Remove decryption grpc from pipedv1 plugin api (#5414)

Signed-off-by: khanhtc1202 <[email protected]>
pipe-cd · Dec 12, 2024 · 73db7c2 · 73db7c2
1 parent 6b63206
commit 73db7c2
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 237 deletions.
diff --git a/pkg/app/pipedv1/cmd/piped/grpcapi/plugin_api.go b/pkg/app/pipedv1/cmd/piped/grpcapi/plugin_api.go
@@ -21,8 +21,6 @@ import (
 	"github.com/pipe-cd/pipecd/pkg/app/pipedv1/cmd/piped/service"
 	"github.com/pipe-cd/pipecd/pkg/app/server/service/pipedservice"
 	config "github.com/pipe-cd/pipecd/pkg/configv1"
-	"github.com/pipe-cd/pipecd/pkg/crypto"
-	"github.com/pipe-cd/pipecd/pkg/model"
 
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
@@ -62,31 +60,6 @@ func NewPluginAPI(cfg *config.PipedSpec, apiClient apiClient, toolsDir string, l
 	}, nil
 }
 
-func (a *PluginAPI) DecryptSecret(ctx context.Context, req *service.DecryptSecretRequest) (*service.DecryptSecretResponse, error) {
-	decrypter, err := initializeSecretDecrypter(a.cfg.SecretManagement)
-	if err != nil {
-		a.Logger.Error("failed to initialize secret decrypter", zap.Error(err))
-		return nil, err
-	}
-
-	// Return the secret as is in case of no decrypter configured.
-	if decrypter == nil {
-		return &service.DecryptSecretResponse{
-			DecryptedSecret: req.Secret,
-		}, nil
-	}
-
-	decrypted, err := decrypter.Decrypt(req.Secret)
-	if err != nil {
-		a.Logger.Error("failed to decrypt the secret", zap.Error(err))
-		return nil, err
-	}
-
-	return &service.DecryptSecretResponse{
-		DecryptedSecret: decrypted,
-	}, nil
-}
-
 // InstallTool installs the given tool.
 // installed binary's filename becomes `name-version`.
 func (a *PluginAPI) InstallTool(ctx context.Context, req *service.InstallToolRequest) (*service.InstallToolResponse, error) {
@@ -139,34 +112,3 @@ func (a *PluginAPI) ReportStageLogsFromLastCheckpoint(ctx context.Context, req *
 
 	return &service.ReportStageLogsFromLastCheckpointResponse{}, nil
 }
-
-func initializeSecretDecrypter(sm *config.SecretManagement) (crypto.Decrypter, error) {
-	if sm == nil {
-		return nil, nil
-	}
-
-	switch sm.Type {
-	case model.SecretManagementTypeNone:
-		return nil, nil
-
-	case model.SecretManagementTypeKeyPair:
-		key, err := sm.KeyPair.LoadPrivateKey()
-		if err != nil {
-			return nil, err
-		}
-		decrypter, err := crypto.NewHybridDecrypter(key)
-		if err != nil {
-			return nil, fmt.Errorf("failed to initialize decrypter (%w)", err)
-		}
-		return decrypter, nil
-
-	case model.SecretManagementTypeGCPKMS:
-		return nil, fmt.Errorf("type %q is not implemented yet", sm.Type.String())
-
-	case model.SecretManagementTypeAWSKMS:
-		return nil, fmt.Errorf("type %q is not implemented yet", sm.Type.String())
-
-	default:
-		return nil, fmt.Errorf("unsupported secret management type: %s", sm.Type.String())
-	}
-}
diff --git a/pkg/app/pipedv1/cmd/piped/grpcapi/plugin_api_test.go b/pkg/app/pipedv1/cmd/piped/grpcapi/plugin_api_test.go
@@ -13,63 +13,3 @@
 // limitations under the License.
 
 package grpcapi
-
-import (
-	"testing"
-
-	config "github.com/pipe-cd/pipecd/pkg/configv1"
-	"github.com/pipe-cd/pipecd/pkg/model"
-)
-
-// Test for initializeSecretDecrypter function.
-func TestInitializeSecretDecrypter(t *testing.T) {
-	testcases := []struct {
-		name        string
-		cfg         *config.SecretManagement
-		expected    bool
-		expectedErr bool
-	}{
-		{
-			name:        "no secret management config",
-			cfg:         nil,
-			expected:    false,
-			expectedErr: false,
-		},
-		{
-			name:        "secret management type none",
-			cfg:         &config.SecretManagement{Type: model.SecretManagementTypeNone},
-			expected:    false,
-			expectedErr: false,
-		},
-		{
-			name:        "unsupported secret management type",
-			cfg:         &config.SecretManagement{Type: "unsupported"},
-			expected:    false,
-			expectedErr: true,
-		},
-		{
-			name:        "unspoerted secret management type GCPKMS",
-			cfg:         &config.SecretManagement{Type: model.SecretManagementTypeGCPKMS},
-			expected:    false,
-			expectedErr: true,
-		},
-		{
-			name:        "unsupported secret mamagement type AWSKMS",
-			cfg:         &config.SecretManagement{Type: model.SecretManagementTypeAWSKMS},
-			expected:    false,
-			expectedErr: true,
-		},
-	}
-
-	for _, tc := range testcases {
-		t.Run(tc.name, func(t *testing.T) {
-			decrypter, err := initializeSecretDecrypter(tc.cfg)
-			if (err != nil) != tc.expectedErr {
-				t.Errorf("unexpected error: %v", err)
-			}
-			if (decrypter != nil) != tc.expected {
-				t.Errorf("unexpected result: %v", decrypter)
-			}
-		})
-	}
-}
diff --git a/pkg/app/pipedv1/cmd/piped/service/service.pb.go b/pkg/app/pipedv1/cmd/piped/service/service.pb.go
diff --git a/pkg/app/pipedv1/cmd/piped/service/service.proto b/pkg/app/pipedv1/cmd/piped/service/service.proto
@@ -22,8 +22,6 @@ import "pkg/model/logblock.proto";
 
 // PluginService provides the ability to interact with plugins.
 service PluginService {
-    // DecryptSecret decrypts the given secret.
-    rpc DecryptSecret(DecryptSecretRequest) returns (DecryptSecretResponse) {}
     // InstallTool installs the given tool.
     // installed binary's filename becomes `name-version`.
     rpc InstallTool(InstallToolRequest) returns (InstallToolResponse) {}

diff --git a/pkg/app/pipedv1/cmd/piped/service/service_grpc.pb.go b/pkg/app/pipedv1/cmd/piped/service/service_grpc.pb.go
diff --git a/pkg/app/pipedv1/plugin/secrets/decrypter.go b/pkg/app/pipedv1/plugin/secrets/decrypter.go