Skip to content

Commit 5d8e805

Browse files
VikasMaddukuriHarnessVikasMaddukuriHarness
authored
fix: [PL-27860]: Updating the ppt whenever the secret is updated (#36981)
* fix: [PL-27860]: Updating the ppt whenever the secret is updated * fix: [PL-27860]: added for token renewal * fix: [PL-27860]: removed the dependency in ngVaultServiceImpl * fix: [PL-27860]: Removed dependency * fix: [PL-27860]: Added UT
1 parent 5fdaa9c commit 5d8e805

8 files changed

Lines changed: 125 additions & 0 deletions

File tree

120-ng-manager/src/main/java/io/harness/ng/ConnectorServiceImpl.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -712,6 +712,11 @@ public void resetHeartbeatForReferringConnectors(List<Pair<String, String>> conn
712712
defaultConnectorService.resetHeartbeatForReferringConnectors(connectorPerpetualTaskInfoList);
713713
}
714714

715+
@Override
716+
public void resetHeartBeatTask(String accountId, String taskId) {
717+
defaultConnectorService.resetHeartBeatTask(accountId, taskId);
718+
}
719+
715720
@Override
716721
public Page<ConnectorResponseDTO> list(int page, int size, String accountIdentifier,
717722
ConnectorFilterPropertiesDTO filterProperties, String orgIdentifier, String projectIdentifier,

120-ng-manager/src/main/java/io/harness/ng/SecretManagerConnectorServiceImpl.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,11 @@ public void resetHeartbeatForReferringConnectors(List<Pair<String, String>> conn
322322
defaultConnectorService.resetHeartbeatForReferringConnectors(connectorPerpetualTaskInfoList);
323323
}
324324

325+
@Override
326+
public void resetHeartBeatTask(String accountId, String taskId) {
327+
defaultConnectorService.resetHeartBeatTask(accountId, taskId);
328+
}
329+
325330
@Override
326331
public Page<ConnectorResponseDTO> list(int page, int size, String accountIdentifier,
327332
ConnectorFilterPropertiesDTO filterProperties, String orgIdentifier, String projectIdentifier,

440-connector-nextgen/src/main/java/io/harness/connector/impl/DefaultConnectorServiceImpl.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1036,6 +1036,10 @@ public void resetHeartbeatForReferringConnectors(List<Pair<String, String>> conn
10361036
}
10371037
}
10381038

1039+
public void resetHeartBeatTask(String accountId, String taskId) {
1040+
connectorHeartbeatService.resetPerpetualTask(accountId, taskId);
1041+
}
1042+
10391043
@Override
10401044
public List<ConnectorResponseDTO> listbyFQN(String accountIdentifier, List<String> connectorFQN) {
10411045
if (isEmpty(connectorFQN)) {

440-connector-nextgen/src/main/java/io/harness/connector/impl/NGConnectorSecretManagerServiceImpl.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,4 +134,14 @@ public void resolveSecretManagerScriptSecrets(String accountIdentifier, String p
134134
customEncryptor.resolveSecretManagerConfig(accountIdentifier, encryptedDataParamsSet, encryptionConfig);
135135
encryptionConfig.setScript(script);
136136
}
137+
138+
public String getPerpetualTaskId(
139+
String accountIdentifier, String orgIdentifier, String projectIdentifier, String identifier) {
140+
return connectorService.getHeartbeatPerpetualTaskId(
141+
accountIdentifier, orgIdentifier, projectIdentifier, identifier);
142+
}
143+
144+
public void resetHeartBeatTask(String accountId, String taskId) {
145+
connectorService.resetHeartBeatTask(accountId, taskId);
146+
}
137147
}

440-connector-nextgen/src/main/java/io/harness/connector/impl/NGVaultServiceImpl.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,7 @@ public void renewToken(VaultConnector vaultConnector) {
170170
if (ngVaultRenewalTaskResponse.isSuccessful()) {
171171
vaultConnector.setRenewedAt(System.currentTimeMillis());
172172
connectorRepository.save(vaultConnector, ChangeType.NONE);
173+
updatePerpetualTaskWhenTokenIsRenewed(vaultConnector);
173174
}
174175
}
175176

@@ -242,6 +243,7 @@ public void renewAppRoleClientToken(VaultConnector vaultConnector) {
242243
}
243244
vaultConnector.setRenewedAt(System.currentTimeMillis());
244245
connectorRepository.save(vaultConnector, ChangeType.NONE);
246+
updatePerpetualTaskWhenTokenIsRenewed(vaultConnector);
245247
}
246248

247249
@Override
@@ -833,4 +835,11 @@ private EncryptedRecordData buildEncryptedRecordData(NGEncryptedData encryptedDa
833835
.base64Encoded(encryptedData.isBase64Encoded())
834836
.build();
835837
}
838+
839+
private void updatePerpetualTaskWhenTokenIsRenewed(VaultConnector vaultConnector) {
840+
String heartBeatPerpetualTaskId =
841+
ngConnectorSecretManagerService.getPerpetualTaskId(vaultConnector.getAccountIdentifier(),
842+
vaultConnector.getOrgIdentifier(), vaultConnector.getProjectIdentifier(), vaultConnector.getIdentifier());
843+
ngConnectorSecretManagerService.resetHeartBeatTask(vaultConnector.getAccountIdentifier(), heartBeatPerpetualTaskId);
844+
}
836845
}

440-connector-nextgen/src/main/java/io/harness/connector/services/ConnectorService.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@ String getHeartbeatPerpetualTaskId(
3535
*/
3636
void resetHeartbeatForReferringConnectors(List<Pair<String, String>> connectorPerpetualTaskInfoList);
3737

38+
void resetHeartBeatTask(String accountId, String taskId);
39+
3840
boolean checkConnectorExecutableOnDelegate(ConnectorInfoDTO connectorInfo);
3941

4042
boolean markEntityInvalid(String accountIdentifier, EntityReference entityReference, String invalidYaml);

440-connector-nextgen/src/main/java/io/harness/connector/services/NGConnectorSecretManagerService.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,4 +30,9 @@ default ConnectorDTO getConnectorDTO(
3030

3131
void resolveSecretManagerScriptSecrets(String accountIdentifier, String path,
3232
CustomSecretNGManagerConfig encryptionConfig, SecretManagerConfigDTO secretManagerConfigDTO);
33+
34+
String getPerpetualTaskId(
35+
String accountIdentifier, String orgIdentifier, String projectIdentifier, String identifier);
36+
37+
void resetHeartBeatTask(String accountId, String taskId);
3338
}

440-connector-nextgen/src/test/java/io/harness/connector/impl/NGVaultServiceImplTest.java

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,15 +36,19 @@
3636
import io.harness.connector.ConnectorDTO;
3737
import io.harness.connector.ConnectorInfoDTO;
3838
import io.harness.connector.entities.embedded.vaultconnector.VaultConnector;
39+
import io.harness.connector.mappers.secretmanagermapper.VaultDTOToEntity;
3940
import io.harness.connector.mappers.secretmanagermapper.VaultEntityToDTO;
4041
import io.harness.connector.services.NGConnectorSecretManagerService;
42+
import io.harness.delegate.beans.DelegateMetaInfo;
4143
import io.harness.delegate.beans.connector.ConnectorType;
4244
import io.harness.delegate.beans.connector.vaultconnector.VaultConnectorDTO;
4345
import io.harness.delegate.utils.TaskSetupAbstractionHelper;
4446
import io.harness.delegatetasks.NGVaultFetchEngineTaskResponse;
4547
import io.harness.delegatetasks.NGVaultRenewalAppRoleTaskResponse;
4648
import io.harness.delegatetasks.NGVaultRenewalTaskParameters;
49+
import io.harness.delegatetasks.NGVaultRenewalTaskResponse;
4750
import io.harness.encryption.SecretRefData;
51+
import io.harness.git.model.ChangeType;
4852
import io.harness.helpers.ext.vault.VaultAppRoleLoginResult;
4953
import io.harness.ng.core.api.NGEncryptedDataService;
5054
import io.harness.ng.core.api.SecretCrudService;
@@ -81,6 +85,7 @@
8185
@OwnedBy(PL)
8286
public class NGVaultServiceImplTest extends CategoryTest {
8387
@InjectMocks VaultEntityToDTO vaultEntityToDTO;
88+
@InjectMocks VaultDTOToEntity vaultDTOToEntity;
8489

8590
DelegateGrpcClientWrapper delegateService;
8691
NGConnectorSecretManagerService ngConnectorSecretManagerService;
@@ -285,6 +290,62 @@ public void testProcessAppRole_VaultConfigHasRequiredLoginParams() throws IOExce
285290
.isEqualTo(String.valueOf(vaultConnectorDTO.getSecretId().getDecryptedValue()));
286291
}
287292

293+
@Test
294+
@Owner(developers = VIKAS_M)
295+
@Category(UnitTests.class)
296+
public void testRenewAppRoleClientToken_willUpdateCorrespondingPPT() throws IOException {
297+
VaultConnectorDTO vaultConnectorDTO = vaultEntityToDTO.createConnectorDTO(buildAppRoleVaultConnector());
298+
vaultConnectorDTO.setRenewAppRoleToken(true);
299+
VaultConnector vaultConnector = vaultDTOToEntity.toConnectorEntity(vaultConnectorDTO);
300+
VaultConfigDTO vaultConfigDTO = (VaultConfigDTO) getVaultConfigDTOWithAppRoleAuth();
301+
vaultConfigDTO.setEncryptionType(VAULT);
302+
Call<RestResponse<Boolean>> request = mock(Call.class);
303+
doReturn(request).when(accountClient).isFeatureFlagEnabled(any(), any());
304+
when(request.execute()).thenReturn(Response.success(new RestResponse<>(false)));
305+
when(ngConnectorSecretManagerService.getUsingIdentifier(any(), any(), any(), any(), anyBoolean()))
306+
.thenReturn(vaultConfigDTO);
307+
when(delegateService.executeSyncTask(any()))
308+
.thenReturn(
309+
NGVaultRenewalAppRoleTaskResponse.builder()
310+
.vaultAppRoleLoginResult(VaultAppRoleLoginResult.builder().clientToken(randomAlphabetic(10)).build())
311+
.build());
312+
when(ngEncryptedDataService.updateSecretText(any(), any())).thenReturn(NGEncryptedData.builder().build());
313+
when(connectorRepository.save(vaultConnector, ChangeType.NONE)).thenReturn(vaultConnector);
314+
ngVaultService.renewAppRoleClientToken(vaultConnector);
315+
ArgumentCaptor<String> argumentCaptor = ArgumentCaptor.forClass(String.class);
316+
verify(ngConnectorSecretManagerService, times(1)).getPerpetualTaskId(any(), any(), any(), argumentCaptor.capture());
317+
assertThat(argumentCaptor.getValue()).isEqualTo(vaultConnector.getIdentifier());
318+
verify(ngConnectorSecretManagerService, times(1)).resetHeartBeatTask(any(), any());
319+
}
320+
321+
@Test
322+
@Owner(developers = VIKAS_M)
323+
@Category(UnitTests.class)
324+
public void testRenewVaultToken_willUpdateCorrespondingPPT() throws IOException {
325+
VaultConnectorDTO vaultConnectorDTO = vaultEntityToDTO.createConnectorDTO(buildTokenBasedConnector());
326+
vaultConnectorDTO.setRenewAppRoleToken(true);
327+
VaultConnector vaultConnector = vaultDTOToEntity.toConnectorEntity(vaultConnectorDTO);
328+
VaultConfigDTO vaultConfigDTO = (VaultConfigDTO) getVaultConfigDTOWithAuthToken();
329+
vaultConfigDTO.setEncryptionType(VAULT);
330+
Call<RestResponse<Boolean>> request = mock(Call.class);
331+
doReturn(request).when(accountClient).isFeatureFlagEnabled(any(), any());
332+
when(request.execute()).thenReturn(Response.success(new RestResponse<>(false)));
333+
when(ngConnectorSecretManagerService.getUsingIdentifier(any(), any(), any(), any(), anyBoolean()))
334+
.thenReturn(vaultConfigDTO);
335+
when(delegateService.executeSyncTask(any()))
336+
.thenReturn(NGVaultRenewalTaskResponse.builder()
337+
.isSuccessful(true)
338+
.delegateMetaInfo(DelegateMetaInfo.builder().hostName("hostName").id("id").build())
339+
.build());
340+
when(ngEncryptedDataService.updateSecretText(any(), any())).thenReturn(NGEncryptedData.builder().build());
341+
when(connectorRepository.save(vaultConnector, ChangeType.NONE)).thenReturn(vaultConnector);
342+
ngVaultService.renewToken(vaultConnector);
343+
ArgumentCaptor<String> argumentCaptor = ArgumentCaptor.forClass(String.class);
344+
verify(ngConnectorSecretManagerService, times(1)).getPerpetualTaskId(any(), any(), any(), argumentCaptor.capture());
345+
assertThat(argumentCaptor.getValue()).isEqualTo(vaultConnector.getIdentifier());
346+
verify(ngConnectorSecretManagerService, times(1)).resetHeartBeatTask(any(), any());
347+
}
348+
288349
private VaultConnector buildAppRoleVaultConnector() {
289350
return VaultConnector.builder()
290351
.accessType(AccessType.APP_ROLE)
@@ -295,12 +356,22 @@ private VaultConnector buildAppRoleVaultConnector() {
295356
.build();
296357
}
297358

359+
private VaultConnector buildTokenBasedConnector() {
360+
return VaultConnector.builder()
361+
.accessType(AccessType.TOKEN)
362+
.vaultUrl(HTTP_VAULT_URL)
363+
.authTokenRef("tokenRef")
364+
.namespace(randomAlphabetic(10))
365+
.build();
366+
}
367+
298368
private SecretManagerConfigDTO getVaultConfigDTOWithAuthToken() {
299369
String authToken = "authToken";
300370
String secretEngineName = "secretEngine";
301371
VaultConfigDTO vaultConfigDTO = VaultConfigDTO.builder().build();
302372
vaultConfigDTO.setIdentifier(KMS_IDENTIFIER);
303373
vaultConfigDTO.setVaultUrl(HTTP_VAULT_URL);
374+
vaultConfigDTO.setName(CONNECTOR_NAME);
304375
vaultConfigDTO.setAuthToken(authToken);
305376
vaultConfigDTO.setSecretEngineName(secretEngineName);
306377
vaultConfigDTO.setUseVaultAgent(false);
@@ -309,6 +380,20 @@ private SecretManagerConfigDTO getVaultConfigDTOWithAuthToken() {
309380
return vaultConfigDTO;
310381
}
311382

383+
private SecretManagerConfigDTO getVaultConfigDTOWithAppRoleAuth() {
384+
String secretEngineName = "secretEngine";
385+
VaultConfigDTO vaultConfigDTO = VaultConfigDTO.builder().build();
386+
vaultConfigDTO.setIdentifier(KMS_IDENTIFIER);
387+
vaultConfigDTO.setName(CONNECTOR_NAME);
388+
vaultConfigDTO.setVaultUrl(HTTP_VAULT_URL);
389+
vaultConfigDTO.setAppRoleId("test-role-id");
390+
vaultConfigDTO.setSecretEngineName(secretEngineName);
391+
vaultConfigDTO.setUseVaultAgent(false);
392+
vaultConfigDTO.setUseK8sAuth(false);
393+
vaultConfigDTO.setUseAwsIam(false);
394+
return vaultConfigDTO;
395+
}
396+
312397
private void setUpCommonMocks() throws IOException {
313398
when(ngEncryptedDataService.get(any(), any(), any(), any())).thenReturn(NGEncryptedData.builder().build());
314399
when(ngEncryptorService.fetchSecretValue(any(), any(), any())).thenReturn(randomAlphabetic(10).toCharArray());

0 commit comments

Comments
 (0)