HPCC-30767 Move created date for secrets out of the IPropertyTree

common/remote/hooks/git/gitfile.cpp

@@ -244,7 +244,7 @@ class GitRepositoryFileIO : implements CSimpleInterfaceOf<IFileIO>
             addPathSepChar(scriptPath).append("bin/hpccaskpass.sh");
             env.emplace_back("GIT_ASKPASS", scriptPath);
 
-            Owned<IPropertyTree> secret = getSecret("git", gitUser);
+            Owned<const IPropertyTree> secret = getSecret("git", gitUser);
             if (secret)
             {
                 MemoryBuffer gitKey;

common/thorhelper/thorsoapcall.cpp

@@ -878,7 +878,7 @@ class CWSCHelperThread : public Thread
 
 bool loadConnectSecret(const char *vaultId, const char *secretName, UrlArray &urlArray, StringBuffer &issuer, StringBuffer &proxyAddress, bool required, WSCType wscType)
 {
-    Owned<IPropertyTree> secret;
+    Owned<const IPropertyTree> secret;
     if (!isEmptyString(secretName))
         secret.setown(getSecret("ecl", secretName, vaultId, nullptr));
     if (!secret)

ecl/hql/hqlrepository.cpp

@@ -959,7 +959,7 @@ unsigned EclRepositoryManager::runGitCommand(StringBuffer * output, const char *
             }
             else
             {
-                Owned<IPropertyTree> secret = getSecret("git", options.gitUser.str());
+                Owned<const IPropertyTree> secret = getSecret("git", options.gitUser.str());
                 if (secret)
                 {
                     MemoryBuffer gitKey;

esp/clients/ws_dfsclient/ws_dfsclient.cpp

@@ -599,7 +599,7 @@ IClientWsDfs *getDfsClient(const char *serviceUrl, IUserDescriptor *userDesc)
 
 static void configureClientSSL(IEspClientRpcSettings &rpc, const char *secretName)
 {
-    Owned<IPropertyTree> secretPTree = getSecret("storage", secretName);
+    Owned<const IPropertyTree> secretPTree = getSecret("storage", secretName);
     if (!secretPTree)
         throw makeStringExceptionV(-1, "secret %s.%s not found", "storage", secretName);
 

esp/esdlscriptlib/esdl_script.cpp

@@ -911,7 +911,7 @@ class CEsdlTransformOperationMySqlCall : public CEsdlTransformOperationBase
             recordException(ESDL_SCRIPT_MissingOperationAttr, msg.append(name));
         }
     }
-    IPropertyTree *getSecretInfo(IXpathContext * sourceContext)
+    const IPropertyTree *getSecretInfo(IXpathContext * sourceContext)
     {
         //leaving flexibility for the secret to be configured multiple ways
         //  the most secure option in my opinion is to at least have the server, name, and password all in the secret
@@ -943,7 +943,7 @@ class CEsdlTransformOperationMySqlCall : public CEsdlTransformOperationBase
         options.append(name).append('=').append(value);
 
     }
-    void appendOption(StringBuffer &options, const char *name, IXpathContext * sourceContext, ICompiledXpath *cx, IPropertyTree *secret, bool required)
+    void appendOption(StringBuffer &options, const char *name, IXpathContext * sourceContext, ICompiledXpath *cx, const IPropertyTree *secret, bool required)
     {
         if (secret && secret->hasProp(name))
         {
@@ -971,7 +971,7 @@ class CEsdlTransformOperationMySqlCall : public CEsdlTransformOperationBase
     }
     IEmbedFunctionContext *createFunctionContext(IXpathContext * sourceContext)
     {
-        Owned<IPropertyTree> secret = getSecretInfo(sourceContext);
+        Owned<const IPropertyTree> secret = getSecretInfo(sourceContext);
         StringBuffer options;
         appendOption(options, "server", sourceContext, m_server, secret, true);
         appendOption(options, "user", sourceContext, m_user, secret, true);

rtl/eclrtl/eclrtl.cpp

@@ -6279,7 +6279,7 @@ void rtlBase64Decode(size32_t & tlen, void * & tgt, size32_t slen, const char *
 
 void rtlGetEclUserSecret(size32_t & outlen, void * & out, const char *name, const char *key)
 {
-    Owned<IPropertyTree> secret = getSecret("eclUser", name);
+    Owned<const IPropertyTree> secret = getSecret("eclUser", name);
     if (secret)
     {
         MemoryBuffer data;

system/codesigner/gpgcodesigner.cpp

@@ -138,7 +138,7 @@ void GpgCodeSigner::importKeysFromSecret(const char * cat, const char *keytype)
     for (int keyentry = 1; ; keyentry++)
     {
         VStringBuffer keysecretname("gpg-%s-key-%d", keytype, keyentry);
-        Owned<IPropertyTree> secretKey = getSecret(cat, keysecretname.str());
+        Owned<const IPropertyTree> secretKey = getSecret(cat, keysecretname.str());
         if (secretKey)
         {
             StringBuffer gpgKey;

system/jlib/jptree.hpp

@@ -438,11 +438,14 @@ extern jlib_decl unsigned getPropertyTreeHash(const IPropertyTree & source, unsi
 //to not be modified and to remain valid and consistent until it is released.
 interface ISyncedPropertyTree : extends IInterface
 {
+//The following functions check whether something is up to date before returning their values.
+    //Return a version-hash which changes whenever the property tree changes - so that a caller can determine whether it needs to update
+    virtual unsigned getVersion() const = 0;
     virtual const IPropertyTree * getTree() const = 0;
     virtual bool getProp(MemoryBuffer & result, const char * xpath) const = 0;
     virtual bool getProp(StringBuffer & result, const char * xpath) const = 0;
-    //Return a version-hash which changes whenever the property tree changes - so that a caller can determine whether it needs to update
-    virtual unsigned getVersion() const = 0;
+
+// The following functions return the current cached state - they do not force a check to see if the value is up to date
     virtual bool isStale() const = 0; // An indication that the property tree may be out of date because it couldn't be resynchronized.
     virtual bool isValid() const = 0; // Is the property tree non-null?  Typically called at startup to check configuration is provided.
 };