grim/local-pipelines

pipeline: pass private env vars to the subprocess

2016-07-27, Sean Farley
5e0c128f6567
Parents bcf5bb4bd83f
Children 4931db80e429
pipeline: pass private env vars to the subprocess

We don't want to pass secret passwords via the commandline (which can be
viewed by any other process), we pass the private env vars to the
subprocess directly.
1 files changed, 4 insertions(+), 1 deletions(-)
  • +4 -1
    pipelines/pipeline.py
    • --- a/pipelines/pipeline.py Wed Jul 27 17:06:25 2016 -0700
    +++ b/pipelines/pipeline.py Wed Jul 27 17:07:21 2016 -0700
    @@ -93,6 +93,8 @@
    def run(self):
    return_code = 0
    + subenv = os.environ.copy()
    + subenv.update(self.private_env)
    for n, step in enumerate(self.steps):
    script = step.script_file()
    @@ -100,7 +102,8 @@
    try:
    print('+ {}'.format(command))
    - proc = subprocess.Popen(command.split())
    + proc = subprocess.Popen(command.split(),
    + env=subenv)
    return_code = proc.wait()
    if return_code != 0: