Google Git
Sign in
fuchsia / infra / infra / e7306e6b151e51bd004a56177e4700758071e21d^! / .
commite7306e6b151e51bd004a56177e4700758071e21d[log] [tgz]
authorJoshua Seaton <joshuaseaton@google.com>Thu Dec 12 21:41:18 2019 -0800
committerJoshua Seaton <joshuaseaton@google.com>Thu Dec 12 21:43:06 2019 -0800
tree0cd7b7276373bf85e6fd389bab213e9ff15c6a0e
parent07b74b4506642f25021d2c4812e6f23b12610d65 [diff]
[secrets] Delete "secrets"-related things

These are from a bygone era.

Change-Id: I835e7b2686cbd4a5aeafdbb5c8aeeb93affe23f9

diff --git a/cmd/secretshim/main.go b/cmd/secretshim/main.go
deleted file mode 100644
index d62ada8..0000000
--- a/cmd/secretshim/main.go
+++ /dev/null

@@ -1,39 +0,0 @@
-// Copyright 2019 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-package main
-
-import (
-	"context"
-	"flag"
-	"log"
-	"os"
-	"syscall"
-
-	"go.fuchsia.dev/infra/secrets"
-	"go.fuchsia.dev/tools/command"
-	"go.fuchsia.dev/tools/runner"
-)
-
-const usage = `usage: secretshim [command]
-
-Starts the secrets server before running the provided command.
-`
-
-func main() {
-	flag.Parse()
-	args := flag.Args()
-	if len(args) == 0 {
-		log.Fatal("must provide command to run")
-	}
-
-	ctx := command.CancelOnSignals(context.Background(), syscall.SIGTERM)
-
-	// The secrets server will start up iff LUCI_CONTEXT is set and contains secret bytes.
-	secrets.StartSecretsServer(ctx, 8081)
-
-	runner := runner.SubprocessRunner{}
-	if err := runner.Run(ctx, args, os.Stdout, os.Stderr); err != nil {
-		log.Fatal(err)
-	}
-}

diff --git a/secrets/server.go b/secrets/server.go
deleted file mode 100644
index 5099d02..0000000
--- a/secrets/server.go
+++ /dev/null

@@ -1,82 +0,0 @@
-// Copyright 2018 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-package secrets
-
-import (
-	"context"
-	"crypto/sha256"
-	"encoding/json"
-	"log"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"go.chromium.org/luci/lucictx"
-)
-
-// A mapping of test name to associated secret.
-type testSecrets map[string]string
-
-// ServeSecret serves the secret associated to a test, where the request's URL is of the
-// form "/<test name>".
-func (secrets testSecrets) serveSecret(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json")
-	testName := strings.TrimPrefix(r.URL.Path, "/")
-	secret, ok := secrets[testName]
-	if !ok {
-		log.Printf("There is no secret to serve for \"%s\"\n", testName)
-		w.WriteHeader(http.StatusNotFound)
-		return
-	}
-	log.Printf("Serving secret for \"%s\"\n", testName)
-	log.Printf("SHA256 of secret: %x", sha256.Sum256([]byte(secret)))
-	w.Header().Set("Content-Length", strconv.Itoa(len(secret)))
-	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(secret))
-}
-
-// Parses out tests secrets serialized in the LUCI_CONTEXT JSON under the
-// "secret_bytes" key.
-func getSecrets(ctx context.Context) *testSecrets {
-	swarming := lucictx.GetSwarming(ctx)
-	if swarming == nil {
-		return nil
-	}
-	secrets := new(testSecrets)
-	if err := json.Unmarshal(swarming.SecretBytes, secrets); err != nil {
-		log.Fatalf("secret_bytes provided, but unreadable: %v", err)
-	}
-	return secrets
-}
-
-// StartSecretsServer starts a server to serve test secrets at localhost:<|port|>.
-func StartSecretsServer(ctx context.Context, port int) {
-	secrets := getSecrets(ctx)
-	if secrets == nil {
-		return
-	}
-
-	log.Printf("Setting up secrets server at localhost:%d\n", port)
-	s := &http.Server{
-		Addr:    ":" + strconv.Itoa(port),
-		Handler: http.HandlerFunc(secrets.serveSecret),
-	}
-
-	go func() {
-		if err := s.ListenAndServe(); err != nil {
-			log.Print(err)
-		}
-	}()
-
-	go func() {
-		select {
-		case <-ctx.Done():
-			log.Printf("Shutting down secrets server at localhost:%d\n", port)
-			if err := s.Shutdown(context.Background()); err != nil {
-				log.Print(err)
-			}
-		default:
-		}
-	}()
-}

diff --git a/secrets/server_test.go b/secrets/server_test.go
deleted file mode 100644
index e761373..0000000
--- a/secrets/server_test.go
+++ /dev/null

@@ -1,75 +0,0 @@
-// Copyright 2018 The Fuchsia Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-package secrets
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"reflect"
-	"testing"
-
-	"go.chromium.org/luci/lucictx"
-)
-
-func TestGettingSecrets(t *testing.T) {
-	secretBytes := []byte(`{"testNameA":"SECRETA","testNameB":"SECRETB"}`)
-	swarming := lucictx.Swarming{
-		SecretBytes: secretBytes,
-	}
-	ctx := lucictx.SetSwarming(context.Background(), &swarming)
-
-	expectedSecrets := testSecrets{
-		"testNameA": "SECRETA",
-		"testNameB": "SECRETB",
-	}
-	actualSecrets := getSecrets(ctx)
-	if actualSecrets == nil {
-		t.Fatal("no secrets found")
-	}
-	if !reflect.DeepEqual(actualSecrets, &expectedSecrets) {
-		t.Errorf("Returned secrets \"%v\" do not match the expected: \"%v\"\n",
-			*actualSecrets, expectedSecrets)
-	}
-}
-
-func TestServingSecrets(t *testing.T) {
-	// Returns an GET request for the secret associated to |testName|.
-	secretRequest := func(testName string) *http.Request {
-		request, err := http.NewRequest(http.MethodGet, "/"+testName, nil)
-		if err != nil {
-			t.Fatal(err)
-		}
-		return request
-	}
-
-	secrets := testSecrets{
-		"foo_unittests": "FOO-SECRET",
-		"bar_e2e_tests": "BAR-SECRET",
-	}
-	handler := http.HandlerFunc(secrets.serveSecret)
-
-	// Checks that the expected content and code were returned in a mock HTTP response.
-	expectValidResponse := func(t *testing.T, testName string, expectedCode int,
-		expectedContent string) {
-		recorder := httptest.NewRecorder()
-		handler.ServeHTTP(recorder, secretRequest(testName))
-		if actualCode := recorder.Code; actualCode != expectedCode {
-			t.Errorf("serveSecret() response code: %v\n; %v was expected for test \"%v\"\n",
-				actualCode, expectedCode, testName)
-		}
-		if actualContent := recorder.Body.String(); actualContent != expectedContent {
-			t.Errorf("serveSecret() failed to returned \"%v\" instead of \"%v\" for test \"%v\"\n",
-				actualContent, expectedContent, testName)
-		}
-	}
-
-	t.Run("Succeeds when associated secret exists", func(t *testing.T) {
-		expectValidResponse(t, "foo_unittests", http.StatusOK, "FOO-SECRET")
-	})
-
-	t.Run("Fails when associated secret does not exist", func(t *testing.T) {
-		expectValidResponse(t, "non_existant_unittests", http.StatusNotFound, "")
-	})
-}