zuul/zuul/lib at 21ce3f9ad71f34f7f5dfac558ca27cfac53c4c36 - zuul - OpenDev: Free Software Needs Free Tools

zuul/zuul

Files

History

James E. Blair fbb17e1f35 Decrypt secrets on the executors

Rather than decrypting secrets on the scheduler and sending them
to the executors unencrypted, now that the private keys are in ZK
and the executors have access to them, we can defer decryption to
the executors.  This means that when we move the build requests
from gearman to ZK, we avoid storing decrypted secrets in ZK.

We accomplish this by serializing the entire secret (parts or all
of which may be encrypted or plaintext) to YAML in the scheduler
and deserializing the YAML into a Secret object on the executor.
We do this because we already have support for indicating an
encrypted value via custom YAML tags.

This means that the build request (which is currently transmitted
via gearman and soon to be via ZK) serializes the rest of the job
to JSON.  This means we're storing a serialized-to-YAML secret as
a scalar value in a serialized-to-JSON data structure.  There's
nothing technically wrong with this, and it is the minimal version
of this change, however it's slightly unusual and may result in
a little extra work.  We may want to consider serializing the
entire job request as YAML instead.

Change-Id: I6d94c1d8da8b68e5fb60c27e73039155a02fb485

2021-05-06 14:20:26 -07:00

..

__init__.py

Initial commit.

2012-05-29 14:49:32 -07:00

ansible-config.conf

Blacklist ansible 2.9.14

2020-10-13 12:21:53 +02:00

ansible.py

ansible: ensure we can delete ansible files

2021-02-16 22:32:42 +00:00

auth.py

Bump pyjwt to 2.0.0

2021-01-14 12:35:18 +00:00

capabilities.py

OIDCAuthenticator: add capabilities, scope option

2020-03-27 16:47:21 +00:00

collections.py

Implementation of Zookeeper backed event queues

2021-03-18 09:24:07 +01:00

commandsocket.py

Improve test output by using named queues

2021-03-24 07:39:15 +01:00

config.py

Support boolean values in get_default

2019-02-15 10:42:36 +01:00

connections.py

Interface to get a driver's trigger event class

2021-03-18 09:23:49 +01:00

dependson.py

Support cross-source dependencies

2018-01-16 09:37:40 -08:00

encryption.py

Store secrets keys and SSH keys in Zookeeper

2021-04-14 08:22:07 +02:00

filecomments.py

Make github file annotation levels configurable via zuul return

2020-03-06 08:27:48 +01:00

fingergw.py

Component Registry in ZooKeeper

2021-03-12 13:51:48 -08:00

gear_utils.py

Add support for zones in executors

2018-11-29 13:05:20 -05:00

gearworker.py

Catch exception when double unregistering merge jobs

2021-02-25 23:18:00 +01:00

jsonutil.py

jsonutil: do not encode SourceContext or ZuulMark

2019-06-05 10:47:05 +00:00

keystorage.py

Cache secret/SSH keys from Zookeeper

2021-04-22 13:26:10 +02:00

log_streamer.py

Replace deprecated Thread.isAlive() with Thread.is_alive()

2020-06-01 12:49:07 +02:00

logutil.py

Format multi-line log entries

2021-01-29 11:11:23 -08:00

queue.py

Improve test output by using named queues

2021-03-24 07:39:15 +01:00

re2util.py

Remove ununecessary shebangs

2020-05-18 19:10:33 +02:00

repl.py

Add repl server for debug purposes

2019-06-21 16:12:03 +00:00

result_data.py

Support emitting warnings via zuul_return

2020-08-31 11:54:46 +02:00

statsd.py

dict_object.keys() is not required for *in* operator

2018-12-03 12:04:55 +05:30

streamer_utils.py

Remove unecessary shebang and exec bit

2018-07-26 07:12:24 +00:00

strings.py

Support overlapping repos and a flat workspace scheme

2021-04-29 17:56:24 -07:00

tarjan.py

Add optional support for circular dependencies

2021-03-01 19:42:56 +01:00

yamlutil.py

Decrypt secrets on the executors

2021-05-06 14:20:26 -07:00