remove dead code about secret tool

Summary: Better Engineering: remove dead code about secret tool. Secret tool is a FB specific tool (keychain like) and has been used to transfer OAuth token between different devservers without user's involvement. We have migrated to certs on devservers, so it is not needed anymore. Also, it is FB specific and doesn't make sense for open source either. Reviewed By: mitrandir77 Differential Revision: D22827264 fbshipit-source-id: cd89168ad75ca041d2a0f18d63474dd1eaad483d
facebook · Jul 30, 2020 · 2c38313 · 2c38313
1 parent 01c4613
commit 2c38313
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 119 deletions.
diff --git a/eden/scm/edenscm/hgext/commitcloud/__init__.py b/eden/scm/edenscm/hgext/commitcloud/__init__.py
@@ -91,9 +91,6 @@
     # path can contains ${USER} or %i to substitute with the user identity
     scm_daemon_log_path = /path/to/%i/logfile
 
-    # Use secrets_tool for token backup between machines
-    use_secrets_tool = true
-
     # Maximum age (in days) of commits to pull when syncing
     max_sync_age = 14
 

diff --git a/eden/scm/edenscm/hgext/commitcloud/token.py b/eden/scm/edenscm/hgext/commitcloud/token.py
@@ -22,108 +22,26 @@ def __init__(self, ui):
         self.ui = ui
         self.vfs = vfsmod.vfs(ccutil.getuserconfigpath(self.ui, "user_token_path"))
         self.vfs.createmode = 0o600
-        # using platform username
-        self.secretname = (self.servicename + "_" + util.getuser()).upper()
-        self.usesecretstool = self.ui.configbool("commitcloud", "use_secrets_tool")
 
     def _gettokenfromfile(self):
         """On platforms except macOS tokens are stored in a file"""
         if not self.vfs.exists(self.filename):
-            if self.usesecretstool:
-                # check if token has been backed up and recover it if possible
-                try:
-                    token = self._gettokenfromsecretstool()
-                    if token:
-                        self._settokentofile(token, isbackedup=True)
-                    return token
-                except Exception:
-                    pass
             return None
 
         with self.vfs.open(self.filename, r"rb") as f:
             tokenconfig = config.config()
             tokenconfig.read(self.filename, f)
             token = tokenconfig.get("commitcloud", "user_token")
-            if self.usesecretstool:
-                isbackedup = tokenconfig.get("commitcloud", "backedup")
-                if not isbackedup:
-                    self._settokentofile(token)
             return token
 
     def _settokentofile(self, token, isbackedup=False):
         """On platforms except macOS tokens are stored in a file"""
-        # backup token if optional backup is enabled
-        if self.usesecretstool and not isbackedup:
-            try:
-                self._settokeninsecretstool(token)
-                isbackedup = True
-            except Exception:
-                pass
         with self.vfs.open(self.filename, "wb") as configfile:
             configfile.write(
                 b"[commitcloud]\nuser_token=%s\nbackedup=%s\n"
                 % (pycompat.encodeutf8(token), pycompat.encodeutf8(str(isbackedup)))
             )
 
-    def _gettokenfromsecretstool(self):
-        """Token stored in keychain as individual secret"""
-        try:
-            p = subprocess.Popen(
-                ["secrets_tool", "get", self.secretname],
-                close_fds=util.closefds,
-                stdout=subprocess.PIPE,
-                stderr=subprocess.PIPE,
-            )
-            (stdoutdata, stderrdata) = p.communicate()
-            rc = p.returncode
-            if rc != 0:
-                return None
-            text = stdoutdata.strip()
-            return text or None
-
-        except OSError as e:
-            raise ccerror.UnexpectedError(self.ui, e)
-        except ValueError as e:
-            raise ccerror.UnexpectedError(self.ui, e)
-
-    def _settokeninsecretstool(self, token, update=False):
-        """Token stored in keychain as individual secrets"""
-        action = "update" if update else "create"
-        try:
-            p = subprocess.Popen(
-                [
-                    "secrets_tool",
-                    action,
-                    "--read_contents_from_stdin",
-                    self.secretname,
-                    "Mercurial commitcloud token",
-                ],
-                close_fds=util.closefds,
-                stdout=subprocess.PIPE,
-                stderr=subprocess.PIPE,
-                stdin=subprocess.PIPE,
-            )
-            (stdoutdata, stderrdata) = p.communicate(token)
-            rc = p.returncode
-
-            if rc != 0:
-                if action == "create":
-                    # Try updating token instead
-                    self._settokeninsecretstool(token, update=True)
-                else:
-                    raise ccerror.SubprocessError(self.ui, rc, stderrdata)
-
-            else:
-                self.ui.debug(
-                    "access token is backup up in secrets tool in %s\n"
-                    % self.secretname
-                )
-
-        except OSError as e:
-            raise ccerror.UnexpectedError(self.ui, e)
-        except ValueError as e:
-            raise ccerror.UnexpectedError(self.ui, e)
-
     def _gettokenosx(self):
         """On macOS tokens are stored in keychain
            this function fetches token from keychain

diff --git a/eden/scm/lib/commitcloudsubscriber/src/util.rs b/eden/scm/lib/commitcloudsubscriber/src/util.rs
@@ -249,40 +249,6 @@ pub fn read_access_token(user_token_path: &Option<PathBuf>) -> Result<Token> {
                 }
             }
         }
-        // try to read token from secrets tool
-        if token.is_none() {
-            // try to read from secrets_tool
-            info!("Token Lookup: reading commitcloud OAuth token from secrets_tool...");
-            let user = env::var("USER")?.to_uppercase();
-            let key = format!("COMMITCLOUD_{}", user);
-            let output = Command::new("secrets_tool")
-                .args(vec!["get", key.as_str()])
-                .output();
-
-            match output {
-                Err(e) => {
-                    if let io::ErrorKind::NotFound = e.kind() {
-                        info!("`secrets_tool` executable is not found");
-                    }
-                }
-                Ok(output) => {
-                    if !output.status.success() {
-                        error!("OAuth token: failed to retrieve from secrets using key {}, process exited with: {}", key, output.status);
-                    } else {
-                        let token = str::from_utf8(&output.stdout)?.trim().to_string();
-                        if token.is_empty() {
-                            error!("OAuth token not found in secrets");
-                        } else {
-                            info!("OAuth token is found in secrets");
-                            return Ok(Token {
-                                token,
-                                token_type: TokenType::OAuth,
-                            });
-                        }
-                    }
-                }
-            }
-        }
     }
     token
         .map(|token| Token {