launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:charm-scripts-private-keys into launchpad:master

To: mp+448005@xxxxxxxxxxxxxxxxxx
From: Colin Watson <mp+448005@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Jul 2023 16:20:17 -0000
Reply-to: mp+448005@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:charm-scripts-private-keys into launchpad:master.

Commit message:
charm/launchpad-scripts: Add private key config

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/448005

These are needed for establishing communication with various stores.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:charm-scripts-private-keys into launchpad:master.

diff --git a/charm/launchpad-scripts/config.yaml b/charm/launchpad-scripts/config.yaml
index fd55150..9c0c752 100644
--- a/charm/launchpad-scripts/config.yaml
+++ b/charm/launchpad-scripts/config.yaml
@@ -3,6 +3,11 @@ options:
     type: boolean
     description: Should the cron jobs and the celery services be active?
     default: true
+  charmhub_secrets_private_key:
+    type: string
+    description: >
+      Base64-encoded NaCl private key for decrypting Charmhub upload tokens.
+    default:
   checkwatches_batch_query_threshold:
     type: int
     description: The batch query threshold for the checkwatches.
@@ -43,6 +48,12 @@ options:
       This option will work only when the 'mirror_prober_active' option
       is true.
     default: false
+  oci_registry_credentials_private_key:
+    type: string
+    description: >
+      Base64-encoded NaCl private key for decrypting OCI registry upload
+      credentials.
+    default:
   process_inbound_email_host:
     type: string
     description: >-
@@ -60,3 +71,9 @@ options:
     description: >-
       The username to connect to the `process_inbound_email_host` as.
     default:
+  snap_store_secrets_private_key:
+    type: string
+    description: >
+      Base64-encoded NaCl private key for decrypting snap store upload
+      tokens.
+    default:
diff --git a/charm/launchpad-scripts/templates/launchpad-scripts-secrets-lazr.conf.j2 b/charm/launchpad-scripts/templates/launchpad-scripts-secrets-lazr.conf.j2
index 13db7f3..0f223dc 100644
--- a/charm/launchpad-scripts/templates/launchpad-scripts-secrets-lazr.conf.j2
+++ b/charm/launchpad-scripts/templates/launchpad-scripts-secrets-lazr.conf.j2
@@ -10,8 +10,17 @@
 
 {% from "macros.j2" import opt -%}
 
+[charms]
+{{- opt("charmhub_secrets_private_key", charmhub_secrets_private_key) }}
+
 [checkwatches.credentials]
 {%- for key, value in checkwatches_credentials.items() %}
 {{ key }}: {{ value }}
 {% endfor %}
 
+[oci]
+{{- opt("registry_secrets_private_key", oci_registry_credentials_private_key) }}
+
+[snappy]
+{{- opt("store_secrets_private_key", snap_store_secrets_private_key) }}
+