This uses a Dagger-provided map of Keyring implementations, with two currently available,
"KMS" and "Dummy". The active keyring is configured in the YAML file, so we no longer
require MOE directives to choose which one to use for internal/external builds.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=216898058
This adds actual subdomain verification via the SafeBrowsing API to the Spec11
pipeline, as well as on-the-fly KMS decryption via the GenerateSpec11Action to
securely store our API key in source code.
Testing the interaction becomes difficult due to serialization requirements, and will be significantly expanded in the next cl. For now, it verifies basic end-to-end pipeline behavior.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=208092942
We never launched this, don't planning on launching it now anyway, and it's rotted over the past two years anyway.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=202993577
This fixes a few problems encountered when building and running according to the Install Guide using the DummyKeyring. It's still failing when trying to parse the JSON credential, which I haven't solved, but before proceeding I wanted to get agreement that it needs to be fixed at all since the best we could do is provide a valid format (as with the PGP keyrings), but the metrics logging will still fail for a different reason (i.e. the credential will not work for the GC project).
Things fixed in this PR:
Fix format string causing MissingFormatArgumentException in FrontendServlet
when keyring fails to load.
Include exception cause in VerifyException in PgpHelper.
Replace dummy PGP keyrings with ones without a password, as code expects.
Document how the PGP keyrings are created.
P.S. I see a tab character snuck into PgpHelper. I'll fix that if you're interested in this PR.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=188342973
Unfortunately this tool isn't smart enough to deal with the assertThat
situation (which has two static imports of a function with the same name).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=172000753
VoidKeyring always threw exceptions whenever any of its methods were called,
which caused several parts of the system to fail early (and thus required a
proper Keyring to be implemented almost immediately, early on in the "just
playing around with the system" phase).
I'm swapping this out with an InMemoryKeyring which is supplied by
DummyKeyringModule, which, instead of throwing exceptions, returns dummy
values, delaying the onset of errors to when connecting to external services
is attempted. This pushes off the required implementation of a real Keyring-
providing module, allowing the system to be played around with more first.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=132361157
