This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 6694064 Add a migration to use a generated secrets state subdirectory
6694064 is described below
commit 66940649ccf036df2dac1339dd7aad9e83c2d839
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Jan 19 19:55:26 2026 +0000
Add a migration to use a generated secrets state subdirectory
---
atr/server.py | 5 ++++-
atr/ssh.py | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/atr/server.py b/atr/server.py
index 21d0f27..6e6af55 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -80,6 +80,8 @@ _MIGRATIONS: Final[list[tuple[str, str]]] = [
("route-performance.log", "logs/route-performance.log"),
# Secrets
("secrets.ini", "secrets/curated/secrets.ini"),
+ ("apptoken.txt", "secrets/generated/apptoken.txt"),
+ ("ssh_host_key", "secrets/generated/ssh_host_key"),
]
_SWAGGER_UI_TEMPLATE: Final[str] = """<!DOCTYPE html>
@@ -113,7 +115,7 @@ def _app_create_base(app_config: type[config.AppConfig]) ->
base.QuartApp:
"""Create the base Quart application."""
if asfquart.construct is ...:
raise ValueError("asfquart.construct is not set")
- app = asfquart.construct(__name__)
+ app = asfquart.construct(__name__,
token_file="secrets/generated/apptoken.txt")
# ASFQuart sets secret_key from apptoken.txt, or generates a new one
# We must preserve this because from_object will overwrite it
# Our AppConfig.SECRET_KEY is None since we no longer support that setting
@@ -141,6 +143,7 @@ def _app_dirs_setup(state_dir_str: str, hot_reload: bool)
-> None:
pathlib.Path(state_dir_str) / "logs",
pathlib.Path(state_dir_str) / "runtime",
pathlib.Path(state_dir_str) / "secrets" / "curated",
+ pathlib.Path(state_dir_str) / "secrets" / "generated",
util.get_downloads_dir(),
util.get_finished_dir(),
util.get_tmp_dir(),
diff --git a/atr/ssh.py b/atr/ssh.py
index 820862a..ead7b80 100644
--- a/atr/ssh.py
+++ b/atr/ssh.py
@@ -147,7 +147,7 @@ async def server_start() -> asyncssh.SSHAcceptor:
# await aiofiles.os.makedirs(_CONFIG.STATE_DIR, exist_ok=True)
# Generate temporary host key if it doesn't exist
- key_path = os.path.join(_CONFIG.STATE_DIR, "ssh_host_key")
+ key_path = os.path.join(_CONFIG.STATE_DIR, "secrets", "generated",
"ssh_host_key")
if not await aiofiles.os.path.exists(key_path):
private_key = asyncssh.generate_private_key("ssh-rsa")
private_key.write_private_key(key_path)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
