From bb7ad7a6149ab1db185aee4ccbfd518b6e22b253 Mon Sep 17 00:00:00 2001 From: Johan Lorenzo Date: Fri, 13 Jan 2023 18:24:29 +0100 Subject: [PATCH] Bug 1808605 - part 13: Delete fenix `get-secret.py` and `write-dummy-secret.py` for being outdated --- .../fenix_taskgraph/transforms/secrets.py | 22 ------ taskcluster/scripts/get-secret.py | 69 ------------------- taskcluster/scripts/write-dummy-secret.py | 39 ----------- 3 files changed, 130 deletions(-) delete mode 100644 taskcluster/fenix_taskgraph/transforms/secrets.py delete mode 100755 taskcluster/scripts/get-secret.py delete mode 100755 taskcluster/scripts/write-dummy-secret.py diff --git a/taskcluster/fenix_taskgraph/transforms/secrets.py b/taskcluster/fenix_taskgraph/transforms/secrets.py deleted file mode 100644 index e76a14012..000000000 --- a/taskcluster/fenix_taskgraph/transforms/secrets.py +++ /dev/null @@ -1,22 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -""" -Resolve secrets and dummy secrets -""" - -from taskgraph.transforms.base import TransformSequence -from taskgraph.util.schema import resolve_keyed_by - - -transforms = TransformSequence() - - -@transforms.add -def resolve_keys(config, tasks): - for task in tasks: - for key in ("run.secrets", "run.dummy-secrets"): - resolve_keyed_by( - task, key, item_name=task["name"], level=config.params["level"] - ) - yield task diff --git a/taskcluster/scripts/get-secret.py b/taskcluster/scripts/get-secret.py deleted file mode 100755 index 908c81bdc..000000000 --- a/taskcluster/scripts/get-secret.py +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env python3 - -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -from __future__ import absolute_import, print_function, unicode_literals - -import argparse -import base64 -import errno -import json -import os -import taskcluster - - -def write_secret_to_file(path, data, key, base64decode=False, json_secret=False, append=False, prefix=''): - path = os.path.abspath(os.path.join(os.path.dirname(__file__), '../../' + path)) - try: - os.makedirs(os.path.dirname(path)) - except OSError as error: - if error.errno != errno.EEXIST: - raise - print("Outputting secret to: {}".format(path)) - - with open(path, 'a' if append else 'w') as f: - value = data['secret'][key] - if base64decode: - value = base64.b64decode(value) - if json_secret: - value = json.dumps(value) - f.write(prefix + value) - - -def fetch_secret_from_taskcluster(name): - try: - secrets = taskcluster.Secrets({ - # BaseUrl is still needed for tasks that haven't migrated to taskgraph yet. - 'baseUrl': 'http://taskcluster/secrets/v1', - }) - except taskcluster.exceptions.TaskclusterFailure: - # taskcluster library >=5 errors out when `baseUrl` is used - secrets = taskcluster.Secrets({ - 'rootUrl': os.environ.get('TASKCLUSTER_PROXY_URL', 'https://taskcluster.net'), - }) - - return secrets.get(name) - - -def main(): - parser = argparse.ArgumentParser( - description='Fetch a taskcluster secret value and save it to a file.') - - parser.add_argument('-s', dest="secret", action="store", help="name of the secret") - parser.add_argument('-k', dest='key', action="store", help='key of the secret') - parser.add_argument('-f', dest="path", action="store", help='file to save secret to') - parser.add_argument('--decode', dest="decode", action="store_true", default=False, help='base64 decode secret before saving to file') - parser.add_argument('--json', dest="json", action="store_true", default=False, help='serializes the secret to JSON format') - parser.add_argument('--append', dest="append", action="store_true", default=False, help='append secret to existing file') - parser.add_argument('--prefix', dest="prefix", action="store", default="", help='add prefix when writing secret to file') - - result = parser.parse_args() - - secret = fetch_secret_from_taskcluster(result.secret) - write_secret_to_file(result.path, secret, result.key, result.decode, result.json, result.append, result.prefix) - - -if __name__ == "__main__": - main() diff --git a/taskcluster/scripts/write-dummy-secret.py b/taskcluster/scripts/write-dummy-secret.py deleted file mode 100755 index b4a2bcfd6..000000000 --- a/taskcluster/scripts/write-dummy-secret.py +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env python - -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -from __future__ import absolute_import, print_function, unicode_literals - -import argparse -import errno -import os - - -def write_secret_to_file(path, secret): - path = os.path.abspath(os.path.join(os.path.dirname(__file__), '../../' + path)) - try: - os.makedirs(os.path.dirname(path)) - except OSError as error: - if error.errno != errno.EEXIST: - raise - print("Outputting secret to: {}".format(path)) - - with open(path, 'w') as f: - f.write(secret) - - -def main(): - parser = argparse.ArgumentParser(description="Store a dummy secret to a file") - - parser.add_argument("-c", dest="content", action="store", help="content of the secret") - parser.add_argument("-f", dest="path", action="store", help="file to save secret to") - - result = parser.parse_args() - - write_secret_to_file(result.path, result.content) - - -if __name__ == "__main__": - main()