From 3539d5aca26573c079751684a60e2ed2fcaff1c9 Mon Sep 17 00:00:00 2001 From: Mathijs Sterk Date: Mon, 16 Dec 2024 15:43:14 +0100 Subject: [PATCH] Limit secrets processing to current offering (reference) --- .../tests/lansweeper_lambda_handler.test.js | 2 +- .../tests/secret_event_handler.test.js | 24 ++++++++++++++++++- .../helpers/js_4me_installation_handler.js | 6 +++++ .../tests/note-dispatcher-lambda.test.js | 4 ++-- .../tests/secret_event_handler.test.js | 12 +++++----- .../tests/typeform_handler.test.js | 2 +- 6 files changed, 39 insertions(+), 11 deletions(-) diff --git a/lansweeper/aws/integration-lambda/tests/lansweeper_lambda_handler.test.js b/lansweeper/aws/integration-lambda/tests/lansweeper_lambda_handler.test.js index ee9bdd3..604c472 100644 --- a/lansweeper/aws/integration-lambda/tests/lansweeper_lambda_handler.test.js +++ b/lansweeper/aws/integration-lambda/tests/lansweeper_lambda_handler.test.js @@ -40,7 +40,7 @@ const context = {invokedFunctionArn: 'arn:aws:lambda:eu-west-1:123456789012:func process.env.PARAM_BOOTSTRAP_APP = 'my-app'; process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider'; process.env.PARAM_4ME_DOMAIN = '4me-test-domain'; -process.env.PARAM_OFFERING_REFERENCE = 'my-lansweeper'; +process.env.PARAM_OFFERING_REFERENCE = 'lansweeper'; process.env.REFRESH_QUEUE_URL = 'sql-url'; it('handles scheduled event', async () => { diff --git a/lansweeper/aws/integration-lambda/tests/secret_event_handler.test.js b/lansweeper/aws/integration-lambda/tests/secret_event_handler.test.js index f965fac..c08ae90 100644 --- a/lansweeper/aws/integration-lambda/tests/secret_event_handler.test.js +++ b/lansweeper/aws/integration-lambda/tests/secret_event_handler.test.js @@ -30,7 +30,7 @@ const expectedInstanceId = 'fuydjhdf'; process.env.PARAM_BOOTSTRAP_APP = 'my-app'; process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider'; process.env.PARAM_4ME_DOMAIN = '4me-test-domain'; -process.env.PARAM_OFFERING_REFERENCE = 'my-lansweeper'; +process.env.PARAM_OFFERING_REFERENCE = 'lansweeper'; describe('known app_instance', () => { it('handles event and sets callbackURL in the app instance when status is pending_callback_url', async () => { @@ -195,6 +195,28 @@ it('does not continue if no app instance is found', async () => { expect(LansweeperClient.mock.calls.length).toBe(0); }); +it('does not continue if offering reference is different', async () => { + const event = require('../../events/secret-create.event.json'); + event.detail.requestParameters.name = '4me-app-builder/xurrent_apps_xds/4me-staging.com/instances/test-account' + + Js4meHelper.mockImplementation(() => { + return { + getToken: async () => providerAccessToken, + getGraphQLQuery: async () => ciProductData, + }; + }); + + expect(await app.lambdaHandler(event, context)) + .toEqual({ + 'statusCode': 200, + 'body': JSON.stringify({ + message: 'Current offering lansweeper not found in 4me-app-builder/xurrent_apps_xds/4me-staging.com/instances/test-account', + }) + }); + + expect(LansweeperClient.mock.calls.length).toBe(0); +}); + async function setupSecretsHelper() { const customerSecrets = { application: { diff --git a/library/helpers/js_4me_installation_handler.js b/library/helpers/js_4me_installation_handler.js index ee260e3..4c9874a 100644 --- a/library/helpers/js_4me_installation_handler.js +++ b/library/helpers/js_4me_installation_handler.js @@ -21,6 +21,12 @@ class Js4meInstallationHandler { return this.respondWith(`Installation account not found in ${secretId}`, 200) } + const offeringReference = this.lambda4meContextHelper.offeringReference; + if (offeringReference && secretId.indexOf(offeringReference) === -1) { + // secrets manager call for other application than current offering + return this.respondWith(`Current offering ${offeringReference} not found in ${secretId}`, 200) + } + const account = matches[1]; const newInstallation = event.detail.eventName === 'CreateSecret'; console.log('%s installation for account %s', newInstallation ? 'New' : 'Updated', account); diff --git a/note-dispatcher/aws/integration-lambda/tests/note-dispatcher-lambda.test.js b/note-dispatcher/aws/integration-lambda/tests/note-dispatcher-lambda.test.js index 6d81d44..3ed5a6b 100644 --- a/note-dispatcher/aws/integration-lambda/tests/note-dispatcher-lambda.test.js +++ b/note-dispatcher/aws/integration-lambda/tests/note-dispatcher-lambda.test.js @@ -33,7 +33,7 @@ const mockedSecrets = { process.env.PARAM_BOOTSTRAP_APP = 'my-app'; process.env.PARAM_4ME_DOMAIN = '4me-test-domain'; -process.env.PARAM_OFFERING_REFERENCE = 'my-typeform'; +process.env.PARAM_OFFERING_REFERENCE = 'typeform'; it('handles note dispatcher event', async () => { const event = require('../../events/note-dispatcher.event.json'); @@ -86,7 +86,7 @@ it('handles note dispatcher event', async () => { }) }); - expect(secretsHelperMock.constructor()).toHaveBeenCalledWith(null, '4me-test-domain', 'my-app/my-typeform'); + expect(secretsHelperMock.constructor()).toHaveBeenCalledWith(null, '4me-test-domain', 'my-app/typeform'); expect(mockGetSecrets).toHaveBeenCalledWith('instances/wdc'); expect(receivedText).toBe('a new note'); diff --git a/typeform/aws/integration-lambda/tests/secret_event_handler.test.js b/typeform/aws/integration-lambda/tests/secret_event_handler.test.js index 42013f2..ee7e228 100644 --- a/typeform/aws/integration-lambda/tests/secret_event_handler.test.js +++ b/typeform/aws/integration-lambda/tests/secret_event_handler.test.js @@ -24,7 +24,7 @@ const LambdaContextMocker = require('../../../../library/aws/secrets-lambda/test process.env.PARAM_BOOTSTRAP_APP = 'my-app'; process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider'; process.env.PARAM_4ME_DOMAIN = '4me-test-domain'; -process.env.PARAM_OFFERING_REFERENCE = 'my-typeform'; +process.env.PARAM_OFFERING_REFERENCE = 'typeform'; it('handles event when typeform secret is present', async () => { const event = require('../../events/secret-update.event.json'); @@ -68,7 +68,7 @@ it('handles initial secrets, no typeform secret yet', async () => { client_secret: 'secret', }, secrets: { - typeform_token: 'my-typeform-token', + typeform_token: 'typeform-token', }, }; const lambdaContextMocker = new LambdaContextMocker('test-account', customerSecrets); @@ -155,7 +155,7 @@ it('handles initial secrets, no typeform secret yet', async () => { expect(Js4meHelper.mock.calls.length).toBe(2); expect(randomBytesMock).toBeCalledWith(64); expect(generatedSecrets.typeform_secret).toBe(bufferFromMock.toString('hex')); - expect(TypeformClient).toBeCalledWith('my-typeform-token'); + expect(TypeformClient).toBeCalledWith('typeform-token'); expect(unsuspendCalled).toBe(true); }); @@ -168,7 +168,7 @@ it('does not continue if no app instance is found', async () => { client_secret: 'secret', }, secrets: { - typeform_token: 'my-typeform-token', + typeform_token: 'typeform-token', }, }; const lambdaContextMocker = new LambdaContextMocker('test-account', customerSecrets); @@ -220,7 +220,7 @@ it('does not store secrets if typeform call fails', async () => { client_secret: 'secret', }, secrets: { - typeform_token: 'my-typeform-token', + typeform_token: 'typeform-token', }, }; const lambdaContextMocker = new LambdaContextMocker('test-account', customerSecrets); @@ -283,7 +283,7 @@ it('does not store secrets if typeform call fails', async () => { const expectedAppName = `${process.env.PARAM_BOOTSTRAP_APP}/${process.env.PARAM_OFFERING_REFERENCE}`; expect(SecretsHelper).toHaveBeenCalledWith(null, process.env.PARAM_4ME_DOMAIN, expectedAppName); lambdaContextMocker.checkCustomerAndProvider4meHelperCreated(); - expect(TypeformClient).toBeCalledWith('my-typeform-token'); + expect(TypeformClient).toBeCalledWith('typeform-token'); expect(generatedSecrets).toBeNull(); expect(actualSuspensionComment).toBe('Error creating Typeform webhook. Please check the Typeform token and Form ID.'); }); diff --git a/typeform/aws/integration-lambda/tests/typeform_handler.test.js b/typeform/aws/integration-lambda/tests/typeform_handler.test.js index 4006a64..66e5f77 100644 --- a/typeform/aws/integration-lambda/tests/typeform_handler.test.js +++ b/typeform/aws/integration-lambda/tests/typeform_handler.test.js @@ -24,7 +24,7 @@ const context = {invokedFunctionArn: 'arn:aws:lambda:eu-west-1:123456789012:func process.env.PARAM_BOOTSTRAP_APP = 'my-app'; process.env.PARAM_BOOTSTRAP_ACCOUNT = 'test-provider'; process.env.PARAM_4ME_DOMAIN = '4me-test-domain'; -process.env.PARAM_OFFERING_REFERENCE = 'my-typeform'; +process.env.PARAM_OFFERING_REFERENCE = 'typeform'; it('handles receiving form filled event', async () => { const providerAccessToken = {access_token: 'howard.tanner'};