encrypt_secret: Allow file scheme for public key
Allow the use of a file:///key.pub URL to load the project public key. Change-Id: If11ec2232625b630252cf334efa996573b55752b
This commit is contained in:
parent
d7b835debb
commit
622c1f8bcc
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- A local project key file URI (eg. ``file:///path/to/key.pub``) is now
|
||||||
|
supported by the encrypt_secret.py tool. This allows encrypting secrets
|
||||||
|
without directly accessing the Zuul web API to retrieve the project key.
|
|
@ -45,9 +45,12 @@ def main():
|
||||||
parser = argparse.ArgumentParser(description=DESCRIPTION)
|
parser = argparse.ArgumentParser(description=DESCRIPTION)
|
||||||
parser.add_argument('url',
|
parser.add_argument('url',
|
||||||
help="The base URL of the zuul server. "
|
help="The base URL of the zuul server. "
|
||||||
"E.g., https://zuul.example.com/")
|
"E.g., https://zuul.example.com/ or path"
|
||||||
parser.add_argument('project',
|
" to project public key file. E.g.,"
|
||||||
help="The name of the project.")
|
" file:///path/to/key.pub")
|
||||||
|
parser.add_argument('project', default=None, nargs="?",
|
||||||
|
help="The name of the project. Required when using"
|
||||||
|
" the Zuul API to fetch the public key.")
|
||||||
parser.add_argument('--tenant',
|
parser.add_argument('--tenant',
|
||||||
default=None,
|
default=None,
|
||||||
help="The name of the Zuul tenant. This may be "
|
help="The name of the Zuul tenant. This may be "
|
||||||
|
@ -75,21 +78,24 @@ def main():
|
||||||
"unencrypted connection. Your secret may get "
|
"unencrypted connection. Your secret may get "
|
||||||
"compromised.\n")
|
"compromised.\n")
|
||||||
|
|
||||||
# Check if tenant is white label
|
if url.scheme == 'file':
|
||||||
req = Request("%s/api/info" % (args.url.rstrip('/'),))
|
req = Request(args.url)
|
||||||
info = json.loads(urlopen(req).read().decode('utf8'))
|
|
||||||
|
|
||||||
api_tenant = info.get('info', {}).get('tenant')
|
|
||||||
if not api_tenant and not args.tenant:
|
|
||||||
print("Error: the --tenant argument is required")
|
|
||||||
exit(1)
|
|
||||||
|
|
||||||
if api_tenant:
|
|
||||||
req = Request("%s/api/key/%s.pub" % (
|
|
||||||
args.url.rstrip('/'), args.project))
|
|
||||||
else:
|
else:
|
||||||
req = Request("%s/api/tenant/%s/key/%s.pub" % (
|
# Check if tenant is white label
|
||||||
args.url.rstrip('/'), args.tenant, args.project))
|
req = Request("%s/api/info" % (args.url.rstrip('/'),))
|
||||||
|
info = json.loads(urlopen(req).read().decode('utf8'))
|
||||||
|
|
||||||
|
api_tenant = info.get('info', {}).get('tenant')
|
||||||
|
if not api_tenant and not args.tenant:
|
||||||
|
print("Error: the --tenant argument is required")
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
if api_tenant:
|
||||||
|
req = Request("%s/api/key/%s.pub" % (
|
||||||
|
args.url.rstrip('/'), args.project))
|
||||||
|
else:
|
||||||
|
req = Request("%s/api/tenant/%s/key/%s.pub" % (
|
||||||
|
args.url.rstrip('/'), args.tenant, args.project))
|
||||||
pubkey = urlopen(req)
|
pubkey = urlopen(req)
|
||||||
|
|
||||||
if args.infile:
|
if args.infile:
|
||||||
|
|
Loading…
Reference in New Issue