fix inconsistent base64 encoding/decoding secrets
This commit is contained in:
parent
07642dd8e1
commit
56fd3042ba
3 changed files with 16 additions and 1 deletions
|
@ -7,8 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
## Unreleased
|
||||
### Added
|
||||
|
||||
- support for legacy tokens to ease upgrade path, by [@bradrydzewski](https://github.com/bradrydzewski). [#2713](https://github.com/drone/drone/issues/2713).
|
||||
|
||||
### Fixed
|
||||
|
||||
- fix inconsistent base64 encoding and decoding of encrypted secrets, by [@bradrydzewski](https://github.com/bradrydzewski).
|
||||
|
||||
## [1.2.0] - 2019-05-30
|
||||
### Added
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ func Handler(repos core.RepositoryStore) http.HandlerFunc {
|
|||
// the encrypted secret is embedded in the yaml
|
||||
// configuration file and is json-encoded for
|
||||
// inclusion as a !binary attribute.
|
||||
encoded := base64.URLEncoding.EncodeToString(encrypted)
|
||||
encoded := base64.StdEncoding.EncodeToString(encrypted)
|
||||
|
||||
render.JSON(w, &respEncrypted{Data: encoded}, 200)
|
||||
}
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
|
||||
"github.com/drone/drone-yaml/yaml"
|
||||
"github.com/drone/drone/core"
|
||||
"github.com/drone/drone/logger"
|
||||
|
||||
"github.com/drone/drone-go/drone"
|
||||
"github.com/drone/drone-go/plugin/secret"
|
||||
|
@ -37,12 +38,17 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
logger := logger.FromContext(ctx).
|
||||
WithField("name", in.Name).
|
||||
WithField("kind", "secret")
|
||||
|
||||
// lookup the named secret in the manifest. If the
|
||||
// secret does not exist, return a nil variable,
|
||||
// allowing the next secret controller in the chain
|
||||
// to be invoked.
|
||||
path, name, ok := getExternal(in.Conf, in.Name)
|
||||
if !ok {
|
||||
logger.Trace("secret: external: no matching secret")
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
@ -62,6 +68,7 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co
|
|||
client := secret.Client(c.endpoint, c.secret, c.skipVerify)
|
||||
res, err := client.Find(ctx, req)
|
||||
if err != nil {
|
||||
logger.Trace("secret: external: cannot get secret")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -69,6 +76,7 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co
|
|||
// this indicates the client returned No Content,
|
||||
// and we should exit with no secret, but no error.
|
||||
if res.Data == "" {
|
||||
logger.Trace("secret: external: secret disabled for pull requests")
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
@ -77,9 +85,12 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co
|
|||
// empty results.
|
||||
if (res.Pull == false && res.PullRequest == false) &&
|
||||
in.Build.Event == core.EventPullRequest {
|
||||
logger.Trace("secret: external: restricted from forks")
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
logger.Trace("secret: external: found matching secret")
|
||||
|
||||
return &core.Secret{
|
||||
Name: in.Name,
|
||||
Data: res.Data,
|
||||
|
|
Loading…
Reference in a new issue