🔒 : use credentials id instead of credentials object to avoid leakage

gaia-app · Jul 12, 2020 · c85f1e8 · c85f1e8
1 parent 2aa1b0d
commit c85f1e8
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 10 deletions.
diff --git a/src/main/java/io/gaia_app/stacks/bo/Stack.java b/src/main/java/io/gaia_app/stacks/bo/Stack.java
@@ -1,6 +1,5 @@
 package io.gaia_app.stacks.bo;
 
-import io.gaia_app.credentials.Credentials;
 import io.gaia_app.teams.Team;
 import io.gaia_app.teams.User;
 import org.springframework.data.mongodb.core.mapping.DBRef;
@@ -60,8 +59,7 @@ public class Stack {
 
     private BigDecimal estimatedRunningCost;
 
-    @DBRef
-    private Credentials credentials;
+    private String credentialsId;
 
     @DBRef
     private User createdBy;
@@ -177,11 +175,11 @@ public void setUpdatedAt(LocalDateTime updatedAt) {
         this.updatedAt = updatedAt;
     }
 
-    public Credentials getCredentials() {
-        return credentials;
+    public String getCredentialsId() {
+        return credentialsId;
     }
 
-    public void setCredentials(Credentials credentials) {
-        this.credentials = credentials;
+    public void setCredentialsId(String credentialsId) {
+        this.credentialsId = credentialsId;
     }
 }
diff --git a/src/main/java/io/gaia_app/stacks/controller/StackRestController.java b/src/main/java/io/gaia_app/stacks/controller/StackRestController.java
@@ -1,5 +1,6 @@
 package io.gaia_app.stacks.controller;
 
+import io.gaia_app.credentials.CredentialsRepository;
 import io.gaia_app.modules.repository.TerraformModuleRepository;
 import io.gaia_app.stacks.bo.Job;
 import io.gaia_app.stacks.bo.JobType;
@@ -9,7 +10,6 @@
 import io.gaia_app.stacks.service.StackCostCalculator;
 import io.gaia_app.teams.Team;
 import io.gaia_app.teams.User;
-import io.gaia_app.stacks.bo.Stack;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
@@ -32,16 +32,20 @@ public class StackRestController {
 
     private JobRepository jobRepository;
 
+    private CredentialsRepository credentialsRepository;
+
     @Autowired
     public StackRestController(
         StackRepository stackRepository,
         StackCostCalculator stackCostCalculator,
         TerraformModuleRepository terraformModuleRepository,
-        JobRepository jobRepository) {
+        JobRepository jobRepository,
+        CredentialsRepository credentialsRepository) {
         this.stackRepository = stackRepository;
         this.stackCostCalculator = stackCostCalculator;
         this.terraformModuleRepository = terraformModuleRepository;
         this.jobRepository = jobRepository;
+        this.credentialsRepository = credentialsRepository;
     }
 
     @GetMapping
@@ -95,7 +99,8 @@ public Map<String, String> launchJob(@PathVariable String id, @PathVariable JobT
         // create a new job
         var job = new Job(jobType, id, user);
         job.setTerraformImage(module.getTerraformImage());
-        job.setCredentials(stack.getCredentials());
+        this.credentialsRepository.findById(stack.getCredentialsId())
+            .ifPresent(job::setCredentials);
         jobRepository.save(job);
 
         return Map.of("jobId", job.getId());

diff --git a/src/test/java/io/gaia_app/stacks/controller/StackRestControllerTest.java b/src/test/java/io/gaia_app/stacks/controller/StackRestControllerTest.java
@@ -1,5 +1,6 @@
 package io.gaia_app.stacks.controller;
 
+import io.gaia_app.credentials.CredentialsRepository;
 import io.gaia_app.modules.bo.TerraformImage;
 import io.gaia_app.modules.bo.TerraformModule;
 import io.gaia_app.modules.repository.TerraformModuleRepository;
@@ -61,6 +62,9 @@ class StackRestControllerTest {
     @Mock
     private JobRepository jobRepository;
 
+    @Mock
+    private CredentialsRepository credentialsRepository;
+
     @Test
     void listStack_shouldFindAllStacks_forAdminUser() {
         // when