From abb2bd8daca70afc43992b5f58d1c84498e177eb Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 21 Dec 2023 19:59:03 +0100
Subject: [PATCH] OZG-4453 decode password

---
 .../ElasticsearchClientConfiguration.java     | 23 ++++++-
 .../ElasticsearchClientConfigurationTest.java | 67 +++++++++++++++++++
 2 files changed, 87 insertions(+), 3 deletions(-)
 create mode 100644 ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfigurationTest.java

diff --git a/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfiguration.java b/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfiguration.java
index 5ebfd1d..2d15853 100644
--- a/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfiguration.java
+++ b/ozgcloud-elasticsearch-operator/src/main/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfiguration.java
@@ -1,5 +1,7 @@
 package de.ozgcloud.operator.common.elasticsearch;
 
+import java.util.Base64;
+
 import org.apache.commons.collections.MapUtils;
 import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
@@ -16,6 +18,7 @@ import co.elastic.clients.json.jackson.JacksonJsonpMapper;
 import co.elastic.clients.transport.rest_client.RestClientTransport;
 import de.ozgcloud.operator.OzgCloudElasticsearchProperties;
 import de.ozgcloud.operator.common.kubernetes.KubernetesRemoteService;
+import io.fabric8.kubernetes.api.model.Secret;
 import lombok.extern.java.Log;
 
 @Log
@@ -60,10 +63,24 @@ public class ElasticsearchClientConfiguration {
 	}
 
 	String getPassword() {
-		log.info(String.format("get password from secret: %s in namespace %s", elasticSearchProperties.getServer().getNamespace(), elasticSearchProperties.getServer().getSecretName()));
-		var resource = kubernetesService.getSecretResource(elasticSearchProperties.getServer().getNamespace(), elasticSearchProperties.getServer().getSecretName());
-		var password = MapUtils.getString(resource.get().getStringData(), elasticSearchProperties.getServer().getSecretDataKey());
+		log.info(String.format("get password from secret: %s in namespace %s", elasticSearchProperties.getServer().getSecretName(), elasticSearchProperties.getServer().getNamespace()));
+		var secret = getCredentialsSecret();
+		var password = getPasswordFromSecret(secret);
 		log.info(String.format("used password: %s", password));
 		return password;
 	}
+	
+	private Secret getCredentialsSecret() {
+		return kubernetesService.getSecretResource(elasticSearchProperties.getServer().getNamespace(), elasticSearchProperties.getServer().getSecretName()).get();
+	}
+	
+	private String getPasswordFromSecret(Secret secret) {
+		var encodedPassword =  MapUtils.getString(secret.getStringData(), elasticSearchProperties.getServer().getSecretDataKey());
+		return decode(encodedPassword, secret);
+	}
+	
+	private String decode(String encodedPassword, Secret secret) {
+		return new String(Base64.getDecoder().decode(encodedPassword));
+	}
+
 }
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfigurationTest.java b/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfigurationTest.java
new file mode 100644
index 0000000..0afa517
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/java/de/ozgcloud/operator/common/elasticsearch/ElasticsearchClientConfigurationTest.java
@@ -0,0 +1,67 @@
+package de.ozgcloud.operator.common.elasticsearch;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+import java.util.Base64;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+
+import de.ozgcloud.operator.OzgCloudElasticsearchProperties;
+import de.ozgcloud.operator.OzgCloudElasticsearchProperties.OzgCloudElasticsearchServerProperties;
+import de.ozgcloud.operator.common.kubernetes.KubernetesRemoteService;
+import de.ozgcloud.operator.common.kubernetes.SecretTestFactory;
+import io.fabric8.kubernetes.api.model.Secret;
+import io.fabric8.kubernetes.client.dsl.Resource;
+
+class ElasticsearchClientConfigurationTest {
+	
+	@Spy
+	@InjectMocks
+	private ElasticsearchClientConfiguration configuration;
+	@Mock
+	private OzgCloudElasticsearchProperties properties;
+	@Mock
+	private KubernetesRemoteService kubernetesRemoteService;
+	
+	@DisplayName("Create elasticsearch client")
+	@Nested
+	class TestCreateElasticsearchClient {
+		
+		private static final String SECRET_DATA_KEY = "dsefsfef";
+		private static final String SECRET_DATA_VALUE = "testPassword";
+		private static final String SECRET_DATA_ENCODED_VALUE = encodeStringBase64(SECRET_DATA_VALUE);
+		private static final Secret SECRET = SecretTestFactory.createBuilder().addToStringData(SECRET_DATA_KEY, SECRET_DATA_ENCODED_VALUE).build(); 
+		
+		@Mock
+		private Resource<Secret> secretResource;
+		@Mock
+		private OzgCloudElasticsearchServerProperties serverProperties;
+		
+		@BeforeEach
+		void mock() {
+			when(properties.getServer()).thenReturn(serverProperties);
+			when(serverProperties.getSecretDataKey()).thenReturn(SECRET_DATA_KEY);
+			when(kubernetesRemoteService.getSecretResource(any(), any())).thenReturn(secretResource);
+			when(secretResource.get()).thenReturn(SECRET);
+		}
+		
+		@Test
+		void shouldReturnPasssowrd() {
+			var password = configuration.getPassword();
+			
+			assertThat(password).isEqualTo(SECRET_DATA_VALUE);
+		}
+		
+		private static String encodeStringBase64(String string) {
+			return Base64.getEncoder().encodeToString(string.getBytes());
+		}
+	}
+}
\ No newline at end of file
-- 
GitLab