Show masked value for secret metadata (#3880)

epam · Jan 28, 2025 · 9d62922 · 9d62922
1 parent bd0d1f3
commit 9d62922
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/api/src/main/java/com/epam/pipeline/dao/metadata/MetadataDao.java b/api/src/main/java/com/epam/pipeline/dao/metadata/MetadataDao.java
@@ -52,6 +52,7 @@ public class MetadataDao extends NamedParameterJdbcDaoSupport {
     private static final String KEY = "KEY";
     private static final String VALUE = "VALUE";
     private static final String LIST_PARAMETER = "list";
+    public static final String SECRET_MASK_VALUE = "***";
 
     private Pattern dataKeyPattern = Pattern.compile("@KEY@");
     private Pattern entitiesValuePattern = Pattern.compile("@ENTITIES@");
@@ -398,11 +399,22 @@ public static Map<String, PipeConfValue> parseData(final String data) {
         public static Map<String, PipeConfValue> parseData(final String data, final List<String> keysToRetrieve) {
             final Map<String, PipeConfValue> parsedData = JsonMapper.parseData(
                     data, new TypeReference<Map<String, PipeConfValue>>() {});
+
+            if (CollectionUtils.isEmpty(parsedData)) {
+                return parsedData;
+            }
+
             if (CollectionUtils.isEmpty(keysToRetrieve)) {
                 return parsedData.entrySet().stream()
-                        .filter(metadataEntry ->
-                                !SECRET_METADATA_TYPE.equalsIgnoreCase(metadataEntry.getValue().getType()))
-                        .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+                        .map(metadataEntry -> {
+                            if (SECRET_METADATA_TYPE.equalsIgnoreCase(metadataEntry.getValue().getType())) {
+                                return Pair.of(metadataEntry.getKey(),
+                                        new PipeConfValue(SECRET_METADATA_TYPE, SECRET_MASK_VALUE));
+                            } else {
+                                return Pair.of(metadataEntry.getKey(), metadataEntry.getValue());
+                            }
+                        })
+                        .collect(Collectors.toMap(Pair::getKey, Pair::getValue));
             } else {
                 return parsedData.entrySet().stream()
                         .filter(metadataEntry -> keysToRetrieve.contains(metadataEntry.getKey()))

diff --git a/api/src/test/java/com/epam/pipeline/manager/metadata/MetadataManagerTest.java b/api/src/test/java/com/epam/pipeline/manager/metadata/MetadataManagerTest.java
@@ -22,6 +22,7 @@
 import com.epam.pipeline.AbstractSpringTest;
 import com.epam.pipeline.controller.vo.EntityVO;
 import com.epam.pipeline.controller.vo.MetadataVO;
+import com.epam.pipeline.dao.metadata.MetadataDao;
 import com.epam.pipeline.entity.metadata.MetadataEntry;
 import com.epam.pipeline.entity.metadata.PipeConfValue;
 import com.epam.pipeline.entity.preference.Preference;
@@ -248,10 +249,11 @@ public void testThatSecretMetadataWillBeHidedDuringSearch() {
         Assert.assertFalse(loadResultByKey.isEmpty());
         Assert.assertFalse(loadResultByKey.get(0).getData().isEmpty());
 
-        // But we can't see secret value when list all metadata for the entity
+        // But we can't see the value of the secret when list all metadata for the entity
         List<MetadataEntry> loadResult = metadataManager.listMetadataItems(Collections.singletonList(entityVO));
         Assert.assertFalse(loadResult.isEmpty());
-        Assert.assertTrue(loadResult.get(0).getData().isEmpty());
+        Assert.assertFalse(loadResult.get(0).getData().isEmpty());
+        Assert.assertEquals(MetadataDao.SECRET_MASK_VALUE, loadResult.get(0).getData().get(KEY_1).getValue());
     }
 
     @Test(expected = MetadataReadingException.class)