Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: connection_details view with sensitive fields masked #1029

Merged
merged 2 commits into from
Sep 10, 2024
Merged

feat: connection_details view with sensitive fields masked #1029

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ba87c8f
feat: connection_details view with sensitive fields masked
adityathebe Sep 9, 2024
144dcb6
feat: connection before update trigger
adityathebe Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions views/027_connections.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
-- A basic connection view free from any sensitive data.
DROP VIEW IF EXISTS connections_list;
CREATE OR REPLACE VIEW connections_list AS
SELECT
Expand All @@ -18,3 +19,62 @@ CREATE OR REPLACE VIEW connections_list AS
deleted_at IS NULL
ORDER BY
created_at;

--
CREATE OR REPLACE FUNCTION mask_sensitive(field_value TEXT)
RETURNS TEXT AS $$
BEGIN
RETURN CASE
WHEN field_value LIKE 'secret://%' OR
field_value LIKE 'configmap://%' OR
field_value LIKE 'helm://%' OR
field_value LIKE 'serviceaccount://%' OR
field_value = '' THEN field_value
ELSE '***'
END;
END;
$$ LANGUAGE plpgsql;
--

-- A connection view that masks sensitive fields.
DROP VIEW IF EXISTS connection_details;
CREATE OR REPLACE VIEW connection_details AS
adityathebe marked this conversation as resolved.
Show resolved Hide resolved
SELECT
id, name, namespace, type, source, properties, insecure_tls, created_by, created_at, updated_at,
CASE
WHEN (string_to_array(url, '://'))[1] IN ('bark', 'discord', 'smtp', 'gotify', 'googlechat', 'ifttt', 'join', 'mattermost', 'matrix', 'ntfy', 'opsgenie', 'pushbullet', 'pushover', 'rocketchat', 'slack', 'teams', 'telegram', 'zulip') THEN 'notification'
ELSE ''
END AS category,
mask_sensitive(username) AS username,
mask_sensitive(PASSWORD) AS PASSWORD,
mask_sensitive(certificate) AS certificate
FROM connections
WHERE
deleted_at IS NULL
ORDER BY
created_at;

--
CREATE OR REPLACE FUNCTION connection_before_update()
RETURNS TRIGGER AS $$
BEGIN
IF NEW.username = '***' THEN
NEW.username = OLD.username;
END IF;

IF NEW.password = '***' THEN
NEW.password = OLD.password;
END IF;

IF NEW.certificate = '***' THEN
NEW.certificate = OLD.certificate;
END IF;

RETURN NEW;
END;
$$
LANGUAGE plpgsql;

CREATE OR REPLACE TRIGGER connection_before_update
BEFORE UPDATE ON connections
FOR EACH ROW EXECUTE PROCEDURE connection_before_update();
Loading