feat(secrets): update ui

Author: fiftin

db/SecretStorage.go

@@ -5,6 +5,7 @@ type SecretStorageType string
 const (
 	SecretStorageTypeLocal SecretStorageType = "local"
 	SecretStorageTypeVault SecretStorageType = "vault"
+	SecretStorageTypeDvls  SecretStorageType = "dvls"
 )
 
 type SecretStorage struct {
@@ -15,5 +16,5 @@ type SecretStorage struct {
 	Params    MapStringAnyField `db:"params" json:"params"`
 	ReadOnly  bool              `db:"readonly" json:"readonly"`
 
-	VaultToken string `db:"-" json:"vault_token,omitempty" backup:"-"`
+	Secret string `db:"-" json:"secret,omitempty" backup:"-"`
 }

pro/services/server/access_key_serializer_dvls.go

@@ -0,0 +1,32 @@
+package server
+
+import (
+	"github.com/semaphoreui/semaphore/db"
+)
+
+type DvlsStorageTokenDeserializer interface {
+	DeserializeSecret(key *db.AccessKey) error
+}
+
+type DvlsAccessKeyDeserializer struct {
+}
+
+func NewDvlsAccessKeyDeserializer(
+	_ db.AccessKeyManager,
+	_ db.SecretStorageRepository,
+	_ VaultStorageTokenDeserializer,
+) *DvlsAccessKeyDeserializer {
+	return &DvlsAccessKeyDeserializer{}
+}
+
+func (d *DvlsAccessKeyDeserializer) DeleteSecret(key *db.AccessKey) error {
+	return nil
+}
+
+func (d *DvlsAccessKeyDeserializer) SerializeSecret(key *db.AccessKey) (err error) {
+	return
+}
+
+func (d *DvlsAccessKeyDeserializer) DeserializeSecret(key *db.AccessKey) (res string, err error) {
+	return
+}

pro/services/server/access_key_serializer_rdm.go

@@ -4,9 +4,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"strings"
+
 	"github.com/semaphoreui/semaphore/db"
 	pro "github.com/semaphoreui/semaphore/pro/services/server"
-	"strings"
 )
 
 const RekeyBatchSize = 100
@@ -56,24 +57,48 @@ type accessKeyEncryptionServiceImpl struct {
 	secretStorageRepo db.SecretStorageRepository
 }
 
-func (s *accessKeyEncryptionServiceImpl) getDeserializer(key *db.AccessKey) AccessKeyDeserializer {
+func (s *accessKeyEncryptionServiceImpl) getDeserializer(key *db.AccessKey) (AccessKeyDeserializer, error) {
 	if key.SourceStorageID == nil {
-		return &LocalAccessKeyDeserializer{}
+		return &LocalAccessKeyDeserializer{}, nil
 	}
 
-	return pro.NewVaultAccessKeyDeserializer(s.accessKeyRepo, s.secretStorageRepo, s)
+	storage, err := s.secretStorageRepo.GetSecretStorage(*key.ProjectID, *key.SourceStorageID)
+	if err != nil {
+		return nil, err
+	}
+
+	switch storage.Type {
+	case db.SecretStorageTypeVault:
+		return pro.NewVaultAccessKeyDeserializer(s.accessKeyRepo, s.secretStorageRepo, s), nil
+	case db.SecretStorageTypeDvls:
+		return pro.NewDvlsAccessKeyDeserializer(s.accessKeyRepo, s.secretStorageRepo, s), nil
+	}
+
+	return nil, fmt.Errorf("unsupported secret storage type '%s'", storage.Type)
 }
 
 func (s *accessKeyEncryptionServiceImpl) DeleteSecret(key *db.AccessKey) error {
-	return s.getDeserializer(key).DeleteSecret(key)
+	d, err := s.getDeserializer(key)
+	if err != nil {
+		return err
+	}
+	return d.DeleteSecret(key)
 }
 
 func (s *accessKeyEncryptionServiceImpl) SerializeSecret(key *db.AccessKey) error {
-	return s.getDeserializer(key).SerializeSecret(key)
+	d, err := s.getDeserializer(key)
+	if err != nil {
+		return err
+	}
+	return d.SerializeSecret(key)
 }
 
 func (s *accessKeyEncryptionServiceImpl) DeserializeSecret(key *db.AccessKey) error {
-	ciphertext, err := s.getDeserializer(key).DeserializeSecret(key)
+	d, err := s.getDeserializer(key)
+	if err != nil {
+		return err
+	}
+	ciphertext, err := d.DeserializeSecret(key)
 	if err != nil {
 		return err
 	}

services/server/access_key_encryption_svc.go

@@ -66,7 +66,7 @@ func (s *SecretStorageServiceImpl) Create(storage db.SecretStorage) (res db.Secr
 		Name:      random.String(10),
 		Type:      db.AccessKeyString,
 		ProjectID: &storage.ProjectID,
-		String:    storage.VaultToken,
+		String:    storage.Secret,
 		Owner:     db.AccessKeyVault,
 		StorageID: &res.ID,
 	}
@@ -92,12 +92,12 @@ func (s *SecretStorageServiceImpl) Update(storage db.SecretStorage) (err error)
 	}
 
 	if len(keys) == 0 {
-		if storage.VaultToken != "" {
+		if storage.Secret != "" {
 			_, err = s.accessKeyService.Create(db.AccessKey{
 				Name:      random.String(10),
 				Type:      db.AccessKeyString,
 				ProjectID: &storage.ProjectID,
-				String:    storage.VaultToken,
+				String:    storage.Secret,
 				Owner:     db.AccessKeyVault,
 				StorageID: &storage.ID,
 			})
@@ -107,14 +107,14 @@ func (s *SecretStorageServiceImpl) Update(storage db.SecretStorage) (err error)
 		}
 	} else {
 		vault := keys[0]
-		if storage.VaultToken == "" {
+		if storage.Secret == "" {
 			// Do nothing if the vault token is empty,
 			// as it means the user haven't set a new token.
 
 			//err = s.keyRepo.DeleteAccessKey(storage.ProjectID, vault.ID)
 		} else {
 			vault.OverrideSecret = true
-			vault.String = storage.VaultToken
+			vault.String = storage.Secret
 			err = s.accessKeyService.Update(vault)
 		}
 	}

services/server/secret_storage_svc.go

@@ -30,4 +30,18 @@
     align-items: center;
     flex-wrap: wrap;
   }
+}
+
+.TextInput {
+
+}
+
+.TextInput--no-legend {
+  legend {
+    width: 0 !important;
+  }
+
+  .v-label.v-label--active {
+    display: none;
+  }
 }

web/src/assets/scss/components.scss

@@ -22,52 +22,115 @@
         dense
     ></v-text-field>
 
-    <!--
-    <v-select
-        v-model="item.type"
-        :label="$t('type')"
-        :rules="[v => !!v || $t('type_required')]"
-        :items="secretStorageTypes"
-        item-value="id"
-        item-text="name"
-        required
+    <v-text-field
+        v-model="item.params.url"
+        :label="$t('Server URL')"
         :disabled="formSaving"
+        :rules="[v => !!v || $t('url_required')]"
+        required
+        data-testid="secretStorage-vaultURL"
         outlined
         dense
-    />
-    -->
+    ></v-text-field>
 
     <div v-if="item.type === 'vault'">
 
       <v-text-field
-          v-model="item.params.url"
-          :label="$t('Server URL')"
+          v-model="item.secret"
+          :label="$t('Token')"
           :disabled="formSaving"
-          :rules="[v => !!v || $t('url_required')]"
+          :rules="[v => !!v || itemId !== 'new' || $t('token_required')]"
           required
-          data-testid="secretStorage-vaultURL"
+          data-testid="secretStorage-vaultToken"
           outlined
           dense
+          append-icon="mdi-lock"
       ></v-text-field>
 
+    </div>
+
+    <div v-else-if="item.type === 'dvls'">
+
+      <v-checkbox
+          class="pt-0 mb-2"
+          style="margin-top: -5px;"
+          v-model="item.params.insecure_tls"
+          label="Skip TLS certificate verification (insecure)"
+          :disabled="formSaving"
+      />
+
       <v-text-field
-          v-model="item.vault_token"
-          :label="$t('Token')"
+          v-model="item.params.vault_id"
+          :label="$t('Vault ID')"
           :disabled="formSaving"
-          :rules="[v => !!v || itemId !== 'new' || $t('token_required')]"
+          :rules="[v => !!v || itemId !== 'new' || $t('key_required')]"
           required
-          data-testid="secretStorage-vaultToken"
+          data-testid="secretStorage-dvlsKey"
+          outlined
+          dense
+      ></v-text-field>
+
+      <v-text-field
+          v-model="item.params.app_key"
+          :label="$t('App Key')"
+          :disabled="formSaving"
+          :rules="[v => !!v || itemId !== 'new' || $t('key_required')]"
+          required
+          data-testid="secretStorage-dvlsKey"
+          outlined
+          dense
+      ></v-text-field>
+
+      <div class="d-flex justify-space-between align-center">
+        <b style="font-size: 13px; margin-left: 5px;">App secret</b>
+        <v-btn-toggle
+            v-model="secretStorage"
+            tile
+            group
+        >
+          <v-btn value="database" small class="mr-0 mt-0" style="border-radius: 4px;">
+            Store in DB
+          </v-btn>
+          <v-btn value="env" small class="mr-0 mt-0" style="border-radius: 4px;">
+            Read from ENV
+          </v-btn>
+        </v-btn-toggle>
+      </div>
+
+      <v-text-field
+          v-if="secretStorage === 'database'"
+          class="TextInput TextInput--no-legend"
+          v-model="item.secret"
+          :label="$t('Secret')"
+          :disabled="formSaving"
+          :rules="[v => !!v || itemId !== 'new' || $t('secret_required')]"
+          required
+          data-testid="secretStorage-dvlsSecret"
           outlined
           dense
           append-icon="mdi-lock"
       ></v-text-field>
 
-<!--      <v-checkbox-->
-<!--        v-model="item.readonly"-->
-<!--        :label="$t('Read only')"-->
-<!--        :disabled="formSaving"-->
-<!--      />-->
+      <v-text-field
+          v-else
+          class="TextInput TextInput--no-legend"
+          v-model="item.source_storage_key"
+          :label="$t('Env var name')"
+          :disabled="formSaving"
+          :rules="[v => !!v || itemId !== 'new' || $t('envvar_required')]"
+          required
+          data-testid="secretStorage-dvlsSecret"
+          outlined
+          dense
+      ></v-text-field>
+
     </div>
+
+    <v-checkbox
+        v-model="item.readonly"
+        :label="$t('Read only')"
+        :disabled="formSaving"
+    />
   </v-form>
 </template>
 <script>
@@ -82,10 +145,7 @@ export default {
 
   data() {
     return {
-      secretStorageTypes: [{
-        id: 'vault',
-        name: 'Hashicorp Vault',
-      }],
+      secretStorage: 'database',
     };
   },
 
@@ -102,7 +162,9 @@ export default {
         this.item.params = {};
       }
 
-      this.item.type = this.itemType;
+      if (this.itemId === 'new') {
+        this.item.type = this.itemType;
+      }
     },
 
     getItemsUrl() {

web/src/components/SecretStorageForm.vue

@@ -18,7 +18,7 @@
     <EditDialog
       v-model="editDialog"
       :save-button-text="itemId === 'new' ? $t('create') : $t('save')"
-      :title="`${itemId === 'new' ? $t('nnew') : $t('edit')} Hashicorp Vault Storage`"
+      :title="`${itemId === 'new' ? $t('nnew') : $t('edit')} ${itemType} Storage`"
       :max-width="450"
       @save="loadItems()"
     >