Browse Source

encrypt_secret: Allow file scheme for public key

Allow the use of a file:///key.pub URL to load the project public
key.

Change-Id: If11ec2232625b630252cf334efa996573b55752b
changes/29/581429/3
Logan V 3 years ago
parent
commit
622c1f8bcc
2 changed files with 28 additions and 17 deletions
  1. +5
    -0
      releasenotes/notes/encrypt-file-pubkey-a4830c3573dee7f0.yaml
  2. +23
    -17
      tools/encrypt_secret.py

+ 5
- 0
releasenotes/notes/encrypt-file-pubkey-a4830c3573dee7f0.yaml View File

@ -0,0 +1,5 @@
---
features:
- A local project key file URI (eg. ``file:///path/to/key.pub``) is now
supported by the encrypt_secret.py tool. This allows encrypting secrets
without directly accessing the Zuul web API to retrieve the project key.

+ 23
- 17
tools/encrypt_secret.py View File

@ -45,9 +45,12 @@ def main():
parser = argparse.ArgumentParser(description=DESCRIPTION)
parser.add_argument('url',
help="The base URL of the zuul server. "
"E.g., https://zuul.example.com/")
parser.add_argument('project',
help="The name of the project.")
"E.g., https://zuul.example.com/ or path"
" to project public key file. E.g.,"
" file:///path/to/key.pub")
parser.add_argument('project', default=None, nargs="?",
help="The name of the project. Required when using"
" the Zuul API to fetch the public key.")
parser.add_argument('--tenant',
default=None,
help="The name of the Zuul tenant. This may be "
@ -75,21 +78,24 @@ def main():
"unencrypted connection. Your secret may get "
"compromised.\n")
# Check if tenant is white label
req = Request("%s/api/info" % (args.url.rstrip('/'),))
info = json.loads(urlopen(req).read().decode('utf8'))
api_tenant = info.get('info', {}).get('tenant')
if not api_tenant and not args.tenant:
print("Error: the --tenant argument is required")
exit(1)
if api_tenant:
req = Request("%s/api/key/%s.pub" % (
args.url.rstrip('/'), args.project))
if url.scheme == 'file':
req = Request(args.url)
else:
req = Request("%s/api/tenant/%s/key/%s.pub" % (
args.url.rstrip('/'), args.tenant, args.project))
# Check if tenant is white label
req = Request("%s/api/info" % (args.url.rstrip('/'),))
info = json.loads(urlopen(req).read().decode('utf8'))
api_tenant = info.get('info', {}).get('tenant')
if not api_tenant and not args.tenant:
print("Error: the --tenant argument is required")
exit(1)
if api_tenant:
req = Request("%s/api/key/%s.pub" % (
args.url.rstrip('/'), args.project))
else:
req = Request("%s/api/tenant/%s/key/%s.pub" % (
args.url.rstrip('/'), args.tenant, args.project))
pubkey = urlopen(req)
if args.infile:


Loading…
Cancel
Save