Launchpad itself

Merge ~ines-almeida/launchpad:fetch-service-redact-certificate-in-logs into launchpad:master

  1. Git
  2. lp:~ines-almeida/launchpad
  3. fetch-service-redact-certificate-in-logs
  4. Merge into master
Proposed by Ines Almeida
Status: Merged
Approved by: Ines Almeida
Approved revision: 210d82e87fdd7f39177b75f7436d8f991197dfa2
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~ines-almeida/launchpad:fetch-service-redact-certificate-in-logs
Merge into: launchpad:master
Diff against target: 107 lines (+48/-12)
3 files modified
lib/lp/buildmaster/model/buildfarmjobbehaviour.py (+9/-0)
lib/lp/code/model/cibuildbehaviour.py (+0/-12)
lib/lp/snappy/tests/test_snapbuildbehaviour.py (+39/-0)
Reviewer Review Type Date Requested Status
Jürgen Gmach Approve
Review via email: mp+465326@code.launchpad.net

Commit message

Redact `fetch_service_mitm_certificate` in build logs

When running a fetch service build, we send the certficate from buildd-manager to buildd, and log it. This redacts the certificate.

Description of the change

Tests from CIBuilds that tested the redacted secrets still ran successfully.

No other build type has `secrets` in their args except for snap builds and ci builds, but IMO anything that goes under a "secrets" keywords should be redacted - so I updated it within the parent `redactXmlrpcArguments` method.

To post a comment you must log in.
Revision history for this message
Jürgen Gmach (jugmac00) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/lib/lp/buildmaster/model/buildfarmjobbehaviour.py b/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
index e8d82d2..4dd258a 100644
--- a/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
+++ b/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
@@ -12,6 +12,7 @@ import logging
12import os12import os
13import tempfile13import tempfile
14from collections import OrderedDict14from collections import OrderedDict
15from copy import deepcopy
15from datetime import datetime16from datetime import datetime
1617
17import transaction18import transaction
@@ -126,6 +127,14 @@ class BuildFarmJobBehaviourBase:
126127
127 def redactXmlrpcArguments(self, args):128 def redactXmlrpcArguments(self, args):
128 # we do not want to have secrets in logs129 # we do not want to have secrets in logs
130
131 # we need to copy the input in order to avoid mutating `args` which
132 # will be passed to the builders
133 args = deepcopy(args)
134 if args["args"].get("secrets"):
135 for key in args["args"]["secrets"].keys():
136 args["args"]["secrets"][key] = "<redacted>"
137
129 return sanitise_urls(repr(args))138 return sanitise_urls(repr(args))
130139
131 @defer.inlineCallbacks140 @defer.inlineCallbacks
diff --git a/lib/lp/code/model/cibuildbehaviour.py b/lib/lp/code/model/cibuildbehaviour.py
index 6cceb72..ba73848 100644
--- a/lib/lp/code/model/cibuildbehaviour.py
+++ b/lib/lp/code/model/cibuildbehaviour.py
@@ -9,7 +9,6 @@ __all__ = [
99
10import json10import json
11from configparser import NoSectionError11from configparser import NoSectionError
12from copy import deepcopy
13from typing import Any, Generator12from typing import Any, Generator
1413
15from twisted.internet import defer14from twisted.internet import defer
@@ -119,17 +118,6 @@ class CIBuildBehaviour(BuilderProxyMixin, BuildFarmJobBehaviourBase):
119118
120 ALLOWED_STATUS_NOTIFICATIONS = ["PACKAGEFAIL"]119 ALLOWED_STATUS_NOTIFICATIONS = ["PACKAGEFAIL"]
121120
122 def redactXmlrpcArguments(self, args):
123 # we do not want to have secrets in logs
124
125 # we need to copy the input in order to avoid mutating `args` which
126 # will be passed to the builders
127 args = deepcopy(args)
128 if args["args"].get("secrets"):
129 for key in args["args"]["secrets"].keys():
130 args["args"]["secrets"][key] = "<redacted>"
131 return super().redactXmlrpcArguments(args)
132
133 def getLogFileName(self):121 def getLogFileName(self):
134 return "buildlog_ci_%s_%s_%s.txt" % (122 return "buildlog_ci_%s_%s_%s.txt" % (
135 self.build.git_repository.name,123 self.build.git_repository.name,
diff --git a/lib/lp/snappy/tests/test_snapbuildbehaviour.py b/lib/lp/snappy/tests/test_snapbuildbehaviour.py
index cb2269b..66fb638 100644
--- a/lib/lp/snappy/tests/test_snapbuildbehaviour.py
+++ b/lib/lp/snappy/tests/test_snapbuildbehaviour.py
@@ -419,6 +419,45 @@ class TestAsyncSnapBuildBehaviourFetchService(
419 self.assertEqual([], self.fetch_service_api.sessions.requests)419 self.assertEqual([], self.fetch_service_api.sessions.requests)
420420
421 @defer.inlineCallbacks421 @defer.inlineCallbacks
422 def test_requestFetchServiceSession_mitm_certficate_redacted(self):
423 """The `fetch_service_mitm_certificate` field in the build arguments
424 is redacted in the build logs."""
425
426 self.useFixture(
427 FeatureFixture({SNAP_USE_FETCH_SERVICE_FEATURE_FLAG: "on"})
428 )
429 snap = self.factory.makeSnap(use_fetch_service=True)
430 request = self.factory.makeSnapBuildRequest(snap=snap)
431 job = self.makeJob(snap=snap, build_request=request)
432 args = yield job.extraBuildArgs()
433
434 chroot_lfa = self.factory.makeLibraryFileAlias(db_only=True)
435 job.build.distro_arch_series.addOrUpdateChroot(
436 chroot_lfa, image_type=BuildBaseImageType.CHROOT
437 )
438 lxd_lfa = self.factory.makeLibraryFileAlias(db_only=True)
439 job.build.distro_arch_series.addOrUpdateChroot(
440 lxd_lfa, image_type=BuildBaseImageType.LXD
441 )
442 deferred = defer.Deferred()
443 deferred.callback(None)
444 job._worker.sendFileToWorker = MagicMock(return_value=deferred)
445 job._worker.build = MagicMock(return_value=(None, None))
446
447 logger = BufferLogger()
448 yield job.dispatchBuildToWorker(logger)
449
450 # Secrets exist within the arguments
451 self.assertIn(
452 "fake-cert", args["secrets"]["fetch_service_mitm_certificate"]
453 )
454 # But are redacted in the log output
455 self.assertIn(
456 "'fetch_service_mitm_certificate': '<redacted>'",
457 logger.getLogBuffer(),
458 )
459
460 @defer.inlineCallbacks
422 def test_endProxySession(self):461 def test_endProxySession(self):
423 """By ending a fetch service session, metadata is retrieved from the462 """By ending a fetch service session, metadata is retrieved from the
424 fetch service and saved to a file; and call to end the session is made.463 fetch service and saved to a file; and call to end the session is made.

Subscribers

People subscribed via source and target branches

to status/vote changes: