Secrets endpoints and encryption

.gitattributes

@@ -0,0 +1,8 @@
+# Check out all text files in UNIX format, with LF as end of line
+# Don't change this file. If you have any ideas about it, please
+# submit a separate issue about it and we'll discuss.
+
+* text=auto eol=lf
+*.java ident
+*.xml ident
+*.png binary

.github/workflows/codecov.yml

@@ -21,7 +21,7 @@ jobs:
           restore-keys: |
             maven-
       - run: |
-          mvn clean install -DGithubToken=${{ secrets.TOKEN }} --errors --batch-mode
+          mvn clean install -DskipITs --errors --batch-mode
       - uses: codecov/codecov-action@v3
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

.gitignore

@@ -2,6 +2,7 @@ target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/
+*.env
 
 ### STS ###
 .apt_generated

README.md

@@ -19,8 +19,11 @@ it can be found here: `/swagger-ui/index.html`.
 **Functionality:**
 
 * It allows to log in using login and password.
-* It allows to log in using such social networks as Google and GitHub.
+* It allows to log in using such social coding platforms as GitHub, GitLab, and Bitbucket.
 * It allows to create a project.
+* Create and query tickets. 
+* Create and manage [secrets](https://en.wikipedia.org/wiki/Environment_variable), represented as simple `key=value`
+pair, where value will be encrypted using [jasypt](http://www.jasypt.org).
 
 After project creation bot [@tracehubgit](https://github.com/tracehubgit) will be invited
 to the repository and a `new` label for issues will be added. Moreover, a webhook for `push` events will be
@@ -50,10 +53,22 @@ provided they don't violate our quality standards. To avoid frustration,
 before sending us your pull request please run full Maven build:
 
 ```bash
-$ mvn clean install
+$ mvn clean install -DskipITs
 ```
 
 You will need Maven 3.8.7+ and Java 17+.
 
+If you want to run an integration tests to check whole system, run:
+
+```bash
+$ mvn clean install -DGithubToken=...
+```
+
+You should provide GitHub [token](https://github.com/settings/tokens) as value for `GithubToken` variable.
+Token must be granted with write permissions to `hizmailovich/draft`.
+
+Ensure that you have a running [Docker](https://docs.docker.com/config/daemon/troubleshoot/) in your environment.
+If you test it locally, you can use [Docker Desktop](https://www.docker.com/products/docker-desktop).
+
 All the things above will be run by [Rultor.com](http://rultor.com/)
 and CI [gate](https://github.com/tracehub/pmo/actions).

pom.xml

@@ -54,6 +54,7 @@ SOFTWARE.
     <grizzly.version>4.0.2</grizzly.version>
     <json-api.version>1.1.4</json-api.version>
     <gson.version>2.10.1</gson.version>
+    <jasypt.version>1.9.3</jasypt.version>
   </properties>
   <dependencies>
     <dependency>
@@ -138,6 +139,11 @@ SOFTWARE.
       <artifactId>gson</artifactId>
       <version>${gson.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.jasypt</groupId>
+      <artifactId>jasypt</artifactId>
+      <version>${jasypt.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.springdoc</groupId>
       <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>

src/main/java/git/tracehub/pmo/controller/SecretController.java

@@ -19,14 +19,18 @@
 
 import git.tracehub.pmo.controller.request.RqSecret;
 import git.tracehub.pmo.controller.request.SecretFromReq;
+import git.tracehub.pmo.secret.Key;
+import git.tracehub.pmo.secret.Keys;
 import git.tracehub.pmo.secret.Secret;
 import git.tracehub.pmo.secret.Secrets;
 import jakarta.validation.Valid;
+import java.util.List;
 import java.util.UUID;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -36,10 +40,6 @@
 /**
  * Secret Controller.
  *
- * @todo #44:30min create an endpoint to list all keys from the project.
- * This endpoint should return a list of keys using project id.
- * @todo #44:30min create an endpoint to update a secret. This endpoint
- * should receive a secret id and a new value to update the secret.
  * @since 0.0.0
  */
 @RestController
@@ -51,28 +51,56 @@ public class SecretController {
      */
     private final Secrets secrets;
 
+    /**
+     * Keys.
+     */
+    private final Keys keys;
+
     /**
      * Constructor.
      *
      * @param secrets Secrets
+     * @param keys Keys
      */
-    public SecretController(@Qualifier("uniqueSecrets") final Secrets secrets) {
+    public SecretController(
+        @Qualifier("encryptedSecrets") final Secrets secrets,
+        final Keys keys
+    ) {
         this.secrets = secrets;
+        this.keys = keys;
     }
 
     /**
-     * Secret value by key.
+     * Keys by project.
      *
      * @param project Project id
+     * @return List of keys
+     */
+    @GetMapping("/keys")
+    public List<Key> byProject(@RequestParam final UUID project) {
+        return this.keys.byProject(project);
+    }
+
+    /**
+     * Secret value by key.
+     *
      * @param key Key
      * @return Secret
      */
     @GetMapping
-    public Secret secret(
-        @RequestParam final UUID project,
-        @RequestParam final String key
-    ) {
-        return this.secrets.value(project, key);
+    public Secret byValue(final Key key) {
+        return this.secrets.value(key);
+    }
+
+    /**
+     * Update secret.
+     *
+     * @param secret Secret
+     * @return Secret
+     */
+    @PutMapping
+    public Secret update(@RequestBody @Valid final RqSecret secret) {
+        return this.secrets.update(new SecretFromReq(secret));
     }
 
     /**

src/main/java/git/tracehub/pmo/secret/DefaultKeys.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2023-2024 Tracehub.git
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to read
+ * the Software only. Permissions is hereby NOT GRANTED to use, copy, modify,
+ * merge, publish, distribute, sublicense, and/or sell copies of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package git.tracehub.pmo.secret;
+
+import com.jcabi.jdbc.JdbcSession;
+import com.jcabi.jdbc.SingleOutcome;
+import git.tracehub.pmo.project.SqlStatement;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import javax.sql.DataSource;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import org.springframework.stereotype.Component;
+
+/**
+ * Default keys.
+ *
+ * @checkstyle DesignForExtensionCheck (50 lines)
+ * @since 0.0.0
+ */
+@Component
+@RequiredArgsConstructor
+public class DefaultKeys implements Keys {
+
+    /**
+     * Datasource.
+     */
+    private final DataSource source;
+
+    @Override
+    @SneakyThrows
+    public List<Key> byProject(final UUID project) {
+        return new JdbcSession(this.source)
+            .sql(
+                new SqlStatement("select-keys-by-project.sql").asString()
+            ).set(project)
+            .select(
+                (rs, stmt) -> {
+                    final List<Key> keys = new ArrayList<>(5);
+                    while (rs.next()) {
+                        keys.add(
+                            new KeyOf(rs).value()
+                        );
+                    }
+                    return keys;
+                }
+            );
+    }
+
+    @Override
+    @SneakyThrows
+    public boolean exists(final Key key) {
+        return new JdbcSession(this.source)
+            .sql(new SqlStatement("exists-key.sql").asString())
+            .set(key.getProject())
+            .set(key.getName())
+            .select(new SingleOutcome<>(Boolean.class));
+    }
+
+}

src/main/java/git/tracehub/pmo/secret/DefaultSecrets.java

@@ -18,10 +18,8 @@
 package git.tracehub.pmo.secret;
 
 import com.jcabi.jdbc.JdbcSession;
-import com.jcabi.jdbc.SingleOutcome;
 import git.tracehub.pmo.exception.ResourceNotFoundException;
 import git.tracehub.pmo.project.SqlStatement;
-import java.util.UUID;
 import javax.sql.DataSource;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
@@ -31,8 +29,7 @@
 /**
  * Default secrets.
  *
- * @todo #44:30min encrypt the secret value before saving it in the database.
- * @checkstyle DesignForExtensionCheck (70 lines)
+ * @checkstyle DesignForExtensionCheck (100 lines)
  * @since 0.0.0
  */
 @Component
@@ -46,18 +43,18 @@ public class DefaultSecrets implements Secrets {
 
     @Override
     @SneakyThrows
-    public Secret value(final UUID project, final String key) {
+    public Secret value(final Key key) {
         return new JdbcSession(this.source)
             .sql(
                 new SqlStatement("select-secret-by-key.sql").asString()
-            ).set(project)
-            .set(key)
+            ).set(key.getProject())
+            .set(key.getName())
             .select(
                 (rs, stmt) -> {
                     if (!rs.next()) {
                         throw new ResourceNotFoundException(
                             "Secret with project = %s and key = %s not found"
-                                .formatted(project, key)
+                                .formatted(key.getProject(), key.getName())
                         );
                     }
                     return new SecretOf(rs).value();
@@ -85,12 +82,20 @@ public Secret create(final Scalar<Secret> secret) {
 
     @Override
     @SneakyThrows
-    public boolean exists(final UUID project, final String key) {
+    public Secret update(final Scalar<Secret> secret) {
+        final Secret value = secret.value();
         return new JdbcSession(this.source)
-            .sql(new SqlStatement("exists-secret.sql").asString())
-            .set(project)
-            .set(key)
-            .select(new SingleOutcome<>(Boolean.class));
+            .sql(
+                new SqlStatement("update-secret.sql").asString()
+            ).set(value.getValue())
+            .set(value.getProject())
+            .set(value.getKey())
+            .update(
+                (rs, stmt) -> {
+                    rs.next();
+                    return new SecretOf(rs).value();
+                }
+            );
     }
 
 }