diff --git a/crates/experimentation_platform/src/api/experiments/handlers.rs b/crates/experimentation_platform/src/api/experiments/handlers.rs index bf362448..3fc935e9 100644 --- a/crates/experimentation_platform/src/api/experiments/handlers.rs +++ b/crates/experimentation_platform/src/api/experiments/handlers.rs @@ -295,7 +295,9 @@ async fn create( &config_version_id, &tenant, WebhookEvent::ExperimentCreated, + &state.app_env, &state.http_client, + &state.kms_client, ) .await?; } @@ -338,7 +340,9 @@ async fn conclude_handler( &config_version_id, &tenant, WebhookEvent::ExperimentConcluded, + &state.app_env, &state.http_client, + &state.kms_client, ) .await?; } @@ -711,7 +715,9 @@ async fn ramp( &config_version_id, &tenant, webhook_event, + &data.app_env, &data.http_client, + &data.kms_client, ) .await?; } @@ -948,7 +954,9 @@ async fn update_overrides( &config_version_id, &tenant, WebhookEvent::ExperimentUpdated, + &state.app_env, &state.http_client, + &state.kms_client, ) .await?; } diff --git a/crates/service_utils/src/helpers.rs b/crates/service_utils/src/helpers.rs index 85133bce..241cd379 100644 --- a/crates/service_utils/src/helpers.rs +++ b/crates/service_utils/src/helpers.rs @@ -1,4 +1,7 @@ -use crate::service::types::{AppState, Tenant}; +use crate::{ + aws::kms, + service::types::{AppEnv, AppState, Tenant}, +}; use actix_web::{error::ErrorInternalServerError, web::Data, Error}; use anyhow::anyhow; use chrono::Utc; @@ -23,6 +26,7 @@ use superposition_types::{ }, Condition, }; +use urlencoding::encode; const CONFIG_TAG_REGEX: &str = "^[a-zA-Z0-9_-]{1,64}$"; @@ -381,7 +385,9 @@ pub async fn execute_webhook_call( config_version_opt: &Option, tenant: &Tenant, event: WebhookEvent, + app_env: &AppEnv, http_client: &reqwest::Client, + kms_client: &Option, ) -> Result<(), AppError> where T: Serialize, @@ -411,13 +417,20 @@ where .for_each(|(key, value)| header_array.push((key, value))); if let Some(auth) = &webhook_config.authorization { - let auth_token_value: String = - get_from_env_unsafe(&auth.value).map_err(|err| { - log::error!("Failed to retrieve authentication token for the webhook with error: {}", err); - AppError::WebhookError( - String::from("Failed to retrieve authentication token for the webhook. Please verify the credentials in TenantConfig.") - ) + let auth_token_value: String = match app_env { + AppEnv::DEV | AppEnv::TEST => { + get_from_env_or_default(&auth.value, "1234".into()) + } + _ => { + let kms_client = kms_client.clone().ok_or_else(|| { + log::error!("Failed to retrieve kms client: KMS client is None"); + AppError::WebhookError(String::from( + "Something went wrong. Please check the logs.", + )) })?; + kms::decrypt(kms_client, &auth.value).await + } + }; header_array.push((auth.key.clone(), auth_token_value)); } diff --git a/crates/service_utils/src/service/types.rs b/crates/service_utils/src/service/types.rs index 3201a0d9..2e8d3dab 100644 --- a/crates/service_utils/src/service/types.rs +++ b/crates/service_utils/src/service/types.rs @@ -7,6 +7,7 @@ use std::{ }; use actix_web::{error, web::Data, Error, FromRequest, HttpMessage}; +use aws_sdk_kms::Client; use derive_more::{Deref, DerefMut}; use jsonschema::JSONSchema; use serde_json::json; @@ -54,6 +55,7 @@ pub struct AppState { #[cfg(feature = "high-performance-mode")] pub redis: fred::clients::RedisPool, pub http_client: reqwest::Client, + pub kms_client: Option, } impl FromStr for AppEnv { diff --git a/crates/superposition/src/app_state.rs b/crates/superposition/src/app_state.rs index e0f530c7..f25b7158 100644 --- a/crates/superposition/src/app_state.rs +++ b/crates/superposition/src/app_state.rs @@ -141,5 +141,6 @@ pub async fn get( #[cfg(feature = "high-performance-mode")] redis: redis_pool, http_client: reqwest::Client::new(), + kms_client: kms_client.clone(), } }