Skip to content

Commit

Permalink
Merge pull request #68 from SEKOIA-IO/fix/trigger_secrets
Browse files Browse the repository at this point in the history
Fix secrets handling for triggers/connectors
  • Loading branch information
Darkheir authored Jul 13, 2023
2 parents e23bdcd + 78f9633 commit f290e93
Show file tree
Hide file tree
Showing 8 changed files with 55 additions and 29 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [1.3.8] - 2023-07-13

### Fixed

- Fix secrets handling for triggers/connectors

## [1.3.7] - 2023-07-12

### Changed
Expand Down
36 changes: 18 additions & 18 deletions poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api"
[tool.poetry]
name = "sekoia-automation-sdk"

version = "1.3.7"
version = "1.3.8"
description = "SDK to create SEKOIA.IO playbook modules"
license = "MIT"
readme = "README.md"
Expand Down
6 changes: 1 addition & 5 deletions sekoia_automation/action.py
Original file line number Diff line number Diff line change
Expand Up @@ -208,11 +208,7 @@ def set_task_as_running(self):
for k, v in response.json()["module_configuration"]["value"].items()
if k in self.module.manifest_secrets()
}
if isinstance(self.module.configuration, dict):
self.module.configuration |= secrets
else:
for key, value in secrets.items():
setattr(self.module.configuration, key, value)
self.module.set_secrets(secrets)
else:
self._send_request(data, verb="PATCH")

Expand Down
10 changes: 10 additions & 0 deletions sekoia_automation/module.py
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,16 @@ def secrets(self) -> dict[str, Any]:
secrets[secret_key] = config_dict[secret_key]
return secrets

def set_secrets(self, secrets):
"""
Add the secret to the configurqtion
"""
if isinstance(self.configuration, dict):
self.configuration |= secrets
else:
for key, value in secrets.items():
setattr(self.configuration, key, value)

@property
def community_uuid(self) -> str | None:
if self._community_uuid is None:
Expand Down
1 change: 1 addition & 0 deletions sekoia_automation/trigger.py
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ def execute(self) -> None:
self._ensure_data_path_set()
# Always restart the trigger, except if the error seems to be unrecoverable
self._secrets = self._get_secrets_from_server()
self.module.set_secrets(self._secrets)
while not self._stop_event.is_set():
try:
self._execute_once()
Expand Down
2 changes: 1 addition & 1 deletion tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def storage():
FAKE_URL = "http://sekoia-playbooks/endpoint"
DEFAULT_ARGUMENTS = {"key1": "value1"}
MANIFEST_WITH_SECRETS = {"configuration": {"secrets": ["a value"]}}
TRIGGER_SECRETS = {"foo": "bar"}
TRIGGER_SECRETS = {"api_key": "bar", "password": "baz"}


@pytest.fixture
Expand Down
21 changes: 17 additions & 4 deletions tests/test_trigger.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from sekoia_automation.module import Module
from sekoia_automation.trigger import Trigger
from tests.conftest import TRIGGER_SECRETS
from tests.data.sample_module.sample import SampleModule


class DummyTrigger(Trigger):
Expand Down Expand Up @@ -295,7 +296,9 @@ def run(self):
raise TriggerConfigurationError

trigger = TestTrigger()
with pytest.raises(SystemExit):
with pytest.raises(SystemExit), patch.object(
Module, "load_config", return_value={}
):
trigger.execute()

# configuration errors are directly considered to be critical
Expand All @@ -319,7 +322,9 @@ def run(self):

trigger = TestTrigger()
trigger._error_count = 4
with pytest.raises(SystemExit):
with pytest.raises(SystemExit), patch.object(
Module, "load_config", return_value={}
):
trigger.execute()

# 5th error triggers a critical log
Expand Down Expand Up @@ -352,10 +357,18 @@ def test_trigger_log_critical_only_once(mocked_trigger_logs):
)
@patch.object(Trigger, "token", return_value="secure_token")
def test_get_secrets(_, __, ___):
trigger = ErrorTrigger()
trigger = ErrorTrigger(SampleModule())
trigger.ex = SystemExit

with requests_mock.Mocker() as rmock:
with requests_mock.Mocker() as rmock, patch.object(
Module,
"load_config",
return_value={
"module_field": "foo",
"api_key": "encrypted",
"password": "secret",
},
):
rmock.get("http://sekoia-playbooks/secrets", json={"value": TRIGGER_SECRETS})

with pytest.raises(SystemExit):
Expand Down

0 comments on commit f290e93

Please sign in to comment.