DEVPROD-12947: use hash of project ID in parameter name #8500
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hadjri
requested changes
Nov 22, 2024
util/hash.go
Outdated
| // GetSHA256Hash returns the SHA256 hash of the given string. | ||
| func GetSHA256Hash(s string) string { | ||
| hasher := utility.NewSHA256Hash() | ||
| hasher.Write([]byte(s)) |
There was a problem hiding this comment.
We should handle the error here
There was a problem hiding this comment.
Whoops, I meant to use Add actually. Changed it.
sha256 doesn't actually return an error, it's just conforming to the io.Writer interface.
model/project_vars.go
Outdated
| @@ -1140,9 +1151,14 @@ func convertVarToParam(projectID string, pm ParameterMappings, varName, varValue | |||
| return "", "", errors.Errorf("project variable '%s' cannot have an empty value", varName) | |||
| } | |||
|
|
|||
| prefix := GetVarsParameterPath(projectID) + "/" | |||
There was a problem hiding this comment.
nit: can we fmt.Sprintf("%s/", GetVarsParameterPath(projectID)) instead
hadjri
approved these changes
Nov 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DEVPROD-12947
Description
I made an assumption that nobody would choose project IDs that have special characters (e.g.
my cool project (v1.2)) when they could do that in the display name or identifier. Unfortunately this isn't true - a couple projects in production chose project IDs that have special characters in them. The project ID is used in parameter paths to give each project their own unique namespace, but if they have special characters, that means we can't use the project ID as-is. For example,/evergreen/my cool project (v1.2)/myVariableis an invalid parameter path because Parameter Store doesn't allow spaces and parentheses.To work around this, I changed the parameter path to use the SHA256 hash of the project ID, which transforms all project IDs into 64-character hexadecimal strings. So far, nobody's found a collision in SHA256 hashes, so each project ID maps to a unique hash.
/vars/as part of the parameter path. This isn't necessary, but it does more neatly group the project vars parameters in the hierarchy and makes it easier to identify what secrets are stored where when we use Parameter Store more widely.Testing
Updated existing unit tests.
Documentation
N/A