Open vikramsubramanian opened 1 month ago
To address the issue of the password field being encrypted twice during an update request, follow these steps:
updateConnector
method in KafkaConnectService
to include a check for whether the password is already encrypted.KafkaConnectControllerService
to ensure the encryption logic is only applied when necessary.Here is the modified code:
KafkaConnectService.java
public ApiResponse updateConnector(ClusterConnectorRequest clusterConnectorRequest) {
log.info("Into updateConnector {}", clusterConnectorRequest);
String suffixUrl =
clusterConnectorRequest.getEnv()
+ "/connectors/"
+ clusterConnectorRequest.getConnectorName()
+ "/config";
Pair<String, RestTemplate> reqDetails =
clusterApiUtils.getRequestDetails(suffixUrl, clusterConnectorRequest.getProtocol());
HttpHeaders headers =
clusterApiUtils.createHeaders(
clusterConnectorRequest.getClusterIdentification(), KafkaClustersType.KAFKA_CONNECT);
headers.set("Content-Type", "application/json");
// Check if the password is already encrypted
String connectorConfig = clusterConnectorRequest.getConnectorConfig();
if (!isPasswordEncrypted(connectorConfig)) {
connectorConfig = encryptPassword(connectorConfig);
}
HttpEntity<String> request =
new HttpEntity<>(connectorConfig, headers);
try {
reqDetails.getRight().put(reqDetails.getLeft(), request, String.class);
} catch (HttpServerErrorException | HttpClientErrorException e) {
log.error("Error in updating connector ", e);
return buildErrorResponseFromRestException(e, CLUSTER_API_ERR_2);
} catch (Exception ex) {
return ApiResponse.builder().success(false).message(CLUSTER_API_ERR_2).build();
}
return ApiResponse.builder().success(true).message(ApiResultStatus.SUCCESS.value).build();
}
private boolean isPasswordEncrypted(String connectorConfig) {
// Implement logic to check if the password is already encrypted
// This could involve checking for a specific pattern or prefix
return connectorConfig.contains("ENCRYPTED_PREFIX");
}
private String encryptPassword(String connectorConfig) {
// Implement your encryption logic here
return "ENCRYPTED_PREFIX" + connectorConfig;
}
KafkaConnectControllerService.java
if (RequestOperationType.UPDATE.value.equals(connectorRequest.getRequestOperationType())) {
String connectorConfig = connectorRequest.getConnectorConfig();
if (!isPasswordEncrypted(connectorConfig)) {
connectorConfig = encryptPassword(connectorConfig);
}
updateTopicReqStatus =
clusterApiService.approveConnectorRequests(
connectorRequest.getConnectorName(),
protocol,
connectorRequest.getRequestOperationType(),
connectorConfig,
kafkaConnectHost,
kwClusters.getClusterName() + kwClusters.getClusterId(),
tenantId);
} else {
// Other operations
}
By adding these checks, the password will only be encrypted if it is not already encrypted, preventing double encryption.
cluster-api/src/main/java/io/aiven/klaw/clusterapi/services/KafkaConnectService.java:90-360 | The updateConnector method in KafkaConnectService.java needs modification to check if the password is already encrypted before re-encrypting it.
core/src/main/java/io/aiven/klaw/service/KafkaConnectControllerService.java:604-1493 | The KafkaConnectControllerService.java needs to ensure encryption logic is applied only when necessary during an update request.
💡 To rerun Mayil, comment mayil-ai rerun
. Mayil will incorporate any new context added to the ticket. Include details in your rerun comment to guide Mayil!
Last updated at 02-Aug-2024 01:48 PM | Attempt 2
What happened?
I created a Connector with a password field. I then created an update request and the password field took the encrypted password and encrypted it again now showing a different password, meaning the saved password would be overwritten in this update.
What did you expect to happen?
The password should only be encrypted if it is a new entry or has been altered from its previous state.