diff --git a/bot_bottle/git_gate.py b/bot_bottle/git_gate.py index 0e464e4..c2241f4 100644 --- a/bot_bottle/git_gate.py +++ b/bot_bottle/git_gate.py @@ -390,11 +390,11 @@ def _provision_dynamic_key( can inject it into the GitGateUpstream as `identity_file`.""" from .deploy_key_provisioner import get_provisioner pk = entry.Key - token = os.environ.get(pk.provisioner_token) + token = os.environ.get(pk.forge_token_env) if token is None: raise RuntimeError( - f"git-gate.repos[{entry.Name!r}] key.provisioner_token" - f" = {pk.provisioner_token!r}: env var is not set" + f"git-gate.repos[{entry.Name!r}] key.forge_token_env" + f" = {pk.forge_token_env!r}: env var is not set" ) api_url = pk.api_url or f"https://{entry.UpstreamHost}" provisioner = get_provisioner(pk.provider, token, api_url) @@ -434,11 +434,11 @@ def revoke_git_gate_provisioned_keys(bottle: ManifestBottle, stage_dir: Path) -> if not id_file.exists(): continue key_id = id_file.read_text().strip() - token = os.environ.get(pk.provisioner_token) + token = os.environ.get(pk.forge_token_env) if token is None: raise RuntimeError( - f"git-gate.repos[{entry.Name!r}] key.provisioner_token" - f" = {pk.provisioner_token!r}: env var is not set;" + f"git-gate.repos[{entry.Name!r}] key.forge_token_env" + f" = {pk.forge_token_env!r}: env var is not set;" f" cannot revoke deploy key {key_id}" ) api_url = pk.api_url or f"https://{entry.UpstreamHost}" diff --git a/bot_bottle/manifest_git.py b/bot_bottle/manifest_git.py index ca6e7ee..401a958 100644 --- a/bot_bottle/manifest_git.py +++ b/bot_bottle/manifest_git.py @@ -78,14 +78,14 @@ class ManifestKeyConfig: For `static`: `path` is the host-side absolute path to the SSH private key. - For `gitea`: `provisioner_token` is the name of a host-side env var + For `gitea`: `forge_token_env` is the name of a host-side env var carrying the Gitea API token; the value is read at provision time, never stored on the plan. `api_url` is the forge's HTTP API root; if empty, it is derived from the upstream URL's host at provision time.""" provider: str path: str = "" - provisioner_token: str = "" + forge_token_env: str = "" api_url: str = "" @@ -212,16 +212,16 @@ def _parse_key_config( # provider == "gitea" for k in d: - if k not in {"provider", "provisioner_token", "api_url"}: + if k not in {"provider", "forge_token_env", "api_url"}: raise ManifestError( f"bottle '{bottle_name}' {label}.key has unknown key {k!r} " - f"for provider 'gitea'; allowed: provider, provisioner_token, api_url" + f"for provider 'gitea'; allowed: provider, forge_token_env, api_url" ) - provisioner_token = d.get("provisioner_token") - if not isinstance(provisioner_token, str) or not provisioner_token: + forge_token_env = d.get("forge_token_env") + if not isinstance(forge_token_env, str) or not forge_token_env: raise ManifestError( f"bottle '{bottle_name}' {label}.key missing required " - f"string field 'provisioner_token' for provider 'gitea'" + f"string field 'forge_token_env' for provider 'gitea'" ) api_url_raw = d.get("api_url", "") if not isinstance(api_url_raw, str): @@ -230,7 +230,7 @@ def _parse_key_config( ) return ManifestKeyConfig( provider=provider, - provisioner_token=provisioner_token, + forge_token_env=forge_token_env, api_url=api_url_raw, ) diff --git a/tests/unit/test_manifest_git.py b/tests/unit/test_manifest_git.py index c306fa6..f8cccc6 100644 --- a/tests/unit/test_manifest_git.py +++ b/tests/unit/test_manifest_git.py @@ -296,14 +296,14 @@ class TestGiteaKey(unittest.TestCase): "url": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git", "key": { "provider": "gitea", - "provisioner_token": "GITEA_TOKEN", + "forge_token_env": "GITEA_TOKEN", }, }, })) e = m.bottles["dev"].git[0] self.assertEqual("bot-bottle", e.Name) self.assertEqual("gitea", e.Key.provider) - self.assertEqual("GITEA_TOKEN", e.Key.provisioner_token) + self.assertEqual("GITEA_TOKEN", e.Key.forge_token_env) self.assertEqual("", e.Key.api_url) self.assertEqual("", e.IdentityFile) @@ -313,7 +313,7 @@ class TestGiteaKey(unittest.TestCase): "url": "ssh://git@gitea.example.com/org/repo.git", "key": { "provider": "gitea", - "provisioner_token": "MY_TOKEN", + "forge_token_env": "MY_TOKEN", "api_url": "https://gitea.example.com", }, }, @@ -324,12 +324,12 @@ class TestGiteaKey(unittest.TestCase): m = Manifest.from_json_obj(_manifest({ "foo": { "url": "ssh://git@github.com/didericis/foo.git", - "key": {"provider": "gitea", "provisioner_token": "T"}, + "key": {"provider": "gitea", "forge_token_env": "T"}, }, })) self.assertEqual("", m.bottles["dev"].git[0].IdentityFile) - def test_gitea_key_missing_provisioner_token_dies(self): + def test_gitea_key_missing_forge_token_env_dies(self): with self.assertRaises(ManifestError): Manifest.from_json_obj(_manifest({ "foo": { @@ -345,7 +345,7 @@ class TestGiteaKey(unittest.TestCase): "url": "ssh://git@github.com/foo.git", "key": { "provider": "gitea", - "provisioner_token": "T", + "forge_token_env": "T", "key_type": "rsa", # not allowed }, },