From 74f5758848fdb7609c2b1d1d62edd4d6f1b32aff Mon Sep 17 00:00:00 2001
From: Scott Beddall <45376673+scbedd@users.noreply.github.com>
Date: Wed, 15 May 2024 10:46:27 -0700
Subject: [PATCH] Support Scan Breakglass (#8261)

* allow breakglass scenario for pushing

---------

Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
---
 .../CommandOptions/OptionsGenerator.cs              |  7 ++++++-
 .../CommandOptions/PushOptions.cs                   |  8 ++++++--
 .../test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs |  5 ++++-
 .../Azure.Sdk.Tools.TestProxy/Store/GitStore.cs     | 13 ++++++++-----
 .../Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs |  4 +++-
 .../Azure.Sdk.Tools.TestProxy/Store/NullStore.cs    |  2 +-
 6 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/OptionsGenerator.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/OptionsGenerator.cs
index 8f0ad59bb8b..3ad5748f5ca 100644
--- a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/OptionsGenerator.cs
+++ b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/OptionsGenerator.cs
@@ -55,6 +55,10 @@ public static RootCommand GenerateCommandLineOptions(Func<DefaultOptions, Task>
                 getDefaultValue: () => false);
             universalOption.AddAlias("-u");
 
+            var breakGlassOption = new Option<bool>(
+                name: "--break-glass",
+                description: "Flag; Ignore secret push protection results when pushing.",
+                getDefaultValue: () => false);
 
             var collectedArgs = new Argument<string[]>("args")
             {
@@ -92,9 +96,10 @@ public static RootCommand GenerateCommandLineOptions(Func<DefaultOptions, Task>
             root.Add(startCommand);
 
             var pushCommand = new Command("push", "Push the assets, referenced by assets.json, into git.");
+            pushCommand.AddOption(breakGlassOption);
             pushCommand.AddOption(assetsJsonPathOption);
             pushCommand.SetHandler(async (pushOpts) => await callback(pushOpts),
-                new PushOptionsBinder(storageLocationOption, storagePluginOption, assetsJsonPathOption)
+                new PushOptionsBinder(storageLocationOption, storagePluginOption, assetsJsonPathOption, breakGlassOption)
             );
             root.Add(pushCommand);
 
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/PushOptions.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/PushOptions.cs
index 71f76b5aa99..c12dd889ee3 100644
--- a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/PushOptions.cs
+++ b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/CommandOptions/PushOptions.cs
@@ -8,6 +8,7 @@ namespace Azure.Sdk.Tools.TestProxy.CommandOptions
     /// </summary>
     public class PushOptions : CLICommandOptions
     {
+        public bool BreakGlass { get; set; }
     }
 
     public class PushOptionsBinder : BinderBase<PushOptions>
@@ -15,12 +16,14 @@ public class PushOptionsBinder : BinderBase<PushOptions>
         private readonly Option<string> _storageLocationOption;
         private readonly Option<string> _storagePluginOption;
         private readonly Option<string> _assetsJsonPathOption;
+        private readonly Option<bool> _breakGlassOption;
 
-        public PushOptionsBinder(Option<string> storageLocationOption, Option<string> storagePluginOption, Option<string> assetsJsonPathOption)
+        public PushOptionsBinder(Option<string> storageLocationOption, Option<string> storagePluginOption, Option<string> assetsJsonPathOption, Option<bool> breakGlassOption)
         {
             _storageLocationOption = storageLocationOption;
             _storagePluginOption = storagePluginOption;
             _assetsJsonPathOption = assetsJsonPathOption;
+            _breakGlassOption = breakGlassOption;
         }
 
         protected override PushOptions GetBoundValue(BindingContext bindingContext) =>
@@ -28,7 +31,8 @@ protected override PushOptions GetBoundValue(BindingContext bindingContext) =>
             {
                 StorageLocation = bindingContext.ParseResult.GetValueForOption(_storageLocationOption),
                 StoragePlugin = bindingContext.ParseResult.GetValueForOption(_storagePluginOption),
-                AssetsJsonPath = bindingContext.ParseResult.GetValueForOption(_assetsJsonPathOption)
+                AssetsJsonPath = bindingContext.ParseResult.GetValueForOption(_assetsJsonPathOption),
+                BreakGlass = bindingContext.ParseResult.GetValueForOption(_breakGlassOption),
             };
     }
 }
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs
index b4285640fec..6e021b99187 100644
--- a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs
+++ b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Startup.cs
@@ -62,11 +62,12 @@ public static async Task Main(string[] args = null)
             Environment.Exit(resultCode);
         }
 
-        private static async Task Run(object commandObj)
+        private static async Task<int> Run(object commandObj)
         {
             var assembly = System.Reflection.Assembly.GetExecutingAssembly();
             var semanticVersion = assembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>().InformationalVersion;
             System.Console.WriteLine($"Running proxy version is Azure.Sdk.Tools.TestProxy {semanticVersion}");
+            int returnCode = 0;
 
             new GitProcessHandler().VerifyGitMinVersion();
             DefaultOptions defaultOptions = (DefaultOptions)commandObj;
@@ -124,6 +125,8 @@ private static async Task Run(object commandObj)
                 default:
                     throw new ArgumentException($"Unable to parse the argument set: {string.Join(" ", storedArgs)}");
             }
+
+            return returnCode;
         }
 
         private static void StartServer(StartOptions startOptions)
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs
index 0f3c5339131..afecf527627 100644
--- a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs
+++ b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/GitStore.cs
@@ -121,8 +121,9 @@ public bool CheckForSecrets(GitAssetsConfiguration assetsConfiguration, string[]
         /// Pushes a set of changed files to the assets repo. Honors configuration of assets.json passed into it.
         /// </summary>
         /// <param name="pathToAssetsJson"></param>
+        /// <param name="ignoreSecretProtection"></param>
         /// <returns></returns>
-        public async Task Push(string pathToAssetsJson) {
+        public async Task<int> Push(string pathToAssetsJson, bool ignoreSecretProtection = false) {
             var config = await ParseConfigurationFile(pathToAssetsJson);
 
             var initialized = IsAssetsRepoInitialized(config);
@@ -132,8 +133,7 @@ public async Task Push(string pathToAssetsJson) {
                 _consoleWrapper.WriteLine($"The targeted assets.json \"{config.AssetsJsonRelativeLocation}\" has not been restored prior to attempting push. " +
                     $"Are you certain you're pushing the correct assets.json? Please invoke \'test-proxy restore \"{config.AssetsJsonRelativeLocation}\"\' prior to invoking a push operation.");
 
-                Environment.ExitCode = -1;
-                return;
+                return -1;
             }
 
             SetOrigin(config);
@@ -145,8 +145,10 @@ public async Task Push(string pathToAssetsJson) {
             {
                 if (CheckForSecrets(config, pendingChanges))
                 {
-                    Environment.ExitCode = -1;
-                    return;
+                    if (!ignoreSecretProtection)
+                    {
+                        return -1;
+                    }
                 }
 
                 try
@@ -239,6 +241,7 @@ public async Task Push(string pathToAssetsJson) {
             }
 
             HideOrigin(config);
+            return 0;
         }
 
         /// <summary>
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs
index 62e971283a0..4d3eafd20ae 100644
--- a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs
+++ b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/IAssetsStore.cs
@@ -11,7 +11,9 @@ public interface IAssetsStore
         /// Given a configuration, push the changes made by the test-proxy into the remote store.
         /// </summary>
         /// <param name="pathToAssetsJson"></param>
-        public abstract Task Push(string pathToAssetsJson);
+        /// <param name="ignoreSecretProtection"></param>
+        /// <returns>An integer representing the status of the push command.</returns>
+        public abstract Task<int> Push(string pathToAssetsJson, bool ignoreSecretProtection = false);
 
         /// <summary>
         /// Given a configuration, pull any remote resources down into the provided contextPath.
diff --git a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/NullStore.cs b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/NullStore.cs
index 2b90c851884..3290ff774c6 100644
--- a/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/NullStore.cs
+++ b/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Store/NullStore.cs
@@ -9,7 +9,7 @@ namespace Azure.Sdk.Tools.TestProxy.Store
 {
     public class NullStore : IAssetsStore
     {
-        public Task Push(string pathToAssetsJson) { return null; }
+        public Task<int> Push(string pathToAssetsJson, bool ignoreSecretProtection = false) { return null; }
 
         public Task<string> Restore(string pathToAssetsJson) { return null; }