rename: provisioner_token -> forge_token_env
This commit is contained in:
@@ -390,11 +390,11 @@ def _provision_dynamic_key(
|
||||
can inject it into the GitGateUpstream as `identity_file`."""
|
||||
from .deploy_key_provisioner import get_provisioner
|
||||
pk = entry.Key
|
||||
token = os.environ.get(pk.provisioner_token)
|
||||
token = os.environ.get(pk.forge_token_env)
|
||||
if token is None:
|
||||
raise RuntimeError(
|
||||
f"git-gate.repos[{entry.Name!r}] key.provisioner_token"
|
||||
f" = {pk.provisioner_token!r}: env var is not set"
|
||||
f"git-gate.repos[{entry.Name!r}] key.forge_token_env"
|
||||
f" = {pk.forge_token_env!r}: env var is not set"
|
||||
)
|
||||
api_url = pk.api_url or f"https://{entry.UpstreamHost}"
|
||||
provisioner = get_provisioner(pk.provider, token, api_url)
|
||||
@@ -434,11 +434,11 @@ def revoke_git_gate_provisioned_keys(bottle: ManifestBottle, stage_dir: Path) ->
|
||||
if not id_file.exists():
|
||||
continue
|
||||
key_id = id_file.read_text().strip()
|
||||
token = os.environ.get(pk.provisioner_token)
|
||||
token = os.environ.get(pk.forge_token_env)
|
||||
if token is None:
|
||||
raise RuntimeError(
|
||||
f"git-gate.repos[{entry.Name!r}] key.provisioner_token"
|
||||
f" = {pk.provisioner_token!r}: env var is not set;"
|
||||
f"git-gate.repos[{entry.Name!r}] key.forge_token_env"
|
||||
f" = {pk.forge_token_env!r}: env var is not set;"
|
||||
f" cannot revoke deploy key {key_id}"
|
||||
)
|
||||
api_url = pk.api_url or f"https://{entry.UpstreamHost}"
|
||||
|
||||
@@ -78,14 +78,14 @@ class ManifestKeyConfig:
|
||||
|
||||
For `static`: `path` is the host-side absolute path to the SSH private key.
|
||||
|
||||
For `gitea`: `provisioner_token` is the name of a host-side env var
|
||||
For `gitea`: `forge_token_env` is the name of a host-side env var
|
||||
carrying the Gitea API token; the value is read at provision time,
|
||||
never stored on the plan. `api_url` is the forge's HTTP API root; if
|
||||
empty, it is derived from the upstream URL's host at provision time."""
|
||||
|
||||
provider: str
|
||||
path: str = ""
|
||||
provisioner_token: str = ""
|
||||
forge_token_env: str = ""
|
||||
api_url: str = ""
|
||||
|
||||
|
||||
@@ -212,16 +212,16 @@ def _parse_key_config(
|
||||
|
||||
# provider == "gitea"
|
||||
for k in d:
|
||||
if k not in {"provider", "provisioner_token", "api_url"}:
|
||||
if k not in {"provider", "forge_token_env", "api_url"}:
|
||||
raise ManifestError(
|
||||
f"bottle '{bottle_name}' {label}.key has unknown key {k!r} "
|
||||
f"for provider 'gitea'; allowed: provider, provisioner_token, api_url"
|
||||
f"for provider 'gitea'; allowed: provider, forge_token_env, api_url"
|
||||
)
|
||||
provisioner_token = d.get("provisioner_token")
|
||||
if not isinstance(provisioner_token, str) or not provisioner_token:
|
||||
forge_token_env = d.get("forge_token_env")
|
||||
if not isinstance(forge_token_env, str) or not forge_token_env:
|
||||
raise ManifestError(
|
||||
f"bottle '{bottle_name}' {label}.key missing required "
|
||||
f"string field 'provisioner_token' for provider 'gitea'"
|
||||
f"string field 'forge_token_env' for provider 'gitea'"
|
||||
)
|
||||
api_url_raw = d.get("api_url", "")
|
||||
if not isinstance(api_url_raw, str):
|
||||
@@ -230,7 +230,7 @@ def _parse_key_config(
|
||||
)
|
||||
return ManifestKeyConfig(
|
||||
provider=provider,
|
||||
provisioner_token=provisioner_token,
|
||||
forge_token_env=forge_token_env,
|
||||
api_url=api_url_raw,
|
||||
)
|
||||
|
||||
|
||||
@@ -296,14 +296,14 @@ class TestGiteaKey(unittest.TestCase):
|
||||
"url": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
|
||||
"key": {
|
||||
"provider": "gitea",
|
||||
"provisioner_token": "GITEA_TOKEN",
|
||||
"forge_token_env": "GITEA_TOKEN",
|
||||
},
|
||||
},
|
||||
}))
|
||||
e = m.bottles["dev"].git[0]
|
||||
self.assertEqual("bot-bottle", e.Name)
|
||||
self.assertEqual("gitea", e.Key.provider)
|
||||
self.assertEqual("GITEA_TOKEN", e.Key.provisioner_token)
|
||||
self.assertEqual("GITEA_TOKEN", e.Key.forge_token_env)
|
||||
self.assertEqual("", e.Key.api_url)
|
||||
self.assertEqual("", e.IdentityFile)
|
||||
|
||||
@@ -313,7 +313,7 @@ class TestGiteaKey(unittest.TestCase):
|
||||
"url": "ssh://git@gitea.example.com/org/repo.git",
|
||||
"key": {
|
||||
"provider": "gitea",
|
||||
"provisioner_token": "MY_TOKEN",
|
||||
"forge_token_env": "MY_TOKEN",
|
||||
"api_url": "https://gitea.example.com",
|
||||
},
|
||||
},
|
||||
@@ -324,12 +324,12 @@ class TestGiteaKey(unittest.TestCase):
|
||||
m = Manifest.from_json_obj(_manifest({
|
||||
"foo": {
|
||||
"url": "ssh://git@github.com/didericis/foo.git",
|
||||
"key": {"provider": "gitea", "provisioner_token": "T"},
|
||||
"key": {"provider": "gitea", "forge_token_env": "T"},
|
||||
},
|
||||
}))
|
||||
self.assertEqual("", m.bottles["dev"].git[0].IdentityFile)
|
||||
|
||||
def test_gitea_key_missing_provisioner_token_dies(self):
|
||||
def test_gitea_key_missing_forge_token_env_dies(self):
|
||||
with self.assertRaises(ManifestError):
|
||||
Manifest.from_json_obj(_manifest({
|
||||
"foo": {
|
||||
@@ -345,7 +345,7 @@ class TestGiteaKey(unittest.TestCase):
|
||||
"url": "ssh://git@github.com/foo.git",
|
||||
"key": {
|
||||
"provider": "gitea",
|
||||
"provisioner_token": "T",
|
||||
"forge_token_env": "T",
|
||||
"key_type": "rsa", # not allowed
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user