Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Improve log-reader-url logic for remote CLI driven workflow #1839

Merged
merged 6 commits into from
Feb 26, 2025
Merged

feat: Improve log-reader-url logic for remote CLI driven workflow #1839

merged 6 commits into from
Feb 26, 2025

Conversation

alfespa17
Copy link
Member

@alfespa17 alfespa17 commented Feb 26, 2025
edited
Loading

Previously when using the CLI driven workflow with remote execution Terrakube return the property log-read-url to the terraform/tofu cli using the following paths:

/applies/{jobId}/logs
/plans/{jobId}/logs

Terraform/tofu cli uses the path to read the log streaming.

With this change the logic will encrypt the value instead of using just the jobId, it will use AES/GCM/NoPadding to encrypt the values from the URL like the following:

/applies/logs/-1psjhcp26q6cy47f5z94oj4v6/-7471qtqoo6st1opld4jx58nhh
/applies/logs/-5jxcuqypoixzxh981o8yh8sbr/-3ja54lwjtoec60t9mf4jh94xa

The values are encrypted using the internal token secret

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
8 New issues
0 Accepted issues

Measures
0 Security Hotspots
37.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@alfespa17 alfespa17 merged commit 73b3a22 into main Feb 26, 2025
5 checks passed
@alfespa17 alfespa17 deleted the feat/improve-log-reader-url branch February 26, 2025 19:46
stanleyz pushed a commit to stanleyz/terrakube that referenced this pull request Mar 11, 2025
@alfespa17 @stanleyz
feat: Improve log-reader-url logic for remote CLI driven workflow (Az…
5363fd2 
…Builder#1839)

* feat: Change logic to generate log-read-url property using aes encryption

* feat: Change logic to generate log-read-url property using aes encryption

* Refactor using base36 encoding

* Refactor code

* Changet Algorithm to AES/GCM/NoPadding

* Change size to recommended
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alfespa17