Support Scan Breakglass (#8261)

* allow breakglass scenario for pushing --------- Co-authored-by: Ben Broderick Phillips <[email protected]>
Azure · May 15, 2024 · 74f5758 · 74f5758
1 parent 536586b
commit 74f5758
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 11 deletions.
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/OptionsGenerator.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/OptionsGenerator.cs
@@ -55,6 +55,10 @@ public static RootCommand GenerateCommandLineOptions(Func<DefaultOptions, Task>
                 getDefaultValue: () => false);
             universalOption.AddAlias("-u");
 
+            var breakGlassOption = new Option<bool>(
+                name: "--break-glass",
+                description: "Flag; Ignore secret push protection results when pushing.",
+                getDefaultValue: () => false);
 
             var collectedArgs = new Argument<string[]>("args")
             {
@@ -92,9 +96,10 @@ public static RootCommand GenerateCommandLineOptions(Func<DefaultOptions, Task>
             root.Add(startCommand);
 
             var pushCommand = new Command("push", "Push the assets, referenced by assets.json, into git.");
+            pushCommand.AddOption(breakGlassOption);
             pushCommand.AddOption(assetsJsonPathOption);
             pushCommand.SetHandler(async (pushOpts) => await callback(pushOpts),
-                new PushOptionsBinder(storageLocationOption, storagePluginOption, assetsJsonPathOption)
+                new PushOptionsBinder(storageLocationOption, storagePluginOption, assetsJsonPathOption, breakGlassOption)
             );
             root.Add(pushCommand);
 

diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/PushOptions.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/PushOptions.cs
@@ -8,27 +8,31 @@ namespace Azure.Sdk.Tools.TestProxy.CommandOptions
     /// </summary>
     public class PushOptions : CLICommandOptions
     {
+        public bool BreakGlass { get; set; }
     }
 
     public class PushOptionsBinder : BinderBase<PushOptions>
     {
         private readonly Option<string> _storageLocationOption;
         private readonly Option<string> _storagePluginOption;
         private readonly Option<string> _assetsJsonPathOption;
+        private readonly Option<bool> _breakGlassOption;
 
-        public PushOptionsBinder(Option<string> storageLocationOption, Option<string> storagePluginOption, Option<string> assetsJsonPathOption)
+        public PushOptionsBinder(Option<string> storageLocationOption, Option<string> storagePluginOption, Option<string> assetsJsonPathOption, Option<bool> breakGlassOption)
         {
             _storageLocationOption = storageLocationOption;
             _storagePluginOption = storagePluginOption;
             _assetsJsonPathOption = assetsJsonPathOption;
+            _breakGlassOption = breakGlassOption;
         }
 
         protected override PushOptions GetBoundValue(BindingContext bindingContext) =>
             new PushOptions
             {
                 StorageLocation = bindingContext.ParseResult.GetValueForOption(_storageLocationOption),
                 StoragePlugin = bindingContext.ParseResult.GetValueForOption(_storagePluginOption),
-                AssetsJsonPath = bindingContext.ParseResult.GetValueForOption(_assetsJsonPathOption)
+                AssetsJsonPath = bindingContext.ParseResult.GetValueForOption(_assetsJsonPathOption),
+                BreakGlass = bindingContext.ParseResult.GetValueForOption(_breakGlassOption),
             };
     }
 }
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs
@@ -62,11 +62,12 @@ public static async Task Main(string[] args = null)
             Environment.Exit(resultCode);
         }
 
-        private static async Task Run(object commandObj)
+        private static async Task<int> Run(object commandObj)
         {
             var assembly = System.Reflection.Assembly.GetExecutingAssembly();
             var semanticVersion = assembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>().InformationalVersion;
             System.Console.WriteLine($"Running proxy version is Azure.Sdk.Tools.TestProxy {semanticVersion}");
+            int returnCode = 0;
 
             new GitProcessHandler().VerifyGitMinVersion();
             DefaultOptions defaultOptions = (DefaultOptions)commandObj;
@@ -124,6 +125,8 @@ private static async Task Run(object commandObj)
                 default:
                     throw new ArgumentException($"Unable to parse the argument set: {string.Join(" ", storedArgs)}");
             }
+
+            return returnCode;
         }
 
         private static void StartServer(StartOptions startOptions)

diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs
@@ -121,8 +121,9 @@ public bool CheckForSecrets(GitAssetsConfiguration assetsConfiguration, string[]
         /// Pushes a set of changed files to the assets repo. Honors configuration of assets.json passed into it.
         /// </summary>
         /// <param name="pathToAssetsJson"></param>
+        /// <param name="ignoreSecretProtection"></param>
         /// <returns></returns>
-        public async Task Push(string pathToAssetsJson) {
+        public async Task<int> Push(string pathToAssetsJson, bool ignoreSecretProtection = false) {
             var config = await ParseConfigurationFile(pathToAssetsJson);
 
             var initialized = IsAssetsRepoInitialized(config);
@@ -132,8 +133,7 @@ public async Task Push(string pathToAssetsJson) {
                 _consoleWrapper.WriteLine($"The targeted assets.json \"{config.AssetsJsonRelativeLocation}\" has not been restored prior to attempting push. " +
                     $"Are you certain you're pushing the correct assets.json? Please invoke \'test-proxy restore \"{config.AssetsJsonRelativeLocation}\"\' prior to invoking a push operation.");
 
-                Environment.ExitCode = -1;
-                return;
+                return -1;
             }
 
             SetOrigin(config);
@@ -145,8 +145,10 @@ public async Task Push(string pathToAssetsJson) {
             {
                 if (CheckForSecrets(config, pendingChanges))
                 {
-                    Environment.ExitCode = -1;
-                    return;
+                    if (!ignoreSecretProtection)
+                    {
+                        return -1;
+                    }
                 }
 
                 try
@@ -239,6 +241,7 @@ public async Task Push(string pathToAssetsJson) {
             }
 
             HideOrigin(config);
+            return 0;
         }
 
         /// <summary>

diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs
@@ -11,7 +11,9 @@ public interface IAssetsStore
         /// Given a configuration, push the changes made by the test-proxy into the remote store.
         /// </summary>
         /// <param name="pathToAssetsJson"></param>
-        public abstract Task Push(string pathToAssetsJson);
+        /// <param name="ignoreSecretProtection"></param>
+        /// <returns>An integer representing the status of the push command.</returns>
+        public abstract Task<int> Push(string pathToAssetsJson, bool ignoreSecretProtection = false);
 
         /// <summary>
         /// Given a configuration, pull any remote resources down into the provided contextPath.

diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/NullStore.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/NullStore.cs
@@ -9,7 +9,7 @@ namespace Azure.Sdk.Tools.TestProxy.Store
 {
     public class NullStore : IAssetsStore
     {
-        public Task Push(string pathToAssetsJson) { return null; }
+        public Task<int> Push(string pathToAssetsJson, bool ignoreSecretProtection = false) { return null; }
 
         public Task<string> Restore(string pathToAssetsJson) { return null; }