public void encryptSecureProperties(CruiseConfig preprocessedConfig, PipelineTemplateConfig pipelineTemplateConfig) { List<PluggableArtifactConfig> artifactConfigs = artifactConfigs().getPluggableArtifactConfigs(); artifactConfigs.forEach(artifactConfig -> { artifactConfig.encryptSecureProperties(preprocessedConfig, artifactConfig); }); tasks.forEach(task -> { if (task instanceof FetchPluggableArtifactTask) { FetchPluggableArtifactTask fetchPluggableArtifactTask = (FetchPluggableArtifactTask) task; fetchPluggableArtifactTask.encryptSecureProperties(preprocessedConfig, pipelineTemplateConfig); } }); }
public void encryptSecureProperties(CruiseConfig preprocessedConfig, PipelineConfig preprocessedPipelineConfig, JobConfig preprocessedJobConfig) { List<PluggableArtifactConfig> artifactConfigs = artifactConfigs().getPluggableArtifactConfigs(); List<PluggableArtifactConfig> preprocessedArtifactConfigs = preprocessedJobConfig.artifactConfigs().getPluggableArtifactConfigs(); artifactConfigs.forEach(artifactConfig -> { artifactConfig.encryptSecureProperties(preprocessedConfig, preprocessedArtifactConfigs.get(artifactConfigs.indexOf(artifactConfig))); }); tasks.forEach(task -> { if (task instanceof FetchPluggableArtifactTask) { ((FetchPluggableArtifactTask) task).encryptSecureProperties(preprocessedConfig, preprocessedPipelineConfig, (FetchPluggableArtifactTask) preprocessedJobConfig.getTasks().get(tasks.indexOf(task))); } }); }
@Test public void shouldHandleEncryptionOfConfigProperties() throws CryptoException { GoCipher goCipher = new GoCipher(); ArrayList<PluginConfiguration> pluginConfigurations = new ArrayList<>(); pluginConfigurations.add(new PluginConfiguration("key1", new Metadata(true, true))); pluginConfigurations.add(new PluginConfiguration("key2", new Metadata(true, false))); when(artifactPluginInfo.getArtifactConfigSettings()).thenReturn(new PluggableInstanceSettings(pluginConfigurations)); ConfigurationProperty secureProperty = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty nonSecureProperty = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); PluggableArtifactConfig pluggableArtifactConfig = new PluggableArtifactConfig("id", "store-id", secureProperty, nonSecureProperty); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.getArtifactStores().add(new ArtifactStore("store-id", "cd.go.s3")); pluggableArtifactConfig.encryptSecureProperties(cruiseConfig, pluggableArtifactConfig); assertThat(secureProperty.isSecure(), is(true)); assertThat(secureProperty.getEncryptedConfigurationValue(), is(notNullValue())); assertThat(secureProperty.getEncryptedValue(), is(goCipher.encrypt("value1"))); assertThat(nonSecureProperty.isSecure(), is(false)); assertThat(nonSecureProperty.getValue(), is("value2")); }
@Test public void shouldHandleEncryptionOfConfigPropertiesIfStoreIdIsAValidParam() throws Exception { GoCipher goCipher = new GoCipher(); ArrayList<PluginConfiguration> pluginConfigurations = new ArrayList<>(); pluginConfigurations.add(new PluginConfiguration("key1", new Metadata(true, true))); pluginConfigurations.add(new PluginConfiguration("key2", new Metadata(true, false))); when(artifactPluginInfo.getArtifactConfigSettings()).thenReturn(new PluggableInstanceSettings(pluginConfigurations)); ConfigurationProperty secureProperty = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty nonSecureProperty = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); PluggableArtifactConfig pluggableArtifactConfig = new PluggableArtifactConfig("id", "#{storeId}", secureProperty, nonSecureProperty); PluggableArtifactConfig preprocessedPluggableArtifactConfig = new PluggableArtifactConfig("id", "store-id", secureProperty, nonSecureProperty); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.getArtifactStores().add(new ArtifactStore("store-id", "cd.go.s3")); pluggableArtifactConfig.encryptSecureProperties(cruiseConfig, preprocessedPluggableArtifactConfig); assertThat(secureProperty.isSecure(), is(true)); assertThat(secureProperty.getEncryptedConfigurationValue(), is(notNullValue())); assertThat(secureProperty.getEncryptedValue(), is(goCipher.encrypt("value1"))); assertThat(nonSecureProperty.isSecure(), is(false)); assertThat(nonSecureProperty.getValue(), is("value2")); }
@Test public void shouldIgnoreEncryptionOfSecurePropertyForNonExistentParam() { GoCipher goCipher = new GoCipher(); ArrayList<PluginConfiguration> pluginConfigurations = new ArrayList<>(); pluginConfigurations.add(new PluginConfiguration("key1", new Metadata(true, true))); pluginConfigurations.add(new PluginConfiguration("key2", new Metadata(true, false))); when(artifactPluginInfo.getArtifactConfigSettings()).thenReturn(new PluggableInstanceSettings(pluginConfigurations)); ConfigurationProperty secureProperty = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty nonSecureProperty = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); PluggableArtifactConfig pluggableArtifactConfig1 = new PluggableArtifactConfig("id", "#{non-existent-param}", secureProperty, nonSecureProperty); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.getArtifactStores().add(new ArtifactStore("store-id", "cd.go.s3")); pluggableArtifactConfig1.encryptSecureProperties(cruiseConfig, pluggableArtifactConfig1); assertThat(secureProperty.isSecure(), is(false)); assertThat(secureProperty.getValue(), is("value1")); assertThat(nonSecureProperty.isSecure(), is(false)); assertThat(nonSecureProperty.getValue(), is("value2")); }
@Test public void shouldIgnoreEncryptionOfSecurePropertyIfStoreIdIsNull() { GoCipher goCipher = new GoCipher(); ArrayList<PluginConfiguration> pluginConfigurations = new ArrayList<>(); pluginConfigurations.add(new PluginConfiguration("key1", new Metadata(true, true))); pluginConfigurations.add(new PluginConfiguration("key2", new Metadata(true, false))); when(artifactPluginInfo.getArtifactConfigSettings()).thenReturn(new PluggableInstanceSettings(pluginConfigurations)); ConfigurationProperty secureProperty = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty nonSecureProperty = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); PluggableArtifactConfig pluggableArtifactConfig = new PluggableArtifactConfig("id", null, secureProperty, nonSecureProperty); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.getArtifactStores().add(new ArtifactStore("store-id", "cd.go.s3")); pluggableArtifactConfig.encryptSecureProperties(cruiseConfig, pluggableArtifactConfig); assertThat(secureProperty.isSecure(), is(false)); assertThat(secureProperty.getValue(), is("value1")); assertThat(nonSecureProperty.isSecure(), is(false)); assertThat(nonSecureProperty.getValue(), is("value2")); }
@Test public void shouldIgnoreEncryptionOfSecurePropertyForInvalidParamSpecification() { GoCipher goCipher = new GoCipher(); ArrayList<PluginConfiguration> pluginConfigurations = new ArrayList<>(); pluginConfigurations.add(new PluginConfiguration("key1", new Metadata(true, true))); pluginConfigurations.add(new PluginConfiguration("key2", new Metadata(true, false))); when(artifactPluginInfo.getArtifactConfigSettings()).thenReturn(new PluggableInstanceSettings(pluginConfigurations)); ConfigurationProperty secureProperty = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty nonSecureProperty = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); PluggableArtifactConfig pluggableArtifactConfig = new PluggableArtifactConfig("id", "#{#{invalid}}", secureProperty, nonSecureProperty); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.getArtifactStores().add(new ArtifactStore("store-id", "cd.go.s3")); pluggableArtifactConfig.encryptSecureProperties(cruiseConfig, pluggableArtifactConfig); assertThat(secureProperty.isSecure(), is(false)); assertThat(secureProperty.getValue(), is("value1")); assertThat(nonSecureProperty.isSecure(), is(false)); assertThat(nonSecureProperty.getValue(), is("value2")); }
@Test public void shouldIgnoreEncryptionOfSecurePropertyIfParamsIsUndefined() { GoCipher goCipher = new GoCipher(); ArrayList<PluginConfiguration> pluginConfigurations = new ArrayList<>(); pluginConfigurations.add(new PluginConfiguration("key1", new Metadata(true, true))); pluginConfigurations.add(new PluginConfiguration("key2", new Metadata(true, false))); when(artifactPluginInfo.getArtifactConfigSettings()).thenReturn(new PluggableInstanceSettings(pluginConfigurations)); ConfigurationProperty secureProperty1 = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty secureProperty2 = new ConfigurationProperty(new ConfigurationKey("key1"), new ConfigurationValue("value1"), null, goCipher); ConfigurationProperty nonSecureProperty1 = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); ConfigurationProperty nonSecureProperty2 = new ConfigurationProperty(new ConfigurationKey("key2"), new ConfigurationValue("value2"), null, goCipher); PluggableArtifactConfig pluggableArtifactConfig1 = new PluggableArtifactConfig("id", "#{storeId}", secureProperty1, nonSecureProperty1); PluggableArtifactConfig pluggableArtifactConfig2 = new PluggableArtifactConfig("id", "#{storeId}", secureProperty2, nonSecureProperty2); BasicCruiseConfig cruiseConfig = GoConfigMother.defaultCruiseConfig(); cruiseConfig.getArtifactStores().add(new ArtifactStore("store-id", "cd.go.s3")); pluggableArtifactConfig1.encryptSecureProperties(cruiseConfig, pluggableArtifactConfig1); pluggableArtifactConfig2.encryptSecureProperties(cruiseConfig, pluggableArtifactConfig2); assertThat(secureProperty1.isSecure(), is(false)); assertThat(secureProperty1.getValue(), is("value1")); assertThat(nonSecureProperty1.isSecure(), is(false)); assertThat(nonSecureProperty1.getValue(), is("value2")); assertThat(secureProperty2.isSecure(), is(false)); assertThat(secureProperty2.getValue(), is("value1")); assertThat(nonSecureProperty2.isSecure(), is(false)); assertThat(nonSecureProperty2.getValue(), is("value2")); }