Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed a problem not to decrypt user scope data store value in Jinja expression #4634

Merged
merged 11 commits into from
Apr 16, 2019
Merged

Fixed a problem not to decrypt user scope data store value in Jinja expression #4634

merged 11 commits into from
Apr 16, 2019

Conversation

userlocalhost
Copy link
Member

Summary

This fixes #4633.

Changing Point

This changes the implementation of custom Jinja filter decrypt_kv to be able to handle user scope value.

@CLAassistant
Copy link

CLAassistant commented Apr 12, 2019
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Kami Kami added this to the 3.0.0 milestone Apr 12, 2019
@Kami Kami added the bug label Apr 12, 2019
Kami
Kami reviewed Apr 12, 2019
View reviewed changes
st2common/tests/unit/test_jinja_render_crypto_filters.py
actual = self.env.from_string(template).render(context)
self.assertEqual(actual, self.secret)

def test_filter_decrypt_kv_with_user_scope_value(self):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would also be a good idea to add "end to end" test which verifies that it works for the following scenarios:

  1. API user is provided (if action is scheduled via API, API user should be used)
  2. User is not provided - it should default to stanley (if execution is scheduled outside of the API context, no user context is available so stanley is used by default)

@Kami
Copy link
Member

Kami commented Apr 15, 2019

After some more digging in - it looks like this an "addition" to this change - #4463 and we already have some tests for value of the user in the context there.

I will go ahead and merge this as is, but going forward it also wouldn't hurt to add some additional end to end tests for this functionality.

@Kami Kami self-assigned this Apr 15, 2019
@Kami
Update "decrypt_kv" Jinja template function to throw a more
46431a1 
user-friendly error is user tries to use this function on datastore item
which doesn't exist.
@Kami
Copy link
Member

Kami commented Apr 15, 2019

While testing and reviewing this, I noticed there are more issues with this functionality.

  1. User scoped datastore items are not supped in action-chain workflows.

I've fixed that in 42fe11b. I also updated an action which verifies this functionality - 8e57029.

  1. Non-friendly error is throw if decrypt_kv Jinja function is used on non-existing datastore item

Previously Invalid or malformed ciphertext (too short) error was throw in such scenario which is rather confusing and not user-friendly.

Now in such scenario we throw Referenced Datastore item "st2kv.system.my_cmd" doesn't exist error.

I'm still working on test cases.

@Kami
Copy link
Member

Kami commented Apr 15, 2019

I've pushed a small refactor and tests for additional fixes I made - ba3c6a5.

@userlocalhost
Copy link
Member Author

userlocalhost commented Apr 15, 2019
edited
Loading

I will go ahead and merge this as is, but going forward it also wouldn't hurt to add some additional end to end tests for this functionality.

Thank you very much for your great help!

And sorry for late to reply. It took time to seek the place where is appropriate to extend for doing 'end to end' tests. At last, I reached the test of st2api/tests/unit/controllers/v1/test_executions.py which might be suitable to confirm this change from end to end.

Could you please give me a couple of days to write it?

@Kami
Copy link
Member

Kami commented Apr 15, 2019

@userlocalhost

Thank you for the original contribution.

And yes, that's the right place for that test. I will probably go ahead and merge this and you feel free to open a new PR for that tests so take your time - no rush.

@Kami Kami merged commit 2f5fa9b into StackStorm:master Apr 16, 2019
@userlocalhost userlocalhost deleted the bugfix/st2kv_jinja branch April 16, 2019 05:40
@userlocalhost userlocalhost mentioned this pull request Apr 18, 2019
Merged
@userlocalhost userlocalhost mentioned this pull request Sep 15, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kami Kami Kami approved these changes

Assignees

@Kami Kami

Labels
bug enhancement
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.

It's fail to decrypt user scope data store value in Jinja expression
3 participants
@userlocalhost @CLAassistant @Kami