IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: encrypt/decrypt SAML secrets in SSO settings service (#85253)

Browse Source 
encrypt/decrypt saml secrets in sso settings service
This commit is contained in:
Mihai Doarna 2024-04-18 15:16:59 +03:00 committed by GitHub
parent bdd288d058
commit 57848bbe23
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/ssosettings/ssosettingsimpl/service.go
View File

@ -501,7 +501,7 @@ func overrideMaps(maps ...map[string]any) map[string]any {
} }
func isSecret(fieldName string) bool { func isSecret(fieldName string) bool {
secretFieldPatterns := []string{"secret"} secretFieldPatterns := []string{"secret", "private", "certificate"}
for _, v := range secretFieldPatterns { for _, v := range secretFieldPatterns {
if strings.Contains(strings.ToLower(fieldName), strings.ToLower(v)) { if strings.Contains(strings.ToLower(fieldName), strings.ToLower(v)) {

8
pkg/services/ssosettings/ssosettingsimpl/service_test.go
View File

@ -1309,16 +1309,22 @@ func TestService_decryptSecrets(t *testing.T) {
setup: func(env testEnv) { setup: func(env testEnv) {
env.secrets.On("Decrypt", mock.Anything, []byte("client_secret"), mock.Anything).Return([]byte("decrypted-client-secret"), nil).Once() env.secrets.On("Decrypt", mock.Anything, []byte("client_secret"), mock.Anything).Return([]byte("decrypted-client-secret"), nil).Once()
env.secrets.On("Decrypt", mock.Anything, []byte("other_secret"), mock.Anything).Return([]byte("decrypted-other-secret"), nil).Once() env.secrets.On("Decrypt", mock.Anything, []byte("other_secret"), mock.Anything).Return([]byte("decrypted-other-secret"), nil).Once()
env.secrets.On("Decrypt", mock.Anything, []byte("private_key"), mock.Anything).Return([]byte("decrypted-private-key"), nil).Once()
env.secrets.On("Decrypt", mock.Anything, []byte("certificate"), mock.Anything).Return([]byte("decrypted-certificate"), nil).Once()
}, },
settings: map[string]any{ settings: map[string]any{
"enabled": true, "enabled": true,
"client_secret": base64.RawStdEncoding.EncodeToString([]byte("client_secret")), "client_secret": base64.RawStdEncoding.EncodeToString([]byte("client_secret")),
"other_secret": base64.RawStdEncoding.EncodeToString([]byte("other_secret")), "other_secret": base64.RawStdEncoding.EncodeToString([]byte("other_secret")),
"private_key": base64.RawStdEncoding.EncodeToString([]byte("private_key")),
"certificate": base64.RawStdEncoding.EncodeToString([]byte("certificate")),
}, },
want: map[string]any{ want: map[string]any{
"enabled": true, "enabled": true,
"client_secret": "decrypted-client-secret", "client_secret": "decrypted-client-secret",
"other_secret": "decrypted-other-secret", "other_secret": "decrypted-other-secret",
"private_key": "decrypted-private-key",
"certificate": "decrypted-certificate",
}, },
}, },
{ {
@ -1356,7 +1362,7 @@ func TestService_decryptSecrets(t *testing.T) {
wantErr: true, wantErr: true,
}, },
{ {
name: "should return an error decryption fails", name: "should return an error if decryption fails",
setup: func(env testEnv) { setup: func(env testEnv) {
env.secrets.On("Decrypt", mock.Anything, []byte("client_secret"), mock.Anything).Return(nil, errors.New("decryption failed")).Once() env.secrets.On("Decrypt", mock.Anything, []byte("client_secret"), mock.Anything).Return(nil, errors.New("decryption failed")).Once()
}, },