Secrets manager and base provider proposal

[protatremy]

Proposal to implement Buildbot secrets service:

• secrets manager (get API)
• secret provider base

Contributor Checklist:

• I have updated the unit tests
• I have created a file in the master/buildbot/newsfragment directory (and read the README.txt in that directory)
• I have updated the appropriate documentation

[tardyp]

Looks pretty solid! congrats!
a few nitpicks to fix goal is to go 100% coverage

[tardyp]

please try to get 100% coverage. install codecov.io chrome extension to see that this line is not covered

[tardyp]

what kind of properties do we need for secrets?

[tardyp]

provider where the secret was retrieved

[protatremy]

replaced

[codecov]

Codecov Report

Merging #2758 into master will increase coverage by 0.02%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #2758      +/-   ##
==========================================
+ Coverage   87.31%   87.33%   +0.02%     
==========================================
  Files         305      308       +3     
  Lines       32564    32622      +58     
==========================================
+ Hits        28432    28491      +59     
+ Misses       4132     4131       -1

Impacted Files	Coverage Δ
master/buildbot/secrets/secret.py	100% <100%> (ø)
master/buildbot/secrets/providers/base.py	100% <100%> (ø)
master/buildbot/secrets/manager.py	100% <100%> (ø)
worker/buildbot_worker/init.py	87.09% <ø> (-0.41%)	❌
master/buildbot/init.py	89.65% <ø> (-0.35%)	❌
master/buildbot/scripts/cleanupdb.py	96.49% <ø> (-0.07%)	❌
master/buildbot/db/pool.py	86.92% <ø> (ø)	✅
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 16a3c75...abe4e0a. Read the comment docs.

[tardyp]

I think we need this get to be yield. Some providers will need to make network access to do the get

[tardyp]

this function shall return deferred (inlinecallbacks)

[tardyp]

the you can mark it abstract https://docs.python.org/2/library/abc.html

[tardyp]

name of provider where secret has been retrieved

[tardyp]

its not very clear to me what you mean

[tardyp]

the manager returns the first value found.

[tardyp]

+The manager call the get method of the configured provider and returns a SecretDetails if the call succeed.

[tardyp]

If not found, I think it should return None, not secretDefails(fakestorage2, None)

[protatremy]

I preferred to return the object because it contains the provider class name information, that will be used to prompt a log error indication from where the information has not been found.

we spoke about that together, I changed it. The get API returns the first found value else returns None

[tardyp]

why dont you just write OtherFakeSecretStorage.__name__ ?

[tardyp]

you should return the first that is not None.

for provider in providers:
    value = yield provider.get(secret)
    if value is not None:
        source_name = provider.__class__.__name__
        defer.returnValue(SecretDetails(source_name, secret, value))
# return None is implicit

[tardyp]

Need to add a test for 2 providers having the secret in their DB (but not the same value):
should return the value of the first provider

[tardyp]

We will have several providers, so we should call this module buildbot.secrets.providers (with an s)

[tardyp]

if value is not None (a secret might be empty string)

[tardyp]

I don't see the test with two providers providing the same secret.

Need another test with a secret value being empty string ( empty string is valid secret)