Change project.private_key to private_secrets_key
To make room for upcoming per-project and per-tenant ssh keys, clarify that the current "key" is the secrets key. Change-Id: I4267ee0002af02afb0331bad15488a6c5a293392
This commit is contained in:
parent
55c4786198
commit
4193b61d13
|
@ -62,8 +62,9 @@ class TestJob(BaseTestCase):
|
|||
|
||||
private_key_file = os.path.join(FIXTURE_DIR, 'private.pem')
|
||||
with open(private_key_file, "rb") as f:
|
||||
self.project.private_key, self.project.public_key = \
|
||||
encryption.deserialize_rsa_keypair(f.read())
|
||||
priv, pub = encryption.deserialize_rsa_keypair(f.read())
|
||||
self.project.private_secrets_key = priv
|
||||
self.project.public_secrets_key = pub
|
||||
m = yaml.Mark('name', 0, 0, 0, '', 0)
|
||||
self.start_mark = configloader.ZuulMark(m, m, '')
|
||||
|
||||
|
|
|
@ -1345,17 +1345,18 @@ class TenantParser(object):
|
|||
tpc.branches = branches
|
||||
|
||||
def _loadProjectKeys(self, connection_name, project):
|
||||
project.private_key_file = self.keystorage.getProjectSecretsKeyFile(
|
||||
connection_name, project.name)
|
||||
project.private_secrets_key_file = \
|
||||
self.keystorage.getProjectSecretsKeyFile(
|
||||
connection_name, project.name)
|
||||
|
||||
self._generateKeys(project)
|
||||
self._loadKeys(project)
|
||||
|
||||
def _generateKeys(self, project):
|
||||
if os.path.isfile(project.private_key_file):
|
||||
if os.path.isfile(project.private_secrets_key_file):
|
||||
return
|
||||
|
||||
key_dir = os.path.dirname(project.private_key_file)
|
||||
key_dir = os.path.dirname(project.private_secrets_key_file)
|
||||
if not os.path.isdir(key_dir):
|
||||
os.makedirs(key_dir, 0o700)
|
||||
|
||||
|
@ -1369,25 +1370,25 @@ class TenantParser(object):
|
|||
# because the public key can be constructed from it.
|
||||
self.log.info(
|
||||
"Saving RSA keypair for project %s to %s" % (
|
||||
project.name, project.private_key_file)
|
||||
project.name, project.private_secrets_key_file)
|
||||
)
|
||||
|
||||
# Ensure private key is read/write for zuul user only.
|
||||
with open(os.open(project.private_key_file,
|
||||
with open(os.open(project.private_secrets_key_file,
|
||||
os.O_CREAT | os.O_WRONLY, 0o600), 'wb') as f:
|
||||
f.write(pem_private_key)
|
||||
|
||||
@staticmethod
|
||||
def _loadKeys(project):
|
||||
# Check the key files specified are there
|
||||
if not os.path.isfile(project.private_key_file):
|
||||
if not os.path.isfile(project.private_secrets_key_file):
|
||||
raise Exception(
|
||||
'Private key file {0} not found'.format(
|
||||
project.private_key_file))
|
||||
project.private_secrets_key_file))
|
||||
|
||||
# Load keypair
|
||||
with open(project.private_key_file, "rb") as f:
|
||||
(project.private_key, project.public_key) = \
|
||||
with open(project.private_secrets_key_file, "rb") as f:
|
||||
(project.private_secrets_key, project.public_secrets_key) = \
|
||||
encryption.deserialize_rsa_keypair(f.read())
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -921,14 +921,14 @@ class PlaybookContext(ConfigObject):
|
|||
"are used".format(
|
||||
name=secret_name))
|
||||
# Decrypt a copy of the secret to verify it can be done
|
||||
secret.decrypt(self.source_context.project.private_key)
|
||||
secret.decrypt(self.source_context.project.private_secrets_key)
|
||||
|
||||
def freezeSecrets(self, layout):
|
||||
secrets = []
|
||||
for (secret_name, secret_alias) in self.secrets:
|
||||
secret = layout.secrets.get(secret_name)
|
||||
decrypted_secret = secret.decrypt(
|
||||
self.source_context.project.private_key)
|
||||
self.source_context.project.private_secrets_key)
|
||||
decrypted_secret.name = secret_alias
|
||||
secrets.append(decrypted_secret)
|
||||
self.decrypted_secrets = tuple(secrets)
|
||||
|
|
|
@ -400,7 +400,7 @@ class RPCListener(object):
|
|||
job.sendWorkComplete("")
|
||||
return
|
||||
job.sendWorkComplete(
|
||||
encryption.serialize_rsa_public_key(project.public_key))
|
||||
encryption.serialize_rsa_public_key(project.public_secrets_key))
|
||||
|
||||
def handle_config_errors_list(self, job):
|
||||
args = json.loads(job.arguments)
|
||||
|
|
Loading…
Reference in New Issue