Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 2e143a0

Browse filesBrowse files
author
Takashi Matsuo
committed
only decrypt the secret when the key exists
also prevents decrypt-secrets.sh to override existing files. also stop unnecessary (and harmful) workaround.
1 parent ab61462 commit 2e143a0
Copy full SHA for 2e143a0

File tree

Expand file treeCollapse file tree

2 files changed

+14
-10
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+14
-10
lines changed

‎.kokoro/tests/run_tests.sh

Copy file name to clipboardExpand all lines: .kokoro/tests/run_tests.sh
+6-10Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -43,19 +43,18 @@ export PATH="${HOME}/.local/bin:${PATH}"
4343
# install nox for testing
4444
pip install --user -q nox
4545

46-
# Use secrets acessor service account to get secrets
46+
# Use secrets acessor service account to get secrets.
4747
if [[ -f "${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" ]]; then
4848
gcloud auth activate-service-account \
4949
--key-file="${KOKORO_GFILE_DIR}/secrets_viewer_service_account.json" \
5050
--project="cloud-devrel-kokoro-resources"
51+
# This script will create 3 files:
52+
# - testing/test-env.sh
53+
# - testing/service-account.json
54+
# - testing/client-secrets.json
55+
./scripts/decrypt-secrets.sh
5156
fi
5257

53-
# This script will create 3 files:
54-
# - testing/test-env.sh
55-
# - testing/service-account.json
56-
# - testing/client-secrets.json
57-
./scripts/decrypt-secrets.sh
58-
5958
source ./testing/test-env.sh
6059
export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/testing/service-account.json
6160

@@ -176,7 +175,4 @@ for file in **/requirements.txt; do
176175
done
177176
cd "$ROOT"
178177

179-
# Workaround for Kokoro permissions issue: delete secrets
180-
rm testing/{test-env.sh,client-secrets.json,service-account.json}
181-
182178
exit "$RTN"

‎scripts/decrypt-secrets.sh

Copy file name to clipboardExpand all lines: scripts/decrypt-secrets.sh
+8Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,14 @@ ROOT=$( dirname "$DIR" )
2020
# Work from the project root.
2121
cd $ROOT
2222

23+
# Prevent it from overriding files.
24+
if [[ -f "testing/test-env.sh" ]] || \
25+
[[ -f "testing/service-account.json" ]] || \
26+
[[ -f "testing/client-secrets.json" ]]; then
27+
echo "One or more target files exist, aborting."
28+
exit 1
29+
fi
30+
2331
# Use SECRET_MANAGER_PROJECT if set, fallback to cloud-devrel-kokoro-resources.
2432
PROJECT_ID="${SECRET_MANAGER_PROJECT:-cloud-devrel-kokoro-resources}"
2533

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.