[secrets] Delete "secrets"-related things
These are from a bygone era.
Change-Id: I835e7b2686cbd4a5aeafdbb5c8aeeb93affe23f9
diff --git a/cmd/secretshim/main.go b/cmd/secretshim/main.go
deleted file mode 100644
index d62ada8..0000000
--- a/cmd/secretshim/main.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2019 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-package main
-
-import (
- "context"
- "flag"
- "log"
- "os"
- "syscall"
-
- "go.fuchsia.dev/infra/secrets"
- "go.fuchsia.dev/tools/command"
- "go.fuchsia.dev/tools/runner"
-)
-
-const usage = `usage: secretshim [command]
-
-Starts the secrets server before running the provided command.
-`
-
-func main() {
- flag.Parse()
- args := flag.Args()
- if len(args) == 0 {
- log.Fatal("must provide command to run")
- }
-
- ctx := command.CancelOnSignals(context.Background(), syscall.SIGTERM)
-
- // The secrets server will start up iff LUCI_CONTEXT is set and contains secret bytes.
- secrets.StartSecretsServer(ctx, 8081)
-
- runner := runner.SubprocessRunner{}
- if err := runner.Run(ctx, args, os.Stdout, os.Stderr); err != nil {
- log.Fatal(err)
- }
-}
diff --git a/secrets/server.go b/secrets/server.go
deleted file mode 100644
index 5099d02..0000000
--- a/secrets/server.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2018 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-package secrets
-
-import (
- "context"
- "crypto/sha256"
- "encoding/json"
- "log"
- "net/http"
- "strconv"
- "strings"
-
- "go.chromium.org/luci/lucictx"
-)
-
-// A mapping of test name to associated secret.
-type testSecrets map[string]string
-
-// ServeSecret serves the secret associated to a test, where the request's URL is of the
-// form "/<test name>".
-func (secrets testSecrets) serveSecret(w http.ResponseWriter, r *http.Request) {
- w.Header().Set("Content-Type", "application/json")
- testName := strings.TrimPrefix(r.URL.Path, "/")
- secret, ok := secrets[testName]
- if !ok {
- log.Printf("There is no secret to serve for \"%s\"\n", testName)
- w.WriteHeader(http.StatusNotFound)
- return
- }
- log.Printf("Serving secret for \"%s\"\n", testName)
- log.Printf("SHA256 of secret: %x", sha256.Sum256([]byte(secret)))
- w.Header().Set("Content-Length", strconv.Itoa(len(secret)))
- w.WriteHeader(http.StatusOK)
- w.Write([]byte(secret))
-}
-
-// Parses out tests secrets serialized in the LUCI_CONTEXT JSON under the
-// "secret_bytes" key.
-func getSecrets(ctx context.Context) *testSecrets {
- swarming := lucictx.GetSwarming(ctx)
- if swarming == nil {
- return nil
- }
- secrets := new(testSecrets)
- if err := json.Unmarshal(swarming.SecretBytes, secrets); err != nil {
- log.Fatalf("secret_bytes provided, but unreadable: %v", err)
- }
- return secrets
-}
-
-// StartSecretsServer starts a server to serve test secrets at localhost:<|port|>.
-func StartSecretsServer(ctx context.Context, port int) {
- secrets := getSecrets(ctx)
- if secrets == nil {
- return
- }
-
- log.Printf("Setting up secrets server at localhost:%d\n", port)
- s := &http.Server{
- Addr: ":" + strconv.Itoa(port),
- Handler: http.HandlerFunc(secrets.serveSecret),
- }
-
- go func() {
- if err := s.ListenAndServe(); err != nil {
- log.Print(err)
- }
- }()
-
- go func() {
- select {
- case <-ctx.Done():
- log.Printf("Shutting down secrets server at localhost:%d\n", port)
- if err := s.Shutdown(context.Background()); err != nil {
- log.Print(err)
- }
- default:
- }
- }()
-}
diff --git a/secrets/server_test.go b/secrets/server_test.go
deleted file mode 100644
index e761373..0000000
--- a/secrets/server_test.go
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright 2018 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-package secrets
-
-import (
- "context"
- "net/http"
- "net/http/httptest"
- "reflect"
- "testing"
-
- "go.chromium.org/luci/lucictx"
-)
-
-func TestGettingSecrets(t *testing.T) {
- secretBytes := []byte(`{"testNameA":"SECRETA","testNameB":"SECRETB"}`)
- swarming := lucictx.Swarming{
- SecretBytes: secretBytes,
- }
- ctx := lucictx.SetSwarming(context.Background(), &swarming)
-
- expectedSecrets := testSecrets{
- "testNameA": "SECRETA",
- "testNameB": "SECRETB",
- }
- actualSecrets := getSecrets(ctx)
- if actualSecrets == nil {
- t.Fatal("no secrets found")
- }
- if !reflect.DeepEqual(actualSecrets, &expectedSecrets) {
- t.Errorf("Returned secrets \"%v\" do not match the expected: \"%v\"\n",
- *actualSecrets, expectedSecrets)
- }
-}
-
-func TestServingSecrets(t *testing.T) {
- // Returns an GET request for the secret associated to |testName|.
- secretRequest := func(testName string) *http.Request {
- request, err := http.NewRequest(http.MethodGet, "/"+testName, nil)
- if err != nil {
- t.Fatal(err)
- }
- return request
- }
-
- secrets := testSecrets{
- "foo_unittests": "FOO-SECRET",
- "bar_e2e_tests": "BAR-SECRET",
- }
- handler := http.HandlerFunc(secrets.serveSecret)
-
- // Checks that the expected content and code were returned in a mock HTTP response.
- expectValidResponse := func(t *testing.T, testName string, expectedCode int,
- expectedContent string) {
- recorder := httptest.NewRecorder()
- handler.ServeHTTP(recorder, secretRequest(testName))
- if actualCode := recorder.Code; actualCode != expectedCode {
- t.Errorf("serveSecret() response code: %v\n; %v was expected for test \"%v\"\n",
- actualCode, expectedCode, testName)
- }
- if actualContent := recorder.Body.String(); actualContent != expectedContent {
- t.Errorf("serveSecret() failed to returned \"%v\" instead of \"%v\" for test \"%v\"\n",
- actualContent, expectedContent, testName)
- }
- }
-
- t.Run("Succeeds when associated secret exists", func(t *testing.T) {
- expectValidResponse(t, "foo_unittests", http.StatusOK, "FOO-SECRET")
- })
-
- t.Run("Fails when associated secret does not exist", func(t *testing.T) {
- expectValidResponse(t, "non_existant_unittests", http.StatusNotFound, "")
- })
-}