Preliminary Working version of secret management with basic validation and resolution

Author: dhruv-droid-r2

executor/migrations/0046_secret_secret_executor_se_key_60cc82_idx_and_more.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.1.13 on 2025-03-05 09:24
+# Generated by Django 4.1.13 on 2025-03-05 11:35
 
 from django.conf import settings
 from django.db import migrations, models
@@ -27,7 +27,7 @@ class Migration(migrations.Migration):
                 ('is_active', models.BooleanField(default=True)),
                 ('description', models.TextField(blank=True)),
                 ('account', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='accounts.account')),
-                ('creator', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='created_secrets', to=settings.AUTH_USER_MODEL)),
+                ('created_by', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='created_secrets', to=settings.AUTH_USER_MODEL)),
                 ('last_updated_by', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='updated_secrets', to=settings.AUTH_USER_MODEL)),
             ],
         ),

executor/models.py

@@ -679,7 +679,7 @@ class Secret(models.Model):
     key = models.CharField(max_length=255, help_text="Reference key for the secret")
     value = EncryptedTextField()
     account = models.ForeignKey('accounts.Account', on_delete=models.CASCADE)
-    creator = models.ForeignKey('accounts.User', on_delete=models.SET_NULL, null=True, related_name='created_secrets')
+    created_by = models.ForeignKey('accounts.User', on_delete=models.SET_NULL, null=True, related_name='created_secrets')
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
     last_updated_by = models.ForeignKey('accounts.User', on_delete=models.SET_NULL, null=True, related_name='updated_secrets')

executor/secrets/views.py

@@ -10,14 +10,13 @@
 from playbooks.utils.decorators import web_api
 from playbooks.utils.meta import get_meta
 from playbooks.utils.queryset import filter_page
-from protos.base_pb2 import Message
+from protos.base_pb2 import Message, Meta, Page
 from protos.secrets.api_pb2 import (
     GetSecretsRequest, GetSecretsResponse, 
     GetSecretRequest, GetSecretResponse,
     CreateSecretRequest, CreateSecretResponse,
     UpdateSecretRequest, UpdateSecretResponse,
     Secret as SecretProto,
-    UpdateSecretOp
 )
 
 logger = logging.getLogger(__name__)
@@ -37,27 +36,60 @@ def _secret_to_proto(secret: Secret) -> SecretProto:
         key=StringValue(value=secret.key),
         masked_value=StringValue(value=_mask_secret_value(secret.value)),
         description=StringValue(value=secret.description or ""),
-        creator=StringValue(value=secret.creator.email if secret.creator else ""),
+        created_by=StringValue(value=secret.created_by.email if secret.created_by else ""),
         last_updated_by=StringValue(value=secret.last_updated_by.email if secret.last_updated_by else ""),
         created_at=int(secret.created_at.replace(tzinfo=timezone.utc).timestamp()) if secret.created_at else 0,
         updated_at=int(secret.updated_at.replace(tzinfo=timezone.utc).timestamp()) if secret.updated_at else 0,
         is_active=secret.is_active
     )
 
+def _secret_to_proto_partial(secret: Secret) -> SecretProto:
+    """Convert a Secret model to a partial Secret proto (for list views)"""
+    return SecretProto(
+        id=StringValue(value=str(secret.id)),
+        key=StringValue(value=secret.key),
+        description=StringValue(value=secret.description or ""),
+        created_by=StringValue(value=secret.created_by.email if secret.created_by else ""),
+        created_at=int(secret.created_at.replace(tzinfo=timezone.utc).timestamp()) if secret.created_at else 0,
+        is_active=secret.is_active
+    )
+
+
 
 @web_api(GetSecretsRequest)
 def secrets_list(request_message: GetSecretsRequest) -> Union[GetSecretsResponse, HttpResponse]:
-    """List all active secrets for the current account"""
+    """List secrets with optional filtering by IDs or key"""
     account: Account = get_request_account()
-    
-    # Get all active secrets for this account
+    meta: Meta = request_message.meta
+    show_inactive = meta.show_inactive
+    page: Page = meta.page
+    list_all = True
+
+    # Base queryset
     qs = Secret.objects.filter(account=account, is_active=True)
-    
-    # Apply pagination
+
+    # Filter by specific IDs if provided
+    if request_message.secret_ids:
+        qs = qs.filter(id__in=request_message.secret_ids)
+        list_all = False
+    # Filter by key if provided
+    if request_message.key:
+        qs = qs.filter(key__icontains=request_message.key.value.lower())
+        list_all = False
+    # Otherwise filter by active status unless show_inactive is True
+    elif not show_inactive or not show_inactive.value:
+        qs = qs.filter(is_active=True)
+
     total_count = qs.count()
-    page = request_message.meta.page
-    secrets = [_secret_to_proto(secret) for secret in filter_page(qs.order_by("-created_at"), page)]
-    
+    qs = qs.order_by('-created_at')
+    qs = filter_page(qs, page)
+
+    # Use proto or proto_partial based on list_all flag
+    if list_all:
+        secrets = [_secret_to_proto_partial(secret) for secret in qs]
+    else:
+        secrets = [_secret_to_proto(secret) for secret in qs]
+
     return GetSecretsResponse(
         meta=get_meta(page=page, total_count=total_count),
         success=BoolValue(value=True),
@@ -108,7 +140,16 @@ def secret_create(request_message: CreateSecretRequest) -> Union[CreateSecretRes
         return CreateSecretResponse(
             meta=get_meta(),
             success=BoolValue(value=False),
-            message=Message(title="Invalid Request", description="Key, and value are required")
+            message=Message(title="Invalid Request", description="Key and value are required")
+        )
+
+    # Validate key format -> (single word, no spaces, only alphanumeric and underscores)
+    if not key.isalnum() or ' ' in key:
+        return CreateSecretResponse(
+            meta=get_meta(),
+            success=BoolValue(value=False),
+            message=Message(title="Invalid Key", 
+                          description="Key must be a single word containing only letters, numbers, and underscores")
         )
 
     # Check if key already exists for this account
@@ -126,7 +167,7 @@ def secret_create(request_message: CreateSecretRequest) -> Union[CreateSecretRes
             key=key,
             value=value,
             description=description,
-            creator=user,
+            created_by=user,
             last_updated_by=user,
             is_active=True
         )
@@ -219,4 +260,4 @@ def secret_update(request_message: UpdateSecretRequest) -> Union[UpdateSecretRes
             meta=get_meta(),
             success=BoolValue(value=False),
             message=Message(title="Error", description="Failed to update secret")
-        )
+        )

protos/secrets/api.proto

@@ -9,7 +9,7 @@ message Secret {
   google.protobuf.StringValue key = 2;
   google.protobuf.StringValue masked_value = 3;
   google.protobuf.StringValue description = 4;
-  google.protobuf.StringValue creator = 5;
+  google.protobuf.StringValue created_by = 5;
   google.protobuf.StringValue last_updated_by = 6;
   int64 created_at = 7;
   int64 updated_at = 8;
@@ -18,6 +18,8 @@ message Secret {
 
 message GetSecretsRequest {
   Meta meta = 1;
+  repeated string secret_ids = 2;  // Optional list of secret IDs to fetch
+  google.protobuf.StringValue key = 3;  // Optional key to filter by (key_name)
 }
 
 message GetSecretsResponse {