Skip to content

feat(provider): encrypt credentials on higher field level#40

Open
rahmatrhd wants to merge 3 commits into
mainfrom
provider-plugin-refactor
Open

feat(provider): encrypt credentials on higher field level#40
rahmatrhd wants to merge 3 commits into
mainfrom
provider-plugin-refactor

Conversation

@rahmatrhd
Copy link
Copy Markdown
Member

@rahmatrhd rahmatrhd commented May 23, 2023
edited
Loading

Changes:

  • remove encryption logic for fields in credentials from provider plugins
  • do whole credentials field encryption in provider service
  • remove base64 decoding from provider plugins: bigquery, dataplex, gcloud_iam, gcs
  • do base64 decode in provider service
  • migration script to migrate provider config to new credentials field level encryption

@rahmatrhd rahmatrhd force-pushed the provider-plugin-refactor branch from 98e6f64 to dacc525 Compare May 25, 2023 02:52
@rahmatrhd rahmatrhd marked this pull request as ready for review May 25, 2023 02:56
@rahmatrhd rahmatrhd requested review from bsushmith and mabdh May 25, 2023 02:56
mabdh
mabdh reviewed Jun 5, 2023
View reviewed changes
Comment thread core/provider/service.go
Comment on lines +218 to +221
if p.Config.Credentials != nil {
// decode any base64 encoded string within credentials
decodeBase64Values(p.Config.Credentials)
}
Copy link
Copy Markdown
Member

@mabdh mabdh Jun 5, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I kinda forgot with this but is there any reason to do base64 decoding inside this business logic instead of doing it right after reading it from Config file?

lifosmin pushed a commit to lifosmin/guardian that referenced this pull request Aug 31, 2023
@ishanarya0
feat: add created_by & updated_by to resource (goto#40)
ec06634 
* feat: add created_by & updated_by to resource

* fix: place the new fields at last
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mabdh mabdh mabdh left review comments

@bsushmith bsushmith Awaiting requested review from bsushmith

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rahmatrhd @mabdh