Feature Request P3
Status Update
Comments
jo...@gmail.com <jo...@gmail.com> #3
Project: plugins/replication
Branch: master
commit d1ad7d504171c8f68d2cf956bb3422fa84a8194f
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Jun 13 17:56:43 2024
Use SecureStore to access replication credentials
Gerrit introduced the SecureStore in Ibbb15ad2aa over 10 years
ago, however, the replication plugin was never adapted and then
unable to access the remote endpoint credentials when Gerrit
has a custom secure provider installed that would provide
data encryption at rest.
Replace the direct reading of the secure.config with the abstract
implementation of the Gerrit SecureStore, so that it can still
be working as expected with encrypted credentials.
Existing installations may have used a mix of encrypted and clear text
credentials in secure.config, leveraging the replication plugin bug
that was not accessing it using the correct API. Introduce a legacy
feature flag 'gerrit.useLegacyCredentials' that allow the Gerrit
admin to still use the legacy mode.
Whenever the replication plugin detects the legacy mode, it displays
a warning explaining what is happening and how to adjust the
configuration and enable full encryption in secure.config.
Release-Notes: Use SecureStore for reading username/password credentials
Bug: Issue 320715545
Change-Id: Ie5b6339d65d144536416cf070d52f11342b39fe6
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadConfigDecorator.java
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecorator.java
A src/main/java/com/googlesource/gerrit/plugins/replication/LegacyCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/ReplicationConfigImpl.java
M src/main/java/com/googlesource/gerrit/plugins/replication/SecureCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/api/ReplicationConfig.java
M src/main/resources/Documentation/config.md
M src/test/java/com/googlesource/gerrit/plugins/replication/AbstractConfigTest.java
A src/test/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecoratorTest.java
https://gerrit-review.googlesource.com/429897
Branch: master
commit d1ad7d504171c8f68d2cf956bb3422fa84a8194f
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Jun 13 17:56:43 2024
Use SecureStore to access replication credentials
Gerrit introduced the SecureStore in Ibbb15ad2aa over 10 years
ago, however, the replication plugin was never adapted and then
unable to access the remote endpoint credentials when Gerrit
has a custom secure provider installed that would provide
data encryption at rest.
Replace the direct reading of the secure.config with the abstract
implementation of the Gerrit SecureStore, so that it can still
be working as expected with encrypted credentials.
Existing installations may have used a mix of encrypted and clear text
credentials in secure.config, leveraging the replication plugin bug
that was not accessing it using the correct API. Introduce a legacy
feature flag 'gerrit.useLegacyCredentials' that allow the Gerrit
admin to still use the legacy mode.
Whenever the replication plugin detects the legacy mode, it displays
a warning explaining what is happening and how to adjust the
configuration and enable full encryption in secure.config.
Release-Notes: Use SecureStore for reading username/password credentials
Bug:
Change-Id: Ie5b6339d65d144536416cf070d52f11342b39fe6
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadConfigDecorator.java
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecorator.java
A src/main/java/com/googlesource/gerrit/plugins/replication/LegacyCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/ReplicationConfigImpl.java
M src/main/java/com/googlesource/gerrit/plugins/replication/SecureCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/api/ReplicationConfig.java
M src/main/resources/Documentation/config.md
M src/test/java/com/googlesource/gerrit/plugins/replication/AbstractConfigTest.java
A src/test/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecoratorTest.java
ap...@google.com <ap...@google.com> #4
Project: gerrit
Branch: master
commit a7f438cea6222d92bbcf32bbfe5ddd7f31a9defc
Author: Jose Granha <jose.granha@gmail.com>
Date: Wed Mar 20 11:23:50 2024
Add support for using subsections in passwd
Add support for the usage of both section.key as well as
section.subsection.key in the passwd command.
New format:
java -jar bin/gerrit.war passwd --help
passwd SECTION.[SUBSECTION.]KEY [PASSWORD]
SECTION.[SUBSECTION.]KEY : Section, subsection and key
separated by a dot of the password to set. Subsection
is optional
Bug: Issue 321784728
Release-Notes: Add support for using subsections in passwd
Change-Id: I5ef94a46f1b703f08de0db6ebfd87b760c63f1d0
M Documentation/pgm-passwd.txt
M java/com/google/gerrit/pgm/Passwd.java
M java/com/google/gerrit/pgm/SetPasswd.java
https://gerrit-review.googlesource.com/413562
Branch: master
commit a7f438cea6222d92bbcf32bbfe5ddd7f31a9defc
Author: Jose Granha <jose.granha@gmail.com>
Date: Wed Mar 20 11:23:50 2024
Add support for using subsections in passwd
Add support for the usage of both section.key as well as
section.subsection.key in the passwd command.
New format:
java -jar bin/gerrit.war passwd --help
passwd SECTION.[SUBSECTION.]KEY [PASSWORD]
SECTION.[SUBSECTION.]KEY : Section, subsection and key
separated by a dot of the password to set. Subsection
is optional
Bug:
Release-Notes: Add support for using subsections in passwd
Change-Id: I5ef94a46f1b703f08de0db6ebfd87b760c63f1d0
M Documentation/pgm-passwd.txt
M java/com/google/gerrit/pgm/Passwd.java
M java/com/google/gerrit/pgm/SetPasswd.java
Description
*** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!!
*** Do not submit bugs for chrome/android and issues with your company's
*** Gerrit setup here. Those issues belong in different issue trackers.
*************************************************************************
What steps will reproduce the problem?
1. Want to create a section/subsection value
2. java -jar bin/gerrit.war passwd remote.instance-2.username
What is the expected output?
Value created in secure.config within the following
[remote "instance-2"]
username = dijfdgjiofgjflifxjk
What do you see instead?
java -jar bin/gerrit.war passwd remote.instance-2.username
Exception in thread "main" java.lang.IllegalArgumentException: Invalid name 'remote.instance-2.username': expected section.key format
at com.google.gerrit.pgm.Passwd.init(Passwd.java:54)
at com.google.gerrit.pgm.Passwd.run(Passwd.java:63)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:62)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:252)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:148)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:93)
at Main.main(Main.java:30)
Please provide any additional information below.
Workaround: create a dummy section and edit by hand the section to the correct section/subsection