Implement BitwardenSensitiveInformationParameter (#589)

2024-07-11 09:48:14 -07:00
parent 87d6e71768
commit 6f88ae31a0
10 changed files with 422 additions and 41 deletions
--- a/skyvern/forge/sdk/workflow/context_manager.py
+++ b/skyvern/forge/sdk/workflow/context_manager.py
@@ -194,6 +194,55 @@ class WorkflowRunContext:
            except BitwardenBaseError as e:
                LOG.error(f"Failed to get secret from Bitwarden. Error: {e}")
                raise e
+        # TODO (kerem): Implement this
+        elif parameter.parameter_type == ParameterType.BITWARDEN_SENSITIVE_INFORMATION:
+            try:
+                # Get the Bitwarden login credentials from AWS secrets
+                client_id = await aws_client.get_secret(parameter.bitwarden_client_id_aws_secret_key)
+                client_secret = await aws_client.get_secret(parameter.bitwarden_client_secret_aws_secret_key)
+                master_password = await aws_client.get_secret(parameter.bitwarden_master_password_aws_secret_key)
+            except Exception as e:
+                LOG.error(f"Failed to get Bitwarden login credentials from AWS secrets. Error: {e}")
+                raise e
+
+            bitwarden_identity_key = parameter.bitwarden_identity_key
+            if self.has_parameter(parameter.bitwarden_identity_key) and self.has_value(
+                parameter.bitwarden_identity_key
+            ):
+                bitwarden_identity_key = self.values[parameter.bitwarden_identity_key]
+
+            collection_id = parameter.bitwarden_collection_id
+            if self.has_parameter(parameter.bitwarden_collection_id) and self.has_value(
+                parameter.bitwarden_collection_id
+            ):
+                collection_id = self.values[parameter.bitwarden_collection_id]
+
+            try:
+                sensitive_values = BitwardenService.get_sensitive_information_from_identity(
+                    client_id,
+                    client_secret,
+                    master_password,
+                    collection_id,
+                    bitwarden_identity_key,
+                    parameter.bitwarden_identity_fields,
+                )
+                if sensitive_values:
+                    self.secrets[BitwardenConstants.IDENTITY_KEY] = bitwarden_identity_key
+                    self.secrets[BitwardenConstants.CLIENT_SECRET] = client_secret
+                    self.secrets[BitwardenConstants.CLIENT_ID] = client_id
+                    self.secrets[BitwardenConstants.MASTER_PASSWORD] = master_password
+                    self.secrets[BitwardenConstants.BW_COLLECTION_ID] = collection_id
+
+                    self.values[parameter.key] = {}
+                    for key, value in sensitive_values.items():
+                        random_secret_id = self.generate_random_secret_id()
+                        secret_id = f"{random_secret_id}_{key}"
+                        self.secrets[secret_id] = value
+                        self.values[parameter.key][key] = secret_id
+
+            except BitwardenBaseError as e:
+                LOG.error(f"Failed to get sensitive information from Bitwarden. Error: {e}")
+                raise e
        elif isinstance(parameter, ContextParameter):
            if isinstance(parameter.source, WorkflowParameter):
                # TODO (kerem): set this while initializing the context manager
--- a/skyvern/forge/sdk/workflow/models/parameter.py
+++ b/skyvern/forge/sdk/workflow/models/parameter.py
@@ -12,6 +12,7 @@ class ParameterType(StrEnum):
    CONTEXT = "context"
    AWS_SECRET = "aws_secret"
    BITWARDEN_LOGIN_CREDENTIAL = "bitwarden_login_credential"
+    BITWARDEN_SENSITIVE_INFORMATION = "bitwarden_sensitive_information"
    OUTPUT = "output"


@@ -61,6 +62,30 @@ class BitwardenLoginCredentialParameter(Parameter):
    deleted_at: datetime | None = None


+class BitwardenSensitiveInformationParameter(Parameter):
+    parameter_type: Literal[ParameterType.BITWARDEN_SENSITIVE_INFORMATION] = (
+        ParameterType.BITWARDEN_SENSITIVE_INFORMATION
+    )
+    # parameter fields
+    bitwarden_sensitive_information_parameter_id: str
+    workflow_id: str
+    # bitwarden cli required fields
+    bitwarden_client_id_aws_secret_key: str
+    bitwarden_client_secret_aws_secret_key: str
+    bitwarden_master_password_aws_secret_key: str
+    # bitwarden collection id to filter the Bitwarden Identity from
+    bitwarden_collection_id: str
+    # unique key to identify the Bitwarden Identity in the collection
+    # this has to be in the identity's name
+    bitwarden_identity_key: str
+    # fields to extract from the Bitwarden Identity. Custom fields are prioritized over default identity fields
+    bitwarden_identity_fields: list[str]
+
+    created_at: datetime
+    modified_at: datetime
+    deleted_at: datetime | None = None
+
+
 class WorkflowParameterType(StrEnum):
    STRING = "string"
    INTEGER = "integer"
@@ -124,6 +149,7 @@ ParameterSubclasses = Union[
    ContextParameter,
    AWSSecretParameter,
    BitwardenLoginCredentialParameter,
+    BitwardenSensitiveInformationParameter,
    OutputParameter,
 ]
 PARAMETER_TYPE = Annotated[ParameterSubclasses, Field(discriminator="parameter_type")]
--- a/skyvern/forge/sdk/workflow/models/yaml.py
+++ b/skyvern/forge/sdk/workflow/models/yaml.py
@@ -41,6 +41,28 @@ class BitwardenLoginCredentialParameterYAML(ParameterYAML):
    bitwarden_collection_id: str | None = None


+class BitwardenSensitiveInformationParameterYAML(ParameterYAML):
+    # There is a mypy bug with Literal. Without the type: ignore, mypy will raise an error:
+    # Parameter 1 of Literal[...] cannot be of type "Any"
+    # This pattern already works in block.py but since the ParameterType is not defined in this file, mypy is not able
+    # to infer the type of the parameter_type attribute.
+    parameter_type: Literal[ParameterType.BITWARDEN_SENSITIVE_INFORMATION] = (
+        ParameterType.BITWARDEN_SENSITIVE_INFORMATION
+    )  # type: ignore
+
+    # bitwarden cli required fields
+    bitwarden_client_id_aws_secret_key: str
+    bitwarden_client_secret_aws_secret_key: str
+    bitwarden_master_password_aws_secret_key: str
+    # bitwarden collection id to filter the Bitwarden Identity from
+    bitwarden_collection_id: str
+    # unique key to identify the Bitwarden Identity in the collection
+    # this has to be in the identity's name
+    bitwarden_identity_key: str
+    # fields to extract from the Bitwarden Identity. Custom fields are prioritized over default identity fields
+    bitwarden_identity_fields: list[str]
+
+
 class WorkflowParameterYAML(ParameterYAML):
    # There is a mypy bug with Literal. Without the type: ignore, mypy will raise an error:
    # Parameter 1 of Literal[...] cannot be of type "Any"
@@ -172,6 +194,7 @@ class FileParserBlockYAML(BlockYAML):
 PARAMETER_YAML_SUBCLASSES = (
    AWSSecretParameterYAML
    | BitwardenLoginCredentialParameterYAML
+    | BitwardenSensitiveInformationParameterYAML
    | WorkflowParameterYAML
    | ContextParameterYAML
    | OutputParameterYAML
--- a/skyvern/forge/sdk/workflow/service.py
+++ b/skyvern/forge/sdk/workflow/service.py
@@ -489,6 +489,30 @@ class WorkflowService:
            bitwarden_collection_id=bitwarden_collection_id,
        )

+    async def create_bitwarden_sensitive_information_parameter(
+        self,
+        workflow_id: str,
+        bitwarden_client_id_aws_secret_key: str,
+        bitwarden_client_secret_aws_secret_key: str,
+        bitwarden_master_password_aws_secret_key: str,
+        bitwarden_collection_id: str,
+        bitwarden_identity_key: str,
+        bitwarden_identity_fields: list[str],
+        key: str,
+        description: str | None = None,
+    ) -> Parameter:
+        return await app.DATABASE.create_bitwarden_sensitive_information_parameter(
+            workflow_id=workflow_id,
+            bitwarden_client_id_aws_secret_key=bitwarden_client_id_aws_secret_key,
+            bitwarden_client_secret_aws_secret_key=bitwarden_client_secret_aws_secret_key,
+            bitwarden_master_password_aws_secret_key=bitwarden_master_password_aws_secret_key,
+            bitwarden_collection_id=bitwarden_collection_id,
+            bitwarden_identity_key=bitwarden_identity_key,
+            bitwarden_identity_fields=bitwarden_identity_fields,
+            key=key,
+            description=description,
+        )
+
    async def create_output_parameter(
        self, workflow_id: str, key: str, description: str | None = None
    ) -> OutputParameter:
@@ -865,6 +889,18 @@ class WorkflowService:
                        description=parameter.description,
                        bitwarden_collection_id=parameter.bitwarden_collection_id,
                    )
+                elif parameter.parameter_type == ParameterType.BITWARDEN_SENSITIVE_INFORMATION:
+                    parameters[parameter.key] = await self.create_bitwarden_sensitive_information_parameter(
+                        workflow_id=workflow.workflow_id,
+                        bitwarden_client_id_aws_secret_key=parameter.bitwarden_client_id_aws_secret_key,
+                        bitwarden_client_secret_aws_secret_key=parameter.bitwarden_client_secret_aws_secret_key,
+                        bitwarden_master_password_aws_secret_key=parameter.bitwarden_master_password_aws_secret_key,
+                        bitwarden_collection_id=parameter.bitwarden_collection_id,
+                        bitwarden_identity_key=parameter.bitwarden_identity_key,
+                        bitwarden_identity_fields=parameter.bitwarden_identity_fields,
+                        key=parameter.key,
+                        description=parameter.description,
+                    )
                elif parameter.parameter_type == ParameterType.WORKFLOW:
                    parameters[parameter.key] = await self.create_workflow_parameter(
                        workflow_id=workflow.workflow_id,