Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filepromoter: Build unauthenticated client for source filestores #422

Merged
merged 2 commits into from
Sep 12, 2021
Merged

filepromoter: Build unauthenticated client for source filestores #422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a7601fe
filepromoter: Build unauthenticated client for source filestores
justaugustus Sep 12, 2021
585f3e8
kpromo: Build v0.2.4-1 image
justaugustus Sep 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile-kpromo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ SHELL=/bin/bash -o pipefail

REGISTRY ?= gcr.io/k8s-staging-artifact-promoter
IMGNAME = kpromo
IMAGE_VERSION ?= v0.2.3-1
IMAGE_VERSION ?= v0.2.4-1

IMAGE = $(REGISTRY)/$(IMGNAME)

Expand Down
2 changes: 1 addition & 1 deletion cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ substitutions:
# vYYYYMMDD-hash, and can be used as a substitution
_GIT_TAG: '12345'
_PULL_BASE_REF: 'dev'
_IMAGE_VERSION: 'v0.2.3-1'
_IMAGE_VERSION: 'v0.2.4-1'
_GO_VERSION: '1.17'
_OS_CODENAME: 'buster'

Expand Down
2 changes: 1 addition & 1 deletion dependencies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ dependencies:
match: go \d+.\d+

- name: "k8s.gcr.io/artifact-promoter/kpromo"
version: v0.2.3-1
version: v0.2.4-1
refPaths:
- path: cloudbuild.yaml
match: v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)-([0-9]+)
Expand Down
17 changes: 15 additions & 2 deletions filepromoter/filestore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,12 +86,18 @@ func openFilestore(

var opts []option.ClientOption
if withAuth {
logrus.Infof("requesting an authenticated storage client")
logrus.Infof(
"requesting an authenticated storage client for %s",
filestore.Base,
)

ts := &gcloudTokenSource{ServiceAccount: filestore.ServiceAccount}
opts = append(opts, option.WithTokenSource(ts))
} else {
logrus.Warnf("requesting an UNAUTHENTICATED storage client")
logrus.Warnf(
"requesting an UNAUTHENTICATED storage client for %s",
filestore.Base,
)

opts = append(opts, option.WithoutAuthentication())
}
Expand Down Expand Up @@ -122,6 +128,13 @@ func useStorageClientAuth(
useServiceAccount, dryRun bool,
) (bool, error) {
withAuth := false

// Source filestores should be world-readable, so authentication should
// not be required.
if filestore.Src {
return withAuth, nil
}

if !dryRun {
if filestore.ServiceAccount == "" {
return withAuth, fmt.Errorf("cannot execute a production file promotion without a service account")
Expand Down
11 changes: 11 additions & 0 deletions filepromoter/filestore_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,17 @@ func Test_useStorageClientAuth(t *testing.T) {
want: false,
wantErr: true,
},
{
name: "production source filestore without service account",
args: args{
filestore: &api.Filestore{
Src: true,
},
dryRun: false,
},
want: false,
wantErr: false,
},
{
name: "non-production",
args: args{
Expand Down