:32 +00:00			`package model`

Separated repo and team secret models 2016-07-31 20:29:56 +00:00			`import (`
wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`"errors"`
Separated repo and team secret models 2016-07-31 20:29:56 +00:00			`"path/filepath"`
			`)`
enables cloning private repos 2016-04-21 08:18:20 +00:00
wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`var (`
			`errSecretNameInvalid = errors.New("Invalid Secret Name")`
			`errSecretValueInvalid = errors.New("Invalid Secret Value")`
Fix pr secret event names (#592) * Fix pr secret event names * Add validation for secret events 2021-12-11 01:37:40 +00:00			`errSecretEventInvalid = errors.New("Invalid Secret Event")`
wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`)`
Implement backend for concealing secrets 2016-11-16 19:28:36 +00:00
wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`// SecretService defines a service for managing secrets.`
			`type SecretService interface {`
			`SecretFind(Repo, string) (Secret, error)`
			`SecretList(Repo) ([]Secret, error)`
update vendored files 2017-05-12 10:30:19 +00:00			`SecretListBuild(Repo, Build) ([]*Secret, error)`
wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`SecretCreate(Repo, Secret) error`
			`SecretUpdate(Repo, Secret) error`
			`SecretDelete(*Repo, string) error`
ability to store per-repository secrets & sign yaml 2016-03-31 19:01:32 +00:00			`}`

wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`// SecretStore persists secret information to storage.`
			`type SecretStore interface {`
			`SecretFind(Repo, string) (Secret, error)`
			`SecretList(Repo) ([]Secret, error)`
			`SecretCreate(*Secret) error`
			`SecretUpdate(*Secret) error`
			`SecretDelete(*Secret) error`
fully functioning build using 0.5 agents 2016-04-21 07:25:30 +00:00			`}`

wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`// Secret represents a secret variable, such as a password or token.`
			`// swagger:model registry`
			`type Secret struct {`
Fix pr secret event names (#592) * Fix pr secret event names * Add validation for secret events 2021-12-11 01:37:40 +00:00			ID int64 `json:"id" xorm:"pk autoincr 'secret_id'"`
			RepoID int64 `json:"-" xorm:"UNIQUE(s) INDEX 'secret_repo_id'"`
			Name string `json:"name" xorm:"UNIQUE(s) INDEX 'secret_name'"`
			Value string `json:"value,omitempty" xorm:"TEXT 'secret_value'"`
			Images []string `json:"image" xorm:"json 'secret_images'"`
			Events []WebhookEvent `json:"event" xorm:"json 'secret_events'"`
			SkipVerify bool `json:"-" xorm:"secret_skip_verify"`
			Conceal bool `json:"-" xorm:"secret_conceal"`
Migrate to Xorm (#474) close #234 * Migrate store * Migrate tests * Rewrite migrations * Init fresh DB in on step * Rm old stuff (meddler, sql files, dead code, ...) 2021-11-13 19:18:06 +00:00			`}`

			`// TableName return database table name for xorm`
			`func (Secret) TableName() string {`
			`return "secrets"`
fully functioning build using 0.5 agents 2016-04-21 07:25:30 +00:00			`}`

wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`// Match returns true if an image and event match the restricted list.`
Fix pr secret event names (#592) * Fix pr secret event names * Add validation for secret events 2021-12-11 01:37:40 +00:00			`func (s *Secret) Match(event WebhookEvent) bool {`
secret event can be empty 2017-05-19 23:01:30 +00:00			`if len(s.Events) == 0 {`
			`return true`
			`}`
enables cloning private repos 2016-04-21 08:18:20 +00:00			`for _, pattern := range s.Events {`
Fix pr secret event names (#592) * Fix pr secret event names * Add validation for secret events 2021-12-11 01:37:40 +00:00			`if match, _ := filepath.Match(string(pattern), string(event)); match {`
fully functioning build using 0.5 agents 2016-04-21 07:25:30 +00:00			`return true`
			`}`
			`}`
			`return false`
			`}`

			`// Validate validates the required fields and formats.`
ability to store per-repository secrets & sign yaml 2016-03-31 19:01:32 +00:00			`func (s *Secret) Validate() error {`
Fix pr secret event names (#592) * Fix pr secret event names * Add validation for secret events 2021-12-11 01:37:40 +00:00			`for _, event := range s.Events {`
			`if !ValidateWebhookEvent(event) {`
			`return errSecretEventInvalid`
			`}`
			`}`

wip enable pluggable secret and registry backends 2017-04-11 17:06:45 +00:00			`switch {`
			`case len(s.Name) == 0:`
			`return errSecretNameInvalid`
			`case len(s.Value) == 0:`
			`return errSecretValueInvalid`
			`default:`
			`return nil`
			`}`
			`}`

			`// Copy makes a copy of the secret without the value.`
			`func (s Secret) Copy() Secret {`
			`return &Secret{`
			`ID: s.ID,`
			`RepoID: s.RepoID,`
			`Name: s.Name,`
			`Images: s.Images,`
			`Events: s.Events,`
			`}`
ability to store per-repository secrets & sign yaml 2016-03-31 19:01:32 +00:00			`}`