OZG-4453 revert stringData -> data; using data for encoding and string for plane text

ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/ElasticsearchReconciler.java

 package de.ozgcloud.operator;
 
+import java.util.Base64;
 import java.util.logging.Level;
 
 import org.apache.commons.collections.MapUtils;
@@ -24,7 +25,8 @@ public class ElasticsearchReconciler implements Reconciler<OzgCloudElasticsearch
 	private final OzgCloudElasticsearchService service;
 
 	@Override
-	public UpdateControl<OzgCloudElasticsearchCustomResource> reconcile(OzgCloudElasticsearchCustomResource resource, Context<OzgCloudElasticsearchCustomResource> context) {
+	public UpdateControl<OzgCloudElasticsearchCustomResource> reconcile(OzgCloudElasticsearchCustomResource resource,
+			Context<OzgCloudElasticsearchCustomResource> context) {
 		try {
 			log.info("Reconcile user " + resource.getCRDName() + "...");
 			var namespace = resource.getMetadata().getNamespace();
@@ -41,14 +43,23 @@ public class ElasticsearchReconciler implements Reconciler<OzgCloudElasticsearch
 		}
 	}
 
-	private String getPassword(Secret secret) {
+	String getPassword(Secret secret) {
 		log.info("get password for elastic user...");
 		log.info(String.format("from secret string map: %s", secret.getStringData()));
 		log.info(String.format("from secret data map: %s", secret.getData()));
-		return MapUtils.getString(secret.getData(), OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD);
+		return decode(MapUtils.getString(secret.getData(), OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD));
 	}
 
-	UpdateControl<OzgCloudElasticsearchCustomResource> buildExceptionUpdateControl(OzgCloudElasticsearchCustomResource resource, Exception exception) {
+	private String decode(String encodedPassword) {
+		try {
+			return new String(Base64.getDecoder().decode(encodedPassword));
+		} catch (Exception e) {
+			throw new RuntimeException("Could not decode password from secret.");
+		}
+	}
+
+	UpdateControl<OzgCloudElasticsearchCustomResource> buildExceptionUpdateControl(OzgCloudElasticsearchCustomResource resource,
+			Exception exception) {
 		return OzgCloudElasticsearchUpdateControlBuilder
 				.fromResource(resource)
 				.withStatus(CustomResourceStatus.ERROR)

ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/OzgCloudElasticsearchSecretHelper.java

@@ -29,10 +29,10 @@ public class OzgCloudElasticsearchSecretHelper {
 		return new SecretBuilder()
 				.withType(SECRET_TYPE)
 				.withMetadata(createMetaData(name, namespace))
-				.addToData(CREDENTIAL_SECRET_ADDRESS_FIELD, buildSecretAddress())
-				.addToData(CREDENTIAL_SECRET_INDEX_FIELD, namespace)
-				.addToData(CREDENTIAL_SECRET_PASSWORD_FIELD, generatePassword())
-				.addToData(CREDENTIAL_SECRET_USERNAME_FIELD, namespace)
+				.addToStringData(CREDENTIAL_SECRET_ADDRESS_FIELD, buildSecretAddress())
+				.addToStringData(CREDENTIAL_SECRET_INDEX_FIELD, namespace)
+				.addToStringData(CREDENTIAL_SECRET_PASSWORD_FIELD, generatePassword())
+				.addToStringData(CREDENTIAL_SECRET_USERNAME_FIELD, namespace)
 				.build();
 	}
 

ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/ElasticsearchReconcilerTest.java

@@ -4,6 +4,9 @@ import static org.assertj.core.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.*;
 
+import java.util.Base64;
+import java.util.Map;
+
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
@@ -12,9 +15,12 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Spy;
 
+import com.thedeanda.lorem.LoremIpsum;
+
 import de.ozgcloud.operator.common.kubernetes.NamespaceTestFactory;
 import de.ozgcloud.operator.common.kubernetes.SecretTestFactory;
 import io.fabric8.kubernetes.api.model.Secret;
+import io.fabric8.kubernetes.api.model.SecretBuilder;
 import io.javaoperatorsdk.operator.api.reconciler.Context;
 import io.javaoperatorsdk.operator.api.reconciler.UpdateControl;
 import lombok.SneakyThrows;
@@ -36,8 +42,10 @@ class ElasticsearchReconcilerTest {
 
 		private final OzgCloudElasticsearchCustomResource resource = ElasticsearchCustomResourceTestFactory.create();
 
-		private final static String PASSWORD = "dummyPassword";
-		private final Secret secret = SecretTestFactory.createBuilder().addToData(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD, PASSWORD).build();
+		private final static String PASSWORD = new String(Base64.getEncoder().encode("dummyPassword".getBytes()));
+		private final static String DECODED_PASSWORD = new String(Base64.getDecoder().decode(PASSWORD));
+		private final Secret secret = SecretTestFactory.createBuilder()
+				.addToData(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD, PASSWORD).build();
 
 		@DisplayName("process flow")
 		@Nested
@@ -76,7 +84,7 @@ class ElasticsearchReconcilerTest {
 			void shouldCallCreateSecurityUserIfMissing() {
 				reconcile();
 
-				verify(service).createSecurityUserIfMissing(NamespaceTestFactory.NAMESPACE, PASSWORD);
+				verify(service).createSecurityUserIfMissing(NamespaceTestFactory.NAMESPACE, DECODED_PASSWORD);
 			}
 
 			@SneakyThrows
@@ -152,6 +160,33 @@ class ElasticsearchReconcilerTest {
 				return reconciler.buildExceptionUpdateControl(resource, exception);
 			}
 		}
+
+		@DisplayName("get password")
+		@Nested
+		class TestGetPassword {
+
+			private static final String SECRET_PASSWORD = LoremIpsum.getInstance().getWords(1);
+
+			@Test
+			void shouldReturnPasssowrd() {
+				var secret = buildSecret();
+
+				var password = reconciler.getPassword(secret);
+
+				assertThat(password).isEqualTo(SECRET_PASSWORD);
+			}
+
+			private Secret buildSecret() {
+				return new SecretBuilder()
+						.addToData(Map.of(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD,
+								encodeStringBase64(SECRET_PASSWORD)))
+						.build();
+			}
+
+			private String encodeStringBase64(String string) {
+				return Base64.getEncoder().encodeToString(string.getBytes());
+			}
+		}
 	}
 
 	@DisplayName("Cleanup")

ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/OzgCloudElasticsearchSecretHelperTest.java

@@ -77,7 +77,8 @@ class OzgCloudElasticsearchSecretHelperTest {
 			void shouldBeSet() {
 				var secret = buildCredentialSecret();
 
-				assertThat(secret.getData()).containsEntry(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_ADDRESS_FIELD, String.format("%s:%s", HOST, PORT));
+				assertThat(secret.getStringData()).containsEntry(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_ADDRESS_FIELD,
+						String.format("%s:%s", HOST, PORT));
 			}
 
 			@Test
@@ -99,22 +100,24 @@ class OzgCloudElasticsearchSecretHelperTest {
 		void shouldContainIndex() {
 			var secret = buildCredentialSecret();
 
-			assertThat(secret.getData()).containsEntry(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_INDEX_FIELD, NamespaceTestFactory.NAMESPACE);
+			assertThat(secret.getStringData()).containsEntry(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_INDEX_FIELD,
+					NamespaceTestFactory.NAMESPACE);
 		}
 
 		@Test
 		void shouldContainPassword() {
 			var secret = buildCredentialSecret();
 
-			assertThat(secret.getData()).containsKey(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD);
-			assertThat(secret.getData().get(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD)).isNotNull();
+			assertThat(secret.getStringData()).containsKey(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD);
+			assertThat(secret.getStringData().get(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_PASSWORD_FIELD)).isNotNull();
 		}
 
 		@Test
 		void shouldContainUsername() {
 			var secret = buildCredentialSecret();
 
-			assertThat(secret.getData()).containsEntry(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_USERNAME_FIELD, NamespaceTestFactory.NAMESPACE);
+			assertThat(secret.getStringData()).containsEntry(OzgCloudElasticsearchSecretHelper.CREDENTIAL_SECRET_USERNAME_FIELD,
+					NamespaceTestFactory.NAMESPACE);
 		}
 
 		private Secret buildCredentialSecret() {