From 486f4a9d44c02b488732e9585d80cefb164a2e4a Mon Sep 17 00:00:00 2001 From: John Walstra Date: Fri, 11 Feb 2022 15:44:48 -0600 Subject: [PATCH] Update the Keeper Secrets Manager SDK The KSM server is returning appData in the JSON response. The JSON parser doesn't like the extra key in the JSON and throws an exception. Update the SDK to accept the new key in JSON. Updated Kotlin deps for new SDK. Added more debug around calls to KSM server to see the timing of the calls. There appears to be an issue where calls to the KSM server are taking a long time to complete. This at reason show when the call was started and finished. Changed the plgins getSecrets to getNotationSecrets to be less ambiguous with the SDK's getSecrets. --- pom.xml | 9 +++++---- .../java/io/jenkins/plugins/ksm/KsmQuery.java | 3 +++ .../plugins/ksm/notation/KsmNotation.java | 20 +++++++++++++++++-- .../plugins/ksm/notation/KsmTestNotation.java | 6 ++++-- .../META-INF/hudson.remoting.ClassFilter | 1 + 5 files changed, 31 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index ccdb8d0..c809f9d 100644 --- a/pom.xml +++ b/pom.xml @@ -46,7 +46,7 @@ com.keepersecurity.secrets-manager core - 16.2.1 + 16.2.8 org.reflections @@ -58,20 +58,21 @@ json-simple 1.1.1 + org.jetbrains.kotlin kotlin-stdlib-common - 1.5.31 + 1.6.10 org.jetbrains.kotlin kotlin-stdlib - 1.5.31 + 1.6.10 org.jetbrains.kotlin kotlin-reflect - 1.5.31 + 1.6.10 diff --git a/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java b/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java index 0114513..e619b4a 100644 --- a/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java +++ b/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java @@ -64,6 +64,9 @@ public static LocalConfigStorage redeemToken(String token, String hostname) thro logger.log(Level.WARNING, "Redeeming token resulted in error: " + e.getMessage()); throw new Exception("Cannot redeem token: " + handleException(e)); } + + logger.log(Level.FINE, "Token redeemed"); + return storage; } diff --git a/src/main/java/io/jenkins/plugins/ksm/notation/KsmNotation.java b/src/main/java/io/jenkins/plugins/ksm/notation/KsmNotation.java index 1023a6a..d242185 100644 --- a/src/main/java/io/jenkins/plugins/ksm/notation/KsmNotation.java +++ b/src/main/java/io/jenkins/plugins/ksm/notation/KsmNotation.java @@ -10,12 +10,16 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; import java.lang.SuppressWarnings; +import java.util.logging.Level; +import java.util.logging.Logger; public class KsmNotation { // A notation might start with a prefix, that will need to be removed. This is the that String prefix. public static final String notationPrefix = "keeper"; + private static final Logger logger = Logger.getLogger(KsmNotation.class.getName()); + /** * Check in envVar is a keeper notation and then attempt to parse it. * @param envVar The name of the environmental variable @@ -193,7 +197,7 @@ public static KsmNotationItem parse(String destination, String envVar, String fi allowFailure); } - public KeeperSecrets getSecrets(SecretsManagerOptions options, List uids) { + public KeeperSecrets getNotationSecrets(SecretsManagerOptions options, List uids) { return SecretsManager.getSecrets(options, uids); } @@ -222,7 +226,19 @@ public void run(KsmCredential credential, Map items) { } // Query the unique record ids. - KeeperSecrets secrets = this.getSecrets(options, new ArrayList<>(uniqueUids)); + logger.log(Level.FINE, "Retrieving " + uniqueUids.size() + " record(s)."); + KeeperSecrets secrets = this.getNotationSecrets(options, new ArrayList<>(uniqueUids)); + logger.log(Level.FINE, "Got " + secrets.getRecords().size() + " record(s)."); + + // The request uid and response record number should match. If not, one of the UID doesn't exist or + // application doesn't have access. + if ( uniqueUids.size() != secrets.getRecords().size() ) { + logger.log( + Level.WARNING, + "Did not receive the same number of record(s) as requested. " + + "Some of the record uid(s) may not exist in application." + ); + } for (Map.Entry entry : items.entrySet()) { KsmNotationItem item = entry.getValue(); diff --git a/src/main/java/io/jenkins/plugins/ksm/notation/KsmTestNotation.java b/src/main/java/io/jenkins/plugins/ksm/notation/KsmTestNotation.java index cb51ddb..281b070 100644 --- a/src/main/java/io/jenkins/plugins/ksm/notation/KsmTestNotation.java +++ b/src/main/java/io/jenkins/plugins/ksm/notation/KsmTestNotation.java @@ -1,6 +1,7 @@ package io.jenkins.plugins.ksm.notation; import com.keepersecurity.secretsManager.core.*; + import java.io.*; import java.nio.charset.StandardCharsets; import java.util.*; @@ -135,10 +136,11 @@ public void addTestData(String jsonString) { records.add(record); } - this.secrets = new KeeperSecrets(records); + AppData appData = new AppData("",""); + this.secrets = new KeeperSecrets(appData, records, null, null); } - public KeeperSecrets getSecrets(SecretsManagerOptions options, List uids) { + public KeeperSecrets getNotationSecrets(SecretsManagerOptions options, List uids) { return this.secrets; } diff --git a/src/main/resources/META-INF/hudson.remoting.ClassFilter b/src/main/resources/META-INF/hudson.remoting.ClassFilter index b26bb71..ebdd00b 100644 --- a/src/main/resources/META-INF/hudson.remoting.ClassFilter +++ b/src/main/resources/META-INF/hudson.remoting.ClassFilter @@ -6,6 +6,7 @@ com.keepersecurity.secretsManager.core.Password com.keepersecurity.secretsManager.core.Url com.keepersecurity.secretsManager.core.KeeperFile com.keepersecurity.secretsManager.core.KeeperFileData +com.keepersecurity.secretsManager.core.AppData java.io.PrintStream java.io.ByteArrayOutputStream java.io.BufferedWriter