From e77936f5c893a05f67a475049888c3d0b39ee7ae Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 16 Nov 2016 11:28:36 -0800 Subject: [PATCH] Implement backend for concealing secrets --- model/repo_secret.go | 5 +++++ model/secret.go | 3 +++ model/team_secret.go | 5 +++++ store/datastore/ddl/mysql/10.sql | 12 ++++++++++++ store/datastore/ddl/postgres/10.sql | 12 ++++++++++++ store/datastore/ddl/sqlite3/10.sql | 12 ++++++++++++ store/datastore/repo_secret_test.go | 5 ++++- store/datastore/team_secret_test.go | 5 ++++- 8 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 store/datastore/ddl/mysql/10.sql create mode 100644 store/datastore/ddl/postgres/10.sql create mode 100644 store/datastore/ddl/sqlite3/10.sql diff --git a/model/repo_secret.go b/model/repo_secret.go index 6f8be0e91..0763e15f7 100644 --- a/model/repo_secret.go +++ b/model/repo_secret.go @@ -23,6 +23,9 @@ type RepoSecret struct { // whether the secret requires verification SkipVerify bool `json:"skip_verify" meddler:"secret_skip_verify"` + + // whether the secret should be concealed in the build log + Conceal bool `json:"conceal" meddler:"secret_conceal"` } // Secret transforms a repo secret into a simple secret. @@ -33,6 +36,7 @@ func (s *RepoSecret) Secret() *Secret { Images: s.Images, Events: s.Events, SkipVerify: s.SkipVerify, + Conceal: s.Conceal, } } @@ -44,6 +48,7 @@ func (s *RepoSecret) Clone() *RepoSecret { Images: s.Images, Events: s.Events, SkipVerify: s.SkipVerify, + Conceal: s.Conceal, } } diff --git a/model/secret.go b/model/secret.go index 336b3055f..f93624d6d 100644 --- a/model/secret.go +++ b/model/secret.go @@ -21,6 +21,9 @@ type Secret struct { // whether the secret requires verification SkipVerify bool `json:"skip_verify"` + + // whether the secret should be concealed in the build log + Conceal bool `json:"conceal"` } // Match returns true if an image and event match the restricted list. diff --git a/model/team_secret.go b/model/team_secret.go index 1afc6c601..60f6f9f88 100644 --- a/model/team_secret.go +++ b/model/team_secret.go @@ -23,6 +23,9 @@ type TeamSecret struct { // whether the secret requires verification SkipVerify bool `json:"skip_verify" meddler:"team_secret_skip_verify"` + + // whether the secret should be concealed in the build log + Conceal bool `json:"conceal" meddler:"team_secret_conceal"` } // Secret transforms a repo secret into a simple secret. @@ -33,6 +36,7 @@ func (s *TeamSecret) Secret() *Secret { Images: s.Images, Events: s.Events, SkipVerify: s.SkipVerify, + Conceal: s.Conceal, } } @@ -44,6 +48,7 @@ func (s *TeamSecret) Clone() *TeamSecret { Images: s.Images, Events: s.Events, SkipVerify: s.SkipVerify, + Conceal: s.Conceal, } } diff --git a/store/datastore/ddl/mysql/10.sql b/store/datastore/ddl/mysql/10.sql new file mode 100644 index 000000000..8b1692dc4 --- /dev/null +++ b/store/datastore/ddl/mysql/10.sql @@ -0,0 +1,12 @@ +-- +migrate Up + +ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN; +ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN; + +UPDATE secrets SET secret_conceal = false; +UPDATE team_secrets SET team_secret_conceal = false; + +-- +migrate Down + +ALTER TABLE secrets DROP COLUMN secret_conceal; +ALTER TABLE team_secrets DROP COLUMN team_secret_conceal; diff --git a/store/datastore/ddl/postgres/10.sql b/store/datastore/ddl/postgres/10.sql new file mode 100644 index 000000000..8b1692dc4 --- /dev/null +++ b/store/datastore/ddl/postgres/10.sql @@ -0,0 +1,12 @@ +-- +migrate Up + +ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN; +ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN; + +UPDATE secrets SET secret_conceal = false; +UPDATE team_secrets SET team_secret_conceal = false; + +-- +migrate Down + +ALTER TABLE secrets DROP COLUMN secret_conceal; +ALTER TABLE team_secrets DROP COLUMN team_secret_conceal; diff --git a/store/datastore/ddl/sqlite3/10.sql b/store/datastore/ddl/sqlite3/10.sql new file mode 100644 index 000000000..91630acac --- /dev/null +++ b/store/datastore/ddl/sqlite3/10.sql @@ -0,0 +1,12 @@ +-- +migrate Up + +ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN; +ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN; + +UPDATE secrets SET secret_conceal = 0; +UPDATE team_secrets SET team_secret_conceal = 0; + +-- +migrate Down + +ALTER TABLE secrets DROP COLUMN secret_conceal; +ALTER TABLE team_secrets DROP COLUMN team_secret_conceal; diff --git a/store/datastore/repo_secret_test.go b/store/datastore/repo_secret_test.go index 153df872b..91e51d314 100644 --- a/store/datastore/repo_secret_test.go +++ b/store/datastore/repo_secret_test.go @@ -28,7 +28,8 @@ func TestRepoSecrets(t *testing.T) { Value: "bar", Images: []string{"docker", "gcr"}, Events: []string{"push", "tag"}, - SkipVerify: false, + SkipVerify: true, + Conceal: true, } err := s.SetSecret(secret) g.Assert(err == nil).IsTrue() @@ -40,6 +41,8 @@ func TestRepoSecrets(t *testing.T) { g.Assert(got.Value).Equal(secret.Value) g.Assert(got.Images).Equal(secret.Images) g.Assert(got.Events).Equal(secret.Events) + g.Assert(got.SkipVerify).Equal(secret.SkipVerify) + g.Assert(got.Conceal).Equal(secret.Conceal) }) g.It("Should update a secret", func() { diff --git a/store/datastore/team_secret_test.go b/store/datastore/team_secret_test.go index 84b0e8f7d..5ac640b6b 100644 --- a/store/datastore/team_secret_test.go +++ b/store/datastore/team_secret_test.go @@ -28,7 +28,8 @@ func TestTeamSecrets(t *testing.T) { Value: "bar", Images: []string{"docker", "gcr"}, Events: []string{"push", "tag"}, - SkipVerify: false, + SkipVerify: true, + Conceal: true, } err := s.SetTeamSecret(secret) g.Assert(err == nil).IsTrue() @@ -40,6 +41,8 @@ func TestTeamSecrets(t *testing.T) { g.Assert(got.Value).Equal(secret.Value) g.Assert(got.Images).Equal(secret.Images) g.Assert(got.Events).Equal(secret.Events) + g.Assert(got.SkipVerify).Equal(secret.SkipVerify) + g.Assert(got.Conceal).Equal(secret.Conceal) }) g.It("Should update a secret", func() {