Change 'secure' to 'trusted'

Conceptually, we're trying to express whether we trust the authors of a
job or not, and whether or not we trust the job to be able to have
access to secrets or request plugin execution. Reading and writing
narrative text using the word secure for that starts to hurt the head
sometimes. Switch to trusted.

Change-Id: Ic6a9fe7406f808f965a0ed5ef099fdea92f52c25

tests/base.py

@@ -767,12 +767,12 @@ class RecordingAnsibleJob(zuul.launcher.server.AnsibleJob):
         self.launcher_server.lock.release()
         return result
 
-    def runAnsible(self, cmd, timeout, secure=False):
+    def runAnsible(self, cmd, timeout, trusted=False):
         build = self.launcher_server.job_builds[self.job.unique]
 
         if self.launcher_server._run_ansible:
             result = super(RecordingAnsibleJob, self).runAnsible(
-                cmd, timeout, secure=secure)
+                cmd, timeout, trusted=trusted)
         else:
             result = build.run()
         return result

zuul/ansible/callback/zuul_stream.py

@@ -39,7 +39,7 @@ class CallbackModule(callback.CallbackBase):
 
         self._play = None
         self._last_task_banner = None
-        self._insecure = C.DISPLAY_ARGS_TO_STDOUT
+        self._untrusted = C.DISPLAY_ARGS_TO_STDOUT
         super(CallbackModule, self).__init__()
 
     def _should_verbose(self, result, level=0):
@@ -178,14 +178,14 @@ class CallbackModule(callback.CallbackBase):
         # argument spec can't be because that is only run on the target
         # machine and we haven't run it there yet at this time.
         #
-        # The zuul runner passes a flag indicating secure status of a job. We
-        # want to not print any args for jobs that are secure, because those
+        # The zuul runner passes a flag indicating trusted status of a job. We
+        # want to not print any args for jobs that are trusted, because those
         # args might have secrets.
         #
-        # Those tasks in the secure jobs should also be explicitly marked
+        # Those tasks in the trusted jobs should also be explicitly marked
         # no_log - but this should be some additional belt and suspenders.
         args = ''
-        if not task.no_log and self._insecure:
+        if not task.no_log and self._untrusted:
             args = u', '.join(u'%s=%s' % a for a in task.args.items())
             args = u' %s' % args
 

zuul/configloader.py

@@ -202,7 +202,7 @@ class JobParser(object):
 
         # If the definition for this job came from a project repo,
         # implicitly apply a branch matcher for the branch it was on.
-        if (not job.source_context.secure):
+        if (not job.source_context.trusted):
             branches = [job.source_context.branch]
         elif 'branches' in conf:
             branches = as_list(conf['branches'])
@@ -233,12 +233,12 @@ class JobParser(object):
         # TODOv3(jeblair): this limits roles to the same
         # source; we should remove that limitation.
         source = job.source_context.project.connection_name
-        (secure, project) = tenant.getRepo(source, role['zuul'])
+        (trusted, project) = tenant.getRepo(source, role['zuul'])
         if project is None:
             return None
 
         return model.ZuulRole(role.get('name', name), source,
-                              project.name, secure)
+                              project.name, trusted)
 
 
 class ProjectTemplateParser(object):
@@ -689,7 +689,7 @@ class TenantParser(object):
                         (job.source_context, fn))
                     project = job.source_context.project
                     branch = job.source_context.branch
-                    if job.source_context.secure:
+                    if job.source_context.trusted:
                         incdata = TenantParser._parseConfigRepoLayout(
                             job.files[fn], job.source_context)
                         config_repos_config.extend(incdata)

zuul/launcher/server.py

@@ -75,7 +75,7 @@ class Watchdog(object):
 class JobDirPlaybook(object):
     def __init__(self, root):
         self.root = root
-        self.secure = None
+        self.trusted = None
         self.path = None
 
 
@@ -87,8 +87,8 @@ class JobDir(object):
         os.makedirs(self.git_root)
         self.ansible_root = os.path.join(self.root, 'ansible')
         os.makedirs(self.ansible_root)
-        self.secure_ansible_root = os.path.join(self.ansible_root, 'secure')
-        os.makedirs(self.secure_ansible_root)
+        self.trusted_ansible_root = os.path.join(self.ansible_root, 'trusted')
+        os.makedirs(self.trusted_ansible_root)
         self.known_hosts = os.path.join(self.ansible_root, 'known_hosts')
         self.inventory = os.path.join(self.ansible_root, 'inventory')
         self.vars = os.path.join(self.ansible_root, 'vars.yaml')
@@ -99,8 +99,8 @@ class JobDir(object):
         self.roles = []
         self.roles_path = []
         self.config = os.path.join(self.ansible_root, 'ansible.cfg')
-        self.secure_config = os.path.join(
-            self.secure_ansible_root, 'ansible.cfg')
+        self.trusted_config = os.path.join(
+            self.trusted_ansible_root, 'ansible.cfg')
         self.ansible_log = os.path.join(self.ansible_root, 'ansible_log.txt')
 
     def addPrePlaybook(self):
@@ -628,13 +628,13 @@ class AnsibleJob(object):
             if os.path.isdir(entry) and entry.endswith('_plugins'):
                 raise Exception(
                     "Ansible plugin dir %s found adjacent to playbook %s in"
-                    " non-secure repo." % (entry, path))
+                    " non-trusted repo." % (entry, path))
 
-    def findPlaybook(self, path, required=False, secure=False):
+    def findPlaybook(self, path, required=False, trusted=False):
         for ext in ['.yaml', '.yml']:
             fn = path + ext
             if os.path.exists(fn):
-                if not secure:
+                if not trusted:
                     playbook_dir = os.path.dirname(os.path.abspath(fn))
                     self._blockPluginDirs(playbook_dir)
                 return fn
@@ -667,13 +667,13 @@ class AnsibleJob(object):
         self.log.debug("Prepare playbook repo for %s" % (playbook,))
         # Check out the playbook repo if needed and set the path to
         # the playbook that should be run.
-        jobdir_playbook.secure = playbook['secure']
+        jobdir_playbook.trusted = playbook['trusted']
         source = self.launcher_server.connections.getSource(
             playbook['connection'])
         project = source.getProject(playbook['project'])
         # TODO(jeblair): construct the url in the merger itself
         url = source.getGitUrl(project)
-        if not playbook['secure']:
+        if not playbook['trusted']:
             # This is a project repo, so it is safe to use the already
             # checked out version (from speculative merging) of the
             # playbook
@@ -687,7 +687,7 @@ class AnsibleJob(object):
                     jobdir_playbook.path = self.findPlaybook(
                         path,
                         required=required,
-                        secure=playbook['secure'])
+                        trusted=playbook['trusted'])
                     return
         # The playbook repo is either a config repo, or it isn't in
         # the stack of changes we are testing, so check out the branch
@@ -702,7 +702,7 @@ class AnsibleJob(object):
         jobdir_playbook.path = self.findPlaybook(
             path,
             required=required,
-            secure=playbook['secure'])
+            trusted=playbook['trusted'])
 
     def prepareRoles(self, args):
         for role in args['roles']:
@@ -710,23 +710,23 @@ class AnsibleJob(object):
                 root = self.jobdir.addRole()
                 self.prepareZuulRole(args, role, root)
 
-    def findRole(self, path, secure=False):
+    def findRole(self, path, trusted=False):
         d = os.path.join(path, 'tasks')
         if os.path.isdir(d):
             # This is a bare role
-            if not secure:
+            if not trusted:
                 self._blockPluginDirs(path)
             # None signifies that the repo is a bare role
             return None
         d = os.path.join(path, 'roles')
         if os.path.isdir(d):
             # This repo has a collection of roles
-            if not secure:
+            if not trusted:
                 for entry in os.listdir(d):
                     self._blockPluginDirs(os.path.join(d, entry))
             return d
         # We assume the repository itself is a collection of roles
-        if not secure:
+        if not trusted:
             for entry in os.listdir(path):
                 self._blockPluginDirs(os.path.join(path, entry))
         return path
@@ -740,7 +740,7 @@ class AnsibleJob(object):
         # TODO(jeblair): construct the url in the merger itself
         url = source.getGitUrl(project)
         role_repo = None
-        if not role['secure']:
+        if not role['trusted']:
             # This is a project repo, so it is safe to use the already
             # checked out version (from speculative merging) of the
             # role
@@ -767,7 +767,7 @@ class AnsibleJob(object):
             merger.checkoutBranch(project.name, url, 'master')
             role_repo = os.path.join(root, project.name)
 
-        role_path = self.findRole(role_repo, secure=role['secure'])
+        role_path = self.findRole(role_repo, trusted=role['trusted'])
         if role_path is None:
             # In the case of a bare role, add the containing directory
             role_path = root
@@ -792,9 +792,9 @@ class AnsibleJob(object):
             vars_yaml.write(
                 yaml.safe_dump(zuul_vars, default_flow_style=False))
         self.writeAnsibleConfig(self.jobdir.config)
-        self.writeAnsibleConfig(self.jobdir.secure_config, secure=True)
+        self.writeAnsibleConfig(self.jobdir.trusted_config, trusted=True)
 
-    def writeAnsibleConfig(self, config_path, secure=False):
+    def writeAnsibleConfig(self, config_path, trusted=False):
         with open(config_path, 'w') as config:
             config.write('[defaults]\n')
             config.write('hostfile = %s\n' % self.jobdir.inventory)
@@ -817,17 +817,17 @@ class AnsibleJob(object):
             # bump the timeout because busy nodes may take more than
             # 10s to respond
             config.write('timeout = 30\n')
-            if not secure:
+            if not trusted:
                 config.write('action_plugins = %s\n'
                              % self.launcher_server.action_dir)
 
-            # On secure jobs, we want to prevent the printing of args,
-            # since secure jobs might have access to secrets that they may
+            # On trusted jobs, we want to prevent the printing of args,
+            # since trusted jobs might have access to secrets that they may
             # need to pass to a task or a role. On the other hand, there
-            # should be no sensitive data in insecure jobs, and printing
+            # should be no sensitive data in untrusted jobs, and printing
             # the args could be useful for debugging.
             config.write('display_args_to_stdout = %s\n' %
-                         str(not secure))
+                         str(not trusted))
 
             config.write('[ssh_connection]\n')
             # NB: when setting pipelining = True, keep_remote_files
@@ -861,12 +861,12 @@ class AnsibleJob(object):
                 self.log.exception("Exception while killing "
                                    "ansible process:")
 
-    def runAnsible(self, cmd, timeout, secure=False):
+    def runAnsible(self, cmd, timeout, trusted=False):
         env_copy = os.environ.copy()
         env_copy['LOGNAME'] = 'zuul'
 
-        if secure:
-            cwd = self.jobdir.secure_ansible_root
+        if trusted:
+            cwd = self.jobdir.trusted_ansible_root
         else:
             cwd = self.jobdir.ansible_root
 
@@ -932,4 +932,4 @@ class AnsibleJob(object):
         timeout = 60
 
         return self.runAnsible(
-            cmd=cmd, timeout=timeout, secure=playbook.secure)
+            cmd=cmd, timeout=timeout, trusted=playbook.trusted)

zuul/model.py

@@ -535,21 +535,21 @@ class SourceContext(object):
     Jobs and playbooks reference this to keep track of where they
     originate."""
 
-    def __init__(self, project, branch, secure):
+    def __init__(self, project, branch, trusted):
         self.project = project
         self.branch = branch
-        self.secure = secure
+        self.trusted = trusted
 
     def __repr__(self):
-        return '<SourceContext %s:%s secure:%s>' % (self.project,
-                                                    self.branch,
-                                                    self.secure)
+        return '<SourceContext %s:%s trusted:%s>' % (self.project,
+                                                     self.branch,
+                                                     self.trusted)
 
     def __deepcopy__(self, memo):
         return self.copy()
 
     def copy(self):
-        return self.__class__(self.project, self.branch, self.secure)
+        return self.__class__(self.project, self.branch, self.trusted)
 
     def __ne__(self, other):
         return not self.__eq__(other)
@@ -559,7 +559,7 @@ class SourceContext(object):
             return False
         return (self.project == other.project and
                 self.branch == other.branch and
-                self.secure == other.secure)
+                self.trusted == other.trusted)
 
 
 class PlaybookContext(object):
@@ -593,7 +593,7 @@ class PlaybookContext(object):
             connection=self.source_context.project.connection_name,
             project=self.source_context.project.name,
             branch=self.source_context.branch,
-            secure=self.source_context.secure,
+            trusted=self.source_context.trusted,
             path=self.path)
 
 
@@ -626,11 +626,11 @@ class Role(object):
 class ZuulRole(Role):
     """A reference to an ansible role in a Zuul project."""
 
-    def __init__(self, target_name, connection_name, project_name, secure):
+    def __init__(self, target_name, connection_name, project_name, trusted):
         super(ZuulRole, self).__init__(target_name)
         self.connection_name = connection_name
         self.project_name = project_name
-        self.secure = secure
+        self.trusted = trusted
 
     def __repr__(self):
         return '<ZuulRole %s %s>' % (self.project_name, self.target_name)
@@ -641,7 +641,7 @@ class ZuulRole(Role):
         return (super(ZuulRole, self).__eq__(other) and
                 self.connection_name == other.connection_name,
                 self.project_name == other.project_name,
-                self.secure == other.secure)
+                self.trusted == other.trusted)
 
     def toDict(self):
         # Render to a dict to use in passing json to the launcher
@@ -649,7 +649,7 @@ class ZuulRole(Role):
         d['type'] = 'zuul'
         d['connection'] = self.connection_name
         d['project'] = self.project_name
-        d['secure'] = self.secure
+        d['trusted'] = self.trusted
         return d
 
 
@@ -2229,10 +2229,10 @@ class Tenant(object):
     def getRepo(self, source, project_name):
         """Get a project given a source and project name
 
-        Returns a tuple (secure, project) or (None, None) if the
+        Returns a tuple (trusted, project) or (None, None) if the
         project is not found.
 
-        Secure indicates the project is a config repo.
+        Trusted indicates the project is a config repo.
 
         """