Merge pull request #6857 from devtron-labs/main-sync-4nov-1

sync: Main sync

Author: kartik-579

Makefile

@@ -2,7 +2,7 @@
 
 all: fetch-all-env build
 
-TARGET_BRANCH?=main
+TARGET_BRANCH?=develop
 TAG?=$(shell bash -c 'git log --pretty=format:'%h' -n 1')
 FLAGS=
 ENVVAR=

cmd/external-app/wire_gen.go

@@ -188,6 +188,7 @@
  | ENABLE_ASYNC_ARGO_CD_INSTALL_DEVTRON_CHART | bool |false | To enable async installation of gitops application |  | false |
  | ENABLE_ASYNC_INSTALL_DEVTRON_CHART | bool |false | To enable async installation of no-gitops application |  | false |
  | ENABLE_LINKED_CI_ARTIFACT_COPY | bool |false | Enable copying artifacts from parent CI pipeline to linked CI pipeline during creation |  | false |
+ | ENABLE_PASSWORD_ENCRYPTION | bool |true | enable password encryption |  | false |
  | EPHEMERAL_SERVER_VERSION_REGEX | string |v[1-9]\.\b(2[3-9]\|[3-9][0-9])\b.* | ephemeral containers support version regex that is compared with k8sServerVersion |  | false |
  | EVENT_URL | string |http://localhost:3000/notify | Notifier service url |  | false |
  | EXECUTE_WIRE_NIL_CHECKER | bool |false | checks for any nil pointer in wire.go |  | false |

env_gen.json

@@ -338,7 +338,7 @@ require (
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.13 => github.com/devtron-labs/argo-workflows/v3 v3.5.13
 	github.com/cyphar/filepath-securejoin v0.4.1 => github.com/cyphar/filepath-securejoin v0.3.6 // indirect
-	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953
-	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7
+	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1
 )

env_gen.md

@@ -237,10 +237,10 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13 h1:3pINq0gXOSeTw2z/vYe+j80lRpSN5Rp/8mfQORh8SmU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953 h1:LE08yoM+m/HgSXr8/aLwWUr0S6FBmC/853qpkZtrrkY=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953 h1:gKhFrhn+XVAunhJdZHrpQF6Q6HR81kux1ugqlcsyJRA=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953/go.mod h1:BPvuxIUW9TNYZ3+9r39nMzeORMcLqTwNkakirqp9AzU=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7 h1:YkFQOE+l+ei//+HesxWQV1bxUr2tNNZSN31DkDFbtts=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7 h1:IsgreAJRCpycvA7of0j0VZa9nXWXKOiTzDrH92149Zc=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7/go.mod h1:+CUhxuWB8uMYIoiXwofuLIXPyiNnwmoZlH90KWAE5Ew=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
 github.com/devtron-labs/protos v0.0.3-0.20250323220609-ecf8a0f7305e h1:U6UdYbW8a7xn5IzFPd8cywjVVPfutGJCudjePAfL/Hs=

go.mod

@@ -19,6 +19,7 @@ package repository
 import (
 	"github.com/devtron-labs/common-lib/securestore"
 	"github.com/devtron-labs/devtron/pkg/sql"
+	globalUtil "github.com/devtron-labs/devtron/util"
 	"github.com/go-pg/pg"
 	"go.uber.org/zap"
 )
@@ -37,8 +38,9 @@ type GitOpsConfigRepository interface {
 }
 
 type GitOpsConfigRepositoryImpl struct {
-	dbConnection *pg.DB
-	logger       *zap.SugaredLogger
+	dbConnection       *pg.DB
+	logger             *zap.SugaredLogger
+	GlobalEnvVariables *globalUtil.GlobalEnvVariables
 }
 
 type GitOpsConfig struct {
@@ -63,8 +65,8 @@ type GitOpsConfig struct {
 	sql.AuditLog
 }
 
-func NewGitOpsConfigRepositoryImpl(logger *zap.SugaredLogger, dbConnection *pg.DB) *GitOpsConfigRepositoryImpl {
-	return &GitOpsConfigRepositoryImpl{dbConnection: dbConnection, logger: logger}
+func NewGitOpsConfigRepositoryImpl(logger *zap.SugaredLogger, dbConnection *pg.DB, variables *globalUtil.EnvironmentVariables) *GitOpsConfigRepositoryImpl {
+	return &GitOpsConfigRepositoryImpl{dbConnection: dbConnection, logger: logger, GlobalEnvVariables: variables.GlobalEnvVariables}
 }
 
 func (impl *GitOpsConfigRepositoryImpl) GetConnection() *pg.DB {
@@ -73,9 +75,11 @@ func (impl *GitOpsConfigRepositoryImpl) GetConnection() *pg.DB {
 
 func (impl *GitOpsConfigRepositoryImpl) CreateGitOpsConfig(model *GitOpsConfig, tx *pg.Tx) (*GitOpsConfig, error) {
 	var err error
-	model.Token, err = securestore.EncryptString(model.Token.String())
-	if err != nil {
-		return model, err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Token, err = securestore.EncryptString(model.Token.String())
+		if err != nil {
+			return model, err
+		}
 	}
 	err = tx.Insert(model)
 	if err != nil {
@@ -85,9 +89,11 @@ func (impl *GitOpsConfigRepositoryImpl) CreateGitOpsConfig(model *GitOpsConfig,
 	return model, nil
 }
 func (impl *GitOpsConfigRepositoryImpl) UpdateGitOpsConfig(model *GitOpsConfig, tx *pg.Tx) (err error) {
-	model.Token, err = securestore.EncryptString(model.Token.String())
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Token, err = securestore.EncryptString(model.Token.String())
+		if err != nil {
+			return err
+		}
 	}
 	err = tx.Update(model)
 	if err != nil {

go.sum

@@ -99,27 +99,30 @@ type DockerArtifactStoreRepository interface {
 	FindInactive(storeId string) (bool, error)
 }
 type DockerArtifactStoreRepositoryImpl struct {
-	dbConnection *pg.DB
+	dbConnection       *pg.DB
+	GlobalEnvVariables *util.GlobalEnvVariables
 }
 
-func NewDockerArtifactStoreRepositoryImpl(dbConnection *pg.DB) *DockerArtifactStoreRepositoryImpl {
-	return &DockerArtifactStoreRepositoryImpl{dbConnection: dbConnection}
+func NewDockerArtifactStoreRepositoryImpl(dbConnection *pg.DB, environmentVariables *util.EnvironmentVariables) *DockerArtifactStoreRepositoryImpl {
+	return &DockerArtifactStoreRepositoryImpl{dbConnection: dbConnection, GlobalEnvVariables: environmentVariables.GlobalEnvVariables}
 }
 
 func (impl DockerArtifactStoreRepositoryImpl) GetConnection() *pg.DB {
 	return impl.dbConnection
 }
 
 func (impl DockerArtifactStoreRepositoryImpl) Save(artifactStore *DockerArtifactStore, tx *pg.Tx) (err error) {
-	artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
-	if err != nil {
-		return err
-	}
-	artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
-	if err != nil {
-		return err
-	}
 
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
+		if err != nil {
+			return err
+		}
+		artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
+		if err != nil {
+			return err
+		}
+	}
 	if util.IsBaseStack() {
 		return tx.Insert(artifactStore)
 	}
@@ -246,13 +249,15 @@ func (impl DockerArtifactStoreRepositoryImpl) FindOneInactive(storeId string) (*
 }
 
 func (impl DockerArtifactStoreRepositoryImpl) Update(artifactStore *DockerArtifactStore, tx *pg.Tx) (err error) {
-	artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
-	if err != nil {
-		return err
-	}
-	artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
+		if err != nil {
+			return err
+		}
+		artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
+		if err != nil {
+			return err
+		}
 	}
 	//TODO check for unique default
 	//there can be only one default

internal/sql/repository/GitOpsConfigRepository.go

@@ -20,6 +20,7 @@ import (
 	"github.com/devtron-labs/common-lib/securestore"
 	"github.com/devtron-labs/devtron/internal/sql/constants"
 	"github.com/devtron-labs/devtron/pkg/sql"
+	globalUtil "github.com/devtron-labs/devtron/util"
 	"github.com/go-pg/pg"
 )
 
@@ -56,15 +57,16 @@ type GitProviderRepository interface {
 }
 
 type GitProviderRepositoryImpl struct {
-	dbConnection *pg.DB
+	GlobalEnvVariables *globalUtil.GlobalEnvVariables
+	dbConnection       *pg.DB
 }
 
-func NewGitProviderRepositoryImpl(dbConnection *pg.DB) *GitProviderRepositoryImpl {
-	return &GitProviderRepositoryImpl{dbConnection: dbConnection}
+func NewGitProviderRepositoryImpl(dbConnection *pg.DB, envVariables *globalUtil.EnvironmentVariables) *GitProviderRepositoryImpl {
+	return &GitProviderRepositoryImpl{dbConnection: dbConnection, GlobalEnvVariables: envVariables.GlobalEnvVariables}
 }
 
 func (impl GitProviderRepositoryImpl) Save(gitProvider *GitProvider) error {
-	err := encryptFieldsInGitProvider(gitProvider)
+	err := impl.encryptFieldsInGitProvider(gitProvider)
 	if err != nil {
 		return err
 	}
@@ -120,7 +122,7 @@ func (impl GitProviderRepositoryImpl) FindByUrl(providerUrl string) (GitProvider
 }
 
 func (impl GitProviderRepositoryImpl) Update(gitProvider *GitProvider) error {
-	err := encryptFieldsInGitProvider(gitProvider)
+	err := impl.encryptFieldsInGitProvider(gitProvider)
 	if err != nil {
 		return err
 	}
@@ -133,19 +135,21 @@ func (impl GitProviderRepositoryImpl) MarkProviderDeleted(gitProvider *GitProvid
 	return impl.dbConnection.Update(gitProvider)
 }
 
-func encryptFieldsInGitProvider(gitProvider *GitProvider) error {
+func (impl GitProviderRepositoryImpl) encryptFieldsInGitProvider(gitProvider *GitProvider) error {
 	var err error
-	gitProvider.Password, err = securestore.EncryptString(gitProvider.Password.String())
-	if err != nil {
-		return err
-	}
-	gitProvider.AccessToken, err = securestore.EncryptString(gitProvider.AccessToken.String())
-	if err != nil {
-		return err
-	}
-	gitProvider.SshPrivateKey, err = securestore.EncryptString(gitProvider.SshPrivateKey.String())
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		gitProvider.Password, err = securestore.EncryptString(gitProvider.Password.String())
+		if err != nil {
+			return err
+		}
+		gitProvider.AccessToken, err = securestore.EncryptString(gitProvider.AccessToken.String())
+		if err != nil {
+			return err
+		}
+		gitProvider.SshPrivateKey, err = securestore.EncryptString(gitProvider.SshPrivateKey.String())
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }

internal/sql/repository/dockerRegistry/DockerArtifactStoreRepository.go

@@ -19,6 +19,7 @@ package repository
 import (
 	"github.com/devtron-labs/common-lib/securestore"
 	"github.com/devtron-labs/devtron/pkg/sql"
+	globalUtil "github.com/devtron-labs/devtron/util"
 	"github.com/go-pg/pg"
 	"go.uber.org/zap"
 	"time"
@@ -74,22 +75,26 @@ type ClusterRepository interface {
 	FindByClusterURL(clusterURL string) (*Cluster, error)
 }
 
-func NewClusterRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger) *ClusterRepositoryImpl {
+func NewClusterRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger, variables *globalUtil.EnvironmentVariables) *ClusterRepositoryImpl {
 	return &ClusterRepositoryImpl{
-		dbConnection: dbConnection,
-		logger:       logger,
+		dbConnection:       dbConnection,
+		logger:             logger,
+		GlobalEnvVariables: variables.GlobalEnvVariables,
 	}
 }
 
 type ClusterRepositoryImpl struct {
-	dbConnection *pg.DB
-	logger       *zap.SugaredLogger
+	dbConnection       *pg.DB
+	logger             *zap.SugaredLogger
+	GlobalEnvVariables *globalUtil.GlobalEnvVariables
 }
 
 func (impl ClusterRepositoryImpl) Save(model *Cluster) (err error) {
-	model.Config, err = securestore.EncryptMap(model.Config)
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Config, err = securestore.EncryptMap(model.Config)
+		if err != nil {
+			return err
+		}
 	}
 	return impl.dbConnection.Insert(model)
 }
@@ -106,9 +111,11 @@ func (impl ClusterRepositoryImpl) FindOne(clusterName string) (*Cluster, error)
 }
 func (impl ClusterRepositoryImpl) SaveAll(models []*Cluster) (err error) {
 	for i := range models {
-		models[i].Config, err = securestore.EncryptMap(models[i].Config)
-		if err != nil {
-			return err
+		if impl.GlobalEnvVariables.EnablePasswordEncryption {
+			models[i].Config, err = securestore.EncryptMap(models[i].Config)
+			if err != nil {
+				return err
+			}
 		}
 	}
 	return impl.dbConnection.Insert(models)
@@ -191,9 +198,11 @@ func (impl ClusterRepositoryImpl) FindByIds(id []int) ([]Cluster, error) {
 }
 
 func (impl ClusterRepositoryImpl) Update(model *Cluster) (err error) {
-	model.Config, err = securestore.EncryptMap(model.Config)
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Config, err = securestore.EncryptMap(model.Config)
+		if err != nil {
+			return err
+		}
 	}
 	return impl.dbConnection.Update(model)
 }