control-service: secrets service unit tests (#2276)

Add unit tests for the secrets service.
Minor code changes to address redundancies, feedback from previous
review.

---------

Signed-off-by: Dako Dakov <ddakov@vmware.com>
Co-authored-by: github-actions <>
Co-authored-by: Miroslav Ivanov <40535952+mivanov1988@users.noreply.github.com>

Author: dakodakov

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/exception/DataJobSecretsSizeLimitException.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2021-2023 VMware, Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.vmware.taurus.exception;
+
+import org.springframework.http.HttpStatus;
+
+public class DataJobSecretsSizeLimitException extends DomainError implements UserFacingError {
+
+  public DataJobSecretsSizeLimitException(String jobName, String why) {
+    super(
+        String.format("Exception processing secrets for '%s' data job.", jobName),
+        why,
+        "Unable to process data job secrets.",
+        "Try re-creating the data job secrets or contract the service operator",
+        null);
+  }
+
+  @Override
+  public HttpStatus getHttpStatus() {
+    return HttpStatus.PAYLOAD_TOO_LARGE;
+  }
+}

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/exception/SecretStorageNotConfiguredException.java

@@ -5,10 +5,17 @@
 
 package com.vmware.taurus.exception;
 
+import org.springframework.http.HttpStatus;
+
 /** Exception thrown, when a secret storage has not been configured */
 public class SecretStorageNotConfiguredException extends ExternalSystemError {
 
   public SecretStorageNotConfiguredException() {
     super(MainExternalSystem.SECRETS, "Not Configured");
   }
+
+  @Override
+  public HttpStatus getHttpStatus() {
+    return HttpStatus.NOT_IMPLEMENTED;
+  }
 }

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/secrets/controller/DataJobsSecretsController.java

@@ -6,10 +6,8 @@
 package com.vmware.taurus.secrets.controller;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.vmware.taurus.base.FeatureFlags;
 import com.vmware.taurus.controlplane.model.api.DataJobsSecretsApi;
 import com.vmware.taurus.exception.DataJobSecretsException;
-import com.vmware.taurus.exception.SecretStorageNotConfiguredException;
 import com.vmware.taurus.secrets.service.JobSecretsService;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.slf4j.Logger;
@@ -30,14 +28,10 @@
 public class DataJobsSecretsController implements DataJobsSecretsApi {
   static Logger log = LoggerFactory.getLogger(DataJobsSecretsController.class);
 
-  private final FeatureFlags featureFlags;
-
   private final JobSecretsService secretsService;
 
   @Autowired
-  public DataJobsSecretsController(
-      FeatureFlags featureFlags, @Nullable JobSecretsService secretsService) {
-    this.featureFlags = featureFlags;
+  public DataJobsSecretsController(@Nullable JobSecretsService secretsService) {
     this.secretsService = secretsService;
   }
 
@@ -46,28 +40,20 @@ public ResponseEntity<Void> dataJobSecretsUpdate(
       String teamName, String jobName, String deploymentId, Map<String, Object> requestBody) {
     log.debug("Updating secrets for job: {}", jobName);
 
-    if (featureFlags.isVaultIntegrationEnabled()) {
-      secretsService.updateJobSecrets(jobName, requestBody);
-      return ResponseEntity.noContent().build();
-    }
-
-    throw new SecretStorageNotConfiguredException();
+    secretsService.updateJobSecrets(jobName, requestBody);
+    return ResponseEntity.noContent().build();
   }
 
   @Override
   public ResponseEntity<Map<String, Object>> dataJobSecretsRead(
       String teamName, String jobName, String deploymentId) {
     log.debug("Reading secrets for job: {}", jobName);
 
-    if (featureFlags.isVaultIntegrationEnabled()) {
-      try {
-        return ResponseEntity.ok(secretsService.readJobSecrets(jobName));
-      } catch (JsonProcessingException e) {
-        log.error("Error while parsing secrets for job: " + jobName, e);
-        throw new DataJobSecretsException(jobName, "Error while parsing secrets for job");
-      }
+    try {
+      return ResponseEntity.ok(secretsService.readJobSecrets(jobName));
+    } catch (JsonProcessingException e) {
+      log.error("Error while parsing secrets for job: " + jobName, e);
+      throw new DataJobSecretsException(jobName, "Error while parsing secrets for job");
     }
-
-    throw new SecretStorageNotConfiguredException();
   }
 }

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/secrets/controller/NoOpDataJobsSecretsController.java

@@ -6,13 +6,12 @@
 package com.vmware.taurus.secrets.controller;
 
 import com.vmware.taurus.controlplane.model.api.DataJobsSecretsApi;
+import com.vmware.taurus.exception.SecretStorageNotConfiguredException;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.ComponentScan;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.server.ResponseStatusException;
 
 import java.util.Map;
 
@@ -28,14 +27,12 @@ public class NoOpDataJobsSecretsController implements DataJobsSecretsApi {
   @Override
   public ResponseEntity<Void> dataJobSecretsUpdate(
       String teamName, String jobName, String deploymentId, Map<String, Object> requestBody) {
-    throw new ResponseStatusException(
-        HttpStatus.NOT_IMPLEMENTED, "Secrets service is not implemented");
+    throw new SecretStorageNotConfiguredException();
   }
 
   @Override
   public ResponseEntity<Map<String, Object>> dataJobSecretsRead(
       String teamName, String jobName, String deploymentId) {
-    throw new ResponseStatusException(
-        HttpStatus.NOT_IMPLEMENTED, "Secrets service is not implemented");
+    throw new SecretStorageNotConfiguredException();
   }
 }

projects/control-service/projects/pipelines_control_service/src/main/java/com/vmware/taurus/secrets/service/vault/VaultJobSecretsService.java

@@ -7,13 +7,17 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.vmware.taurus.exception.DataJobSecretsException;
+import com.vmware.taurus.exception.DataJobSecretsSizeLimitException;
 import lombok.extern.slf4j.Slf4j;
 import org.json.JSONObject;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Service;
 import org.springframework.vault.core.VaultOperations;
 import org.springframework.vault.support.Versioned;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Collections;
 import java.util.Map;
 import java.util.stream.Collectors;
@@ -23,8 +27,12 @@
 @ConditionalOnProperty(value = "featureflag.vault.integration.enabled")
 public class VaultJobSecretsService implements com.vmware.taurus.secrets.service.JobSecretsService {
 
+  private static final int VAULT_SIZE_LIMIT_DEFAULT = 1048576; // 1 MB
   private static final String SECRET = "secret";
 
+  @Value("${datajobs.vault.size.limit.bytes}")
+  private int sizeLimitBytes = VAULT_SIZE_LIMIT_DEFAULT;
+
   private final ObjectMapper objectMapper = new ObjectMapper();
   private final VaultOperations vaultOperations;
 
@@ -34,6 +42,10 @@ public VaultJobSecretsService(VaultOperations vaultOperations) {
 
   @Override
   public void updateJobSecrets(String jobName, Map<String, Object> secrets) {
+
+    checkJobName(jobName);
+    checkJobSecretsMap(jobName, secrets);
+
     Versioned<VaultJobSecrets> readResponse =
         vaultOperations.opsForVersionedKeyValue(SECRET).get(jobName, VaultJobSecrets.class);
 
@@ -57,13 +69,20 @@ public void updateJobSecrets(String jobName, Map<String, Object> secrets) {
                       return entry.getValue();
                     }));
 
-    vaultJobSecrets.setSecretsJson(new JSONObject(updatedSecrets).toString());
+    String updatedSecretsString = new JSONObject(updatedSecrets).toString();
+    if (updatedSecretsString.getBytes(StandardCharsets.UTF_8).length > sizeLimitBytes) {
+      throw new DataJobSecretsSizeLimitException(
+          jobName, "Secret size exceeds configured limit of:" + sizeLimitBytes);
+    }
+
+    vaultJobSecrets.setSecretsJson(updatedSecretsString);
 
     vaultOperations.opsForVersionedKeyValue(SECRET).put(jobName, vaultJobSecrets);
   }
 
   @Override
   public Map<String, Object> readJobSecrets(String jobName) throws JsonProcessingException {
+    checkJobName(jobName);
     Versioned<VaultJobSecrets> readResponse =
         vaultOperations.opsForVersionedKeyValue(SECRET).get(jobName, VaultJobSecrets.class);
 
@@ -76,4 +95,16 @@ public Map<String, Object> readJobSecrets(String jobName) throws JsonProcessingE
       return Collections.emptyMap();
     }
   }
+
+  private void checkJobName(String jobName) {
+    if (jobName == null || jobName.isBlank()) {
+      throw new DataJobSecretsException(jobName, "Data Job Name cannot be blank");
+    }
+  }
+
+  private void checkJobSecretsMap(String jobName, Map<String, Object> secrets) {
+    if (secrets == null || secrets.isEmpty()) {
+      throw new DataJobSecretsException(jobName, "Secrets parameter cannot be null or empty");
+    }
+  }
 }

projects/control-service/projects/pipelines_control_service/src/test/java/com/vmware/taurus/secrets/DataJobsSecretsControllerTest.java

@@ -0,0 +1,116 @@
+/*
+ * Copyright 2021-2023 VMware, Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/*
+ * Copyright 2021-2023 VMware, Inc.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.vmware.taurus.secrets;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.vmware.taurus.exception.DataJobSecretsException;
+import com.vmware.taurus.exception.SecretStorageNotConfiguredException;
+import com.vmware.taurus.secrets.controller.DataJobsSecretsController;
+import com.vmware.taurus.secrets.controller.NoOpDataJobsSecretsController;
+import com.vmware.taurus.secrets.service.JobSecretsService;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+class DataJobsSecretsControllerTest {
+
+  @Mock private JobSecretsService jobSecretsService;
+
+  @InjectMocks private DataJobsSecretsController controller;
+  @InjectMocks private NoOpDataJobsSecretsController noOpsController;
+
+  @Test
+  void testDataJobSecretsUpdate() {
+    String jobName = "testJob";
+    Map<String, Object> requestBody = new HashMap<>();
+
+    ResponseEntity<Void> expectedResponse = ResponseEntity.noContent().build();
+
+    doNothing().when(jobSecretsService).updateJobSecrets(jobName, requestBody);
+
+    ResponseEntity<Void> actualResponse =
+        controller.dataJobSecretsUpdate(null, jobName, null, requestBody);
+
+    verify(jobSecretsService, times(1)).updateJobSecrets(jobName, requestBody);
+
+    assertEquals(expectedResponse.getStatusCode(), actualResponse.getStatusCode());
+  }
+
+  @Test
+  void testDataJobSecretsRead() throws JsonProcessingException {
+    String jobName = "testJob";
+    Map<String, Object> expectedSecrets = new HashMap<>();
+
+    when(jobSecretsService.readJobSecrets(jobName)).thenReturn(expectedSecrets);
+
+    ResponseEntity<Map<String, Object>> expectedResponse = ResponseEntity.ok(expectedSecrets);
+
+    ResponseEntity<Map<String, Object>> actualResponse =
+        controller.dataJobSecretsRead(null, jobName, null);
+
+    verify(jobSecretsService, times(1)).readJobSecrets(jobName);
+
+    assertEquals(expectedResponse.getStatusCode(), actualResponse.getStatusCode());
+    assertEquals(expectedResponse.getBody(), actualResponse.getBody());
+  }
+
+  @Test
+  void testDataJobSecretsRead_JsonProcessingException() throws JsonProcessingException {
+    String jobName = "testJob";
+
+    when(jobSecretsService.readJobSecrets(jobName)).thenThrow(JsonProcessingException.class);
+
+    ResponseEntity<Map<String, Object>> expectedResponse =
+        ResponseEntity.status(HttpStatus.BAD_REQUEST).body(null);
+
+    DataJobSecretsException thrownException =
+        Assertions.assertThrows(
+            DataJobSecretsException.class,
+            () -> controller.dataJobSecretsRead(null, jobName, null));
+
+    verify(jobSecretsService, times(1)).readJobSecrets(jobName);
+
+    assertEquals(expectedResponse.getStatusCode(), thrownException.getHttpStatus());
+  }
+
+  @Test
+  void testDataJobSecrets_NotConfigured() throws JsonProcessingException {
+    String jobName = "testJob";
+
+    ResponseEntity<Map<String, Object>> expectedResponse =
+        ResponseEntity.status(HttpStatus.NOT_IMPLEMENTED).body(null);
+
+    SecretStorageNotConfiguredException thrownException =
+        Assertions.assertThrows(
+            SecretStorageNotConfiguredException.class,
+            () -> noOpsController.dataJobSecretsRead(null, jobName, null));
+
+    assertEquals(expectedResponse.getStatusCode(), thrownException.getHttpStatus());
+
+    thrownException =
+        Assertions.assertThrows(
+            SecretStorageNotConfiguredException.class,
+            () -> noOpsController.dataJobSecretsUpdate(null, jobName, null, null));
+
+    assertEquals(expectedResponse.getStatusCode(), thrownException.getHttpStatus());
+  }
+}