chore: mask backend sensitive information

Author: Yangyang96

api/openapispec/docs.go

@@ -5430,9 +5430,7 @@ const docTemplate = `{
         "request.UpdateWorkspaceRequest": {
             "type": "object",
             "required": [
-                "backendID",
-                "id",
-                "owners"
+                "id"
             ],
             "properties": {
                 "backendID": {

api/openapispec/swagger.json

@@ -5419,9 +5419,7 @@
         "request.UpdateWorkspaceRequest": {
             "type": "object",
             "required": [
-                "backendID",
-                "id",
-                "owners"
+                "id"
             ],
             "properties": {
                 "backendID": {

api/openapispec/swagger.yaml

@@ -1242,9 +1242,7 @@ definitions:
           type: string
         type: array
     required:
-    - backendID
     - id
-    - owners
     type: object
   request.WorkspaceConfigs:
     properties:

pkg/apis/api.kusion.io/v1/types.go

@@ -250,6 +250,7 @@ const (
 	BackendGenericOssPrefix   = "prefix"
 	BackendS3Region           = "region"
 	BackendS3ForcePathStyle   = "forcePathStyle"
+	BackendGoogleCredentials  = "credentials"
 
 	BackendTypeLocal  = "local"
 	BackendTypeOss    = "oss"
@@ -422,7 +423,7 @@ func (b *BackendConfig) ToGoogleBackend() *BackendGoogleConfig {
 	var creds *googleauth.Credentials
 	bucket, _ := b.Configs[BackendGenericOssBucket].(string)
 	prefix, _ := b.Configs[BackendGenericOssPrefix].(string)
-	if credentialsJSON, ok := b.Configs["credentials"].(map[string]any); ok {
+	if credentialsJSON, ok := b.Configs[BackendGoogleCredentials].(map[string]any); ok {
 		credentialsBytes, err := json.Marshal(credentialsJSON)
 		if err != nil {
 			return nil

pkg/domain/constant/workspace.go

@@ -0,0 +1,10 @@
+package constant
+
+import "errors"
+
+var (
+	ErrEmptyWorkspaceName   = errors.New("workspace must have a name")
+	ErrInvalidWorkspaceName = errors.New("workspace name can only have alphanumeric characters and underscores with [a-zA-Z0-9_]")
+	ErrEmptyOwners          = errors.New("workspace must have at least one owner")
+	ErrEmptyBackendID       = errors.New("workspace must have a backend id")
+)

pkg/domain/request/workspace_request.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	v1 "kusionstack.io/kusion/pkg/apis/api.kusion.io/v1"
+	"kusionstack.io/kusion/pkg/domain/constant"
 )
 
 // CreateWorkspaceRequest represents the create request structure for
@@ -33,9 +34,9 @@ type UpdateWorkspaceRequest struct {
 	// Labels are custom labels associated with the workspace.
 	Labels map[string]string `json:"labels"`
 	// Owners is a list of owners for the workspace.
-	Owners []string `json:"owners" binding:"required"`
+	Owners []string `json:"owners"`
 	// BackendID is the configuration backend id associated with the workspace.
-	BackendID uint `json:"backendID" binding:"required"`
+	BackendID uint `json:"backendID"`
 }
 
 type WorkspaceCredentials struct {
@@ -53,6 +54,34 @@ type WorkspaceConfigs struct {
 	*v1.Workspace `yaml:",inline" json:",inline"`
 }
 
+func (payload *CreateWorkspaceRequest) Validate() error {
+	if payload.Name == "" {
+		return constant.ErrEmptyWorkspaceName
+	}
+
+	if validName(payload.Name) {
+		return constant.ErrInvalidWorkspaceName
+	}
+
+	if payload.BackendID == 0 {
+		return constant.ErrEmptyBackendID
+	}
+
+	if len(payload.Owners) == 0 {
+		return constant.ErrEmptyOwners
+	}
+
+	return nil
+}
+
+func (payload *UpdateWorkspaceRequest) Validate() error {
+	if payload.Name != "" && validName(payload.Name) {
+		return constant.ErrInvalidWorkspaceName
+	}
+
+	return nil
+}
+
 func (payload *CreateWorkspaceRequest) Decode(r *http.Request) error {
 	return decode(r, payload)
 }

pkg/server/handler/module/handler.go

@@ -97,7 +97,7 @@ func (h *Handler) DeleteModule() http.HandlerFunc {
 // @Failure		429								{object}	error									"Too Many Requests"
 // @Failure		404								{object}	error									"Not Found"
 // @Failure		500								{object}	error									"Internal Server Error"
-// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																																		[put]
+// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																																													[put]
 func (h *Handler) UpdateModule() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Getting stuff from context.
@@ -139,7 +139,7 @@ func (h *Handler) UpdateModule() http.HandlerFunc {
 // @Failure		429								{object}	error									"Too Many Requests"
 // @Failure		404								{object}	error									"Not Found"
 // @Failure		500								{object}	error									"Internal Server Error"
-// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																[get]
+// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																											[get]
 func (h *Handler) GetModule() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Getting stuff from context.

pkg/server/handler/stack/handler.go

@@ -128,6 +128,12 @@ func (h *Handler) UpdateStack() http.HandlerFunc {
 			return
 		}
 
+		// Validate request payload
+		if err := requestPayload.Validate(); err != nil {
+			render.Render(w, r, handler.FailureResponse(ctx, err))
+			return
+		}
+
 		updatedEntity, err := h.stackManager.UpdateStackByID(ctx, params.StackID, requestPayload)
 		handler.HandleResult(w, r, ctx, err, updatedEntity)
 	}

pkg/server/handler/workspace/configs.go

@@ -116,7 +116,7 @@ func (h *Handler) UpdateWorkspaceConfigs() http.HandlerFunc {
 // @Failure		429													{object}	error	"Too Many Requests"
 // @Failure		404													{object}	error	"Not Found"
 // @Failure		500													{object}	error	"Internal Server Error"
-// @Router			/api/v1/workspaces/{workspaceID}/configs/mod-deps 																																														[post]
+// @Router			/api/v1/workspaces/{workspaceID}/configs/mod-deps 																																																	[post]
 func (h *Handler) CreateWorkspaceModDeps() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Getting stuff from context.

pkg/server/handler/workspace/handler.go

@@ -43,6 +43,12 @@ func (h *Handler) CreateWorkspace() http.HandlerFunc {
 			return
 		}
 
+		// Validate request payload
+		if err := requestPayload.Validate(); err != nil {
+			render.Render(w, r, handler.FailureResponse(ctx, err))
+			return
+		}
+
 		createdEntity, err := h.workspaceManager.CreateWorkspace(ctx, requestPayload)
 		handler.HandleResult(w, r, ctx, err, createdEntity)
 	}
@@ -108,6 +114,12 @@ func (h *Handler) UpdateWorkspace() http.HandlerFunc {
 			return
 		}
 
+		// Validate request payload
+		if err := requestPayload.Validate(); err != nil {
+			render.Render(w, r, handler.FailureResponse(ctx, err))
+			return
+		}
+
 		updatedEntity, err := h.workspaceManager.UpdateWorkspaceByID(ctx, params.WorkspaceID, requestPayload)
 		handler.HandleResult(w, r, ctx, err, updatedEntity)
 	}

pkg/server/manager/backend/backend_manager.go

@@ -22,6 +22,14 @@ func (m *BackendManager) ListBackends(ctx context.Context, filter *entity.Backen
 		}
 		return nil, err
 	}
+
+	for i, entity := range backendEntities.Backends {
+		entity, err := MaskBackendSensitiveInfo(entity)
+		if err != nil {
+			return nil, err
+		}
+		backendEntities.Backends[i] = entity
+	}
 	return backendEntities, nil
 }
 
@@ -33,6 +41,12 @@ func (m *BackendManager) GetBackendByID(ctx context.Context, id uint) (*entity.B
 		}
 		return nil, err
 	}
+
+	existingEntity, err = MaskBackendSensitiveInfo(existingEntity)
+	if err != nil {
+		return nil, err
+	}
+
 	return existingEntity, nil
 }
 
@@ -71,6 +85,12 @@ func (m *BackendManager) UpdateBackendByID(ctx context.Context, id uint, request
 	if err != nil {
 		return nil, err
 	}
+
+	updatedEntity, err = MaskBackendSensitiveInfo(updatedEntity)
+	if err != nil {
+		return nil, err
+	}
+
 	return updatedEntity, nil
 }
 
@@ -86,7 +106,13 @@ func (m *BackendManager) CreateBackend(ctx context.Context, requestPayload reque
 	if err != nil {
 		return nil, err
 	}
-	return &createdEntity, nil
+
+	maskedEntity, err := MaskBackendSensitiveInfo(&createdEntity)
+	if err != nil {
+		return nil, err
+	}
+
+	return maskedEntity, nil
 }
 
 func (m *BackendManager) BuildBackendFilter(ctx context.Context, query *url.Values) (*entity.BackendFilter, error) {

pkg/server/manager/backend/types.go

@@ -10,6 +10,7 @@ var (
 	ErrGettingNonExistingBackend  = errors.New("the backend does not exist")
 	ErrUpdatingNonExistingBackend = errors.New("the backend to update does not exist")
 	ErrInvalidBackendID           = errors.New("the backend ID should be a uuid")
+	ErrInternalServerError        = errors.New("internal server error")
 )
 
 type BackendManager struct {

pkg/server/manager/backend/util.go

@@ -0,0 +1,34 @@
+package backend
+
+import (
+	v1 "kusionstack.io/kusion/pkg/apis/api.kusion.io/v1"
+	"kusionstack.io/kusion/pkg/domain/entity"
+)
+
+// MaskBackendSensitiveInfo is a helper function to mask sensitive information in backend
+func MaskBackendSensitiveInfo(entity *entity.Backend) (*entity.Backend, error) {
+	if entity == nil {
+		return nil, ErrInternalServerError
+	}
+
+	// mask oss secret key
+	if _, ok := entity.BackendConfig.Configs[v1.BackendGenericOssSK]; ok {
+		entity.BackendConfig.Configs[v1.BackendGenericOssSK] = "**********"
+	}
+
+	// mask google credentials
+	if credentialsJSON, ok := entity.BackendConfig.Configs[v1.BackendGoogleCredentials].(map[string]any); ok {
+		maskSensitiveInfo(credentialsJSON)
+		entity.BackendConfig.Configs[v1.BackendGoogleCredentials] = credentialsJSON
+	}
+	return entity, nil
+}
+
+func maskSensitiveInfo(credentials map[string]any) {
+	sensitiveFields := []string{"private_key", "client_email", "client_id"}
+	for _, field := range sensitiveFields {
+		if _, ok := credentials[field]; ok {
+			credentials[field] = "**********"
+		}
+	}
+}