OpenHarmony/third_party_mesa3d
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci/lava: Hide JWT block during YAML dump

Browse Source 
Make hide_sensitive_data work in a block fashion, not only hiding the
JWT line, since these tokens are huge, it may break the line when it
extrapolates the YAML dump width.

Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/22870>
This commit is contained in:
Guilherme Gallo
2023-05-17 01:12:28 -03:00
committed by Marge Bot
parent 703635f059
commit 4173e4b18f
3 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.gitlab-ci/lava/utils/lava_job_definition.py
View File

@@ -127,9 +127,9 @@ def artifact_download_steps(args):
if args.jwt_file: if args.jwt_file:
with open(args.jwt_file) as jwt_file: with open(args.jwt_file) as jwt_file:
download_steps += [ download_steps += [
"set +x", "set +x # HIDE_START",
f'echo -n "{jwt_file.read()}" > "{args.jwt_file}" # HIDEME', f'echo -n "{jwt_file.read()}" > "{args.jwt_file}"',
"set -x", "set -x # HIDE_END",
f'echo "export CI_JOB_JWT_FILE={args.jwt_file}" >> /set-job-env-vars.sh', f'echo "export CI_JOB_JWT_FILE={args.jwt_file}" >> /set-job-env-vars.sh',
] ]
else: else:

17
.gitlab-ci/lava/utils/log_follower.py
View File

@@ -293,5 +293,18 @@ def fatal_err(msg, exception=None):
sys.exit(1) sys.exit(1)
def hide_sensitive_data(yaml_data: str, hide_tag: str ="HIDEME"): def hide_sensitive_data(yaml_data: str, start_hide: str = "HIDE_START", end_hide: str = "HIDE_END") -> str:
return "".join(line for line in yaml_data.splitlines(True) if hide_tag not in line) skip_line = False
dump_data: list[str] = []
for line in yaml_data.splitlines(True):
if start_hide in line:
skip_line = True
elif end_hide in line:
skip_line = False
if skip_line:
continue
dump_data.append(line)
return "".join(dump_data)

16
.gitlab-ci/tests/utils/test_lava_log.py
View File

@@ -153,29 +153,29 @@ SENSITIVE_DATA_SCENARIOS = {
"no sensitive data tagged": ( "no sensitive data tagged": (
["bla bla", "mytoken: asdkfjsde1341=="], ["bla bla", "mytoken: asdkfjsde1341=="],
["bla bla", "mytoken: asdkfjsde1341=="], ["bla bla", "mytoken: asdkfjsde1341=="],
"HIDEME", ["HIDEME"],
), ),
"sensitive data tagged": ( "sensitive data tagged": (
["bla bla", "mytoken: asdkfjsde1341== # HIDEME"], ["bla bla", "mytoken: asdkfjsde1341== # HIDEME"],
["bla bla"], ["bla bla"],
"HIDEME", ["HIDEME"],
), ),
"sensitive data tagged with custom word": ( "sensitive data tagged with custom word": (
["bla bla", "mytoken: asdkfjsde1341== # DELETETHISLINE", "third line"], ["bla bla", "mytoken: asdkfjsde1341== # DELETETHISLINE", "third line # NOTANYMORE"],
["bla bla", "third line"], ["bla bla", "third line # NOTANYMORE"],
"DELETETHISLINE", ["DELETETHISLINE", "NOTANYMORE"],
), ),
} }
@pytest.mark.parametrize( @pytest.mark.parametrize(
"input, expectation, tag", "input, expectation, tags",
SENSITIVE_DATA_SCENARIOS.values(), SENSITIVE_DATA_SCENARIOS.values(),
ids=SENSITIVE_DATA_SCENARIOS.keys(), ids=SENSITIVE_DATA_SCENARIOS.keys(),
) )
def test_hide_sensitive_data(input, expectation, tag): def test_hide_sensitive_data(input, expectation, tags):
yaml_data = yaml_dump(input) yaml_data = yaml_dump(input)
yaml_result = hide_sensitive_data(yaml_data, tag) yaml_result = hide_sensitive_data(yaml_data, *tags)
result = lava_yaml.load(yaml_result) result = lava_yaml.load(yaml_result)
assert result == expectation assert result == expectation