From 36cd1798afaa3c1c05246a4a338804d20713cf9f Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Wed, 23 Aug 2023 20:53:37 +0700
Subject: [PATCH] fix(jans-pycloudlib): unwanted secrets pulled from google
 secrets manager (#5900)

---
 .../jans/pycloudlib/secret/google_secret.py   | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py b/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py
index 98e7f6d886a..7f253bb700f 100644
--- a/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py
+++ b/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py
@@ -140,7 +140,7 @@ def get_all(self) -> dict[str, _t.Any]:
         resp = self.client.list_secrets(
             request={
                 "parent": f"projects/{self.project_id}",
-                "filter": f"name:{self.google_secret_name}",
+                "filter": f"name:secrets/{self.google_secret_name}",
             }
         )
 
@@ -162,9 +162,9 @@ def get_all(self) -> dict[str, _t.Any]:
         if not payload:
             return {}
 
-        try:
-            data = self._maybe_legacy_payload(payload)
-        except lzma.LZMAError:
+        data = self._maybe_legacy_payload(payload)
+        if not data:
+            logger.warning("Unable to load payload with zlib/lzma format; trying to load using new format.")
             data = json.loads(payload)
 
         # decoded payload
@@ -310,17 +310,23 @@ def _prepare_secret_multipart(self, part: int) -> str:
         return name
 
     def _maybe_legacy_payload(self, payload: bytes) -> dict[str, _t.Any]:
-        try:
+        data = {}
+        payload_str = ""
+
+        with suppress(zlib.error):
             # previously data is compressed using zlib
             payload_str = zlib.decompress(payload).decode("UTF-8")
-            logger.warning("Decompressed legacy data.")
-        except zlib.error:
-            payload_str = lzma.decompress(payload).decode("UTF-8")
+
+        if not payload_str:
+            with suppress(lzma.LZMAError):
+                payload_str = lzma.decompress(payload).decode("UTF-8")
+
+        if not payload_str:
+            return data
 
         try:
             # previously data is double-encrypted
             data: dict[str, _t.Any] = json.loads(self._decrypt(payload_str))
-            logger.warning("Loaded legacy data.")
         except binascii.Error:
             data = json.loads(payload_str)
         return data