feat: retrieve platform secrets based on event access key environment (…

…#86)
picahq · Jul 3, 2024 · bf9801a · bf9801a
1 parent e5e7ddc
commit bf9801a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/integrationos-api/src/endpoints/oauth.rs b/integrationos-api/src/endpoints/oauth.rs
@@ -83,11 +83,13 @@ async fn oauth_handler(
         e
     })?;
 
+    let environment = user_event_access.environment;
+
     let secret = get_secret::<PlatformSecret>(
         &state,
         GetSecretRequest {
             id: setting
-                .platform_secret(&payload.connection_definition_id)
+                .platform_secret(&payload.connection_definition_id, environment)
                 .ok_or_else(|| {
                     error!(
                         "Settings does not have a secret service id for the connection platform"

diff --git a/integrationos-domain/src/domain/connection/connection_oauth_definition.rs b/integrationos-domain/src/domain/connection/connection_oauth_definition.rs
@@ -1,5 +1,6 @@
 use super::api_model_config::{ApiModelConfig, Function};
 use crate::{
+    environment::Environment,
     id::Id,
     prelude::{ownership::Ownership, shared::record_metadata::RecordMetadata},
     Feature, Hook,
@@ -105,10 +106,20 @@ pub struct Settings {
 }
 
 impl Settings {
-    pub fn platform_secret(&self, connection_definition_id: &Id) -> Option<String> {
+    pub fn platform_secret(
+        &self,
+        connection_definition_id: &Id,
+        environment: Environment,
+    ) -> Option<String> {
         self.connected_platforms
             .iter()
-            .find(|p| p.connection_definition_id == *connection_definition_id)
+            .filter(|p| p.connection_definition_id == *connection_definition_id)
+            .find(|p| p.environment == environment)
+            .or_else(|| {
+                self.connected_platforms
+                    .iter()
+                    .find(|p| p.connection_definition_id == *connection_definition_id)
+            })
             .and_then(|p| p.secrets_service_id.clone())
     }
 }
@@ -129,6 +140,12 @@ pub struct ConnectedPlatform {
     pub secrets_service_id: Option<String>,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub secret: Option<ConnectedPlatformSecret>,
+    #[serde(default = "default_environment")]
+    pub environment: Environment,
+}
+
+fn default_environment() -> Environment {
+    Environment::Test
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]