diff options
| author | Guilherme Gallo <guilherme.gallo@collabora.com> | 2021-11-16 10:18:57 -0300 |
|---|---|---|
| committer | Tomeu Vizoso <tomeu.vizoso@collabora.com> | 2021-12-02 09:50:23 +0100 |
| commit | 00b82804aaa4b27fe7fd134e784a23a2d358ebe1 (patch) | |
| tree | 37444348edbc1fb2f5be1eeebc907fb7a587319b /framework | |
| parent | 9b8cec06d3c119e2d87a5c086a4aa8e865e103c5 (diff) | |
framework/replay: Add argument to receive a JWT token as a file
Currently, piglit replay has the -j/--jwt argument to receive the token
directly to access minio server.
There is a use case where the JWT should not be exposed, where the token
per se should not be shown in the command line. So giving a file path
instead of the token is a better approach to avoid this leakage.
This commit adds --jwt-file argument as an alternative to -j/--jwt one.
When the user gives this argument, piglit will open it and read the file
content, treating it as the JWT token.
Reviewed-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Reviewed-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/piglit/-/merge_requests/605>
Diffstat (limited to 'framework')
| -rw-r--r-- | framework/replay/programs/parsers.py | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/framework/replay/programs/parsers.py b/framework/replay/programs/parsers.py index 1e44e1b69..15749e73f 100644 --- a/framework/replay/programs/parsers.py +++ b/framework/replay/programs/parsers.py @@ -26,6 +26,20 @@ import argparse +class FileContentType(argparse.FileType): + """A FileType type argument which reads the file content + and closes the file""" + + def __init__(self, bufsize=-1, encoding=None, errors=None): + super().__init__( + mode="r", bufsize=bufsize, encoding=encoding, errors=errors + ) + + def __call__(self, string: str): + with super().__call__(string) as open_file: + return open_file.read() + + DEVICE = argparse.ArgumentParser(add_help=False) DEVICE.add_argument( '-d', '--device-name', @@ -101,12 +115,21 @@ DOWNLOAD_ROLE_SESSION_NAME.add_argument( help=('role session name for authentication with MinIO')) DOWNLOAD_JWT = argparse.ArgumentParser(add_help=False) -DOWNLOAD_JWT.add_argument( +download_jwt_group = DOWNLOAD_JWT.add_mutually_exclusive_group() +download_jwt_group.add_argument( '-j', '--jwt', dest='download_jwt', required=False, default=None, help=('JWT token for authentication with MinIO')) +download_jwt_group.add_argument( + "--jwt-file", + dest="download_jwt", + required=False, + default=None, + type=FileContentType(), + help=("File containing JWT token for authentication with MinIO"), +) DB_PATH = argparse.ArgumentParser(add_help=False) DB_PATH.add_argument( |