Bug 1608103 - Fix dummy secrets generation (#8855)
parent
e6e2dd94c7
commit
d390baefaf
|
@ -38,8 +38,8 @@ token_file = sys.argv[2]
|
|||
with open(token_file) as f:
|
||||
key = f.read()
|
||||
|
||||
if key.rstrip() == '--':
|
||||
print('Nimbledroid key "--" detected. Not uploading anything to the service.')
|
||||
if key.rstrip() == "faketoken":
|
||||
print('Nimbledroid key "faketoken" detected. Not uploading anything to the service.')
|
||||
sys.exit(0)
|
||||
|
||||
with open(apk_path) as apk_file:
|
||||
|
|
|
@ -25,11 +25,12 @@ job-defaults:
|
|||
key: api_key
|
||||
path: .nimbledroid_token
|
||||
default: []
|
||||
pre-commands:
|
||||
dummy-secrets:
|
||||
by-level:
|
||||
'3': []
|
||||
default:
|
||||
- [echo, '--', '>', .nimbledroid_token]
|
||||
- content: "faketoken"
|
||||
path: .nimbledroid_token
|
||||
run-on-tasks-for: []
|
||||
treeherder:
|
||||
kind: test
|
||||
|
|
|
@ -19,6 +19,12 @@ secret_schema = {
|
|||
Optional("json"): bool,
|
||||
}
|
||||
|
||||
dummy_secret_schema = {
|
||||
Required("content"): text_type,
|
||||
Required("path"): text_type,
|
||||
Optional("json"): bool,
|
||||
}
|
||||
|
||||
gradlew_schema = Schema({
|
||||
Required("using"): "gradlew",
|
||||
Optional("pre-gradlew"): [[text_type]],
|
||||
|
@ -28,6 +34,7 @@ gradlew_schema = Schema({
|
|||
Required("workdir"): text_type,
|
||||
Optional("use-caches"): bool,
|
||||
Optional("secrets"): [secret_schema],
|
||||
Optional("dummy-secrets"): [dummy_secret_schema],
|
||||
})
|
||||
|
||||
run_commands_schema = Schema({
|
||||
|
@ -37,6 +44,7 @@ run_commands_schema = Schema({
|
|||
Required("workdir"): text_type,
|
||||
Optional("use-caches"): bool,
|
||||
Optional("secrets"): [secret_schema],
|
||||
Optional("dummy-secrets"): [dummy_secret_schema],
|
||||
})
|
||||
|
||||
|
||||
|
@ -44,9 +52,13 @@ run_commands_schema = Schema({
|
|||
def configure_run_commands_schema(config, job, taskdesc):
|
||||
run = job["run"]
|
||||
pre_commands = run.pop("pre-commands", [])
|
||||
pre_commands += [
|
||||
_generate_dummy_secret_command(secret) for secret in run.pop("dummy-secrets", [])
|
||||
]
|
||||
pre_commands += [
|
||||
_generate_secret_command(secret) for secret in run.get("secrets", [])
|
||||
]
|
||||
|
||||
all_commands = pre_commands + run.pop("commands", [])
|
||||
|
||||
run["command"] = _convert_commands_to_string(all_commands)
|
||||
|
@ -72,6 +84,9 @@ def configure_gradlew(config, job, taskdesc):
|
|||
|
||||
def _extract_gradlew_command(run):
|
||||
pre_gradle_commands = run.pop("pre-gradlew", [])
|
||||
pre_gradle_commands += [
|
||||
_generate_dummy_secret_command(secret) for secret in run.pop("dummy-secrets", [])
|
||||
]
|
||||
pre_gradle_commands += [
|
||||
_generate_secret_command(secret) for secret in run.get("secrets", [])
|
||||
]
|
||||
|
@ -96,6 +111,18 @@ def _generate_secret_command(secret):
|
|||
return secret_command
|
||||
|
||||
|
||||
def _generate_dummy_secret_command(secret):
|
||||
secret_command = [
|
||||
"taskcluster/scripts/write-dummy-secret.py",
|
||||
"-f", secret["path"],
|
||||
"-c", secret["content"],
|
||||
]
|
||||
if secret.get("json"):
|
||||
secret_command.append("--json")
|
||||
|
||||
return secret_command
|
||||
|
||||
|
||||
def _convert_commands_to_string(commands):
|
||||
should_artifact_reference = False
|
||||
should_task_reference = False
|
||||
|
|
|
@ -32,6 +32,7 @@ def add_variant_config(config, tasks):
|
|||
def add_shippable_secrets(config, tasks):
|
||||
for task in tasks:
|
||||
secrets = task["run"].setdefault("secrets", [])
|
||||
dummy_secrets = task["run"].setdefault("dummy-secrets", [])
|
||||
|
||||
if task.pop("include-shippable-secrets", False) and config.params["level"] == "3":
|
||||
build_type = task["attributes"]["build-type"]
|
||||
|
@ -50,15 +51,16 @@ def add_shippable_secrets(config, tasks):
|
|||
('mls', '.mls_token'),
|
||||
)])
|
||||
else:
|
||||
task["run"]["pre-gradlew"] = [[
|
||||
"echo", '"{}"'.format(fake_value), ">", target_file
|
||||
] for fake_value, target_file in (
|
||||
("--", ".adjust_token"),
|
||||
("", ".digital_asset_links_token"),
|
||||
("-:-", ".leanplum_token"),
|
||||
("", ".mls_token"),
|
||||
dummy_secrets.extend([{
|
||||
"content": fake_value,
|
||||
"path": target_file,
|
||||
} for fake_value, target_file in (
|
||||
("faketoken", ".adjust_token"),
|
||||
("faketoken", ".digital_asset_links_token"),
|
||||
("fake:token", ".leanplum_token"), # : is used by leanplum
|
||||
("faketoken", ".mls_token"),
|
||||
("https://fake@sentry.prod.mozaws.net/368", ".sentry_token"),
|
||||
)]
|
||||
)])
|
||||
|
||||
yield task
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ transforms = TransformSequence()
|
|||
@transforms.add
|
||||
def resolve_keys(config, tasks):
|
||||
for task in tasks:
|
||||
for key in ("run.secrets", "run.pre-commands"):
|
||||
for key in ("run.secrets", "run.dummy-secrets"):
|
||||
resolve_keyed_by(
|
||||
task,
|
||||
key,
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
from __future__ import absolute_import, print_function, unicode_literals
|
||||
|
||||
import argparse
|
||||
import errno
|
||||
import json
|
||||
import os
|
||||
|
||||
|
||||
def write_secret_to_file(path, secret, key, json_secret=False):
|
||||
path = os.path.abspath(os.path.join(os.path.dirname(__file__), '../../' + path))
|
||||
try:
|
||||
os.makedirs(os.path.dirname(path))
|
||||
except OSError as error:
|
||||
if error.errno != errno.EEXIST:
|
||||
raise
|
||||
print("Outputting secret to: {}".format(path))
|
||||
|
||||
with open(path, 'w') as f:
|
||||
if json_secret:
|
||||
secret = json.dumps(secret)
|
||||
f.write(secret)
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Store a dummy secret to a file")
|
||||
|
||||
parser.add_argument("-c", dest="content", action="store", help="content of the secret")
|
||||
parser.add_argument("-f", dest="path", action="store", help="file to save secret to")
|
||||
parser.add_argument("--json", dest="json", action="store_true", default=False, help="serializes the secret to JSON format")
|
||||
|
||||
result = parser.parse_args()
|
||||
|
||||
write_secret_to_file(result.path, result.content, result.json)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
Loading…
Reference in New Issue