Update the Keeper Secrets Manager SDK

The KSM server is returning appData in the JSON response. The JSON parser doesn't like the extra key in the JSON and throws an exception. Update the SDK to accept the new key in JSON. Updated Kotlin deps for new SDK. Added more debug around calls to KSM server to see the timing of the calls. There appears to be an issue where calls to the KSM server are taking a long time to complete. This at reason show when the call was started and finished. Changed the plgins getSecrets to getNotationSecrets to be less ambiguous with the SDK's getSecrets.
jenkinsci · Feb 11, 2022 · 486f4a9 · 486f4a9
1 parent 1c89859
commit 486f4a9
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 8 deletions.
diff --git a/pom.xml b/pom.xml
@@ -46,7 +46,7 @@
     <dependency>
       <groupId>com.keepersecurity.secrets-manager</groupId>
       <artifactId>core</artifactId>
-      <version>16.2.1</version>
+      <version>16.2.8</version>
     </dependency>
     <dependency>
       <groupId>org.reflections</groupId>
@@ -58,20 +58,21 @@
       <artifactId>json-simple</artifactId>
       <version>1.1.1</version>
     </dependency>
+
     <dependency>
       <groupId>org.jetbrains.kotlin</groupId>
       <artifactId>kotlin-stdlib-common</artifactId>
-      <version>1.5.31</version>
+      <version>1.6.10</version>
     </dependency>
     <dependency>
       <groupId>org.jetbrains.kotlin</groupId>
       <artifactId>kotlin-stdlib</artifactId>
-      <version>1.5.31</version>
+      <version>1.6.10</version>
     </dependency>
     <dependency>
       <groupId>org.jetbrains.kotlin</groupId>
       <artifactId>kotlin-reflect</artifactId>
-      <version>1.5.31</version>
+      <version>1.6.10</version>
     </dependency>
 
     <dependency>

diff --git a/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java b/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java
@@ -64,6 +64,9 @@ public static LocalConfigStorage redeemToken(String token, String hostname) thro
             logger.log(Level.WARNING, "Redeeming token resulted in error: " + e.getMessage());
             throw new Exception("Cannot redeem token: " + handleException(e));
         }
+
+        logger.log(Level.FINE, "Token redeemed");
+
         return storage;
     }
 

diff --git a/src/main/java/io/jenkins/plugins/ksm/notation/KsmNotation.java b/src/main/java/io/jenkins/plugins/ksm/notation/KsmNotation.java
@@ -10,12 +10,16 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.lang.SuppressWarnings;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 public class KsmNotation {
 
     // A notation might start with a prefix, that will need to be removed. This is the that String prefix.
     public static final String notationPrefix = "keeper";
 
+    private static final Logger logger = Logger.getLogger(KsmNotation.class.getName());
+
     /**
      * Check in envVar is a keeper notation and then attempt to parse it.
      * @param envVar The name of the environmental variable
@@ -193,7 +197,7 @@ public static KsmNotationItem parse(String destination, String envVar, String fi
                 allowFailure);
     }
 
-    public KeeperSecrets getSecrets(SecretsManagerOptions options, List<String> uids) {
+    public KeeperSecrets getNotationSecrets(SecretsManagerOptions options, List<String> uids) {
         return SecretsManager.getSecrets(options, uids);
     }
 
@@ -222,7 +226,19 @@ public void run(KsmCredential credential, Map<String, KsmNotationItem> items) {
         }
 
         // Query the unique record ids.
-        KeeperSecrets secrets = this.getSecrets(options, new ArrayList<>(uniqueUids));
+        logger.log(Level.FINE, "Retrieving " + uniqueUids.size() + " record(s).");
+        KeeperSecrets secrets = this.getNotationSecrets(options, new ArrayList<>(uniqueUids));
+        logger.log(Level.FINE, "Got " + secrets.getRecords().size() + " record(s).");
+
+        // The request uid and response record number should match. If not, one of the UID doesn't exist or
+        // application doesn't have access.
+        if ( uniqueUids.size() != secrets.getRecords().size() ) {
+            logger.log(
+                    Level.WARNING,
+                    "Did not receive the same number of record(s) as requested. " +
+                            "Some of the record uid(s) may not exist in application."
+            );
+        }
 
         for (Map.Entry<String, KsmNotationItem> entry : items.entrySet()) {
             KsmNotationItem item = entry.getValue();

diff --git a/src/main/java/io/jenkins/plugins/ksm/notation/KsmTestNotation.java b/src/main/java/io/jenkins/plugins/ksm/notation/KsmTestNotation.java
@@ -1,6 +1,7 @@
 package io.jenkins.plugins.ksm.notation;
 
 import com.keepersecurity.secretsManager.core.*;
+
 import java.io.*;
 import java.nio.charset.StandardCharsets;
 import java.util.*;
@@ -135,10 +136,11 @@ public void addTestData(String jsonString) {
             records.add(record);
         }
 
-        this.secrets = new KeeperSecrets(records);
+        AppData appData = new AppData("","");
+        this.secrets = new KeeperSecrets(appData, records, null, null);
     }
 
-    public KeeperSecrets getSecrets(SecretsManagerOptions options, List<String> uids) {
+    public KeeperSecrets getNotationSecrets(SecretsManagerOptions options, List<String> uids) {
         return this.secrets;
     }
 

diff --git a/src/main/resources/META-INF/hudson.remoting.ClassFilter b/src/main/resources/META-INF/hudson.remoting.ClassFilter
@@ -6,6 +6,7 @@ com.keepersecurity.secretsManager.core.Password
 com.keepersecurity.secretsManager.core.Url
 com.keepersecurity.secretsManager.core.KeeperFile
 com.keepersecurity.secretsManager.core.KeeperFileData
+com.keepersecurity.secretsManager.core.AppData
 java.io.PrintStream
 java.io.ByteArrayOutputStream
 java.io.BufferedWriter