Semaphore/db/sql/access_key.go

package sql

import (
	"database/sql"
	"errors"
	"github.com/ansible-semaphore/semaphore/db"
)

func (d *SqlDb) GetAccessKey(projectID int, accessKeyID int) (key db.AccessKey, err error) {
	err = d.getObject(projectID, db.AccessKeyProps, accessKeyID, &key)
	return
}

func (d *SqlDb) GetAccessKeyRefs(projectID int, keyID int) (db.ObjectReferrers, error) {
	return d.getObjectRefs(projectID, db.AccessKeyProps, keyID)
}

func (d *SqlDb) GetAccessKeys(projectID int, params db.RetrieveQueryParams) ([]db.AccessKey, error) {
	var keys []db.AccessKey
	err := d.getProjectObjects(projectID, db.AccessKeyProps, params, &keys)
	return keys, err
}

func (d *SqlDb) UpdateAccessKey(key db.AccessKey) error {
	err := key.Validate(key.OverrideSecret)

	if err != nil {
		return err
	}

	err = key.SerializeSecret()

	if err != nil {
		return err
	}

	var res sql.Result

	var args []interface{}
	query := "update access_key set name=?"
	args = append(args, key.Name)

	if key.OverrideSecret {
		query += ", type=?, secret=?"
		args = append(args, key.Type)
		args = append(args, key.Secret)
	}

	query += " where id=?"
	args = append(args, key.ID)

	query += " and project_id=?"
	args = append(args, key.ProjectID)

	res, err = d.exec(query, args...)

	return validateMutationResult(res, err)
}

func (d *SqlDb) CreateAccessKey(key db.AccessKey) (newKey db.AccessKey, err error) {
	err = key.SerializeSecret()
	if err != nil {
		return
	}

	insertID, err := d.insert(
		"id",
		"insert into access_key (name, type, project_id, secret) values (?, ?, ?, ?)",
		key.Name,
		key.Type,
		key.ProjectID,
		key.Secret)

	if err != nil {
		return
	}

	newKey = key
	newKey.ID = insertID
	return
}

func (d *SqlDb) DeleteAccessKey(projectID int, accessKeyID int) error {
	return d.deleteObject(projectID, db.AccessKeyProps, accessKeyID)
}

const RekeyBatchSize = 100

func (d *SqlDb) RekeyAccessKeys(oldKey string) (err error) {

	var globalProps = db.AccessKeyProps
	globalProps.IsGlobal = true

	for i := 0; ; i++ {

		var keys []db.AccessKey
		err = d.getObjects(-1, globalProps, db.RetrieveQueryParams{Count: RekeyBatchSize, Offset: i * RekeyBatchSize}, &keys, true)

		if err != nil {
			return
		}

		if len(keys) == 0 {
			break
		}

		for _, key := range keys {

			err = key.DeserializeSecret2(oldKey)

			if err != nil {
				return err
			}

			key.OverrideSecret = true
			err = d.UpdateAccessKey(key)

			if err != nil && !errors.Is(err, db.ErrNotFound) {
				return err
			}
		}
	}

	return
}
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`package sql`

fix: access key validation 2021-09-04 08:39:16 +02:00			`import (`
			`"database/sql"`
fix(vault): offset in sql query 2024-01-28 13:18:07 +01:00			`"errors"`
fix: access key validation 2021-09-04 08:39:16 +02:00			`"github.com/ansible-semaphore/semaphore/db"`
			`)`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00
feat(be): change error message for access key decryption 2021-09-10 00:41:36 +02:00			`func (d *SqlDb) GetAccessKey(projectID int, accessKeyID int) (key db.AccessKey, err error) {`
Undo changes to getObject calls in sql 2024-01-10 07:14:12 +01:00			`err = d.getObject(projectID, db.AccessKeyProps, accessKeyID, &key)`
feat: add password file for Access Key 2021-09-01 16:38:28 +02:00			`return`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`}`

feat: remove soft delete functionality 2022-02-03 08:05:13 +01:00			`func (d *SqlDb) GetAccessKeyRefs(projectID int, keyID int) (db.ObjectReferrers, error) {`
			`return d.getObjectRefs(projectID, db.AccessKeyProps, keyID)`
			`}`

refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`func (d *SqlDb) GetAccessKeys(projectID int, params db.RetrieveQueryParams) ([]db.AccessKey, error) {`
			`var keys []db.AccessKey`
fix(webhooks): merge conflict 2024-02-11 21:22:35 +01:00			`err := d.getProjectObjects(projectID, db.AccessKeyProps, params, &keys)`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`return keys, err`
			`}`

fix(be): use correct config field for access key encryption 2021-09-09 23:31:06 +02:00			`func (d *SqlDb) UpdateAccessKey(key db.AccessKey) error {`
fix: access key validation 2021-09-04 08:39:16 +02:00			`err := key.Validate(key.OverrideSecret)`

feat: add password file for Access Key 2021-09-01 16:38:28 +02:00			`if err != nil {`
			`return err`
			`}`

fix: access key validation 2021-09-04 08:39:16 +02:00			`err = key.SerializeSecret()`

			`if err != nil {`
			`return err`
			`}`

			`var res sql.Result`

			`var args []interface{}`
			`query := "update access_key set name=?"`
			`args = append(args, key.Name)`

			`if key.OverrideSecret {`
			`query += ", type=?, secret=?"`
			`args = append(args, key.Type)`
			`args = append(args, key.Secret)`
			`}`

			`query += " where id=?"`
			`args = append(args, key.ID)`

fix(be): use correct config field for access key encryption 2021-09-09 23:31:06 +02:00			`query += " and project_id=?"`
			`args = append(args, key.ProjectID)`
fix: access key validation 2021-09-04 08:39:16 +02:00
			`res, err = d.exec(query, args...)`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00
			`return validateMutationResult(res, err)`
			`}`

			`func (d *SqlDb) CreateAccessKey(key db.AccessKey) (newKey db.AccessKey, err error) {`
feat: add password file for Access Key 2021-09-01 16:38:28 +02:00			`err = key.SerializeSecret()`
			`if err != nil {`
			`return`
			`}`

fix(be): add quotes to user table in queties to support postgres 2021-08-24 19:52:35 +02:00			`insertID, err := d.insert(`
			`"id",`
feat: removed public key. fix: encrypt private key for new access key 2021-08-31 07:47:19 +02:00			`"insert into access_key (name, type, project_id, secret) values (?, ?, ?, ?)",`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`key.Name,`
			`key.Type,`
			`key.ProjectID,`
			`key.Secret)`

			`if err != nil {`
			`return`
			`}`

			`newKey = key`
fix(be): add quotes to user table in queties to support postgres 2021-08-24 19:52:35 +02:00			`newKey.ID = insertID`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`return`
			`}`

			`func (d *SqlDb) DeleteAccessKey(projectID int, accessKeyID int) error {`
refactor(be): rename db tables prop objects 2021-05-13 21:45:54 +02:00			`return d.deleteObject(projectID, db.AccessKeyProps, accessKeyID)`
refactor(be): split SqlDb to several files 2020-12-20 19:00:59 +01:00			`}`
Vault cli (#1463) * feat(be): add cli command vault rekey * feat(vault): use tx * feat(vault): docs * fix(vault): rekey flag 2023-09-09 14:41:41 +02:00
refactor(vault): getObjects -> getProjectObjects for sql db 2024-01-28 12:24:37 +01:00			`const RekeyBatchSize = 100`
Vault cli (#1463) * feat(be): add cli command vault rekey * feat(vault): use tx * feat(vault): docs * fix(vault): rekey flag 2023-09-09 14:41:41 +02:00
refactor(vault): getObjects -> getProjectObjects for sql db 2024-01-28 12:24:37 +01:00			`func (d *SqlDb) RekeyAccessKeys(oldKey string) (err error) {`

			`var globalProps = db.AccessKeyProps`
			`globalProps.IsGlobal = true`

			`for i := 0; ; i++ {`

			`var keys []db.AccessKey`
			`err = d.getObjects(-1, globalProps, db.RetrieveQueryParams{Count: RekeyBatchSize, Offset: i * RekeyBatchSize}, &keys, true)`

			`if err != nil {`
			`return`
			`}`

			`if len(keys) == 0 {`
			`break`
			`}`

			`for _, key := range keys {`

			`err = key.DeserializeSecret2(oldKey)`

			`if err != nil {`
			`return err`
			`}`

			`key.OverrideSecret = true`
			`err = d.UpdateAccessKey(key)`

fix(vault): offset in sql query 2024-01-28 13:18:07 +01:00			`if err != nil && !errors.Is(err, db.ErrNotFound) {`
refactor(vault): getObjects -> getProjectObjects for sql db 2024-01-28 12:24:37 +01:00			`return err`
			`}`
			`}`
			`}`

			`return`
Vault cli (#1463) * feat(be): add cli command vault rekey * feat(vault): use tx * feat(vault): docs * fix(vault): rekey flag 2023-09-09 14:41:41 +02:00			`}`