zuul
/
zuul
Code Issues Proposed changes

Change project.private_key to private_secrets_key 

To make room for upcoming per-project and per-tenant ssh keys,
clarify that the current "key" is the secrets key.

Change-Id: I4267ee0002af02afb0331bad15488a6c5a293392
This commit is contained in:
James E. Blair 2018-08-28 15:27:20 -07:00
parent 55c4786198
commit 4193b61d13
4 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tests/unit/test_model.py
View File

@ -62,8 +62,9 @@ class TestJob(BaseTestCase):
private_key_file = os.path.join(FIXTURE_DIR, 'private.pem')
with open(private_key_file, "rb") as f:
self.project.private_key, self.project.public_key = \
encryption.deserialize_rsa_keypair(f.read())
priv, pub = encryption.deserialize_rsa_keypair(f.read())
self.project.private_secrets_key = priv
self.project.public_secrets_key = pub
m = yaml.Mark('name', 0, 0, 0, '', 0)
self.start_mark = configloader.ZuulMark(m, m, '')

21
zuul/configloader.py
View File

@ -1345,17 +1345,18 @@ class TenantParser(object):
tpc.branches = branches
def _loadProjectKeys(self, connection_name, project):
project.private_key_file = self.keystorage.getProjectSecretsKeyFile(
connection_name, project.name)
project.private_secrets_key_file = \
self.keystorage.getProjectSecretsKeyFile(
connection_name, project.name)
self._generateKeys(project)
self._loadKeys(project)
def _generateKeys(self, project):
if os.path.isfile(project.private_key_file):
if os.path.isfile(project.private_secrets_key_file):
return
key_dir = os.path.dirname(project.private_key_file)
key_dir = os.path.dirname(project.private_secrets_key_file)
if not os.path.isdir(key_dir):
os.makedirs(key_dir, 0o700)
@ -1369,25 +1370,25 @@ class TenantParser(object):
# because the public key can be constructed from it.
self.log.info(
"Saving RSA keypair for project %s to %s" % (
project.name, project.private_key_file)
project.name, project.private_secrets_key_file)
)
# Ensure private key is read/write for zuul user only.
with open(os.open(project.private_key_file,
with open(os.open(project.private_secrets_key_file,
os.O_CREAT | os.O_WRONLY, 0o600), 'wb') as f:
f.write(pem_private_key)
@staticmethod
def _loadKeys(project):
# Check the key files specified are there
if not os.path.isfile(project.private_key_file):
if not os.path.isfile(project.private_secrets_key_file):
raise Exception(
'Private key file {0} not found'.format(
project.private_key_file))
project.private_secrets_key_file))
# Load keypair
with open(project.private_key_file, "rb") as f:
(project.private_key, project.public_key) = \
with open(project.private_secrets_key_file, "rb") as f:
(project.private_secrets_key, project.public_secrets_key) = \
encryption.deserialize_rsa_keypair(f.read())
@staticmethod

4
zuul/model.py
View File

@ -921,14 +921,14 @@ class PlaybookContext(ConfigObject):
"are used".format(
name=secret_name))
# Decrypt a copy of the secret to verify it can be done
secret.decrypt(self.source_context.project.private_key)
secret.decrypt(self.source_context.project.private_secrets_key)
def freezeSecrets(self, layout):
secrets = []
for (secret_name, secret_alias) in self.secrets:
secret = layout.secrets.get(secret_name)
decrypted_secret = secret.decrypt(
self.source_context.project.private_key)
self.source_context.project.private_secrets_key)
decrypted_secret.name = secret_alias
secrets.append(decrypted_secret)
self.decrypted_secrets = tuple(secrets)

2
zuul/rpclistener.py
View File

@ -400,7 +400,7 @@ class RPCListener(object):
job.sendWorkComplete("")
return
job.sendWorkComplete(
encryption.serialize_rsa_public_key(project.public_key))
encryption.serialize_rsa_public_key(project.public_secrets_key))
def handle_config_errors_list(self, job):
args = json.loads(job.arguments)