From 0c03a9551377705fced2dedf1b9e8063df9d2748 Mon Sep 17 00:00:00 2001 From: ArnaudTa <33383276+ArnaudTA@users.noreply.github.com> Date: Tue, 16 Apr 2024 17:24:30 +0200 Subject: [PATCH] fix: :ambulance: gitlab secret --- plugins/gitlab/package.json | 2 +- plugins/gitlab/src/class.ts | 3 ++- plugins/gitlab/src/repositories.ts | 22 +++++++++++++++++----- plugins/vault/package.json | 2 +- plugins/vault/src/class.ts | 4 ++++ 5 files changed, 25 insertions(+), 8 deletions(-) diff --git a/plugins/gitlab/package.json b/plugins/gitlab/package.json index ecfc2eb09..3b88a2f40 100644 --- a/plugins/gitlab/package.json +++ b/plugins/gitlab/package.json @@ -1,7 +1,7 @@ { "name": "@cpn-console/gitlab-plugin", "description": "", - "version": "2.0.1", + "version": "2.0.2", "private": false, "type": "module", "main": "dist/index.js", diff --git a/plugins/gitlab/src/class.ts b/plugins/gitlab/src/class.ts index 4ca8c1b24..c9d2f22cf 100644 --- a/plugins/gitlab/src/class.ts +++ b/plugins/gitlab/src/class.ts @@ -109,7 +109,8 @@ export class GitlabProjectApi extends PluginApi { const tokenVaultSecret = await vaultApi.read('GITLAB', { throwIfNoEntry: false }) - if (currentTriggerToken && !tokenVaultSecret?.GIT_MIRROR_TOKEN) { + if (currentTriggerToken && !tokenVaultSecret?.data?.GIT_MIRROR_TOKEN) { + console.debug('GITLAB: recreating PipelineTriggerToken') await this.api.PipelineTriggerTokens.remove(mirrorRepo.id, currentTriggerToken.id) } const triggerToken = await this.api.PipelineTriggerTokens.create(mirrorRepo.id, tokenDescription) diff --git a/plugins/gitlab/src/repositories.ts b/plugins/gitlab/src/repositories.ts index 72ac3b4c1..8a4886299 100644 --- a/plugins/gitlab/src/repositories.ts +++ b/plugins/gitlab/src/repositories.ts @@ -51,7 +51,13 @@ const ensureRepositoryExists = async ( let gitlabRepository: CondensedProjectSchema | ProjectSchema | void = gitlabRepositories.find(gitlabRepository => gitlabRepository.name === repository.internalRepoName) const externalRepoUrn = repository.externalRepoUrl.split(/:\/\/(.*)/s)[1] const vaultCredsPath = `${repository.internalRepoName}-mirror` - const currentVaultCreds = await vaultApi.read(vaultCredsPath, { throwIfNoEntry: false }) + const currentVaultSecret = await vaultApi.read(vaultCredsPath, { throwIfNoEntry: false }) + let gitInputUser: string | undefined + let gitInputPassword: string | undefined + if (currentVaultSecret?.data) { + gitInputUser = currentVaultSecret.data.GIT_INPUT_USER + gitInputPassword = currentVaultSecret.data.GIT_INPUT_PASSWORD + } if (!gitlabRepository) { gitlabRepository = await gitlabApi.createCloneRepository(repository.internalRepoName, externalRepoUrn, repository.newCreds) // TODO @@ -59,15 +65,21 @@ const ensureRepositoryExists = async ( const internalRepoUrl = await gitlabApi.getRepoUrl(repository.internalRepoName) - const gitlabSecret = await vaultApi.read('tech/GITLAB_MIRROR', { throwIfNoEntry: false }) + const { data: gitlabSecret } = await vaultApi.read('tech/GITLAB_MIRROR', { throwIfNoEntry: false }) const mirrorSecretData = { GIT_INPUT_URL: externalRepoUrn, - GIT_INPUT_USER: repository.newCreds?.username || currentVaultCreds?.GIT_INPUT_USER, - GIT_INPUT_PASSWORD: repository.newCreds?.token || currentVaultCreds?.GIT_INPUT_PASSWORD, + GIT_INPUT_USER: repository.isPrivate + ? (repository.newCreds?.username || gitInputUser) + : undefined, + GIT_INPUT_PASSWORD: repository.isPrivate + ? (repository.newCreds?.token || gitInputPassword) + : undefined, GIT_OUTPUT_URL: internalRepoUrl.split(/:\/\/(.*)/s)[1], GIT_OUTPUT_USER: projectMirrorCreds.botAccount, GIT_OUTPUT_PASSWORD: projectMirrorCreds.token, } - if (!shallowEqual(mirrorSecretData, gitlabSecret)) await vaultApi.write(mirrorSecretData, vaultCredsPath) + if (!shallowEqual(mirrorSecretData, gitlabSecret)) { + await vaultApi.write(mirrorSecretData, vaultCredsPath) + } } diff --git a/plugins/vault/package.json b/plugins/vault/package.json index 0fdce148e..ccc2d6dc0 100644 --- a/plugins/vault/package.json +++ b/plugins/vault/package.json @@ -1,7 +1,7 @@ { "name": "@cpn-console/vault-plugin", "description": "", - "version": "2.0.0", + "version": "2.0.1", "private": false, "type": "module", "main": "dist/index.js", diff --git a/plugins/vault/src/class.ts b/plugins/vault/src/class.ts index d629f7028..88432f0dc 100644 --- a/plugins/vault/src/class.ts +++ b/plugins/vault/src/class.ts @@ -32,6 +32,7 @@ export class VaultProjectApi extends PluginApi { public async list (path: string = '/'): Promise { if (!path.startsWith('/')) path = '/' + path + console.debug(`VAULT: list secret from ${path}`) const listSecretPath: string[] = [] const response = await this.axios({ @@ -59,6 +60,7 @@ export class VaultProjectApi extends PluginApi { public async read (path: string = '/', options: readOptions = { throwIfNoEntry: true }) { if (path.startsWith('/')) path = path.slice(1) + console.debug(`VAULT: reda secret ${path}`) const response = await this.axios.get( `/v1/forge-dso/data/${this.projectRootDir}/${this.basePath}/${path}`, { @@ -71,6 +73,7 @@ export class VaultProjectApi extends PluginApi { public async write (body: object, path: string = '/') { if (path.startsWith('/')) path = path.slice(1) + console.debug(`VAULT: write secret from ${path}`) const response = await this.axios.post( `/v1/forge-dso/data/${this.projectRootDir}/${this.basePath}/${path}`, { @@ -82,6 +85,7 @@ export class VaultProjectApi extends PluginApi { public async destroy (path: string = '/') { if (path.startsWith('/')) path = path.slice(1) + console.debug(`VAULT: destroy secret from ${path}`) return this.axios.delete( `/v1/forge-dso/metadata/${this.projectRootDir}/${this.basePath}/${path}`, {