fix(Credential): Fix retrive-by-id and query-collection for credential (#1017)

Author: Khaled Basbous

code/src/com/sixsq/nuvla/server/resources/common/crud.clj

@@ -46,11 +46,21 @@
   (throw (r/ex-bad-method request)))
 
 
+(defmulti query-collection (fn [collection-id _] collection-id))
+
+(defn query-collection-default
+  [collection-id options]
+  (db/query collection-id (assoc options :nuvla/authn auth/internal-identity)))
+
+(defmethod query-collection :default
+  [collection-id options]
+  (query-collection-default collection-id options))
+
 (defn query-as-admin
   "Calls the database query with the administrator user identity merged
    into the given options."
   [collection-id options]
-  (db/query collection-id (assoc options :nuvla/authn auth/internal-identity) ))
+  (query-collection collection-id options))
 
 (defn query-native
   "Executes the database query as a native query."
@@ -83,13 +93,16 @@
 
 (defmulti retrieve-by-id resource-id-dispatch)
 
-
-(defmethod retrieve-by-id :default
-  [resource-id & [request]]
+(defn retrieve-by-id-default
+  [resource-id request]
   (some-> resource-id
           db/retrieve
           (a/throw-cannot-view request)))
 
+(defmethod retrieve-by-id :default
+  [resource-id & [request]]
+  (retrieve-by-id-default resource-id request))
+
 
 (defn retrieve-by-id-as-admin
   "Calls the retrieve-by-id multimethod with options that set the user
@@ -102,10 +115,11 @@
   "Same as `retrieve-by-id-as-admin` but if the resource is not found returns nil
    instead of throwing an exception."
   [resource-id]
-  (try (retrieve-by-id-as-admin resource-id)
-       (catch Exception ex
-         (when-not (= 404 (:status (ex-data ex)))
-           (throw ex)))))
+  (try
+    (retrieve-by-id-as-admin resource-id)
+    (catch Exception ex
+      (when-not (= 404 (:status (ex-data ex)))
+        (throw ex)))))
 
 
 (defn id->user-request

code/src/com/sixsq/nuvla/server/resources/credential.clj

@@ -310,6 +310,10 @@ passwords) or other services (e.g. TLS credentials for Docker). Creating new
                  :body        body}]
     (crud/edit request)))
 
+(defmethod crud/retrieve-by-id resource-type
+  [id & [request]]
+  (-> (crud/retrieve-by-id-default id request)
+      eu/decrypt-credential-secrets))
 
 (def retrieve-impl (std-crud/retrieve-fn resource-type))
 (defmethod crud/retrieve resource-type
@@ -325,8 +329,15 @@ passwords) or other services (e.g. TLS credentials for Docker). Creating new
       (a/throw-cannot-delete request)
       (special-delete request)))
 
+(defmethod crud/query-collection resource-type
+  [collection-id options]
+  (let [[metadata entries] (crud/query-collection-default collection-id options)]
+    [metadata (if eu/ENCRYPTION-KEY
+                (map eu/decrypt-credential-secrets entries)
+                entries)]))
 
 (def query-impl (std-crud/query-fn resource-type collection-acl collection-type))
+
 (defmethod crud/query resource-type
   [request]
   (eu/decrypt-response-query-credentials (query-impl request)))

code/src/com/sixsq/nuvla/server/resources/credential/encrypt_utils.clj

@@ -50,7 +50,7 @@
 
 (defn decrypt-credential-secrets
   [{:keys [initialization-vector] :as credential}]
-  (if initialization-vector
+  (if (and ENCRYPTION-KEY initialization-vector)
     (let [iv                (codecs/b64->bytes initialization-vector)
           secrets-entries   (->> (select-keys credential secret-keys)
                                  (filter (fn [[_ v]] (str/starts-with? v encrypted-starter-indicator)))
@@ -66,9 +66,7 @@
 
 (defn decrypt-response-body-secrets
   [response]
-  (if ENCRYPTION-KEY
-    (update response :body decrypt-credential-secrets)
-    response))
+  (update response :body decrypt-credential-secrets))
 
 (defn decrypt-response-query-credentials
   [{{:keys [resources]} :body :as response}]