GHE Kredz related

atirikt · atirikt · commit cc0fe1f85a48 · 2022-06-17T09:38:14.000Z
diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings
@@ -102,7 +102,6 @@ if ghe-ssh "$host" -- ghe-config --true app.actions.enabled; then
   backup-secret "Actions SPS validation cert thumbprint" "actions-sps-validation-cert-thumbprint" "secrets.actions.SpsValidationCertThumbprint"
 
   backup-secret "Actions Launch secrets encryption/decryption" "actions-launch-secrets-private-key" "secrets.launch.actions-secrets-private-key"
-  backup-secret "Actions Launch credz HMAC key" "actions-launch-credz-hmac" "secrets.launch.credz-hmac-secret"
   backup-secret "Actions Launch deployer HMAC key" "actions-launch-deployer-hmac" "secrets.launch.deployer-hmac-secret"
   backup-secret "Actions Launch Client id" "actions-launch-client-id" "secrets.launch.client-id"
   backup-secret "Actions Launch Client secret" "actions-launch-client-secret" "secrets.launch.client-secret"
@@ -114,6 +113,8 @@ if ghe-ssh "$host" -- ghe-config --true app.actions.enabled; then
   backup-secret "Actions Launch action runner secret" "actions-launch-action-runner-secret" "secrets.launch.action-runner-secret"
   backup-secret "Actions Launch service cert" "actions-launch-azp-app-cert" "secrets.launch.azp-app-cert"
   backup-secret "Actions Launch service private key" "actions-launch-app-app-private-key" "secrets.launch.azp-app-private-key"
+
+  backup-secret "Kredz credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hmac-secret"
 fi
 
 if ghe-ssh "$host" -- "test -f $GHE_REMOTE_DATA_USER_DIR/common/idp.crt"; then
diff --git a/share/github-backup-utils/ghe-restore-actions b/share/github-backup-utils/ghe-restore-actions
@@ -70,7 +70,6 @@ restore-secret "Actions service principal cert" "actions-service-principal-cert"
 restore-secret "Actions SPS validation cert thumbprint" "actions-sps-validation-cert-thumbprint" "secrets.actions.SpsValidationCertThumbprint"
 
 restore-secret "Actions Launch secrets encryption/decryption" "actions-launch-secrets-private-key" "secrets.launch.actions-secrets-private-key"
-restore-secret "Actions Launch credz HMAC key" "actions-launch-credz-hmac" "secrets.launch.credz-hmac-secret"
 restore-secret "Actions Launch deployer HMAC key" "actions-launch-deployer-hmac" "secrets.launch.deployer-hmac-secret"
 restore-secret "Actions Launch Client id" "actions-launch-client-id" "secrets.launch.client-id"
 restore-secret "Actions Launch Client secret" "actions-launch-client-secret" "secrets.launch.client-secret"
@@ -86,6 +85,8 @@ restore-secret "Actions Launch service private key" "actions-launch-app-app-priv
 restore-secret "Actions Launch token oauth key" "actions-oauth-s2s-signing-key" "secrets.launch.token-oauth-key"
 restore-secret "Actions Launch token oauth cert" "actions-oauth-s2s-signing-cert" "secrets.launch.token-oauth-cert"
 
+restore-secret "Kredz credz HMAC key" "kredz-credz-hmac" "secrets.kredz.credz-hmac-secret"
+
 # Setup the database logins.
 ghe_verbose "* Restoring database logins and users to $host ..."
 
diff --git a/test/test-ghe-backup.sh b/test/test-ghe-backup.sh
@@ -493,7 +493,6 @@ begin_test "ghe-backup takes backup of Actions settings"
     "secrets.actions.SpsValidationCertThumbprint"
 
     "secrets.launch.actions-secrets-private-key"
-    "secrets.launch.credz-hmac-secret"
     "secrets.launch.deployer-hmac-secret"
     "secrets.launch.client-id"
     "secrets.launch.client-secret"
@@ -507,6 +506,8 @@ begin_test "ghe-backup takes backup of Actions settings"
     "secrets.launch.token-oauth-cert"
     "secrets.launch.azp-app-cert"
     "secrets.launch.azp-app-private-key"
+
+    "secrets.kredz.credz-hmac-secret"
   )
 
   # these 5 were removed in later versions, so we extract them as best effort
@@ -538,7 +539,6 @@ begin_test "ghe-backup takes backup of Actions settings"
     "actions-sps-validation-cert-thumbprint"
 
     "actions-launch-secrets-private-key"
-    "actions-launch-credz-hmac"
     "actions-launch-deployer-hmac"
     "actions-launch-client-id"
     "actions-launch-client-secret"
@@ -550,6 +550,8 @@ begin_test "ghe-backup takes backup of Actions settings"
     "actions-launch-action-runner-secret"
     "actions-launch-azp-app-cert"
     "actions-launch-app-app-private-key"
+
+    "kredz-credz-hmac"
   )
 
   # Add the one optional file we included tests for
diff --git a/test/test-ghe-restore.sh b/test/test-ghe-restore.sh
@@ -335,7 +335,6 @@ begin_test "ghe-restore with Actions settings"
     "actions-sps-validation-cert-thumbprint"
 
     "actions-launch-secrets-private-key"
-    "actions-launch-credz-hmac"
     "actions-launch-deployer-hmac"
     "actions-launch-client-id"
     "actions-launch-client-secret"
@@ -347,6 +346,8 @@ begin_test "ghe-restore with Actions settings"
     "actions-launch-action-runner-secret"
     "actions-launch-azp-app-cert"
     "actions-launch-app-app-private-key"
+
+    "kredz-credz-hmac"
   )
 
   for file in "${required_files[@]}"; do
@@ -374,7 +375,6 @@ begin_test "ghe-restore with Actions settings"
     "secrets.actions.SpsValidationCertThumbprint"
 
     "secrets.launch.actions-secrets-private-key"
-    "secrets.launch.credz-hmac-secret"
     "secrets.launch.deployer-hmac-secret"
     "secrets.launch.client-id"
     "secrets.launch.client-secret"
@@ -388,6 +388,8 @@ begin_test "ghe-restore with Actions settings"
     "secrets.launch.token-oauth-cert"
     "secrets.launch.azp-app-cert"
     "secrets.launch.azp-app-private-key"
+
+    "secrets.kredz.credz-hmac-secret"
   )
 
   for secret in "${required_secrets[@]}"; do
