remote-build: Use personal access tokens #4270
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The initial mechanism used by Launchpad to grant temporary access tokens to
snapcraft remote-build
was a bit of a hack. They were essentially pure bearer tokens (implemented as macaroons) that weren't recorded anywhere on the Launchpad side, which meant that there was no mechanism for revoking them. We mitigated this with a hardcoded expiry time, but it wasn't great.We now have a new "personal access tokens" mechanism, which is much better. These tokens show up in a "Manage access tokens" page on the repository and can be revoked by the owner; they have more specific control of the access scopes they grant, and the caller can specify an expiry time. The old mechanism is now deprecated, and we intend to remove it after a suitable transition period.
This commit changes
snapcraft remote-build
to use the new mechanism. The unit tests can essentially only confirm that it's passing the expected arguments to the Launchpad API, so I've also run an end-to-end manual test against Launchpad production to make sure that those arguments have the intended effect.We can use a very tight expiry time here, since it only has to last for long enough for the
git push
process to start. It's OK to increase it a little if needed, but it's generally good for token lifetimes to be short where possible.make lint
?pytest tests/unit
?