chore: mask backend sensitive information

Yangyang96 · Yangyang96 · commit ba53aeb09ca1 · 2025-01-08T11:35:03.000+08:00
diff --git a/api/openapispec/docs.go b/api/openapispec/docs.go
@@ -5430,9 +5430,7 @@ const docTemplate = `{
         "request.UpdateWorkspaceRequest": {
             "type": "object",
             "required": [
-                "backendID",
-                "id",
-                "owners"
+                "id"
             ],
             "properties": {
                 "backendID": {
diff --git a/api/openapispec/swagger.json b/api/openapispec/swagger.json
@@ -5419,9 +5419,7 @@
         "request.UpdateWorkspaceRequest": {
             "type": "object",
             "required": [
-                "backendID",
-                "id",
-                "owners"
+                "id"
             ],
             "properties": {
                 "backendID": {
diff --git a/api/openapispec/swagger.yaml b/api/openapispec/swagger.yaml
@@ -1242,9 +1242,7 @@ definitions:
           type: string
         type: array
     required:
-    - backendID
     - id
-    - owners
     type: object
   request.WorkspaceConfigs:
     properties:
diff --git a/pkg/apis/api.kusion.io/v1/types.go b/pkg/apis/api.kusion.io/v1/types.go
@@ -250,6 +250,7 @@ const (
 	BackendGenericOssPrefix   = "prefix"
 	BackendS3Region           = "region"
 	BackendS3ForcePathStyle   = "forcePathStyle"
+	BackendGoogleCredentials  = "credentials"
 
 	BackendTypeLocal  = "local"
 	BackendTypeOss    = "oss"
@@ -422,7 +423,7 @@ func (b *BackendConfig) ToGoogleBackend() *BackendGoogleConfig {
 	var creds *googleauth.Credentials
 	bucket, _ := b.Configs[BackendGenericOssBucket].(string)
 	prefix, _ := b.Configs[BackendGenericOssPrefix].(string)
-	if credentialsJSON, ok := b.Configs["credentials"].(map[string]any); ok {
+	if credentialsJSON, ok := b.Configs[BackendGoogleCredentials].(map[string]any); ok {
 		credentialsBytes, err := json.Marshal(credentialsJSON)
 		if err != nil {
 			return nil
diff --git a/pkg/domain/constant/workspace.go b/pkg/domain/constant/workspace.go
@@ -0,0 +1,10 @@
+package constant
+
+import "errors"
+
+var (
+	ErrEmptyWorkspaceName   = errors.New("workspace must have a name")
+	ErrInvalidWorkspaceName = errors.New("workspace name can only have alphanumeric characters and underscores with [a-zA-Z0-9_]")
+	ErrEmptyOwners          = errors.New("workspace must have at least one owner")
+	ErrEmptyBackendID       = errors.New("workspace must have a backend id")
+)
diff --git a/pkg/domain/request/workspace_request.go b/pkg/domain/request/workspace_request.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	v1 "kusionstack.io/kusion/pkg/apis/api.kusion.io/v1"
+	"kusionstack.io/kusion/pkg/domain/constant"
 )
 
 // CreateWorkspaceRequest represents the create request structure for
@@ -33,9 +34,9 @@ type UpdateWorkspaceRequest struct {
 	// Labels are custom labels associated with the workspace.
 	Labels map[string]string `json:"labels"`
 	// Owners is a list of owners for the workspace.
-	Owners []string `json:"owners" binding:"required"`
+	Owners []string `json:"owners"`
 	// BackendID is the configuration backend id associated with the workspace.
-	BackendID uint `json:"backendID" binding:"required"`
+	BackendID uint `json:"backendID"`
 }
 
 type WorkspaceCredentials struct {
@@ -53,6 +54,34 @@ type WorkspaceConfigs struct {
 	*v1.Workspace `yaml:",inline" json:",inline"`
 }
 
+func (payload *CreateWorkspaceRequest) Validate() error {
+	if payload.Name == "" {
+		return constant.ErrEmptyWorkspaceName
+	}
+
+	if validName(payload.Name) {
+		return constant.ErrInvalidWorkspaceName
+	}
+
+	if payload.BackendID == 0 {
+		return constant.ErrEmptyBackendID
+	}
+
+	if len(payload.Owners) == 0 {
+		return constant.ErrEmptyOwners
+	}
+
+	return nil
+}
+
+func (payload *UpdateWorkspaceRequest) Validate() error {
+	if payload.Name != "" && validName(payload.Name) {
+		return constant.ErrInvalidWorkspaceName
+	}
+
+	return nil
+}
+
 func (payload *CreateWorkspaceRequest) Decode(r *http.Request) error {
 	return decode(r, payload)
 }
diff --git a/pkg/server/handler/module/handler.go b/pkg/server/handler/module/handler.go
@@ -97,7 +97,7 @@ func (h *Handler) DeleteModule() http.HandlerFunc {
 // @Failure		429								{object}	error									"Too Many Requests"
 // @Failure		404								{object}	error									"Not Found"
 // @Failure		500								{object}	error									"Internal Server Error"
-// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																																		[put]
+// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																																													[put]
 func (h *Handler) UpdateModule() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Getting stuff from context.
@@ -139,7 +139,7 @@ func (h *Handler) UpdateModule() http.HandlerFunc {
 // @Failure		429								{object}	error									"Too Many Requests"
 // @Failure		404								{object}	error									"Not Found"
 // @Failure		500								{object}	error									"Internal Server Error"
-// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																[get]
+// @Router			/api/v1/modules/{moduleName} 																																																																																																																																																																																											[get]
 func (h *Handler) GetModule() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Getting stuff from context.
diff --git a/pkg/server/handler/stack/handler.go b/pkg/server/handler/stack/handler.go
@@ -128,6 +128,12 @@ func (h *Handler) UpdateStack() http.HandlerFunc {
 			return
 		}
 
+		// Validate request payload
+		if err := requestPayload.Validate(); err != nil {
+			render.Render(w, r, handler.FailureResponse(ctx, err))
+			return
+		}
+
 		updatedEntity, err := h.stackManager.UpdateStackByID(ctx, params.StackID, requestPayload)
 		handler.HandleResult(w, r, ctx, err, updatedEntity)
 	}
diff --git a/pkg/server/handler/workspace/configs.go b/pkg/server/handler/workspace/configs.go
@@ -116,7 +116,7 @@ func (h *Handler) UpdateWorkspaceConfigs() http.HandlerFunc {
 // @Failure		429													{object}	error	"Too Many Requests"
 // @Failure		404													{object}	error	"Not Found"
 // @Failure		500													{object}	error	"Internal Server Error"
-// @Router			/api/v1/workspaces/{workspaceID}/configs/mod-deps 																																														[post]
+// @Router			/api/v1/workspaces/{workspaceID}/configs/mod-deps 																																																	[post]
 func (h *Handler) CreateWorkspaceModDeps() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Getting stuff from context.
diff --git a/pkg/server/handler/workspace/handler.go b/pkg/server/handler/workspace/handler.go
@@ -43,6 +43,12 @@ func (h *Handler) CreateWorkspace() http.HandlerFunc {
 			return
 		}
 
+		// Validate request payload
+		if err := requestPayload.Validate(); err != nil {
+			render.Render(w, r, handler.FailureResponse(ctx, err))
+			return
+		}
+
 		createdEntity, err := h.workspaceManager.CreateWorkspace(ctx, requestPayload)
 		handler.HandleResult(w, r, ctx, err, createdEntity)
 	}
@@ -108,6 +114,12 @@ func (h *Handler) UpdateWorkspace() http.HandlerFunc {
 			return
 		}
 
+		// Validate request payload
+		if err := requestPayload.Validate(); err != nil {
+			render.Render(w, r, handler.FailureResponse(ctx, err))
+			return
+		}
+
 		updatedEntity, err := h.workspaceManager.UpdateWorkspaceByID(ctx, params.WorkspaceID, requestPayload)
 		handler.HandleResult(w, r, ctx, err, updatedEntity)
 	}
diff --git a/pkg/server/manager/backend/backend_manager.go b/pkg/server/manager/backend/backend_manager.go
@@ -22,6 +22,14 @@ func (m *BackendManager) ListBackends(ctx context.Context, filter *entity.Backen
 		}
 		return nil, err
 	}
+
+	for i, entity := range backendEntities.Backends {
+		entity, err := MaskBackendSensitiveInfo(entity)
+		if err != nil {
+			return nil, err
+		}
+		backendEntities.Backends[i] = entity
+	}
 	return backendEntities, nil
 }
 
@@ -33,6 +41,12 @@ func (m *BackendManager) GetBackendByID(ctx context.Context, id uint) (*entity.B
 		}
 		return nil, err
 	}
+
+	existingEntity, err = MaskBackendSensitiveInfo(existingEntity)
+	if err != nil {
+		return nil, err
+	}
+
 	return existingEntity, nil
 }
 
@@ -71,6 +85,12 @@ func (m *BackendManager) UpdateBackendByID(ctx context.Context, id uint, request
 	if err != nil {
 		return nil, err
 	}
+
+	updatedEntity, err = MaskBackendSensitiveInfo(updatedEntity)
+	if err != nil {
+		return nil, err
+	}
+
 	return updatedEntity, nil
 }
 
@@ -86,7 +106,13 @@ func (m *BackendManager) CreateBackend(ctx context.Context, requestPayload reque
 	if err != nil {
 		return nil, err
 	}
-	return &createdEntity, nil
+
+	maskedEntity, err := MaskBackendSensitiveInfo(&createdEntity)
+	if err != nil {
+		return nil, err
+	}
+
+	return maskedEntity, nil
 }
 
 func (m *BackendManager) BuildBackendFilter(ctx context.Context, query *url.Values) (*entity.BackendFilter, error) {
diff --git a/pkg/server/manager/backend/types.go b/pkg/server/manager/backend/types.go
@@ -10,6 +10,7 @@ var (
 	ErrGettingNonExistingBackend  = errors.New("the backend does not exist")
 	ErrUpdatingNonExistingBackend = errors.New("the backend to update does not exist")
 	ErrInvalidBackendID           = errors.New("the backend ID should be a uuid")
+	ErrInternalServerError        = errors.New("internal server error")
 )
 
 type BackendManager struct {
diff --git a/pkg/server/manager/backend/util.go b/pkg/server/manager/backend/util.go
@@ -0,0 +1,34 @@
+package backend
+
+import (
+	v1 "kusionstack.io/kusion/pkg/apis/api.kusion.io/v1"
+	"kusionstack.io/kusion/pkg/domain/entity"
+)
+
+// MaskBackendSensitiveInfo is a helper function to mask sensitive information in backend
+func MaskBackendSensitiveInfo(entity *entity.Backend) (*entity.Backend, error) {
+	if entity == nil {
+		return nil, ErrInternalServerError
+	}
+
+	// mask oss secret key
+	if _, ok := entity.BackendConfig.Configs[v1.BackendGenericOssSK]; ok {
+		entity.BackendConfig.Configs[v1.BackendGenericOssSK] = "**********"
+	}
+
+	// mask google credentials
+	if credentialsJSON, ok := entity.BackendConfig.Configs[v1.BackendGoogleCredentials].(map[string]any); ok {
+		maskSensitiveInfo(credentialsJSON)
+		entity.BackendConfig.Configs[v1.BackendGoogleCredentials] = credentialsJSON
+	}
+	return entity, nil
+}
+
+func maskSensitiveInfo(credentials map[string]any) {
+	sensitiveFields := []string{"private_key", "client_email", "client_id"}
+	for _, field := range sensitiveFields {
+		if _, ok := credentials[field]; ok {
+			credentials[field] = "**********"
+		}
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,12 @@ func (h *Handler) UpdateStack() http.HandlerFunc {`
`128`	`128`	`return`
`129`	`129`	`}`
`130`	`130`
	`131`	`+ // Validate request payload`
	`132`	`+ if err := requestPayload.Validate(); err != nil {`
	`133`	`+ render.Render(w, r, handler.FailureResponse(ctx, err))`
	`134`	`+ return`
	`135`	`+ }`
	`136`	`+`
`131`	`137`	`updatedEntity, err := h.stackManager.UpdateStackByID(ctx, params.StackID, requestPayload)`
`132`	`138`	`handler.HandleResult(w, r, ctx, err, updatedEntity)`
`133`	`139`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,12 @@ func (h *Handler) CreateWorkspace() http.HandlerFunc {`
`43`	`43`	`return`
`44`	`44`	`}`
`45`	`45`
	`46`	`+ // Validate request payload`
	`47`	`+ if err := requestPayload.Validate(); err != nil {`
	`48`	`+ render.Render(w, r, handler.FailureResponse(ctx, err))`
	`49`	`+ return`
	`50`	`+ }`
	`51`	`+`
`46`	`52`	`createdEntity, err := h.workspaceManager.CreateWorkspace(ctx, requestPayload)`
`47`	`53`	`handler.HandleResult(w, r, ctx, err, createdEntity)`
`48`	`54`	`}`
`@@ -108,6 +114,12 @@ func (h *Handler) UpdateWorkspace() http.HandlerFunc {`
`108`	`114`	`return`
`109`	`115`	`}`
`110`	`116`
	`117`	`+ // Validate request payload`
	`118`	`+ if err := requestPayload.Validate(); err != nil {`
	`119`	`+ render.Render(w, r, handler.FailureResponse(ctx, err))`
	`120`	`+ return`
	`121`	`+ }`
	`122`	`+`
`111`	`123`	`updatedEntity, err := h.workspaceManager.UpdateWorkspaceByID(ctx, params.WorkspaceID, requestPayload)`
`112`	`124`	`handler.HandleResult(w, r, ctx, err, updatedEntity)`
`113`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,14 @@ func (m BackendManager) ListBackends(ctx context.Context, filter entity.Backen`
`22`	`22`	`}`
`23`	`23`	`return nil, err`
`24`	`24`	`}`
	`25`	`+`
	`26`	`+ for i, entity := range backendEntities.Backends {`
	`27`	`+ entity, err := MaskBackendSensitiveInfo(entity)`
	`28`	`+ if err != nil {`
	`29`	`+ return nil, err`
	`30`	`+ }`
	`31`	`+ backendEntities.Backends[i] = entity`
	`32`	`+ }`
`25`	`33`	`return backendEntities, nil`
`26`	`34`	`}`
`27`	`35`
`@@ -33,6 +41,12 @@ func (m BackendManager) GetBackendByID(ctx context.Context, id uint) (entity.B`
`33`	`41`	`}`
`34`	`42`	`return nil, err`
`35`	`43`	`}`
	`44`	`+`
	`45`	`+ existingEntity, err = MaskBackendSensitiveInfo(existingEntity)`
	`46`	`+ if err != nil {`
	`47`	`+ return nil, err`
	`48`	`+ }`
	`49`	`+`
`36`	`50`	`return existingEntity, nil`
`37`	`51`	`}`
`38`	`52`
`@@ -71,6 +85,12 @@ func (m *BackendManager) UpdateBackendByID(ctx context.Context, id uint, request`
`71`	`85`	`if err != nil {`
`72`	`86`	`return nil, err`
`73`	`87`	`}`
	`88`	`+`
	`89`	`+ updatedEntity, err = MaskBackendSensitiveInfo(updatedEntity)`
	`90`	`+ if err != nil {`
	`91`	`+ return nil, err`
	`92`	`+ }`
	`93`	`+`
`74`	`94`	`return updatedEntity, nil`
`75`	`95`	`}`
`76`	`96`
`@@ -86,7 +106,13 @@ func (m *BackendManager) CreateBackend(ctx context.Context, requestPayload reque`
`86`	`106`	`if err != nil {`
`87`	`107`	`return nil, err`
`88`	`108`	`}`
`89`		`- return &createdEntity, nil`
	`109`	`+`
	`110`	`+ maskedEntity, err := MaskBackendSensitiveInfo(&createdEntity)`
	`111`	`+ if err != nil {`
	`112`	`+ return nil, err`
	`113`	`+ }`
	`114`	`+`
	`115`	`+ return maskedEntity, nil`
`90`	`116`	`}`
`91`	`117`
`92`	`118`	`func (m BackendManager) BuildBackendFilter(ctx context.Context, query url.Values) (*entity.BackendFilter, error) {`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ var (`
`10`	`10`	`ErrGettingNonExistingBackend = errors.New("the backend does not exist")`
`11`	`11`	`ErrUpdatingNonExistingBackend = errors.New("the backend to update does not exist")`
`12`	`12`	`ErrInvalidBackendID = errors.New("the backend ID should be a uuid")`
	`13`	`+ ErrInternalServerError = errors.New("internal server error")`
`13`	`14`	`)`
`14`	`15`
`15`	`16`	`type BackendManager struct {`