DevFW-CICD/garm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Make sure to decode token

Browse source 
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This commit is contained in:
Gabriel Adrian Samfira 2022-12-06 15:15:46 +00:00
parent dfc3c1ff5c
commit 0b50397b47
5 changed files with 72 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

7
database/sql/enterprise.go
View file

@ -250,6 +250,13 @@ func (s *sqlDatabase) ListEnterpriseInstances(ctx context.Context, enterpriseID
ret := []params.Instance{}
for _, pool := range pools {
for _, instance := range pool.Instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret = append(ret, s.sqlToParamsInstance(instance))
}
}

36
database/sql/instances.go
View file

@ -55,6 +55,13 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p
return params.Instance{}, errors.Wrap(q.Error, "creating instance")
}
if newInstance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(newInstance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
newInstance.GithubRegistrationToken = []byte(decodedTk)
}
return s.sqlToParamsInstance(newInstance), nil
}
@ -131,7 +138,13 @@ func (s *sqlDatabase) GetPoolInstanceByName(ctx context.Context, poolID string,
}
instance.GithubRegistrationToken = []byte(token)
}
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
return s.sqlToParamsInstance(instance), nil
}
@ -233,6 +246,13 @@ func (s *sqlDatabase) UpdateInstance(ctx context.Context, instanceID string, par
return params.Instance{}, errors.Wrap(err, "updating addresses")
}
}
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
return s.sqlToParamsInstance(instance), nil
}
@ -244,6 +264,13 @@ func (s *sqlDatabase) ListPoolInstances(ctx context.Context, poolID string) ([]p
ret := make([]params.Instance, len(pool.Instances))
for idx, inst := range pool.Instances {
if inst.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(inst.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
inst.GithubRegistrationToken = []byte(decodedTk)
}
ret[idx] = s.sqlToParamsInstance(inst)
}
return ret, nil
@ -258,6 +285,13 @@ func (s *sqlDatabase) ListAllInstances(ctx context.Context) ([]params.Instance,
}
ret := make([]params.Instance, len(instances))
for idx, instance := range instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret[idx] = s.sqlToParamsInstance(instance)
}
return ret, nil

7
database/sql/organizations.go
View file

@ -255,6 +255,13 @@ func (s *sqlDatabase) ListOrgInstances(ctx context.Context, orgID string) ([]par
ret := []params.Instance{}
for _, pool := range pools {
for _, instance := range pool.Instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret = append(ret, s.sqlToParamsInstance(instance))
}
}

7
database/sql/repositories.go
View file

@ -264,6 +264,13 @@ func (s *sqlDatabase) ListRepoInstances(ctx context.Context, repoID string) ([]p
ret := []params.Instance{}
for _, pool := range pools {
for _, instance := range pool.Instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret = append(ret, s.sqlToParamsInstance(instance))
}
}

29
runner/pool/pool.go
View file

@ -548,19 +548,22 @@ func (r *basePoolManager) addInstanceToProvider(instance params.Instance) error
}
bootstrapArgs := params.BootstrapInstance{
Name: instance.Name,
Tools: r.tools,
RepoURL: r.helper.GithubURL(),
GithubRunnerAccessToken: string(instance.GithubRegistrationToken),
MetadataURL: instance.MetadataURL,
CallbackURL: instance.CallbackURL,
InstanceToken: jwtToken,
OSArch: pool.OSArch,
Flavor: pool.Flavor,
Image: pool.Image,
Labels: labels,
PoolID: instance.PoolID,
CACertBundle: r.credsDetails.CABundle,
Name: instance.Name,
Tools: r.tools,
RepoURL: r.helper.GithubURL(),
MetadataURL: instance.MetadataURL,
CallbackURL: instance.CallbackURL,
InstanceToken: jwtToken,
OSArch: pool.OSArch,
Flavor: pool.Flavor,
Image: pool.Image,
Labels: labels,
PoolID: instance.PoolID,
CACertBundle: r.credsDetails.CABundle,
}
if instance.MetadataURL == "" {
bootstrapArgs.GithubRunnerAccessToken = string(instance.GithubRegistrationToken)
}
var instanceIDToDelete string