access key type (#3114)

* feat(db): add migration for type column of access_key

* feat(db): rollback migration

* fix(keys): rename new field type to owner

* feat(keys): use owner field

* feat(keys): implement new field owner

Author: fiftin

.dredd/hooks/capabilities.go

@@ -129,11 +129,11 @@ func resolveCapability(caps []string, resolved []string, uid string) {
 			})
 			printError(err)
 			_, err = store.CreateAccessKey(db.AccessKey{
-				Name:          string(secret.Type) + "." + secret.Name,
 				String:        secret.Secret,
 				EnvironmentID: &res.ID,
 				ProjectID:     &userProject.ID,
 				Type:          db.AccessKeyString,
+				Owner:         secret.Type.GetAccessKeyOwner(),
 			})
 			printError(err)
 			environmentID = res.ID

api/projects/environment.go

@@ -21,11 +21,12 @@ func updateEnvironmentSecrets(store db.Store, env db.Environment) error {
 		switch secret.Operation {
 		case db.EnvironmentSecretCreate:
 			key, err = store.CreateAccessKey(db.AccessKey{
-				Name:          string(secret.Type) + "." + secret.Name,
+				Name:          secret.Name,
 				String:        secret.Secret,
 				EnvironmentID: &env.ID,
 				ProjectID:     &env.ProjectID,
 				Type:          db.AccessKeyString,
+				Owner:         secret.Type.GetAccessKeyOwner(),
 			})
 		case db.EnvironmentSecretDelete:
 			key, err = store.GetAccessKey(env.ProjectID, secret.ID)
@@ -53,8 +54,9 @@ func updateEnvironmentSecrets(store db.Store, env db.Environment) error {
 			updateKey := db.AccessKey{
 				ID:        key.ID,
 				ProjectID: key.ProjectID,
-				Name:      string(secret.Type) + "." + secret.Name,
+				Name:      secret.Name,
 				Type:      db.AccessKeyString,
+				Owner:     key.Owner,
 			}
 			if secret.Secret != "" {
 				updateKey.String = secret.Secret

db/AccessKey.go

@@ -16,13 +16,21 @@ import (
 )
 
 type AccessKeyType string
+type AccessKeyOwner string
 
 const (
 	AccessKeySSH           AccessKeyType = "ssh"
 	AccessKeyNone          AccessKeyType = "none"
 	AccessKeyLoginPassword AccessKeyType = "login_password"
 	AccessKeyString        AccessKeyType = "string"
 )
+const (
+	AccessKeyEnvironment AccessKeyOwner = "environment"
+	AccessKeyVariable    AccessKeyOwner = "variable"
+	AccessKeyUser        AccessKeyOwner = "user"
+	AccessKeyVault       AccessKeyOwner = "vault"
+	AccessKeyShared      AccessKeyOwner = ""
+)
 
 // AccessKey represents a key used to access a machine with ansible from semaphore
 type AccessKey struct {
@@ -49,6 +57,9 @@ type AccessKey struct {
 	UserID *int `db:"user_id" json:"-" backup:"-"`
 
 	Empty bool `db:"-" json:"empty,omitempty"`
+
+	Owner AccessKeyOwner `db:"owner" json:"owner,omitempty" backup:"owner"`
+	Plain *string        `db:"plain" json:"plain,omitempty"`
 }
 
 type LoginPassword struct {

db/Environment.go

@@ -21,6 +21,17 @@ const (
 	EnvironmentSecretEnv EnvironmentSecretType = "env"
 )
 
+func (t EnvironmentSecretType) GetAccessKeyOwner() AccessKeyOwner {
+	switch t {
+	case EnvironmentSecretVar:
+		return AccessKeyVariable
+	case EnvironmentSecretEnv:
+		return AccessKeyEnvironment
+	default:
+		panic("unknown secret type: " + t)
+	}
+}
+
 type EnvironmentSecret struct {
 	ID        int                        `json:"id"`
 	Type      EnvironmentSecretType      `json:"type"`
@@ -117,10 +128,10 @@ func FillEnvironmentSecrets(store Store, env *Environment, deserializeSecret boo
 		var secretName string
 		var secretType EnvironmentSecretType
 
-		if strings.HasPrefix(k.Name, string(EnvironmentSecretVar)+".") {
+		if k.Owner == AccessKeyVariable {
 			secretType = EnvironmentSecretVar
 			secretName = strings.TrimPrefix(k.Name, string(EnvironmentSecretVar)+".")
-		} else if strings.HasPrefix(k.Name, string(EnvironmentSecretEnv)+".") {
+		} else if k.Owner == AccessKeyEnvironment {
 			secretType = EnvironmentSecretEnv
 			secretName = strings.TrimPrefix(k.Name, string(EnvironmentSecretEnv)+".")
 		} else {

db/Migration.go

@@ -94,6 +94,7 @@ func GetMigrations() []Migration {
 		{Version: "2.14.12"},
 		{Version: "2.15.0"},
 		{Version: "2.15.1"},
+		{Version: "2.16.0"},
 	}
 }
 

db/bolt/access_key.go

@@ -22,7 +22,7 @@ func (d *BoltDb) GetAccessKeys(projectID int, params db.RetrieveQueryParams) ([]
 	var keys []db.AccessKey
 	err := d.getObjects(projectID, db.AccessKeyProps, params, func(i any) bool {
 		k := i.(db.AccessKey)
-		return k.EnvironmentID == nil
+		return k.Owner == db.AccessKeyShared
 	}, &keys)
 	return keys, err
 }

db/sql/access_key.go

@@ -24,7 +24,7 @@ func (d *SqlDb) GetAccessKeys(projectID int, params db.RetrieveQueryParams) (key
 		return
 	}
 
-	q = q.Where("pe.environment_id IS NULL")
+	q = q.Where("pe.owner = ''")
 
 	query, args, err := q.ToSql()
 
@@ -87,12 +87,14 @@ func (d *SqlDb) CreateAccessKey(key db.AccessKey) (newKey db.AccessKey, err erro
 
 	insertID, err := d.insert(
 		"id",
-		"insert into access_key (name, type, project_id, secret, environment_id) values (?, ?, ?, ?, ?)",
+		"insert into access_key (name, type, project_id, secret, environment_id, owner) values (?, ?, ?, ?, ?, ?)",
 		key.Name,
 		key.Type,
 		key.ProjectID,
 		key.Secret,
-		key.EnvironmentID)
+		key.EnvironmentID,
+		key.Owner,
+	)
 
 	if err != nil {
 		return

db/sql/migrations/v2.16.0.err.sql

@@ -0,0 +1,2 @@
+alter table `access_key` drop `owner`;
+alter table `access_key` drop `plain`;

db/sql/migrations/v2.16.0.sql

@@ -0,0 +1,4 @@
+alter table `access_key` add `owner` varchar(20) default '' not null;
+alter table `access_key` add `plain` text;
+update access_key set `owner` = 'variable' where environment_id is not null and name like 'var.%';
+update access_key set `owner` = 'environment' where environment_id is not null and name like 'env.%';