Add secrets support (#14)

2023-02-14 20:18:41 -07:00
parent 6d2936393b
commit bfd05b6a8a
5 changed files with 395 additions and 69 deletions
@@ -14,15 +14,52 @@ import (
 var log = logging.MustGetLogger("cursorius-server")

 func createSchema(db database.Database) (graphql.Schema, error) {
-	credentialType := graphql.NewObject(graphql.ObjectConfig{
-		Name:        "Credential",
+	secretType := graphql.NewObject(graphql.ObjectConfig{
+		Name:        "Secret",
+		Description: "A secret available for use inside of a pipeline.",
+		Fields: graphql.Fields{
+			"id": &graphql.Field{
+				Type:        graphql.NewNonNull(graphql.String),
+				Description: "The id of the secret.",
+				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+					if secret, ok := p.Source.(database.Secret); ok {
+						return secret.Id, nil
+					}
+					return nil, nil
+				},
+			},
+			"name": &graphql.Field{
+				Type:        graphql.NewNonNull(graphql.String),
+				Description: "The name of the secret.",
+				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+					if secret, ok := p.Source.(database.Secret); ok {
+						return secret.Name, nil
+					}
+					return nil, nil
+				},
+			},
+			"secret": &graphql.Field{
+				Type:        graphql.NewNonNull(graphql.String),
+				Description: "The secret.",
+				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+					if secret, ok := p.Source.(database.Secret); ok {
+						return secret.Secret, nil
+					}
+					return nil, nil
+				},
+			},
+		},
+	})
+
+	cloneCredentialType := graphql.NewObject(graphql.ObjectConfig{
+		Name:        "CloneCredential",
 		Description: "A credential for authenticating with the pipeline source host.",
 		Fields: graphql.Fields{
 			"id": &graphql.Field{
 				Type:        graphql.NewNonNull(graphql.String),
 				Description: "The id of the credential.",
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
-					if credential, ok := p.Source.(database.Credential); ok {
+					if credential, ok := p.Source.(database.CloneCredential); ok {
 						return credential.Id, nil
 					}
 					return nil, nil
@@ -32,7 +69,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 				Type:        graphql.NewNonNull(graphql.String),
 				Description: "The name of the credential.",
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
-					if credential, ok := p.Source.(database.Credential); ok {
+					if credential, ok := p.Source.(database.CloneCredential); ok {
 						return credential.Name, nil
 					}
 					return nil, nil
@@ -42,7 +79,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 				Type:        graphql.NewNonNull(graphql.String),
 				Description: "The credential type.",
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
-					if credential, ok := p.Source.(database.Credential); ok {
+					if credential, ok := p.Source.(database.CloneCredential); ok {
 						return credential.Type, nil
 					}
 					return nil, nil
@@ -52,7 +89,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 				Type:        graphql.NewNonNull(graphql.String),
 				Description: "The username to user with the credential.",
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
-					if credential, ok := p.Source.(database.Credential); ok {
+					if credential, ok := p.Source.(database.CloneCredential); ok {
 						return credential.Username, nil
 					}
 					return nil, nil
@@ -62,7 +99,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 				Type:        graphql.NewNonNull(graphql.String),
 				Description: "The secret for the credential.",
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
-					if credential, ok := p.Source.(database.Credential); ok {
+					if credential, ok := p.Source.(database.CloneCredential); ok {
 						return credential.Secret, nil
 					}
 					return nil, nil
@@ -210,16 +247,28 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					return nil, nil
 				},
 			},
-			"credentialId": &graphql.Field{
-				Type:        graphql.String,
+			"cloneCredential": &graphql.Field{
+				Type:        cloneCredentialType,
 				Description: "The configured credential for cloning the pipeline source.",
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
 					if pipeline, ok := p.Source.(database.Pipeline); ok {
-						return pipeline.Credential, nil
+						if pipeline.CloneCredential != nil {
+							return db.GetCloneCredentialById(*pipeline.CloneCredential)
+						}
 					}
 					return nil, nil
 				},
 			},
+			"secrets": &graphql.Field{
+				Type:        graphql.NewNonNull(graphql.NewList(graphql.NewNonNull(secretType))),
+				Description: "The list of secrets for the pipeline.",
+				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+					if pipeline, ok := p.Source.(database.Pipeline); ok {
+						return db.GetSecretsForPipeline(pipeline.Id)
+					}
+					return []database.Secret{}, nil
+				},
+			},
 			"webhooks": &graphql.Field{
 				Type:        graphql.NewNonNull(graphql.NewList(graphql.NewNonNull(webhookType))),
 				Description: "The list of webhooks for the pipeline.",
@@ -269,8 +318,8 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					return db.GetPipelines()
 				},
 			},
-			"Credential": &graphql.Field{
-				Type: credentialType,
+			"CloneCredential": &graphql.Field{
+				Type: cloneCredentialType,
 				Args: graphql.FieldConfigArgument{
 					"id": &graphql.ArgumentConfig{
 						Type:        graphql.NewNonNull(graphql.String),
@@ -282,16 +331,23 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					if err != nil {
 						return nil, err
 					}
-					return db.GetCredentialById(id)
+					return db.GetCloneCredentialById(id)
 				},
 			},
-			"Credentials": &graphql.Field{
-				Type: graphql.NewNonNull(graphql.NewList(credentialType)),
+			"CloneCredentials": &graphql.Field{
+				Type: graphql.NewNonNull(graphql.NewList(cloneCredentialType)),
 				Args: graphql.FieldConfigArgument{},
 				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
 					return db.GetCredentials()
 				},
 			},
+			"Secrets": &graphql.Field{
+				Type: graphql.NewNonNull(graphql.NewList(secretType)),
+				Args: graphql.FieldConfigArgument{},
+				Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+					return db.GetSecrets()
+				},
+			},
 		},
 	})

@@ -311,7 +367,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					"pollInterval": &graphql.ArgumentConfig{
 						Type: graphql.Int,
 					},
-					"credentialId": &graphql.ArgumentConfig{
+					"cloneCredentialId": &graphql.ArgumentConfig{
 						Type: graphql.String,
 					},
 				},
@@ -324,7 +380,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					}

 					var credential *uuid.UUID
-					if credentialVal, ok := params.Args["credentialId"]; ok {
+					if credentialVal, ok := params.Args["cloneCredentialId"]; ok {
 						id, err := uuid.Parse(credentialVal.(string))
 						if err != nil {
 							return nil, err
@@ -375,9 +431,9 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					return webhook, nil
 				},
 			},
-			"createCredential": &graphql.Field{
-				Type:        credentialType,
-				Description: "Create a new credential",
+			"createCloneCredential": &graphql.Field{
+				Type:        cloneCredentialType,
+				Description: "Create a new CloneCredential",
 				Args: graphql.FieldConfigArgument{
 					"name": &graphql.ArgumentConfig{
 						Type: graphql.NewNonNull(graphql.String),
@@ -396,7 +452,7 @@ func createSchema(db database.Database) (graphql.Schema, error) {

 					credential, err := db.CreateCredential(
 						params.Args["name"].(string),
-						database.CredentialType(params.Args["type"].(string)),
+						database.CloneCredentialType(params.Args["type"].(string)),
 						params.Args["username"].(string),
 						params.Args["secret"].(string),
 					)
@@ -406,11 +462,34 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 					return credential, nil
 				},
 			},
-			"setPipelineCredential": &graphql.Field{
-				Type:        pipelineType,
-				Description: "Add an credential to a pipeline",
+			"createSecret": &graphql.Field{
+				Type:        secretType,
+				Description: "Create a new secret",
 				Args: graphql.FieldConfigArgument{
-					"credentialId": &graphql.ArgumentConfig{
+					"name": &graphql.ArgumentConfig{
+						Type: graphql.NewNonNull(graphql.String),
+					},
+					"secret": &graphql.ArgumentConfig{
+						Type: graphql.NewNonNull(graphql.String),
+					},
+				},
+				Resolve: func(params graphql.ResolveParams) (interface{}, error) {
+
+					secret, err := db.CreateSecret(
+						params.Args["name"].(string),
+						params.Args["secret"].(string),
+					)
+					if err != nil {
+						return nil, err
+					}
+					return secret, nil
+				},
+			},
+			"setPipelineCloneCredential": &graphql.Field{
+				Type:        pipelineType,
+				Description: "Set the CloneCredential used by a pipeline to clone the source repo",
+				Args: graphql.FieldConfigArgument{
+					"cloneCredentialId": &graphql.ArgumentConfig{
 						Type: graphql.String,
 					},
 					"pipelineId": &graphql.ArgumentConfig{
@@ -424,19 +503,19 @@ func createSchema(db database.Database) (graphql.Schema, error) {
 						return nil, err
 					}

-					if credentialIdVal, ok := params.Args["credentialId"]; ok {
-						credentialId, err := uuid.Parse(credentialIdVal.(string))
+					if cloneCredentialIdVal, ok := params.Args["cloneCredentialId"]; ok {
+						cloneCredentialId, err := uuid.Parse(cloneCredentialIdVal.(string))
 						if err != nil {
 							return nil, err
 						}

-						pipeline, err := db.SetPipelineCredential(pipelineId, &credentialId)
+						pipeline, err := db.SetPipelineCloneCredential(pipelineId, &cloneCredentialId)
 						if err != nil {
 							return nil, err
 						}
 						return pipeline, nil
 					} else {
-						pipeline, err := db.SetPipelineCredential(pipelineId, nil)
+						pipeline, err := db.SetPipelineCloneCredential(pipelineId, nil)
 						if err != nil {
 							return nil, err
 						}
@@ -445,6 +524,76 @@ func createSchema(db database.Database) (graphql.Schema, error) {

 				},
 			},
+			"addSecretToPipeline": &graphql.Field{
+				Type:        pipelineType,
+				Description: "Allow a secret to be accessed by a pipeline.",
+				Args: graphql.FieldConfigArgument{
+					"secretId": &graphql.ArgumentConfig{
+						Type: graphql.String,
+					},
+					"pipelineId": &graphql.ArgumentConfig{
+						Type: graphql.NewNonNull(graphql.String),
+					},
+				},
+				Resolve: func(params graphql.ResolveParams) (interface{}, error) {
+
+					secretId, err := uuid.Parse(params.Args["secretId"].(string))
+					if err != nil {
+						return nil, err
+					}
+
+					pipelineId, err := uuid.Parse(params.Args["pipelineId"].(string))
+					if err != nil {
+						return nil, err
+					}
+
+					err = db.AssignSecretToPipeline(pipelineId, secretId)
+					if err != nil {
+						return nil, err
+					}
+
+					pipeline, err := db.GetPipelineById(pipelineId)
+					if err != nil {
+						return nil, err
+					}
+					return pipeline, nil
+				},
+			},
+			"removeSecretFromPipeline": &graphql.Field{
+				Type:        pipelineType,
+				Description: "Remove a pipeline's access to a secret.",
+				Args: graphql.FieldConfigArgument{
+					"secretId": &graphql.ArgumentConfig{
+						Type: graphql.String,
+					},
+					"pipelineId": &graphql.ArgumentConfig{
+						Type: graphql.NewNonNull(graphql.String),
+					},
+				},
+				Resolve: func(params graphql.ResolveParams) (interface{}, error) {
+
+					secretId, err := uuid.Parse(params.Args["secretId"].(string))
+					if err != nil {
+						return nil, err
+					}
+
+					pipelineId, err := uuid.Parse(params.Args["pipelineId"].(string))
+					if err != nil {
+						return nil, err
+					}
+
+					err = db.RemoveSecretFromPipeline(pipelineId, secretId)
+					if err != nil {
+						return nil, err
+					}
+
+					pipeline, err := db.GetPipelineById(pipelineId)
+					if err != nil {
+						return nil, err
+					}
+					return pipeline, nil
+				},
+			},
 		},
 	})