diff --git a/internal/host/plugin/repository_host_catalog.go b/internal/host/plugin/repository_host_catalog.go index 5448863fcbe..79830b76c1d 100644 --- a/internal/host/plugin/repository_host_catalog.go +++ b/internal/host/plugin/repository_host_catalog.go @@ -181,7 +181,7 @@ func (r *Repository) CreateCatalog(ctx context.Context, c *HostCatalog, _ ...Opt pluginCalledSuccessfully = true } - if plgResp != nil && plgResp.GetPersisted().GetSecrets() != nil { + if len(plgResp.GetPersisted().GetSecrets().GetFields()) > 0 { hcSecret, err := newHostCatalogSecret(ctx, id, plgResp.GetPersisted().GetSecrets()) if err != nil { return errors.Wrap(ctx, err, op) @@ -453,7 +453,7 @@ func (r *Repository) UpdateCatalog(ctx context.Context, c *HostCatalog, version var updatedPersisted bool if plgResp != nil && plgResp.GetPersisted().GetSecrets() != nil { if len(plgResp.GetPersisted().GetSecrets().GetFields()) == 0 { - // Flag the secret to be deleted. + // Flag the secret to be deleted if it exists. hcSecret, err := newHostCatalogSecret(ctx, currentCatalog.GetPublicId(), plgResp.GetPersisted().GetSecrets()) if err != nil { return errors.Wrap(ctx, err, op) @@ -466,11 +466,13 @@ func (r *Repository) UpdateCatalog(ctx context.Context, c *HostCatalog, version if err != nil { return errors.Wrap(ctx, err, op) } - if secretsDeleted != 1 { - return errors.New(ctx, errors.MultipleRecords, op, fmt.Sprintf("expected 1 catalog secret to be deleted, got %d", secretsDeleted)) + if secretsDeleted > 1 { + return errors.New(ctx, errors.MultipleRecords, op, fmt.Sprintf("expected 0 or 1 catalog secret to be deleted, got %d", secretsDeleted)) + } + if secretsDeleted == 1 { + updatedPersisted = true + msgs = append(msgs, &sOplogMsg) } - updatedPersisted = true - msgs = append(msgs, &sOplogMsg) } else { hcSecret, err := newHostCatalogSecret(ctx, currentCatalog.GetPublicId(), plgResp.GetPersisted().GetSecrets()) if err != nil { diff --git a/internal/host/plugin/repository_host_catalog_test.go b/internal/host/plugin/repository_host_catalog_test.go index f1c03f189ab..77e50e4c251 100644 --- a/internal/host/plugin/repository_host_catalog_test.go +++ b/internal/host/plugin/repository_host_catalog_test.go @@ -260,6 +260,36 @@ func TestRepository_CreateCatalog(t *testing.T) { }(), wantPluginCalled: true, }, + { + name: "valid-empty-secrets", + in: &HostCatalog{ + HostCatalog: &store.HostCatalog{ + Description: "test-description-repo", + ProjectId: prj.GetPublicId(), + PluginId: plg.GetPublicId(), + Attributes: []byte{}, + }, + Secrets: func() *structpb.Struct { + st, err := structpb.NewStruct(map[string]any{}) + require.NoError(t, err) + return st + }(), + }, + want: &HostCatalog{ + HostCatalog: &store.HostCatalog{ + Description: "test-description-repo", + ProjectId: prj.GetPublicId(), + PluginId: plg.GetPublicId(), + Attributes: []byte{}, + }, + }, + wantSecret: func() *structpb.Struct { + st, err := structpb.NewStruct(map[string]any{}) + require.NoError(t, err) + return st + }(), + wantPluginCalled: true, + }, } for _, tt := range tests { @@ -358,8 +388,8 @@ func TestRepository_CreateCatalog(t *testing.T) { cSecret := allocHostCatalogSecret() err = rw.LookupWhere(ctx, &cSecret, "catalog_id=?", []any{got.GetPublicId()}) - if tt.wantSecret == nil { - assert.Nil(got.Secrets) + if tt.wantSecret == nil || len(tt.wantSecret.Fields) == 0 { + assert.Empty(got.Secrets.GetFields()) require.Error(err) require.True(errors.IsNotFoundError(err)) return @@ -1135,6 +1165,22 @@ func TestRepository_UpdateCatalog(t *testing.T) { checkNumUpdated(1), }, }, + { + name: "update secrets, return empty secrets from plugin", + changeFuncs: []changeHostCatalogFunc{changeSecrets(map[string]any{})}, + version: 2, + fieldMask: []string{"secrets"}, + wantCheckFuncs: []checkFunc{ + checkVersion(3), + checkSecretsHmac(false), + checkUpdateCatalogRequestPersistedSecrets(map[string]any{ + "one": "two", + }), + checkUpdateCatalogRequestSecrets(map[string]any{}), + checkSecretsDeleted(), + checkNumUpdated(1), + }, + }, { name: "delete secrets", changeFuncs: []changeHostCatalogFunc{changeSecrets(map[string]any{})},