Skip to content

Commit

Permalink
Merge pull request #2406 from swaroopar/feature/fixEnvVarCreds
Browse files Browse the repository at this point in the history 
decrypting fixed to be done only for credentials in cache
  • Loading branch information
@iskey
iskey authored Feb 14, 2025
2 parents bc95712 + d457cb4 commit 75e263f
Showing 1 changed file with 16 additions and 7 deletions.
23 changes: 16 additions & 7 deletions modules/credential/src/main/java/org/eclipse/xpanse/modules/credential/CredentialCenter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ public List<AbstractCredentialInfo> listCredentials(
.forEach(
site -> {
abstractCredentialInfos.addAll(
listUserCredentials(key, site, type, userKey));
listUserCredentials(key, site, type, userKey, false));
});
}
} else {
Expand All @@ -144,14 +144,14 @@ public List<AbstractCredentialInfo> listCredentials(
.forEach(
site -> {
abstractCredentialInfos.addAll(
listUserCredentials(csp, site, type, userKey));
listUserCredentials(csp, site, type, userKey, false));
});
}
return maskSensitiveValues(abstractCredentialInfos);
}

private List<AbstractCredentialInfo> listUserCredentials(
Csp csp, String site, CredentialType type, String userKey) {
Csp csp, String site, CredentialType type, String userKey, boolean isDecryptSecrets) {
List<AbstractCredentialInfo> userCredentials = new ArrayList<>();
List<AbstractCredentialInfo> definedCredentialInfos =
pluginManager.getOrchestratorPlugin(csp).getCredentialDefinitions();
Expand All @@ -173,7 +173,8 @@ private List<AbstractCredentialInfo> listUserCredentials(
site,
credential.getType(),
credential.getName(),
userKey);
userKey,
isDecryptSecrets);
if (Objects.nonNull(credentialInfo)) {
userCredentials.add(credentialInfo);
}
Expand All @@ -183,7 +184,12 @@ private List<AbstractCredentialInfo> listUserCredentials(
}

private AbstractCredentialInfo getCredentialFromCache(
Csp csp, String site, CredentialType type, String credentialName, String userKey) {
Csp csp,
String site,
CredentialType type,
String credentialName,
String userKey,
boolean isDecryptSecrets) {
CredentialCacheKey cacheKey =
new CredentialCacheKey(csp, site, type, credentialName, userKey);
AbstractCredentialInfo credentialInfo = null;
Expand All @@ -196,6 +202,9 @@ private AbstractCredentialInfo getCredentialFromCache(
cacheKey,
e.getMessage());
}
if (isDecryptSecrets && Objects.nonNull(credentialInfo)) {
return decodeSensitiveVariables(credentialInfo);
}
return credentialInfo;
}

Expand Down Expand Up @@ -312,7 +321,7 @@ public AbstractCredentialInfo getCredential(
+ " and user %s is not available",
csp, credentialType, userKey)));
}
return decodeSensitiveVariables(credentialWithAllVariables.get());
return credentialWithAllVariables.get();
}

private void encodeSensitiveVariables(CreateCredential createCredential) {
Expand Down Expand Up @@ -523,7 +532,7 @@ private List<AbstractCredentialInfo> joinCredentialsFromAllSources(
Csp csp, String site, CredentialType requestedCredentialType, String userKey) {
List<AbstractCredentialInfo> joinCredentials = new ArrayList<>();
List<AbstractCredentialInfo> userCredentials =
listUserCredentials(csp, site, requestedCredentialType, userKey);
listUserCredentials(csp, site, requestedCredentialType, userKey, true);
if (!CollectionUtils.isEmpty(userCredentials)) {
for (AbstractCredentialInfo userCredential : userCredentials) {
if (Objects.nonNull(userCredential)) {
Expand Down

0 comments on commit 75e263f

Please sign in to comment.