fix: Remove the requirement for a prefix on secret strings (#1446)

d0ugal · web-flow · commit f311bd10f5f9 · 2025-08-22T19:00:30.000+01:00
Rather than requiring strings start with either plaintext: or gsm: we
are going to use a string interpolation like we use in multihttp checks.
diff --git a/pkg/pb/synthetic_monitoring/checks_extra.go b/pkg/pb/synthetic_monitoring/checks_extra.go
@@ -675,17 +675,6 @@ func (s *HttpSettings) Validate() error {
 		}
 	}
 
-	// Validate secret manager enabled settings
-	if s.SecretManagerEnabled {
-		if !isValidSecretManagerValue(s.BearerToken) {
-			return ErrInvalidHttpBearerToken
-		}
-
-		if s.BasicAuth != nil && !isValidSecretManagerValue(s.BasicAuth.Password) {
-			return ErrInvalidHttpBasicAuthPassword
-		}
-	}
-
 	return nil
 }
 
@@ -1465,15 +1454,6 @@ func inClosedRange[T constraints.Ordered](v, lower, upper T) bool {
 	return v >= lower && v <= upper
 }
 
-// isValidSecretManagerValue returns true if the value is valid for secret manager.
-// A value is valid if it's empty or starts with "plaintext:" or "gsm:".
-func isValidSecretManagerValue(value string) bool {
-	if len(value) == 0 {
-		return true
-	}
-	return strings.HasPrefix(value, "plaintext:") || strings.HasPrefix(value, "gsm:")
-}
-
 func GetCheckInstance(checkType CheckType) Check {
 	var validCheckCases = map[CheckType]Check{
 		CheckTypeDns: {
diff --git a/pkg/pb/synthetic_monitoring/checks_extra_test.go b/pkg/pb/synthetic_monitoring/checks_extra_test.go
@@ -1214,91 +1214,6 @@ func TestHttpSettingsValidate(t *testing.T) {
 			},
 			expectError: false,
 		},
-		"secret manager enabled with valid bearer token": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BearerToken:          "plaintext:valid-token",
-			},
-			expectError: false,
-		},
-		"secret manager enabled with gsm bearer token": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BearerToken:          "gsm:my-bearer-token",
-			},
-			expectError: false,
-		},
-		"secret manager enabled with empty bearer token": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BearerToken:          "",
-			},
-			expectError: false,
-		},
-		"secret manager enabled with invalid bearer token": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BearerToken:          "invalid-token",
-			},
-			expectError: true,
-		},
-		"secret manager enabled with valid basic auth password": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BasicAuth: &BasicAuth{
-					Username: "user",
-					Password: "plaintext:valid-password",
-				},
-			},
-			expectError: false,
-		},
-		"secret manager enabled with gsm basic auth password": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BasicAuth: &BasicAuth{
-					Username: "user",
-					Password: "gsm:my-password",
-				},
-			},
-			expectError: false,
-		},
-		"secret manager enabled with empty basic auth password": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BasicAuth: &BasicAuth{
-					Username: "user",
-					Password: "",
-				},
-			},
-			expectError: false,
-		},
-		"secret manager enabled with invalid basic auth password": {
-			input: HttpSettings{
-				SecretManagerEnabled: true,
-				BasicAuth: &BasicAuth{
-					Username: "user",
-					Password: "invalid-password",
-				},
-			},
-			expectError: true,
-		},
-		"secret manager disabled with invalid bearer token": {
-			input: HttpSettings{
-				SecretManagerEnabled: false,
-				BearerToken:          "invalid-token",
-			},
-			expectError: false,
-		},
-		"secret manager disabled with invalid basic auth password": {
-			input: HttpSettings{
-				SecretManagerEnabled: false,
-				BasicAuth: &BasicAuth{
-					Username: "user",
-					Password: "invalid-password",
-				},
-			},
-			expectError: false,
-		},
 	}
 
 	for name, testcase := range testcases {
