feat: encrypt the ECR auth token by default

loicmathieu · loicmathieu · commit c39145d2bd5c · 2024-02-07T10:56:27.000+01:00
diff --git a/src/main/java/io/kestra/plugin/aws/ecr/GetAuthToken.java b/src/main/java/io/kestra/plugin/aws/ecr/GetAuthToken.java
@@ -2,11 +2,13 @@
 
 import io.kestra.core.models.annotations.Example;
 import io.kestra.core.models.annotations.Plugin;
+import io.kestra.core.models.annotations.PluginProperty;
 import io.kestra.core.models.tasks.Output;
 import io.kestra.core.models.tasks.RunnableTask;
 import io.kestra.core.runners.RunContext;
 import io.kestra.plugin.aws.AbstractConnection;
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotNull;
 import lombok.*;
 import lombok.experimental.SuperBuilder;
 import software.amazon.awssdk.regions.Region;
@@ -40,6 +42,15 @@
 )
 public class GetAuthToken extends AbstractConnection implements RunnableTask<GetAuthToken.TokenOutput> {
 
+    @PluginProperty
+    @Schema(
+        title = "Whether to encrypt the authorization token into the output.",
+        description = "If set to true, it can be decrypted via the Pebble `decrypt()` function."
+    )
+    @Builder.Default
+    @NotNull
+    private Boolean encrypt = false;
+
     @Override
     public TokenOutput run(RunContext runContext) throws Exception {
         EcrClientBuilder ecrClientBuilder = EcrClient.builder().credentialsProvider(this.credentials(runContext));
@@ -63,6 +74,10 @@ public TokenOutput run(RunContext runContext) throws Exception {
                 token = token.substring(token.indexOf(":") + 1);
             }
 
+            if (Boolean.TRUE.equals(encrypt)) {
+                token = runContext.encrypt(token);
+            }
+
             return TokenOutput.builder()
                 .token(token)
                 .build();
diff --git a/src/test/java/io/kestra/plugin/aws/ecr/GetAuthTokenTest.java b/src/test/java/io/kestra/plugin/aws/ecr/GetAuthTokenTest.java
@@ -31,6 +31,7 @@ void run() throws Exception {
             .accessKeyId(localstack.getAccessKey())
             .secretKeyId(localstack.getSecretKey())
             .region(localstack.getRegion())
+            .encrypt(false)
             .build();
 
         GetAuthToken.TokenOutput output = query.run(runContext);
