1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
|
# Copyright 2022 The Sigstore Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Ambient OIDC credential detection.
"""
from __future__ import annotations
import json
import logging
import os
import re
import shutil
import subprocess # nosec B404
from typing import Any, TextIO
from urllib.parse import parse_qsl, urlencode, urlparse, urlunparse
import urllib3
from ... import AmbientCredentialError, GitHubOidcPermissionCredentialError
logger = logging.getLogger(__name__)
_GCP_PRODUCT_NAME_FILE = "/sys/class/dmi/id/product_name"
_GCP_TOKEN_REQUEST_URL = (
"http://metadata/computeMetadata/v1/instance/service-accounts/default/token" # noqa # nosec B105
)
_GCP_IDENTITY_REQUEST_URL = (
"http://metadata/computeMetadata/v1/instance/service-accounts/default/identity" # noqa
)
_GCP_GENERATEIDTOKEN_REQUEST_URL = (
"https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:generateIdToken" # noqa
)
_env_var_regex = re.compile(r"[^A-Z0-9_]|^[^A-Z_]")
def _request(
method: str,
url: str,
*,
fields: dict[str, str] | None = None,
**kwargs: Any,
) -> urllib3.BaseHTTPResponse:
"""request wrapper that handles adding query parameters to URLs that may already have them"""
_encode_url_methods = {"DELETE", "GET", "HEAD", "OPTIONS"}
if method.upper() in _encode_url_methods and fields:
url_parts = list(urlparse(url))
query = dict(parse_qsl(url_parts[4]))
query.update(fields)
url_parts[4] = urlencode(query)
url = urlunparse(url_parts)
fields = None
return urllib3.request(method, url, fields=fields, **kwargs)
# Wrap `open` for testing purposes
def _open(filename: str) -> TextIO:
return open(filename)
def detect_github(audience: str) -> str | None:
"""
Detect and return a GitHub Actions ambient OIDC credential.
Returns `None` if the context is not a GitHub Actions environment.
Raises if the environment is GitHub Actions, but is incorrect or
insufficiently permissioned for an OIDC credential.
"""
logger.debug("GitHub: looking for OIDC credentials")
if not os.getenv("GITHUB_ACTIONS"):
logger.debug("GitHub: environment doesn't look like a GH action; giving up")
return None
# If we're running on a GitHub Action, we need to issue a GET request
# to a special URL with a special bearer token. Both are stored in
# the environment and are only present if the workflow has sufficient permissions.
req_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")
if not req_token:
raise GitHubOidcPermissionCredentialError(
"GitHub: missing or insufficient OIDC token permissions, the "
"ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variable was unset"
)
req_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")
if not req_url:
raise GitHubOidcPermissionCredentialError(
"GitHub: missing or insufficient OIDC token permissions, the "
"ACTIONS_ID_TOKEN_REQUEST_URL environment variable was unset"
)
logger.debug("GitHub: requesting OIDC token")
try:
resp = _request(
"GET",
req_url,
fields={"audience": audience},
headers={"Authorization": f"bearer {req_token}"},
timeout=30,
)
except urllib3.exceptions.MaxRetryError:
raise AmbientCredentialError("GitHub: OIDC token request timed out")
if resp.status != 200:
raise AmbientCredentialError(
f"GitHub: OIDC token request failed (code={resp.status}, body={resp.data.decode()!r})"
)
try:
body = resp.json()
value = body["value"]
if not isinstance(value, str):
raise ValueError("OIDC token is not a string")
except Exception as e:
raise AmbientCredentialError("GitHub: malformed or incomplete JSON") from e
logger.debug("GitHub: successfully requested OIDC token")
return value
def detect_gcp(audience: str) -> str | None:
"""
Detect an return a Google Cloud Platform ambient OIDC credential.
Returns `None` if the context is not a GCP environment.
Raises if the environment is GCP, but is incorrect or
insufficiently permissioned for an OIDC credential.
"""
logger.debug("GCP: looking for OIDC credentials")
service_account_name = os.getenv("GOOGLE_SERVICE_ACCOUNT_NAME")
if service_account_name:
logger.debug("GCP: GOOGLE_SERVICE_ACCOUNT_NAME set; attempting impersonation")
logger.debug("GCP: requesting access token")
try:
resp = _request(
"GET",
_GCP_TOKEN_REQUEST_URL,
fields={"scopes": "https://www.googleapis.com/auth/cloud-platform"},
headers={"Metadata-Flavor": "Google"},
timeout=30,
)
except urllib3.exceptions.MaxRetryError:
raise AmbientCredentialError("GCP: access token request timed out")
if resp.status != 200:
raise AmbientCredentialError(
f"GCP: access token request failed (code={resp.status}, "
f"body={resp.data.decode()!r})"
)
access_token = resp.json().get("access_token")
if not access_token:
raise AmbientCredentialError("GCP: access token missing from response")
logger.debug("GCP: requesting OIDC token")
try:
resp = _request(
"POST",
_GCP_GENERATEIDTOKEN_REQUEST_URL.format(service_account_name),
json={"audience": audience, "includeEmail": True},
headers={
"Authorization": f"Bearer {access_token}",
},
timeout=30,
)
except urllib3.exceptions.MaxRetryError:
raise AmbientCredentialError("GCP: OIDC token request timed out")
if resp.status != 200:
raise AmbientCredentialError(
f"GCP: OIDC token request failed (code={resp.status}, body={resp.data.decode()!r})"
)
oidc_token: str = resp.json().get("token")
if not oidc_token:
raise AmbientCredentialError("GCP: OIDC token missing from response")
logger.debug("GCP: successfully requested OIDC token")
return oidc_token
else:
logger.debug("GCP: GOOGLE_SERVICE_ACCOUNT_NAME not set; skipping impersonation")
try:
with _open(_GCP_PRODUCT_NAME_FILE) as f:
name = f.read().strip()
except OSError:
logger.debug("GCP: environment doesn't have GCP product name file; giving up")
return None
if name not in {"Google", "Google Compute Engine"}:
logger.debug(f"GCP: product name file exists, but product name is {name!r}; giving up")
return None
logger.debug("GCP: requesting OIDC token")
try:
resp = _request(
"GET",
_GCP_IDENTITY_REQUEST_URL,
fields={"audience": audience, "format": "full"},
headers={"Metadata-Flavor": "Google"},
timeout=30,
)
except urllib3.exceptions.MaxRetryError:
raise AmbientCredentialError("GCP: OIDC token request timed out")
if resp.status != 200:
raise AmbientCredentialError(
f"GCP: OIDC token request failed (code={resp.status}, body={resp.data.decode()!r})"
)
logger.debug("GCP: successfully requested OIDC token")
return resp.data.decode()
def detect_buildkite(audience: str) -> str | None:
"""
Detect and return a Buildkite ambient OIDC credential.
Returns `None` if the context is not a Buildkite environment.
Raises if the environment is Buildkite, but no Buildkite agent is found or
the agent encounters an error when generating an OIDC token.
"""
logger.debug("Buildkite: looking for OIDC credentials")
if not os.getenv("BUILDKITE"):
logger.debug("Buildkite: environment doesn't look like BuildKite; giving up")
return None
# Check that the Buildkite agent executable exists in the `PATH`.
if shutil.which("buildkite-agent") is None:
raise AmbientCredentialError(
"Buildkite: could not find Buildkite agent in Buildkite environment"
)
# Now query the agent for a token.
#
# NOTE(alex): We're silencing `bandit` here. The reasoning for ignoring each
# test are as follows.
#
# B603: This is complaining about invoking an external executable. However,
# there doesn't seem to be any way to do this that satisfies `bandit` so I
# think we need to ignore this.
# More context at:
# https://github.com/PyCQA/bandit/issues/333
#
# B607: This is complaining about invoking an external executable without
# providing an absolute path (we just refer to whatever `buildkite-agent`)
# is in the `PATH`. For a Buildkite agent, there's no guarantee where the
# `buildkite-agent` is installed so again, I don't think there's anything
# we can do about this.
process = subprocess.run( # nosec B603, B607
["buildkite-agent", "oidc", "request-token", "--audience", audience],
capture_output=True,
text=True,
)
if process.returncode != 0:
raise AmbientCredentialError(
f"Buildkite: the Buildkite agent encountered an error: {process.stdout}"
)
return process.stdout.strip()
def detect_gitlab(audience: str) -> str | None:
"""
Detect and return a GitLab CI/CD ambient OIDC credential.
This detection is based on an environment variable. The variable name must be
`<AUD>_ID_TOKEN` where `<AUD>` is the uppercased audience argument where all
characters outside of ASCII letters and digits are replaced with "_". A
leading digit must also replaced with a "_".
As an example, audience "sigstore" would require variable SIGSTORE_ID_TOKEN,
and audience "http://test.audience" would require variable
HTTP___TEST_AUDIENCE_ID_TOKEN.
Returns `None` if the context is not GitLab CI/CD environment.
Raises if the environment is GitLab, but the `<AUD>_ID_TOKEN` environment
variable is not set.
"""
logger.debug("GitLab: looking for OIDC credentials")
if not os.getenv("GITLAB_CI"):
logger.debug("GitLab: environment doesn't look like GitLab CI/CD; giving up")
return None
# construct a reasonable env var name from the audience
sanitized_audience = _env_var_regex.sub("_", audience.upper())
var_name = f"{sanitized_audience}_ID_TOKEN"
token = os.getenv(var_name)
if not token:
raise AmbientCredentialError(f"GitLab: Environment variable {var_name} not found")
logger.debug(f"GitLab: Found token in environment variable {var_name}")
return token
def detect_circleci(audience: str, root_issuer: bool = True) -> str | None:
"""
Detect and return a CircleCI ambient OIDC credential.
Returns `None` if the context is not a CircleCI environment.
Raises if the environment is GitHub Actions, but is incorrect or
insufficiently permissioned for an OIDC credential.
"""
logger.debug("CircleCI: looking for OIDC credentials")
if not os.getenv("CIRCLECI"):
logger.debug("CircleCI: environment doesn't look like CircleCI; giving up")
return None
# Check that the circleci executable exists in the `PATH`.
if shutil.which("circleci") is None:
raise AmbientCredentialError("CircleCI: could not find `circleci` in the environment")
payload = json.dumps({"aud": audience})
cmd = ["circleci", "run", "oidc", "get", "--claims", payload]
if root_issuer:
cmd.append("--root-issuer")
# See NOTE on `detect_buildkite` for why we silence these warnings.
process = subprocess.run( # nosec B603, B607
cmd,
capture_output=True,
text=True,
)
if process.returncode != 0:
raise AmbientCredentialError(
f"CircleCI: the `circleci` tool encountered an error: {process.stderr}"
)
return process.stdout.strip()
|
