Limit secrets processing to current offering (reference)

code4me · Dec 16, 2024 · 3539d5a · 3539d5a
1 parent 4127d52
commit 3539d5a
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 11 deletions.
diff --git a/lansweeper/aws/integration-lambda/tests/lansweeper_lambda_handler.test.js b/lansweeper/aws/integration-lambda/tests/lansweeper_lambda_handler.test.js
@@ -40,7 +40,7 @@ const context = {invokedFunctionArn: 'arn:aws:lambda:eu-west-1:123456789012:func
 process.env.PARAM_BOOTSTRAP_APP = 'my-app';
 process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider';
 process.env.PARAM_4ME_DOMAIN = '4me-test-domain';
-process.env.PARAM_OFFERING_REFERENCE = 'my-lansweeper';
+process.env.PARAM_OFFERING_REFERENCE = 'lansweeper';
 process.env.REFRESH_QUEUE_URL = 'sql-url';
 
 it('handles scheduled event', async () => {

diff --git a/lansweeper/aws/integration-lambda/tests/secret_event_handler.test.js b/lansweeper/aws/integration-lambda/tests/secret_event_handler.test.js
@@ -30,7 +30,7 @@ const expectedInstanceId = 'fuydjhdf';
 process.env.PARAM_BOOTSTRAP_APP = 'my-app';
 process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider';
 process.env.PARAM_4ME_DOMAIN = '4me-test-domain';
-process.env.PARAM_OFFERING_REFERENCE = 'my-lansweeper';
+process.env.PARAM_OFFERING_REFERENCE = 'lansweeper';
 
 describe('known app_instance', () => {
   it('handles event and sets callbackURL in the app instance when status is pending_callback_url', async () => {
@@ -195,6 +195,28 @@ it('does not continue if no app instance is found', async () => {
   expect(LansweeperClient.mock.calls.length).toBe(0);
 });
 
+it('does not continue if offering reference is different', async () => {
+  const event = require('../../events/secret-create.event.json');
+  event.detail.requestParameters.name = '4me-app-builder/xurrent_apps_xds/4me-staging.com/instances/test-account'
+
+  Js4meHelper.mockImplementation(() => {
+    return {
+      getToken: async () => providerAccessToken,
+      getGraphQLQuery: async () => ciProductData,
+    };
+  });
+
+  expect(await app.lambdaHandler(event, context))
+    .toEqual({
+      'statusCode': 200,
+      'body': JSON.stringify({
+        message: 'Current offering lansweeper not found in 4me-app-builder/xurrent_apps_xds/4me-staging.com/instances/test-account',
+      })
+    });
+
+  expect(LansweeperClient.mock.calls.length).toBe(0);
+});
+
 async function setupSecretsHelper() {
   const customerSecrets = {
     application: {

diff --git a/library/helpers/js_4me_installation_handler.js b/library/helpers/js_4me_installation_handler.js
@@ -21,6 +21,12 @@ class Js4meInstallationHandler {
       return this.respondWith(`Installation account not found in ${secretId}`, 200)
     }
 
+    const offeringReference = this.lambda4meContextHelper.offeringReference;
+    if (offeringReference && secretId.indexOf(offeringReference) === -1) {
+      // secrets manager call for other application than current offering
+      return this.respondWith(`Current offering ${offeringReference} not found in ${secretId}`, 200)
+    }
+
     const account = matches[1];
     const newInstallation = event.detail.eventName === 'CreateSecret';
     console.log('%s installation for account %s', newInstallation ? 'New' : 'Updated', account);

diff --git a/note-dispatcher/aws/integration-lambda/tests/note-dispatcher-lambda.test.js b/note-dispatcher/aws/integration-lambda/tests/note-dispatcher-lambda.test.js
@@ -33,7 +33,7 @@ const mockedSecrets = {
 
 process.env.PARAM_BOOTSTRAP_APP = 'my-app';
 process.env.PARAM_4ME_DOMAIN = '4me-test-domain';
-process.env.PARAM_OFFERING_REFERENCE = 'my-typeform';
+process.env.PARAM_OFFERING_REFERENCE = 'typeform';
 
 it('handles note dispatcher event', async () => {
   const event = require('../../events/note-dispatcher.event.json');
@@ -86,7 +86,7 @@ it('handles note dispatcher event', async () => {
                                       })
              });
 
-  expect(secretsHelperMock.constructor()).toHaveBeenCalledWith(null, '4me-test-domain', 'my-app/my-typeform');
+  expect(secretsHelperMock.constructor()).toHaveBeenCalledWith(null, '4me-test-domain', 'my-app/typeform');
   expect(mockGetSecrets).toHaveBeenCalledWith('instances/wdc');
 
   expect(receivedText).toBe('a new note');

diff --git a/typeform/aws/integration-lambda/tests/secret_event_handler.test.js b/typeform/aws/integration-lambda/tests/secret_event_handler.test.js
@@ -24,7 +24,7 @@ const LambdaContextMocker = require('../../../../library/aws/secrets-lambda/test
 process.env.PARAM_BOOTSTRAP_APP = 'my-app';
 process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider';
 process.env.PARAM_4ME_DOMAIN = '4me-test-domain';
-process.env.PARAM_OFFERING_REFERENCE = 'my-typeform';
+process.env.PARAM_OFFERING_REFERENCE = 'typeform';
 
 it('handles event when typeform secret is present', async () => {
   const event = require('../../events/secret-update.event.json');
@@ -68,7 +68,7 @@ it('handles initial secrets, no typeform secret yet', async () => {
       client_secret: 'secret',
     },
     secrets: {
-      typeform_token: 'my-typeform-token',
+      typeform_token: 'typeform-token',
     },
   };
   const lambdaContextMocker = new LambdaContextMocker('test-account', customerSecrets);
@@ -155,7 +155,7 @@ it('handles initial secrets, no typeform secret yet', async () => {
   expect(Js4meHelper.mock.calls.length).toBe(2);
   expect(randomBytesMock).toBeCalledWith(64);
   expect(generatedSecrets.typeform_secret).toBe(bufferFromMock.toString('hex'));
-  expect(TypeformClient).toBeCalledWith('my-typeform-token');
+  expect(TypeformClient).toBeCalledWith('typeform-token');
   expect(unsuspendCalled).toBe(true);
 });
 
@@ -168,7 +168,7 @@ it('does not continue if no app instance is found', async () => {
       client_secret: 'secret',
     },
     secrets: {
-      typeform_token: 'my-typeform-token',
+      typeform_token: 'typeform-token',
     },
   };
   const lambdaContextMocker = new LambdaContextMocker('test-account', customerSecrets);
@@ -220,7 +220,7 @@ it('does not store secrets if typeform call fails', async () => {
       client_secret: 'secret',
     },
     secrets: {
-      typeform_token: 'my-typeform-token',
+      typeform_token: 'typeform-token',
     },
   };
   const lambdaContextMocker = new LambdaContextMocker('test-account', customerSecrets);
@@ -283,7 +283,7 @@ it('does not store secrets if typeform call fails', async () => {
   const expectedAppName = `${process.env.PARAM_BOOTSTRAP_APP}/${process.env.PARAM_OFFERING_REFERENCE}`;
   expect(SecretsHelper).toHaveBeenCalledWith(null, process.env.PARAM_4ME_DOMAIN, expectedAppName);
   lambdaContextMocker.checkCustomerAndProvider4meHelperCreated();
-  expect(TypeformClient).toBeCalledWith('my-typeform-token');
+  expect(TypeformClient).toBeCalledWith('typeform-token');
   expect(generatedSecrets).toBeNull();
   expect(actualSuspensionComment).toBe('Error creating Typeform webhook. Please check the Typeform token and Form ID.');
 });
diff --git a/typeform/aws/integration-lambda/tests/typeform_handler.test.js b/typeform/aws/integration-lambda/tests/typeform_handler.test.js
@@ -24,7 +24,7 @@ const context = {invokedFunctionArn: 'arn:aws:lambda:eu-west-1:123456789012:func
 process.env.PARAM_BOOTSTRAP_APP = 'my-app';
 process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider';
 process.env.PARAM_4ME_DOMAIN = '4me-test-domain';
-process.env.PARAM_OFFERING_REFERENCE = 'my-typeform';
+process.env.PARAM_OFFERING_REFERENCE = 'typeform';
 
 it('handles receiving form filled event', async () => {
   const providerAccessToken = {access_token: 'howard.tanner'};