Add secrets support (#14)
This commit is contained in:
+28
-9
@@ -95,7 +95,7 @@ CREATE TABLE version (
|
||||
|
||||
);
|
||||
|
||||
CREATE TABLE credentials (
|
||||
CREATE TABLE clone_credentials (
|
||||
id UUID PRIMARY KEY,
|
||||
name TEXT NOT NULL,
|
||||
type TEXT NOT NULL,
|
||||
@@ -104,15 +104,34 @@ CREATE TABLE credentials (
|
||||
);
|
||||
|
||||
CREATE TABLE pipelines (
|
||||
id UUID PRIMARY KEY,
|
||||
name TEXT NOT NULL,
|
||||
url TEXT NOT NULL,
|
||||
poll_interval INTEGER,
|
||||
credential UUID DEFAULT NULL,
|
||||
id UUID PRIMARY KEY,
|
||||
name TEXT NOT NULL,
|
||||
url TEXT NOT NULL,
|
||||
poll_interval INTEGER,
|
||||
clone_credential UUID DEFAULT NULL,
|
||||
|
||||
CONSTRAINT fk_credential
|
||||
FOREIGN KEY(credential)
|
||||
REFERENCES credentials(id)
|
||||
CONSTRAINT fk_clone_credential
|
||||
FOREIGN KEY(clone_credential)
|
||||
REFERENCES clone_credentials(id)
|
||||
);
|
||||
|
||||
CREATE TABLE secrets (
|
||||
id UUID PRIMARY KEY,
|
||||
name TEXT NOT NULL UNIQUE,
|
||||
secret TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE TABLE pipeline_secret_mappings (
|
||||
pipeline UUID NOT NULL,
|
||||
secret UUID NOT NULL,
|
||||
|
||||
CONSTRAINT fk_pipeline
|
||||
FOREIGN KEY(pipeline)
|
||||
REFERENCES pipelines(id),
|
||||
|
||||
CONSTRAINT fk_secret
|
||||
FOREIGN KEY(secret)
|
||||
REFERENCES secrets(id)
|
||||
);
|
||||
|
||||
CREATE TABLE webhooks (
|
||||
|
||||
+144
-19
@@ -10,7 +10,7 @@ import (
|
||||
|
||||
func (db *Database) GetPipelines() ([]Pipeline, error) {
|
||||
query := `
|
||||
SELECT id, name, url, poll_interval, credential
|
||||
SELECT id, name, url, poll_interval, clone_credential
|
||||
FROM pipelines;`
|
||||
|
||||
pipelines := make([]Pipeline, 0)
|
||||
@@ -24,7 +24,7 @@ FROM pipelines;`
|
||||
for rows.Next() {
|
||||
var pipeline Pipeline
|
||||
var idStr string
|
||||
if err := rows.Scan(&idStr, &pipeline.Name, &pipeline.Url, &pipeline.PollInterval, &pipeline.Credential); err != nil {
|
||||
if err := rows.Scan(&idStr, &pipeline.Name, &pipeline.Url, &pipeline.PollInterval, &pipeline.CloneCredential); err != nil {
|
||||
return pipelines, err
|
||||
}
|
||||
|
||||
@@ -58,7 +58,7 @@ WHERE id=$1;`
|
||||
|
||||
func (db *Database) CreatePipeline(name string, url string, pollInterval int, credential *uuid.UUID) (Pipeline, error) {
|
||||
query := `
|
||||
INSERT INTO pipelines (id, name, url, poll_interval, credential)
|
||||
INSERT INTO pipelines (id, name, url, poll_interval, clone_credential)
|
||||
VALUES (uuid_generate_v4(), $1, $2, $3, $4)
|
||||
RETURNING id, name, url, poll_interval;`
|
||||
|
||||
@@ -77,12 +77,12 @@ RETURNING id, name, url, poll_interval;`
|
||||
return pipeline, nil
|
||||
}
|
||||
|
||||
func (db *Database) SetPipelineCredential(pipelineId uuid.UUID, credentialId *uuid.UUID) (Pipeline, error) {
|
||||
func (db *Database) SetPipelineCloneCredential(pipelineId uuid.UUID, credentialId *uuid.UUID) (Pipeline, error) {
|
||||
query := `
|
||||
UPDATE pipelines
|
||||
SET credential=$1
|
||||
SET clone_credential=$1
|
||||
WHERE id=$2
|
||||
RETURNING name, url, poll_interval, credential;`
|
||||
RETURNING name, url, poll_interval, clone_credential;`
|
||||
|
||||
pipeline := Pipeline{
|
||||
Id: pipelineId,
|
||||
@@ -90,7 +90,7 @@ RETURNING name, url, poll_interval, credential;`
|
||||
|
||||
err := db.Conn.QueryRow(context.Background(),
|
||||
query, credentialId, pipelineId).Scan(
|
||||
&pipeline.Name, &pipeline.Url, &pipeline.PollInterval, &pipeline.Credential,
|
||||
&pipeline.Name, &pipeline.Url, &pipeline.PollInterval, &pipeline.CloneCredential,
|
||||
)
|
||||
if err != nil {
|
||||
return pipeline, fmt.Errorf("Could not add credential to pipeline: %w", err)
|
||||
@@ -104,7 +104,7 @@ func (db *Database) RemovePipelineCredential(pipelineId uuid.UUID) (Pipeline, er
|
||||
UPDATE pipelines
|
||||
SET credential=null
|
||||
WHERE id=$1
|
||||
RETURNING name, url, poll_interval, credential;`
|
||||
RETURNING name, url, poll_interval, clone_credential;`
|
||||
|
||||
pipeline := Pipeline{
|
||||
Id: pipelineId,
|
||||
@@ -112,7 +112,7 @@ RETURNING name, url, poll_interval, credential;`
|
||||
|
||||
err := db.Conn.QueryRow(context.Background(),
|
||||
query, pipelineId).Scan(
|
||||
&pipeline.Name, &pipeline.Url, &pipeline.PollInterval, &pipeline.Credential,
|
||||
&pipeline.Name, &pipeline.Url, &pipeline.PollInterval, &pipeline.CloneCredential,
|
||||
)
|
||||
if err != nil {
|
||||
return pipeline, fmt.Errorf("Could not add credential to pipeline: %w", err)
|
||||
@@ -194,13 +194,13 @@ RETURNING id, server_type, secret, pipeline;`
|
||||
return webhook, nil
|
||||
}
|
||||
|
||||
func (db *Database) CreateCredential(name string, credentialtype CredentialType, username string, secret string) (Credential, error) {
|
||||
func (db *Database) CreateCredential(name string, credentialtype CloneCredentialType, username string, secret string) (CloneCredential, error) {
|
||||
query := `
|
||||
INSERT INTO credentials (id, name, type, username, secret)
|
||||
INSERT INTO clone_credentials (id, name, type, username, secret)
|
||||
VALUES(uuid_generate_v4(), $1, $2, $3, $4)
|
||||
RETURNING id, name, type, username, secret;`
|
||||
|
||||
credential := Credential{}
|
||||
credential := CloneCredential{}
|
||||
var idStr string
|
||||
err := db.Conn.QueryRow(
|
||||
context.Background(),
|
||||
@@ -224,15 +224,15 @@ RETURNING id, name, type, username, secret;`
|
||||
return credential, nil
|
||||
}
|
||||
|
||||
func (db *Database) GetCredentialById(id uuid.UUID) (Credential, error) {
|
||||
func (db *Database) GetCloneCredentialById(id uuid.UUID) (CloneCredential, error) {
|
||||
query := `
|
||||
SELECT name, type, username, secret
|
||||
FROM credentials
|
||||
FROM clone_credentials
|
||||
WHERE id=$1;`
|
||||
|
||||
log.Debugf("requested credential with id %v", id)
|
||||
|
||||
credential := Credential{
|
||||
credential := CloneCredential{
|
||||
Id: id,
|
||||
}
|
||||
|
||||
@@ -244,12 +244,12 @@ WHERE id=$1;`
|
||||
return credential, nil
|
||||
}
|
||||
|
||||
func (db *Database) GetCredentials() ([]Credential, error) {
|
||||
func (db *Database) GetCredentials() ([]CloneCredential, error) {
|
||||
query := `
|
||||
SELECT id, name, type, username, secret
|
||||
FROM credentials;`
|
||||
FROM clone_credentials;`
|
||||
|
||||
credentials := make([]Credential, 0)
|
||||
credentials := make([]CloneCredential, 0)
|
||||
|
||||
rows, err := db.Conn.Query(context.Background(), query)
|
||||
if err != nil {
|
||||
@@ -258,7 +258,7 @@ FROM credentials;`
|
||||
defer rows.Close()
|
||||
|
||||
for rows.Next() {
|
||||
var credential Credential
|
||||
var credential CloneCredential
|
||||
var idStr string
|
||||
if err := rows.Scan(&idStr, &credential.Name, &credential.Type, &credential.Username, &credential.Secret); err != nil {
|
||||
return credentials, err
|
||||
@@ -395,3 +395,128 @@ func (db *Database) UpdatePipelineRefs(pipelineId uuid.UUID, refsMap map[string]
|
||||
log.Debugf("copyCount: %v", copyCount)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (db *Database) GetSecrets() ([]Secret, error) {
|
||||
query := `
|
||||
SELECT id, name, secret
|
||||
FROM secrets;`
|
||||
|
||||
secrets := make([]Secret, 0)
|
||||
|
||||
rows, err := db.Conn.Query(context.Background(), query)
|
||||
if err != nil {
|
||||
return secrets, fmt.Errorf("Could not query database for secrets: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
for rows.Next() {
|
||||
var secret Secret
|
||||
var idStr string
|
||||
if err := rows.Scan(&idStr, &secret.Name, &secret.Secret); err != nil {
|
||||
return secrets, err
|
||||
}
|
||||
|
||||
secret.Id, err = uuid.Parse(idStr)
|
||||
if err != nil {
|
||||
return secrets, err
|
||||
}
|
||||
secrets = append(secrets, secret)
|
||||
}
|
||||
|
||||
return secrets, nil
|
||||
}
|
||||
|
||||
func (db *Database) GetSecretById(id uuid.UUID) (Secret, error) {
|
||||
query := `
|
||||
SELECT id, name, secret
|
||||
FROM secrets
|
||||
WHERE id=$1;`
|
||||
|
||||
secret := Secret{
|
||||
Id: id,
|
||||
}
|
||||
|
||||
err := db.Conn.QueryRow(context.Background(), query, id).Scan(&secret.Name, &secret.Secret)
|
||||
if err != nil {
|
||||
return secret, fmt.Errorf("Could not query database for secret with id %v: %w", id.String(), err)
|
||||
}
|
||||
|
||||
return secret, nil
|
||||
}
|
||||
|
||||
func (db *Database) CreateSecret(name string, secret string) (Secret, error) {
|
||||
// TODO: we need to validate that we can convert the name to a valid environment variable
|
||||
query := `
|
||||
INSERT INTO secrets (id, name, secret)
|
||||
VALUES (uuid_generate_v4(), $1, $2)
|
||||
RETURNING id, name, secret;`
|
||||
|
||||
s := Secret{}
|
||||
var idStr string
|
||||
err := db.Conn.QueryRow(context.Background(), query, name, secret).Scan(&idStr, &s.Name, &s.Secret)
|
||||
if err != nil {
|
||||
return s, fmt.Errorf("Could not create secret: %w", err)
|
||||
}
|
||||
|
||||
s.Id, err = uuid.Parse(idStr)
|
||||
if err != nil {
|
||||
return s, fmt.Errorf("Could not parse UUID generated by DB: %w", err)
|
||||
}
|
||||
|
||||
return s, nil
|
||||
}
|
||||
|
||||
func (db *Database) AssignSecretToPipeline(pipelineId uuid.UUID, secretId uuid.UUID) error {
|
||||
query := `
|
||||
INSERT INTO pipeline_secret_mappings (pipeline, secret)
|
||||
VALUES ($1, $2);`
|
||||
|
||||
_, err := db.Conn.Exec(context.Background(), query, pipelineId, secretId)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (db *Database) RemoveSecretFromPipeline(pipelineId uuid.UUID, secretId uuid.UUID) error {
|
||||
// TODO: implement this
|
||||
return fmt.Errorf("Not implemented")
|
||||
}
|
||||
|
||||
func (db *Database) GetSecretsForPipeline(pipelineId uuid.UUID) ([]Secret, error) {
|
||||
query := `
|
||||
SELECT
|
||||
secrets.id, secrets.name, secrets.secret
|
||||
FROM
|
||||
secrets INNER JOIN pipeline_secret_mappings
|
||||
ON secrets.id = pipeline_secret_mappings.secret
|
||||
WHERE
|
||||
pipeline_secret_mappings.pipeline=$1
|
||||
;`
|
||||
|
||||
secrets := make([]Secret, 0)
|
||||
|
||||
rows, err := db.Conn.Query(context.Background(), query, pipelineId)
|
||||
if err != nil {
|
||||
return secrets, fmt.Errorf("Could not get secrets for pipeline with id \"%v\": %w", pipelineId, err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
for rows.Next() {
|
||||
var secret Secret
|
||||
var idStr string
|
||||
if err := rows.Scan(
|
||||
&idStr,
|
||||
&secret.Name,
|
||||
&secret.Secret,
|
||||
); err != nil {
|
||||
return secrets, err
|
||||
}
|
||||
|
||||
secret.Id, err = uuid.Parse(idStr)
|
||||
if err != nil {
|
||||
return secrets, err
|
||||
}
|
||||
secrets = append(secrets, secret)
|
||||
}
|
||||
|
||||
return secrets, nil
|
||||
}
|
||||
|
||||
+21
-10
@@ -6,27 +6,38 @@ import (
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
type CredentialType string
|
||||
type CloneCredentialType string
|
||||
|
||||
const (
|
||||
USER_PASS CredentialType = "USER_PASS"
|
||||
SSH_KEY CredentialType = "SSH_KEY"
|
||||
USER_PASS CloneCredentialType = "USER_PASS"
|
||||
SSH_KEY CloneCredentialType = "SSH_KEY"
|
||||
)
|
||||
|
||||
type Credential struct {
|
||||
type CloneCredential struct {
|
||||
Id uuid.UUID
|
||||
Name string
|
||||
Type CredentialType
|
||||
Type CloneCredentialType
|
||||
Username string
|
||||
Secret string
|
||||
}
|
||||
|
||||
type Pipeline struct {
|
||||
Id uuid.UUID
|
||||
Name string
|
||||
Url string
|
||||
PollInterval int
|
||||
Credential *uuid.UUID
|
||||
Id uuid.UUID
|
||||
Name string
|
||||
Url string
|
||||
PollInterval int
|
||||
CloneCredential *uuid.UUID
|
||||
}
|
||||
|
||||
type Secret struct {
|
||||
Id uuid.UUID
|
||||
Name string
|
||||
Secret string
|
||||
}
|
||||
|
||||
type PipelineSecretMapping struct {
|
||||
Pipeline uuid.UUID
|
||||
Secret uuid.UUID
|
||||
}
|
||||
|
||||
type WebhookSender string
|
||||
|
||||
Reference in New Issue
Block a user