feat(host/plugin): Support empty host catalog secrets

hashicorp · Sep 27, 2024 · 2b132b2 · 2b132b2
1 parent 1f210b5
commit 2b132b2
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 8 deletions.
diff --git a/internal/host/plugin/repository_host_catalog.go b/internal/host/plugin/repository_host_catalog.go
@@ -181,7 +181,7 @@ func (r *Repository) CreateCatalog(ctx context.Context, c *HostCatalog, _ ...Opt
 				pluginCalledSuccessfully = true
 			}
 
-			if plgResp != nil && plgResp.GetPersisted().GetSecrets() != nil {
+			if len(plgResp.GetPersisted().GetSecrets().GetFields()) > 0 {
 				hcSecret, err := newHostCatalogSecret(ctx, id, plgResp.GetPersisted().GetSecrets())
 				if err != nil {
 					return errors.Wrap(ctx, err, op)
@@ -453,7 +453,7 @@ func (r *Repository) UpdateCatalog(ctx context.Context, c *HostCatalog, version
 			var updatedPersisted bool
 			if plgResp != nil && plgResp.GetPersisted().GetSecrets() != nil {
 				if len(plgResp.GetPersisted().GetSecrets().GetFields()) == 0 {
-					// Flag the secret to be deleted.
+					// Flag the secret to be deleted if it exists.
 					hcSecret, err := newHostCatalogSecret(ctx, currentCatalog.GetPublicId(), plgResp.GetPersisted().GetSecrets())
 					if err != nil {
 						return errors.Wrap(ctx, err, op)
@@ -466,11 +466,13 @@ func (r *Repository) UpdateCatalog(ctx context.Context, c *HostCatalog, version
 					if err != nil {
 						return errors.Wrap(ctx, err, op)
 					}
-					if secretsDeleted != 1 {
-						return errors.New(ctx, errors.MultipleRecords, op, fmt.Sprintf("expected 1 catalog secret to be deleted, got %d", secretsDeleted))
+					if secretsDeleted > 1 {
+						return errors.New(ctx, errors.MultipleRecords, op, fmt.Sprintf("expected 0 or 1 catalog secret to be deleted, got %d", secretsDeleted))
+					}
+					if secretsDeleted == 1 {
+						updatedPersisted = true
+						msgs = append(msgs, &sOplogMsg)
 					}
-					updatedPersisted = true
-					msgs = append(msgs, &sOplogMsg)
 				} else {
 					hcSecret, err := newHostCatalogSecret(ctx, currentCatalog.GetPublicId(), plgResp.GetPersisted().GetSecrets())
 					if err != nil {

diff --git a/internal/host/plugin/repository_host_catalog_test.go b/internal/host/plugin/repository_host_catalog_test.go
@@ -260,6 +260,36 @@ func TestRepository_CreateCatalog(t *testing.T) {
 			}(),
 			wantPluginCalled: true,
 		},
+		{
+			name: "valid-empty-secrets",
+			in: &HostCatalog{
+				HostCatalog: &store.HostCatalog{
+					Description: "test-description-repo",
+					ProjectId:   prj.GetPublicId(),
+					PluginId:    plg.GetPublicId(),
+					Attributes:  []byte{},
+				},
+				Secrets: func() *structpb.Struct {
+					st, err := structpb.NewStruct(map[string]any{})
+					require.NoError(t, err)
+					return st
+				}(),
+			},
+			want: &HostCatalog{
+				HostCatalog: &store.HostCatalog{
+					Description: "test-description-repo",
+					ProjectId:   prj.GetPublicId(),
+					PluginId:    plg.GetPublicId(),
+					Attributes:  []byte{},
+				},
+			},
+			wantSecret: func() *structpb.Struct {
+				st, err := structpb.NewStruct(map[string]any{})
+				require.NoError(t, err)
+				return st
+			}(),
+			wantPluginCalled: true,
+		},
 	}
 
 	for _, tt := range tests {
@@ -358,8 +388,8 @@ func TestRepository_CreateCatalog(t *testing.T) {
 
 			cSecret := allocHostCatalogSecret()
 			err = rw.LookupWhere(ctx, &cSecret, "catalog_id=?", []any{got.GetPublicId()})
-			if tt.wantSecret == nil {
-				assert.Nil(got.Secrets)
+			if tt.wantSecret == nil || len(tt.wantSecret.Fields) == 0 {
+				assert.Empty(got.Secrets.GetFields())
 				require.Error(err)
 				require.True(errors.IsNotFoundError(err))
 				return
@@ -1135,6 +1165,22 @@ func TestRepository_UpdateCatalog(t *testing.T) {
 				checkNumUpdated(1),
 			},
 		},
+		{
+			name:        "update secrets, return empty secrets from plugin",
+			changeFuncs: []changeHostCatalogFunc{changeSecrets(map[string]any{})},
+			version:     2,
+			fieldMask:   []string{"secrets"},
+			wantCheckFuncs: []checkFunc{
+				checkVersion(3),
+				checkSecretsHmac(false),
+				checkUpdateCatalogRequestPersistedSecrets(map[string]any{
+					"one": "two",
+				}),
+				checkUpdateCatalogRequestSecrets(map[string]any{}),
+				checkSecretsDeleted(),
+				checkNumUpdated(1),
+			},
+		},
 		{
 			name:        "delete secrets",
 			changeFuncs: []changeHostCatalogFunc{changeSecrets(map[string]any{})},