Skip to content

Commit

Permalink
Fixes #27485 - encrypt discovery password within task
Browse files Browse the repository at this point in the history 
(cherry picked from commit bc9fa13)
  • Loading branch information
@jlsherrill @jturel
jlsherrill authored and jturel committed Aug 7, 2019
1 parent 91e3d29 commit 4eefa67
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 12 deletions.
22 changes: 10 additions & 12 deletions app/lib/actions/katello/repository/discover.rb
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
module Actions
module Katello
module Repository
class Discover < Actions::Base
class Discover < Actions::EntryAction
include Dynflow::Action::Cancellable
include EncryptValue

input_format do
param :url, String
Expand All @@ -17,22 +18,24 @@ class Discover < Actions::Base
end

def plan(url, content_type, upstream_username, upstream_password, search)
plan_self(url: url, content_type: content_type, upstream_username: upstream_username, upstream_password: upstream_password, search: search)
password = encrypt_field(upstream_password)
plan_self(url: url, content_type: content_type, upstream_username: upstream_username, upstream_password: password, search: search)
end

def run(event = nil)
output[:repo_urls] = output[:repo_urls] || []
output[:crawled] = output[:crawled] || []
output[:to_follow] = output[:to_follow] || [input[:url]]

repo_discovery = ::Katello::RepoDiscovery.new(input[:url], input[:content_type],
input[:upstream_username], input[:upstream_password],
input[:search], proxy,
output[:crawled], output[:repo_urls], output[:to_follow])

match(event,
(on nil do
unless output[:to_follow].empty?
password = decrypt_field(input[:upstream_password])
repo_discovery = ::Katello::RepoDiscovery.new(input[:url], input[:content_type],
input[:upstream_username], password,
input[:search], proxy,
output[:crawled], output[:repo_urls], output[:to_follow])

repo_discovery.run(output[:to_follow].shift)
suspend { |suspended_action| world.clock.ping suspended_action, 0.001 }
end
Expand All @@ -42,11 +45,6 @@ def run(event = nil)
end))
end

# @return <String> urls found by the action
def task_input
input[:url]
end

# @return [Array<String>] urls found by the action
def task_output
output[:repo_urls] || []
Expand Down
47 changes: 47 additions & 0 deletions test/actions/katello/repository/discover_test.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
require 'katello_test_helper'

module EncryptionKey
ENCRYPTION_KEY = nil
end

module Actions
describe Katello::Repository::CloneToVersion do
include Dynflow::Testing
include Support::Actions::Fixtures
include FactoryBot::Syntax::Methods

let(:action_class) { ::Actions::Katello::Repository::Discover }

def setup
get_organization #ensure we have an org label
end

def test_discovers_without_encryption
EncryptionKey.const_set(:ENCRYPTION_KEY, nil)

mock_discovery = mock
url = 'http://foo.com'
::Katello::RepoDiscovery.expects(:new).with(url, 'yum', 'admin', 'secret', nil, {}, [], [], [url]).returns(mock_discovery)
mock_discovery.expects(:run).with("http://foo.com").once

task = ForemanTasks.sync_task(action_class, url, 'yum', 'admin', 'secret', nil)

refute_empty task.input[:upstream_password]
assert_equal task.input[:upstream_password], 'secret'
end

def test_discovers_with_hidden_password
EncryptionKey.const_set(:ENCRYPTION_KEY, 'ebf26a286b3edec3d31ac10e8e97bd60')

mock_discovery = mock
url = 'http://foo.com'
::Katello::RepoDiscovery.expects(:new).with(url, 'yum', 'admin', 'secret', nil, {}, [], [], [url]).returns(mock_discovery)
mock_discovery.expects(:run).with("http://foo.com").once

task = ForemanTasks.sync_task(action_class, url, 'yum', 'admin', 'secret', nil)

refute_empty task.input[:upstream_password]
refute_equal task.input[:upstream_password], 'secret'
end
end
end

0 comments on commit 4eefa67

Please # to comment.