public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: don't base64 decode secret strings (#1683)

This commit is contained in:
oreonl 2022-08-02 16:47:07 -10:00 committed by GitHub
parent 37aa1a0b8c
commit e511401e51
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -1790,6 +1790,8 @@ data:
kind: RunnerDeployment kind: RunnerDeployment
metadata: metadata:
namespace: org1-runners namespace: org1-runners
spec:
template:
spec: spec:
githubAPICredentialsFrom: githubAPICredentialsFrom:
secretRef: secretRef:

52
controllers/multi_githubclient.go
View File

@ -3,7 +3,6 @@ package controllers
import ( import (
"context" "context"
"crypto/sha1" "crypto/sha1"
"encoding/base64"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"sort" "sort"
@ -270,17 +269,6 @@ func (c *MultiGitHubClient) derefClient(ns, secretName string, dependent *runner
} }
} }
func decodeBase64(s []byte) (string, error) {
enc := base64.RawStdEncoding
dbuf := make([]byte, enc.DecodedLen(len(s)))
n, err := enc.Decode(dbuf, []byte(s))
if err != nil {
return "", err
}
return string(dbuf[:n]), nil
}
func secretDataToGitHubClientConfig(data map[string][]byte) (*github.Config, error) { func secretDataToGitHubClientConfig(data map[string][]byte) (*github.Config, error) {
var ( var (
conf github.Config conf github.Config
@ -288,55 +276,31 @@ func secretDataToGitHubClientConfig(data map[string][]byte) (*github.Config, err
err error err error
) )
conf.URL, err = decodeBase64(data["github_url"]) conf.URL = string(data["github_url"])
if err != nil {
return nil, err
}
conf.UploadURL, err = decodeBase64(data["github_upload_url"]) conf.UploadURL = string(data["github_upload_url"])
if err != nil {
return nil, err
}
conf.EnterpriseURL, err = decodeBase64(data["github_enterprise_url"]) conf.EnterpriseURL = string(data["github_enterprise_url"])
if err != nil {
return nil, err
}
conf.RunnerGitHubURL, err = decodeBase64(data["github_runner_url"]) conf.RunnerGitHubURL = string(data["github_runner_url"])
if err != nil {
return nil, err
}
conf.Token, err = decodeBase64(data["github_token"]) conf.Token = string(data["github_token"])
if err != nil {
return nil, err
}
appID, err := decodeBase64(data["github_app_id"]) appID := string(data["github_app_id"])
if err != nil {
return nil, err
}
conf.AppID, err = strconv.ParseInt(appID, 10, 64) conf.AppID, err = strconv.ParseInt(appID, 10, 64)
if err != nil { if err != nil {
return nil, err return nil, err
} }
instID, err := decodeBase64(data["github_app_installation_id"]) instID := string(data["github_app_installation_id"])
if err != nil {
return nil, err
}
conf.AppInstallationID, err = strconv.ParseInt(instID, 10, 64) conf.AppInstallationID, err = strconv.ParseInt(instID, 10, 64)
if err != nil { if err != nil {
return nil, err return nil, err
} }
conf.AppPrivateKey, err = decodeBase64(data["github_app_private_key"]) conf.AppPrivateKey = string(data["github_app_private_key"])
if err != nil {
return nil, err
}
return &conf, nil return &conf, nil
} }