M api/graph/manifest.go => api/graph/manifest.go +1 -1
@@ 51,7 51,7 @@ func LoadManifest(in string) (*Manifest, error) {
for _, sec := range manifest.Secrets {
_, err := uuid.Parse(sec)
- if err != nil {
+ if err != nil && (len(sec) <= 3 || len(sec) >= 512) {
return nil, err
}
}
M buildsrht/manifest.py => buildsrht/manifest.py +15 -4
@@ 82,10 82,21 @@ class Manifest:
if not isinstance(env, dict):
raise Exception("Expected environment to be a dictionary")
if secrets:
- if not isinstance(secrets, list) or not all([isinstance(s, str) for s in secrets]):
- raise Exception("Expected secrets to be a UUID array")
- # Will throw exception on invalid UUIDs as well
- secrets = list(map(uuid.UUID, secrets))
+ if not isinstance(secrets, list) or not all(
+ [isinstance(s, str) for s in secrets]
+ ):
+ raise Exception("Expected secrets to be a UUID/String array")
+
+ def uuid_or_string(s):
+ try:
+ uuid.UUID(s)
+ except ValueError:
+ if len(s) >= 3 and len(s) <= 512:
+ s
+ else:
+ raise Exception("Secret names must be between 3 and 512 chars")
+
+ secrets = list(map(uuid_or_string, secrets))
if shell is not None and not isinstance(shell, bool):
raise Exception("Expected shell to be a boolean")
if artifacts is not None and (
M worker/database.go => worker/database.go +27 -1
@@ 3,6 3,8 @@ package main
import (
"database/sql"
"time"
+
+ "github.com/google/uuid"
)
type Job struct {
@@ 82,7 84,15 @@ func GetJob(db *sql.DB, id int) (*Job, error) {
return &job, nil
}
-func GetSecret(db *sql.DB, uuid string) (*Secret, error) {
+func GetSecret(db *sql.DB, sec string, ownerId int) (*Secret, error) {
+ _, err := uuid.Parse(sec)
+ if err != nil {
+ return GetSecretByName(db, sec, ownerId)
+ }
+ return GetSecretById(db, sec)
+}
+
+func GetSecretById(db *sql.DB, uuid string) (*Secret, error) {
row := db.QueryRow(`
SELECT
"id", "user_id", "created", "updated", "uuid",
@@ 94,7 104,23 @@ func GetSecret(db *sql.DB, uuid string) (*Secret, error) {
&secret.Id, &secret.UserId, &secret.Created, &secret.Updated,
&secret.Uuid, &secret.Name, &secret.SecretType, &secret.Secret,
&secret.Path, &secret.Mode); err != nil {
+ return nil, err
+ }
+ return &secret, nil
+}
+func GetSecretByName(db *sql.DB, uuid string, ownerId int) (*Secret, error) {
+ row := db.QueryRow(`
+ SELECT
+ "id", "user_id", "created", "updated", "uuid",
+ "name", "secret_type", "secret", "path", "mode"
+ FROM "secret" WHERE "name" = $1 AND "user_id" = $2;
+ `, uuid, ownerId)
+ var secret Secret
+ if err := row.Scan(
+ &secret.Id, &secret.UserId, &secret.Created, &secret.Updated,
+ &secret.Uuid, &secret.Name, &secret.SecretType, &secret.Secret,
+ &secret.Path, &secret.Mode); err != nil {
return nil, err
}
return &secret, nil
M worker/go.mod => worker/go.mod +1 -0
@@ 5,6 5,7 @@ require (
github.com/go-redis/redis/v8 v8.2.3
github.com/gocelery/gocelery v0.0.0-20201111034804-825d89059344
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+ github.com/google/uuid v1.0.0
github.com/kr/pty v1.1.3
github.com/lib/pq v1.8.0
github.com/martinlindhe/base36 v1.1.0
M worker/go.sum => worker/go.sum +1 -0
@@ 212,6 212,7 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
M worker/tasks.go => worker/tasks.go +1 -1
@@ 262,7 262,7 @@ func (ctx *JobContext) SendSecrets() error {
sshKeys := 0
for _, uuid := range ctx.Manifest.Secrets {
ctx.Log.Printf("Resolving secret %s\n", uuid)
- secret, err := GetSecret(ctx.Db, uuid)
+ secret, err := GetSecret(ctx.Db, uuid, ctx.Job.OwnerId)
if err != nil {
return errors.Wrap(err, "GetSecret")
}