Launchpad itself

Merge ~ines-almeida/launchpad:fetch-service-redact-certificate-in-logs into launchpad:master

Git
lp:~ines-almeida/launchpad
fetch-service-redact-certificate-in-logs
Merge into master

Proposed by Ines Almeida on 2024-05-01

Status:	Merged
Approved by:	Ines Almeida on 2024-05-02
Approved revision:	210d82e87fdd7f39177b75f7436d8f991197dfa2
Merge reported by:	Otto Co-Pilot
Merged at revision:	not available
Proposed branch:	~ines-almeida/launchpad:fetch-service-redact-certificate-in-logs
Merge into:	launchpad:master
Diff against target:	107 lines (+48/-12) 3 files modified lib/lp/buildmaster/model/buildfarmjobbehaviour.py (+9/-0) lib/lp/code/model/cibuildbehaviour.py (+0/-12) lib/lp/snappy/tests/test_snapbuildbehaviour.py (+39/-0)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jürgen Gmach		2024-05-01	Approve on 2024-05-02
Review via email: mp+465326@code.launchpad.net

Commit message

Redact `fetch_service_mitm_certificate` in build logs

When running a fetch service build, we send the certficate from buildd-manager to buildd, and log it. This redacts the certificate.

Description of the change

Tests from CIBuilds that tested the redacted secrets still ran successfully.

No other build type has `secrets` in their args except for snap builds and ci builds, but IMO anything that goes under a "secrets" keywords should be redacted - so I updated it within the parent `redactXmlrpcArguments` method.

Revision history for this message

Jürgen Gmach (jugmac00) on 2024-05-02:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Launchpad Engineering

Christina A Reitbauer

Edson_g2020_ubuntuone Gomes

Ines Almeida

Jordan

Kevin bush

Maximiliano Bertacchini

noômen

to status/vote changes:

asimbol83

 diff --git a/lib/lp/buildmaster/model/buildfarmjobbehaviour.py b/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
 index e8d82d2..4dd258a 100644
 --- a/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
 +++ b/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
@@ -12,6 +12,7 @@ import logging
  import os
  import tempfile
  from collections import OrderedDict
++from copy import deepcopy
  from datetime import datetime
  import transaction
@@ -126,6 +127,14 @@ class BuildFarmJobBehaviourBase:
      def redactXmlrpcArguments(self, args):
          # we do not want to have secrets in logs
++
++        # we need to copy the input in order to avoid mutating `args` which
++        # will be passed to the builders
++        args = deepcopy(args)
++        if args["args"].get("secrets"):
++            for key in args["args"]["secrets"].keys():
++                args["args"]["secrets"][key] = "<redacted>"
++
          return sanitise_urls(repr(args))
      @defer.inlineCallbacks
 diff --git a/lib/lp/code/model/cibuildbehaviour.py b/lib/lp/code/model/cibuildbehaviour.py
 index 6cceb72..ba73848 100644
 --- a/lib/lp/code/model/cibuildbehaviour.py
 +++ b/lib/lp/code/model/cibuildbehaviour.py
@@ -9,7 +9,6 @@ __all__ = [
  import json
  from configparser import NoSectionError
--from copy import deepcopy
  from typing import Any, Generator
  from twisted.internet import defer
@@ -119,17 +118,6 @@ class CIBuildBehaviour(BuilderProxyMixin, BuildFarmJobBehaviourBase):
      ALLOWED_STATUS_NOTIFICATIONS = ["PACKAGEFAIL"]
--    def redactXmlrpcArguments(self, args):
--        # we do not want to have secrets in logs
--
--        # we need to copy the input in order to avoid mutating `args` which
--        # will be passed to the builders
--        args = deepcopy(args)
--        if args["args"].get("secrets"):
--            for key in args["args"]["secrets"].keys():
--                args["args"]["secrets"][key] = "<redacted>"
--        return super().redactXmlrpcArguments(args)
--
      def getLogFileName(self):
          return "buildlog_ci_%s_%s_%s.txt" % (
              self.build.git_repository.name,
 diff --git a/lib/lp/snappy/tests/test_snapbuildbehaviour.py b/lib/lp/snappy/tests/test_snapbuildbehaviour.py
 index cb2269b..66fb638 100644
 --- a/lib/lp/snappy/tests/test_snapbuildbehaviour.py
 +++ b/lib/lp/snappy/tests/test_snapbuildbehaviour.py
@@ -419,6 +419,45 @@ class TestAsyncSnapBuildBehaviourFetchService(
          self.assertEqual([], self.fetch_service_api.sessions.requests)
      @defer.inlineCallbacks
++    def test_requestFetchServiceSession_mitm_certficate_redacted(self):
++        """The `fetch_service_mitm_certificate` field in the build arguments
++        is redacted in the build logs."""
++
++        self.useFixture(
++            FeatureFixture({SNAP_USE_FETCH_SERVICE_FEATURE_FLAG: "on"})
++        )
++        snap = self.factory.makeSnap(use_fetch_service=True)
++        request = self.factory.makeSnapBuildRequest(snap=snap)
++        job = self.makeJob(snap=snap, build_request=request)
++        args = yield job.extraBuildArgs()
++
++        chroot_lfa = self.factory.makeLibraryFileAlias(db_only=True)
++        job.build.distro_arch_series.addOrUpdateChroot(
++            chroot_lfa, image_type=BuildBaseImageType.CHROOT
++        )
++        lxd_lfa = self.factory.makeLibraryFileAlias(db_only=True)
++        job.build.distro_arch_series.addOrUpdateChroot(
++            lxd_lfa, image_type=BuildBaseImageType.LXD
++        )
++        deferred = defer.Deferred()
++        deferred.callback(None)
++        job._worker.sendFileToWorker = MagicMock(return_value=deferred)
++        job._worker.build = MagicMock(return_value=(None, None))
++
++        logger = BufferLogger()
++        yield job.dispatchBuildToWorker(logger)
++
++        # Secrets exist within the arguments
++        self.assertIn(
++            "fake-cert", args["secrets"]["fetch_service_mitm_certificate"]
++        )
++        # But are redacted in the log output
++        self.assertIn(
++            "'fetch_service_mitm_certificate': '<redacted>'",
++            logger.getLogBuffer(),
++        )
++
++    @defer.inlineCallbacks
      def test_endProxySession(self):
          """By ending a fetch service session, metadata is retrieved from the
          fetch service and saved to a file; and call to end the session is made.