Skip to content

Commit 11a4f36

Browse files
Vault refactor to support workflowOwner as owner of a secret (#2068)
* vault refactor * fixes * tenantID fix * nit * fields deprecation * nit * remove TenantID
1 parent 43fabe4 commit 11a4f36

11 files changed

Lines changed: 148 additions & 72 deletions

File tree

pkg/capabilities/actions/vault/messages.pb.go

Lines changed: 63 additions & 43 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/capabilities/actions/vault/messages.proto

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@ message SecretResponse {
3838

3939
message GetSecretsRequest {
4040
repeated SecretRequest requests = 1;
41-
string org_id = 2;
42-
string workflow_owner = 3;
41+
string org_id = 2 [deprecated = true];
42+
string workflow_owner = 3 [deprecated = true];
4343
}
4444

4545
message GetSecretsResponse {
@@ -54,8 +54,8 @@ message EncryptedSecret {
5454
message CreateSecretsRequest {
5555
string request_id = 1;
5656
repeated EncryptedSecret encrypted_secrets = 2;
57-
string org_id = 3;
58-
string workflow_owner = 4;
57+
string org_id = 3 [deprecated = true];
58+
string workflow_owner = 4 [deprecated = true];
5959
}
6060

6161
message CreateSecretResponse {
@@ -71,8 +71,8 @@ message CreateSecretsResponse {
7171
message UpdateSecretsRequest {
7272
string request_id = 1;
7373
repeated EncryptedSecret encrypted_secrets = 2;
74-
string org_id = 3;
75-
string workflow_owner = 4;
74+
string org_id = 3 [deprecated = true];
75+
string workflow_owner = 4 [deprecated = true];
7676
}
7777

7878
message UpdateSecretResponse {
@@ -88,8 +88,8 @@ message UpdateSecretsResponse {
8888
message DeleteSecretsRequest {
8989
string request_id = 1;
9090
repeated SecretIdentifier ids = 2;
91-
string org_id = 3;
92-
string workflow_owner = 4;
91+
string org_id = 3 [deprecated = true];
92+
string workflow_owner = 4 [deprecated = true];
9393
}
9494

9595
message DeleteSecretResponse {
@@ -106,8 +106,8 @@ message ListSecretIdentifiersRequest {
106106
string request_id = 1;
107107
string owner = 2;
108108
string namespace = 3;
109-
string org_id = 4;
110-
string workflow_owner = 5;
109+
string org_id = 4 [deprecated = true];
110+
string workflow_owner = 5 [deprecated = true];
111111
}
112112

113113
message ListSecretIdentifiersResponse {

pkg/capabilities/capabilities.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -194,11 +194,11 @@ type RequestMetadata struct {
194194

195195
func (m *RequestMetadata) ContextWithCRE(ctx context.Context) context.Context {
196196
val := contexts.CREValue(ctx)
197+
val.Owner = m.WorkflowOwner
198+
val.Workflow = m.WorkflowID
197199
if m.OrgID != "" {
198200
val.Org = m.OrgID
199201
}
200-
val.Owner = m.WorkflowOwner
201-
val.Workflow = m.WorkflowID
202202
return contexts.WithCRE(ctx, val)
203203
}
204204

pkg/capabilities/capabilities_test.go

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -339,10 +339,22 @@ func TestRequestMetadata_ContextWithCRE(t *testing.T) {
339339
ctx = contexts.WithCRE(ctx, contexts.CRE{Org: "org-id"})
340340
require.Equal(t, "org-id", contexts.CREValue(ctx).Org)
341341

342-
// preserve it
342+
// preserve org when RequestMetadata.OrgID is unset
343343
md := RequestMetadata{WorkflowOwner: "owner-id", WorkflowID: "workflow-id"}
344344
ctx = md.ContextWithCRE(ctx)
345345
require.Equal(t, "org-id", contexts.CREValue(ctx).Org)
346+
347+
// OrgID from metadata replaces context org when set
348+
ctx = contexts.WithCRE(t.Context(), contexts.CRE{Org: "old-org"})
349+
md = RequestMetadata{WorkflowOwner: "o", WorkflowID: "w", OrgID: "new-org"}
350+
ctx = md.ContextWithCRE(ctx)
351+
require.Equal(t, "new-org", contexts.CREValue(ctx).Org)
352+
353+
// OrgID propagates when ctx had no org
354+
ctx = md.ContextWithCRE(t.Context())
355+
require.Equal(t, "new-org", contexts.CREValue(ctx).Org)
356+
require.Equal(t, "o", contexts.CREValue(ctx).Owner)
357+
require.Equal(t, "w", contexts.CREValue(ctx).Workflow)
346358
}
347359

348360
func TestRegistrationMetadata_ContextWithCRE(t *testing.T) {

pkg/capabilities/pb/capabilities_helpers.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -431,8 +431,8 @@ func TriggerRegistrationRequestFromProto(req *TriggerRegistrationRequest) (capab
431431
Metadata: capabilities.RequestMetadata{
432432
WorkflowID: md.WorkflowId,
433433
WorkflowOwner: md.WorkflowOwner,
434-
OrgID: md.OrgId,
435434
WorkflowExecutionID: md.WorkflowExecutionId,
435+
OrgID: md.OrgId,
436436
WorkflowName: md.WorkflowName,
437437
WorkflowDonID: md.WorkflowDonId,
438438
WorkflowDonConfigVersion: md.WorkflowDonConfigVersion,

0 commit comments

Comments
 (0)