fix(api): integration crypto migration (#5145)

ovh · Apr 27, 2020 · 581a47c · 581a47c
1 parent 2e606fa
commit 581a47c
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 11 deletions.
diff --git a/engine/api/event/event.go b/engine/api/event/event.go
@@ -86,7 +86,7 @@ func DeleteEventIntegration(eventIntegrationID int64) {
 func ResetEventIntegration(ctx context.Context, db gorp.SqlExecutor, eventIntegrationID int64) error {
 	brokerConnectionKey := strconv.FormatInt(eventIntegrationID, 10)
 	brokersConnectionCache.Delete(brokerConnectionKey)
-	projInt, err := integration.LoadProjectIntegrationByID(db, eventIntegrationID, true)
+	projInt, err := integration.LoadProjectIntegrationByIDWithClearPassword(db, eventIntegrationID)
 	if err != nil {
 		return fmt.Errorf("cannot load project integration id %d and type event: %v", eventIntegrationID, err)
 	}
@@ -163,7 +163,7 @@ func DequeueEvent(ctx context.Context, db *gorp.DbMap) {
 			brokerConnectionKey := strconv.FormatInt(eventIntegrationID, 10)
 			brokerConnection, ok := brokersConnectionCache.Get(brokerConnectionKey)
 			if !ok {
-				projInt, err := integration.LoadProjectIntegrationByID(db, eventIntegrationID, true)
+				projInt, err := integration.LoadProjectIntegrationByIDWithClearPassword(db, eventIntegrationID)
 				if err != nil {
 					log.Error(ctx, "Event.DequeueEvent> Cannot load project integration for project %s and id %d and type event: %v", e.ProjectKey, eventIntegrationID, err)
 					continue

diff --git a/engine/api/integration/dao_project_integration.go b/engine/api/integration/dao_project_integration.go
@@ -75,13 +75,13 @@ func LoadProjectIntegrationByNameWithClearPassword(db gorp.SqlExecutor, key stri
 }
 
 // LoadProjectIntegrationByID returns integration, selecting by its id
-func LoadProjectIntegrationByID(db gorp.SqlExecutor, id int64, clearPassword bool) (*sdk.ProjectIntegration, error) {
+func LoadProjectIntegrationByID(db gorp.SqlExecutor, id int64) (*sdk.ProjectIntegration, error) {
 	query := gorpmapping.NewQuery("SELECT * from project_integration WHERE id = $1").Args(id)
 	pp, err := load(db, query)
 	return &pp, err
 }
 
-func LoadProjectIntegrationByIDWithClearPassword(db gorp.SqlExecutor, id int64, clearPassword bool) (*sdk.ProjectIntegration, error) {
+func LoadProjectIntegrationByIDWithClearPassword(db gorp.SqlExecutor, id int64) (*sdk.ProjectIntegration, error) {
 	query := gorpmapping.NewQuery("SELECT * from project_integration WHERE id = $1").Args(id)
 	pp, err := loadWithClearPassword(db, query)
 	return &pp, err
@@ -174,9 +174,9 @@ func UpdateIntegration(db gorp.SqlExecutor, pp sdk.ProjectIntegration) error {
 	for k, cfg := range givenConfig {
 		if cfg.Type == sdk.IntegrationConfigTypePassword && cfg.Value == sdk.PasswordPlaceholder {
 			if oldConfig == nil {
-				// reload the previous config to encuse we don't store placeholder
+				// reload the previous config to ensure we don't store placeholder
 				var err error
-				oldConfig, err = LoadProjectIntegrationByID(db, pp.ID, true)
+				oldConfig, err = LoadProjectIntegrationByIDWithClearPassword(db, pp.ID)
 				if err != nil {
 					return err
 				}

diff --git a/engine/api/migrate/refactor_integration_cryto.go b/engine/api/migrate/refactor_integration_cryto.go
@@ -198,13 +198,23 @@ func refactorProjectIntegrationCrypto(ctx context.Context, db *gorp.DbMap, id in
 		return sdk.WrapError(err, "unable to encrypt config PublicConfigurations")
 	}
 	projectIntegration.Config = newCfg
+
+	// If the existing configuration contains password placeholder as encryptted value,
+	// let's overdire id because it will fail
+	for k, v := range projectIntegration.Config {
+		if v.Type == sdk.IntegrationConfigTypePassword && v.Value == sdk.PasswordPlaceholder {
+			log.Warning(ctx, "refactorProjectIntegrationCrypto > overriding wrong passwork: project: %d, integration: %s, value: %s", projectIntegration.ProjectID, projectIntegration.Name, k)
+			v.Value = k
+		}
+		projectIntegration.Config[k] = v
+	}
 	oldCfg := projectIntegration.Config.Clone()
 
 	if err := integration.UpdateIntegration(tx, projectIntegration); err != nil {
 		return sdk.WithStack(err)
 	}
 
-	newProjectIntegration, err := integration.LoadProjectIntegrationByID(tx, id, true)
+	newProjectIntegration, err := integration.LoadProjectIntegrationByIDWithClearPassword(tx, id)
 	if err != nil {
 		return err
 	}

diff --git a/engine/api/purge/purge.go b/engine/api/purge/purge.go
@@ -196,7 +196,7 @@ func DeleteArtifacts(ctx context.Context, db gorp.SqlExecutor, store cache.Store
 			for _, art := range wnr.Artifacts {
 				var integrationName string
 				if art.ProjectIntegrationID != nil && *art.ProjectIntegrationID > 0 {
-					projectIntegration, err := integration.LoadProjectIntegrationByID(db, *art.ProjectIntegrationID, false)
+					projectIntegration, err := integration.LoadProjectIntegrationByID(db, *art.ProjectIntegrationID)
 					if err != nil {
 						log.Error(ctx, "Cannot load LoadProjectIntegrationByID %s/%d", proj.Key, *art.ProjectIntegrationID)
 						continue

diff --git a/engine/api/workflow/execute_node_job_run.go b/engine/api/workflow/execute_node_job_run.go
@@ -476,7 +476,7 @@ func LoadSecrets(db gorp.SqlExecutor, store cache.Store, nodeRun *sdk.WorkflowNo
 		secrets = append(secrets, ev...)
 
 		if pp != nil {
-			projectIntegration, err := integration.LoadProjectIntegrationByID(db, pp.ID, true)
+			projectIntegration, err := integration.LoadProjectIntegrationByIDWithClearPassword(db, pp.ID)
 			if err != nil {
 				return nil, sdk.WrapError(err, "LoadSecrets> Cannot load integration %d", pp.ID)
 			}

diff --git a/engine/api/workflow_run.go b/engine/api/workflow_run.go
@@ -1131,7 +1131,7 @@ func (api *API) getDownloadArtifactHandler() service.Handler {
 
 		var integrationName string
 		if art.ProjectIntegrationID != nil && *art.ProjectIntegrationID > 0 {
-			projectIntegration, err := integration.LoadProjectIntegrationByID(api.mustDB(), *art.ProjectIntegrationID, false)
+			projectIntegration, err := integration.LoadProjectIntegrationByID(api.mustDB(), *art.ProjectIntegrationID)
 			if err != nil {
 				return sdk.WrapError(err, "cannot load project integration %s/%d", proj.Key, *art.ProjectIntegrationID)
 			}
@@ -1199,7 +1199,7 @@ func (api *API) getWorkflowRunArtifactsHandler() service.Handler {
 
 					var integrationName string
 					if art.ProjectIntegrationID != nil && *art.ProjectIntegrationID > 0 {
-						projectIntegration, err := integration.LoadProjectIntegrationByID(api.mustDB(), *art.ProjectIntegrationID, false)
+						projectIntegration, err := integration.LoadProjectIntegrationByID(api.mustDB(), *art.ProjectIntegrationID)
 						if err != nil {
 							log.Error(ctx, "Cannot load LoadProjectIntegrationByID %s/%d: err: %v", key, *art.ProjectIntegrationID, err)
 							return