#3202

Committed 25 Jul 2025 04:52PM UTC coverage: 67.669% (-27.3%) from 94.935%

Build # #3202

Build Type

push

screwdriver

Committed by

web-flow

Commit Message

feat(3363): Update the existing endpoint to get admin for a pipeline from the specified SCM context (#3370)

Run Details

1284 of 2114 branches covered (60.74%)

Branch coverage included in aggregate %.

1 of 11 new or added lines in 1 file covered. (9.09%)

1235 existing lines in 49 files now uncovered.

3417 of 4833 relevant lines covered (70.7%)

50.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

15.0

/plugins/secrets/create.js

'use strict';

const urlLib = require('url');
const boom = require('@hapi/boom');
const schema = require('screwdriver-data-schema');
const logger = require('screwdriver-logger');
const { getUserPermissions, getScmUri } = require('../helper');

module.exports = () => ({
    method: 'POST',
    path: '/secrets',
    options: {
        description: 'Create a new secret',
        notes: 'Create a specific secret',
        tags: ['api', 'secrets'],
        auth: {
            strategies: ['token'],
            scope: ['user', '!guest', 'pipeline']
        },

        handler: async (request, h) => {
            const { pipelineFactory, secretFactory, userFactory } = request.server.app;
            const { username, scmContext } = request.auth.credentials;
            const { isValidToken } = request.server.plugins.pipelines;

            const pipeline = await pipelineFactory.get(request.payload.pipelineId);

            if (!pipeline) {
                throw boom.notFound(`Pipeline ${request.payload.pipelineId} does not exist`);
            }

            if (pipeline.state === 'DELETING') {
                throw boom.conflict('This pipeline is being deleted.');
            }

            // In pipeline scope, check if the token is allowed to the pipeline
            if (!isValidToken(pipeline.id, request.auth.credentials)) {
                throw boom.forbidden('Token does not have permission to this pipeline');
            }

            const user = await userFactory.get({ username, scmContext });

            if (!user) {
                throw boom.notFound(`User ${username} does not exist`);
            }

            // Use parent's scmUri if pipeline is child pipeline and using read-only SCM
            const scmUri = await getScmUri({ pipeline, pipelineFactory });

            // Check the user's permission
            await getUserPermissions({ user, scmUri });

            // check if secret already exists
            const secret = await secretFactory.get({
                pipelineId: request.payload.pipelineId,
                name: request.payload.name
            });

            // if secret already exists, reject
            if (secret) {
                throw boom.conflict(`Secret already exists with the ID: ${secret.id}`);
            }

            logger.info(
                `[Audit] user ${user.username}:${scmContext} creates the secret key:${request.payload.name} for pipelineId:${request.payload.pipelineId}.`
            );
            const newSecret = await secretFactory.create(request.payload);

            const location = urlLib.format({
                host: request.headers.host,
                port: request.headers.port,
                protocol: request.server.info.protocol,
                pathname: `${request.path}/${newSecret.id}`
            });
            const output = newSecret.toJson();

            delete output.value;

            return h.response(output).header('Location', location).code(201);
        },
        validate: {
            payload: schema.models.secret.create
        }
    }
});

1	'use strict';
2
3	const urlLib = require('url');	1✔
4	const boom = require('@hapi/boom');	1✔
5	const schema = require('screwdriver-data-schema');	1✔
6	const logger = require('screwdriver-logger');	1✔
7	const { getUserPermissions, getScmUri } = require('../helper');	1✔
8
9	module.exports = () => ({	66✔
10	method: 'POST',
11	path: '/secrets',
12	options: {
13	description: 'Create a new secret',
14	notes: 'Create a specific secret',
15	tags: ['api', 'secrets'],
16	auth: {
17	strategies: ['token'],
18	scope: ['user', '!guest', 'pipeline']
19	},
20
21	handler: async (request, h) => {
UNCOV 22	const { pipelineFactory, secretFactory, userFactory } = request.server.app;	×
UNCOV 23	const { username, scmContext } = request.auth.credentials;	×
UNCOV 24	const { isValidToken } = request.server.plugins.pipelines;	×
25
UNCOV 26	const pipeline = await pipelineFactory.get(request.payload.pipelineId);	×
27
UNCOV 28	if (!pipeline) {	×
UNCOV 29	throw boom.notFound(`Pipeline ${request.payload.pipelineId} does not exist`);	×
30	}
31
UNCOV 32	if (pipeline.state === 'DELETING') {	×
UNCOV 33	throw boom.conflict('This pipeline is being deleted.');	×
34	}
35
36	// In pipeline scope, check if the token is allowed to the pipeline
UNCOV 37	if (!isValidToken(pipeline.id, request.auth.credentials)) {	×
UNCOV 38	throw boom.forbidden('Token does not have permission to this pipeline');	×
39	}
40
UNCOV 41	const user = await userFactory.get({ username, scmContext });	×
42
UNCOV 43	if (!user) {	×
UNCOV 44	throw boom.notFound(`User ${username} does not exist`);	×
45	}
46
47	// Use parent's scmUri if pipeline is child pipeline and using read-only SCM
UNCOV 48	const scmUri = await getScmUri({ pipeline, pipelineFactory });	×
49
50	// Check the user's permission
UNCOV 51	await getUserPermissions({ user, scmUri });	×
52
53	// check if secret already exists
UNCOV 54	const secret = await secretFactory.get({	×
55	pipelineId: request.payload.pipelineId,
56	name: request.payload.name
57	});
58
59	// if secret already exists, reject
UNCOV 60	if (secret) {	×
UNCOV 61	throw boom.conflict(`Secret already exists with the ID: ${secret.id}`);	×
62	}
63
UNCOV 64	logger.info(	×
65	`[Audit] user ${user.username}:${scmContext} creates the secret key:${request.payload.name} for pipelineId:${request.payload.pipelineId}.`
66	);
UNCOV 67	const newSecret = await secretFactory.create(request.payload);	×
68
UNCOV 69	const location = urlLib.format({	×
70	host: request.headers.host,
71	port: request.headers.port,
72	protocol: request.server.info.protocol,
73	pathname: `${request.path}/${newSecret.id}`
74	});
UNCOV 75	const output = newSecret.toJson();	×
76
UNCOV 77	delete output.value;	×
78
UNCOV 79	return h.response(output).header('Location', location).code(201);	×
80	},
81	validate: {
82	payload: schema.models.secret.create
83	}
84	}
85	});

screwdriver-cd / screwdriver / #3202

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous