2
0

ref(relay): More robust Relay credentials setting (#470)

This patch does two things:

1. Separate creating of Relay credentials from syncing them to Sentry config
2. Has a more flexible Relay credentials check and sync: look for the quoted public key in the config file, if it is there, assume this must be correctly set as it is very unlikely to have that random key in a different context with quotes around. The second one is to allow having other whitelisted relay keys by using an append method when adding the new key.
This commit is contained in:
Burak Yigit Kaya 2020-05-04 21:44:34 +03:00 committed by GitHub
parent 3c190eb138
commit 024024b198
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -183,28 +183,19 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
# not valid JSON. We hit this case as we redirect output to the same config folder, creating an empty # not valid JSON. We hit this case as we redirect output to the same config folder, creating an empty
# credentials file before relay runs. # credentials file before relay runs.
$dcr --no-deps -v $(pwd)/$RELAY_CONFIG_YML:/tmp/config.yml relay --config /tmp credentials generate --stdout > "$RELAY_CREDENTIALS_JSON" $dcr --no-deps -v $(pwd)/$RELAY_CONFIG_YML:/tmp/config.yml relay --config /tmp credentials generate --stdout > "$RELAY_CREDENTIALS_JSON"
CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON") echo "Relay credentials written to $RELAY_CREDENTIALS_JSON"
if [ -z "$CREDENTIALS" ]; then fi
RELAY_CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON")
if [ -z "$RELAY_CREDENTIALS" ]; then
>&2 echo "FAIL: Cannot read credentials back from $RELAY_CREDENTIALS_JSON." >&2 echo "FAIL: Cannot read credentials back from $RELAY_CREDENTIALS_JSON."
>&2 echo " Please ensure this file is readable and contains valid credentials." >&2 echo " Please ensure this file is readable and contains valid credentials."
>&2 echo "" >&2 echo ""
exit 1 exit 1
else fi
echo "Relay credentials written to $RELAY_CREDENTIALS_JSON"
fi
CREDENTIALS="SENTRY_RELAY_WHITELIST_PK = [\"$CREDENTIALS\"]" if ! grep -q "\"$RELAY_CREDENTIALS\"" "$SENTRY_CONFIG_PY"; then
echo "SENTRY_RELAY_WHITELIST_PK = (SENTRY_RELAY_WHITELIST_PK or []) + ([\"$RELAY_CREDENTIALS\"])" >> "$SENTRY_CONFIG_PY"
if grep -xq SENTRY_RELAY_WHITELIST_PK "$SENTRY_CONFIG_PY"; then
>&2 echo "FAIL: SENTRY_RELAY_WHITELIST_PK already exists in $SENTRY_CONFIG_PY, please replace with:"
>&2 echo ""
>&2 echo " $CREDENTIALS"
>&2 echo ""
exit 1
fi
echo "" >> "$SENTRY_CONFIG_PY"
echo "$CREDENTIALS" >> "$SENTRY_CONFIG_PY"
echo "Relay public key written to $SENTRY_CONFIG_PY" echo "Relay public key written to $SENTRY_CONFIG_PY"
echo "" echo ""
fi fi