Add instance-level secrets

jbgomond · jbgomond · commit 869efc60db3e · 2023-10-29T15:33:53.000+01:00
diff --git a/models/secret/secret.go b/models/secret/secret.go
@@ -64,8 +64,8 @@ func init() {
 }
 
 func (s *Secret) Validate() error {
-	if s.OwnerID == 0 && s.RepoID == 0 {
-		return errors.New("the secret is not bound to any scope")
+	if s.OwnerID != 0 && s.RepoID != 0 {
+		return errors.New("a secret should not be bound to an owner and a repository at the same time")
 	}
 	return nil
 }
@@ -80,12 +80,8 @@ type FindSecretsOptions struct {
 
 func (opts *FindSecretsOptions) toConds() builder.Cond {
 	cond := builder.NewCond()
-	if opts.OwnerID > 0 {
-		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
-	}
-	if opts.RepoID > 0 {
-		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
-	}
+	cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
+	cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	if opts.SecretID != 0 {
 		cond = cond.And(builder.Eq{"id": opts.SecretID})
 	}
diff --git a/routers/api/actions/runner/utils.go b/routers/api/actions/runner/utils.go
@@ -67,6 +67,11 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s
 		return secrets
 	}
 
+	globalSecrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{})
+	if err != nil {
+		log.Error("find global secrets: %v", err)
+		// go on
+	}
 	ownerSecrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{OwnerID: task.Job.Run.Repo.OwnerID})
 	if err != nil {
 		log.Error("find secrets of owner %v: %v", task.Job.Run.Repo.OwnerID, err)
@@ -78,7 +83,8 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s
 		// go on
 	}
 
-	for _, secret := range append(ownerSecrets, repoSecrets...) {
+	// Level precedence: Repo > Org / User > Global
+	for _, secret := range append(globalSecrets, append(ownerSecrets, repoSecrets...)...) {
 		if v, err := secret_module.DecryptSecret(setting.SecretKey, secret.Data); err != nil {
 			log.Error("decrypt secret %v %q: %v", secret.ID, secret.Name, err)
 			// go on
diff --git a/routers/api/v1/admin/action.go b/routers/api/v1/admin/action.go
@@ -0,0 +1,103 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package admin
+
+import (
+	"errors"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/context"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	secret_service "code.gitea.io/gitea/services/secrets"
+)
+
+// create or update one secret in the instance scope
+func CreateOrUpdateSecret(ctx *context.APIContext) {
+	// swagger:operation PUT /admin/actions/secrets/{secretname} admin updateAdminSecret
+	// ---
+	// summary: Create or Update a secret value in the instance scope
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: secretname
+	//   in: path
+	//   description: name of the secret
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/CreateOrUpdateSecretOption"
+	// responses:
+	//   "201":
+	//     description: response when creating a secret
+	//   "204":
+	//     description: response when updating a secret
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
+
+	_, created, err := secret_service.CreateOrUpdateSecret(ctx, 0, 0, ctx.Params("secretname"), opt.Data)
+	if err != nil {
+		if errors.Is(err, util.ErrInvalidArgument) {
+			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
+		} else if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "CreateOrUpdateSecret", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "CreateOrUpdateSecret", err)
+		}
+		return
+	}
+
+	if created {
+		ctx.Status(http.StatusCreated)
+	} else {
+		ctx.Status(http.StatusNoContent)
+	}
+}
+
+// DeleteSecret delete one secret in the instance scope
+func DeleteSecret(ctx *context.APIContext) {
+	// swagger:operation DELETE /admin/actions/secrets/{secretname} admin deleteAdminSecret
+	// ---
+	// summary: Delete a secret in the instance scope
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: secretname
+	//   in: path
+	//   description: name of the secret
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: delete one secret of the admin
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	err := secret_service.DeleteSecretByName(ctx, 0, 0, ctx.Params("secretname"))
+	if err != nil {
+		if errors.Is(err, util.ErrInvalidArgument) {
+			ctx.Error(http.StatusBadRequest, "DeleteSecret", err)
+		} else if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "DeleteSecret", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "DeleteSecret", err)
+		}
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -956,14 +956,11 @@ func Routes() *web.Route {
 				Get(user.ListEmails).
 				Post(bind(api.CreateEmailOption{}), user.AddEmail).
 				Delete(bind(api.DeleteEmailOption{}), user.DeleteEmail)
-
-			// create or update a user's actions secrets
 			m.Group("/actions/secrets", func() {
 				m.Combo("/{secretname}").
 					Put(bind(api.CreateOrUpdateSecretOption{}), user.CreateOrUpdateSecret).
 					Delete(user.DeleteSecret)
 			})
-
 			m.Get("/followers", user.ListMyFollowers)
 			m.Group("/following", func() {
 				m.Get("", user.ListMyFollowing)
@@ -1490,6 +1487,11 @@ func Routes() *web.Route {
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(false, true), reqToken(), reqTeamMembership())
 
 		m.Group("/admin", func() {
+			m.Group("/actions/secrets", func() {
+				m.Combo("/{secretname}").
+					Put(bind(api.CreateOrUpdateSecretOption{}), admin.CreateOrUpdateSecret).
+					Delete(admin.DeleteSecret)
+			})
 			m.Group("/cron", func() {
 				m.Get("", admin.ListCronTasks)
 				m.Post("/{task}", admin.PostCronTask)
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
@@ -72,7 +72,7 @@ func ListActionsSecrets(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, apiSecrets)
 }
 
-// create or update one secret of the organization
+// create or update one secret in the organization
 func CreateOrUpdateSecret(ctx *context.APIContext) {
 	// swagger:operation PUT /orgs/{org}/actions/secrets/{secretname} organization updateOrgSecret
 	// ---
@@ -127,7 +127,7 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {
 	}
 }
 
-// DeleteSecret delete one secret of the organization
+// delete one secret in the organization
 func DeleteSecret(ctx *context.APIContext) {
 	// swagger:operation DELETE /orgs/{org}/actions/secrets/{secretname} organization deleteOrgSecret
 	// ---
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
@@ -14,7 +14,7 @@ import (
 	secret_service "code.gitea.io/gitea/services/secrets"
 )
 
-// create or update one secret of the repository
+// create or update one secret in the repository
 func CreateOrUpdateSecret(ctx *context.APIContext) {
 	// swagger:operation PUT /repos/{owner}/{repo}/actions/secrets/{secretname} repository updateRepoSecret
 	// ---
@@ -53,12 +53,11 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	owner := ctx.Repo.Owner
 	repo := ctx.Repo.Repository
 
 	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
 
-	_, created, err := secret_service.CreateOrUpdateSecret(ctx, owner.ID, repo.ID, ctx.Params("secretname"), opt.Data)
+	_, created, err := secret_service.CreateOrUpdateSecret(ctx, 0, repo.ID, ctx.Params("secretname"), opt.Data)
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
@@ -77,7 +76,7 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {
 	}
 }
 
-// DeleteSecret delete one secret of the repository
+// delete one secret in the repository
 func DeleteSecret(ctx *context.APIContext) {
 	// swagger:operation DELETE /repos/{owner}/{repo}/actions/secrets/{secretname} repository deleteRepoSecret
 	// ---
@@ -110,10 +109,9 @@ func DeleteSecret(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	owner := ctx.Repo.Owner
 	repo := ctx.Repo.Repository
 
-	err := secret_service.DeleteSecretByName(ctx, owner.ID, repo.ID, ctx.Params("secretname"))
+	err := secret_service.DeleteSecretByName(ctx, 0, repo.ID, ctx.Params("secretname"))
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "DeleteSecret", err)
diff --git a/routers/api/v1/user/action.go b/routers/api/v1/user/action.go
@@ -14,7 +14,7 @@ import (
 	secret_service "code.gitea.io/gitea/services/secrets"
 )
 
-// create or update one secret of the user scope
+// create or update one secret in the user scope
 func CreateOrUpdateSecret(ctx *context.APIContext) {
 	// swagger:operation PUT /user/actions/secrets/{secretname} user updateUserSecret
 	// ---
@@ -64,7 +64,7 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {
 	}
 }
 
-// DeleteSecret delete one secret of the user scope
+// delete one secret in the user scope
 func DeleteSecret(ctx *context.APIContext) {
 	// swagger:operation DELETE /user/actions/secrets/{secretname} user deleteUserSecret
 	// ---
diff --git a/routers/web/repo/setting/secrets.go b/routers/web/repo/setting/secrets.go
@@ -16,9 +16,10 @@ import (
 
 const (
 	// TODO: Separate secrets from runners when layout is ready
-	tplRepoSecrets base.TplName = "repo/settings/actions"
-	tplOrgSecrets  base.TplName = "org/settings/actions"
-	tplUserSecrets base.TplName = "user/settings/actions"
+	tplRepoSecrets  base.TplName = "repo/settings/actions"
+	tplOrgSecrets   base.TplName = "org/settings/actions"
+	tplUserSecrets  base.TplName = "user/settings/actions"
+	tplAdminSecrets base.TplName = "admin/actions"
 )
 
 type secretsCtx struct {
@@ -27,6 +28,7 @@ type secretsCtx struct {
 	IsRepo          bool
 	IsOrg           bool
 	IsUser          bool
+	IsGlobal        bool
 	SecretsTemplate base.TplName
 	RedirectLink    string
 }
@@ -67,6 +69,16 @@ func getSecretsCtx(ctx *context.Context) (*secretsCtx, error) {
 		}, nil
 	}
 
+	if ctx.Data["PageIsAdmin"] == true {
+		return &secretsCtx{
+			OwnerID:         0,
+			RepoID:          0,
+			IsGlobal:        true,
+			SecretsTemplate: tplAdminSecrets,
+			RedirectLink:    setting.AppSubURL + "/admin/actions/secrets",
+		}, nil
+	}
+
 	return nil, errors.New("unable to set Secrets context")
 }
 
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -757,6 +757,7 @@ func registerRoutes(m *web.Route) {
 		m.Group("/actions", func() {
 			m.Get("", admin.RedirectToDefaultSetting)
 			addSettingsRunnersRoutes()
+			addSettingsSecretsRoutes()
 		})
 	}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enable, "EnablePackages", setting.Packages.Enabled))
 	// ***** END: Admin *****
diff --git a/templates/admin/actions.tmpl b/templates/admin/actions.tmpl
@@ -3,5 +3,8 @@
 	{{if eq .PageType "runners"}}
 		{{template "shared/actions/runner_list" .}}
 	{{end}}
+	{{if eq .PageType "secrets"}}
+		{{template "shared/secrets/add_list" .}}
+	{{end}}
 	</div>
 {{template "admin/layout_footer" .}}
diff --git a/templates/admin/navbar.tmpl b/templates/admin/navbar.tmpl
@@ -60,12 +60,15 @@
 			{{end}}
 		{{end}}
 		{{if .EnableActions}}
-		<details class="item toggleable-item" {{if .PageIsSharedSettingsRunners}}open{{end}}>
+		<details class="item toggleable-item" {{if or .PageIsSharedSettingsRunners .PageIsSharedSettingsSecrets}}open{{end}}>
 			<summary>{{ctx.Locale.Tr "actions.actions"}}</summary>
 			<div class="menu">
 				<a class="{{if .PageIsSharedSettingsRunners}}active {{end}}item" href="{{AppSubUrl}}/admin/actions/runners">
 					{{ctx.Locale.Tr "actions.runners"}}
 				</a>
+				<a class="{{if .PageIsSharedSettingsSecrets}}active {{end}}item" href="{{AppSubUrl}}/admin/actions/secrets">
+					{{ctx.Locale.Tr "secrets.secrets"}}
+				</a>
 			</div>
 		</details>
 		{{end}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
diff --git a/tests/integration/api_admin_secrets_test.go b/tests/integration/api_admin_secrets_test.go

Original file line number	Diff line number	Diff line change
`@@ -64,8 +64,8 @@ func init() {`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`func (s *Secret) Validate() error {`
`67`		`- if s.OwnerID == 0 && s.RepoID == 0 {`
`68`		`- return errors.New("the secret is not bound to any scope")`
	`67`	`+ if s.OwnerID != 0 && s.RepoID != 0 {`
	`68`	`+ return errors.New("a secret should not be bound to an owner and a repository at the same time")`
`69`	`69`	`}`
`70`	`70`	`return nil`
`71`	`71`	`}`
`@@ -80,12 +80,8 @@ type FindSecretsOptions struct {`
`80`	`80`
`81`	`81`	`func (opts *FindSecretsOptions) toConds() builder.Cond {`
`82`	`82`	`cond := builder.NewCond()`
`83`		`- if opts.OwnerID > 0 {`
`84`		`- cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})`
`85`		`- }`
`86`		`- if opts.RepoID > 0 {`
`87`		`- cond = cond.And(builder.Eq{"repo_id": opts.RepoID})`
`88`		`- }`
	`83`	`+ cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})`
	`84`	`+ cond = cond.And(builder.Eq{"repo_id": opts.RepoID})`
`89`	`85`	`if opts.SecretID != 0 {`
`90`	`86`	`cond = cond.And(builder.Eq{"id": opts.SecretID})`
`91`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ func ListActionsSecrets(ctx *context.APIContext) {`
`72`	`72`	`ctx.JSON(http.StatusOK, apiSecrets)`
`73`	`73`	`}`
`74`	`74`
`75`		`-// create or update one secret of the organization`
	`75`	`+// create or update one secret in the organization`
`76`	`76`	`func CreateOrUpdateSecret(ctx *context.APIContext) {`
`77`	`77`	`// swagger:operation PUT /orgs/{org}/actions/secrets/{secretname} organization updateOrgSecret`
`78`	`78`	`// ---`
`@@ -127,7 +127,7 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {`
`127`	`127`	`}`
`128`	`128`	`}`
`129`	`129`
`130`		`-// DeleteSecret delete one secret of the organization`
	`130`	`+// delete one secret in the organization`
`131`	`131`	`func DeleteSecret(ctx *context.APIContext) {`
`132`	`132`	`// swagger:operation DELETE /orgs/{org}/actions/secrets/{secretname} organization deleteOrgSecret`
`133`	`133`	`// ---`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ import (`
`14`	`14`	`secret_service "code.gitea.io/gitea/services/secrets"`
`15`	`15`	`)`
`16`	`16`
`17`		`-// create or update one secret of the user scope`
	`17`	`+// create or update one secret in the user scope`
`18`	`18`	`func CreateOrUpdateSecret(ctx *context.APIContext) {`
`19`	`19`	`// swagger:operation PUT /user/actions/secrets/{secretname} user updateUserSecret`
`20`	`20`	`// ---`
`@@ -64,7 +64,7 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`
`67`		`-// DeleteSecret delete one secret of the user scope`
	`67`	`+// delete one secret in the user scope`
`68`	`68`	`func DeleteSecret(ctx *context.APIContext) {`
`69`	`69`	`// swagger:operation DELETE /user/actions/secrets/{secretname} user deleteUserSecret`
`70`	`70`	`// ---`