From 84b3b91e99534289a3593b30d8fc9830493598f3 Mon Sep 17 00:00:00 2001
From: David McMahon <djmm@google.com>
Date: Thu, 25 Aug 2016 16:32:37 -0700
Subject: [PATCH] Remove google specifics.  Fix some minor issues.

---
 README.md         |   9 ++--
 anago             |  56 +++++++++++++--------
 find_green_build  |   3 ++
 lib/common.sh     | 121 ++++++++++++++++++++++++----------------------
 lib/gitlib.sh     |   1 -
 lib/releaselib.sh |   6 ---
 mailer            | 101 --------------------------------------
 prin              |  15 ++++--
 8 files changed, 119 insertions(+), 193 deletions(-)
 delete mode 100755 mailer

diff --git a/README.md b/README.md
index 9523bf94147..1b96a5dca4b 100644
--- a/README.md
+++ b/README.md
@@ -13,11 +13,11 @@ This repo contains the release infrastructure for
 
 ## Intro
 
-Kubernetes releases are done by the Kubernetes team at Google due to
+Live Kubernetes releases are done by the Kubernetes team at Google due to
 permissions and other restrictions.  This may expand eventually to allow
 other Kubernetes contributors to generate releases.
 
-The current process runs by default in *mock* mode and anyone should
+The current tooling runs by default in *mock* mode and anyone should
 be able to run it in this mode to see exactly how the process works.
 In *mock* mode all the code paths are followed for a release, but nothing
 is pushed to repositories.
@@ -48,6 +48,8 @@ run the script with --nomock to perform a real release.
 The tool was designed to require minimal inputs.
 The only information the tool needs is to know where you want to create a
 release with one optional flag `[--official]` \(used on release-\* branches only\).
+The [--official] flag indicates that a standard patch release will be created
+on a branch.  Without the [--official] flag, a beta would be created.
 
 Try an alpha release:
 ```
@@ -78,7 +80,7 @@ v9.9.9 tag on the release-9.9 branch, create a release-9.9.9 branch):
 $ anago release-9.9.9
 ```
 
-## Official Releases
+## Live Releases
 
 Anago is currently locked down to only run for a specific set of individuals.
 when ```--nomock``` is specified.
@@ -94,7 +96,6 @@ your favorite editor.
 ### Tools
 
 * [prin](https://github.com/kubernetes/release/blob/master/prin) : What tags/releases is my PR IN?
-* [mailer](https://github.com/kubernetes/release/blob/master/mailer) : Generic mail interface (due to Google's deprecation of sendmail)
 * [find_green_build](https://github.com/kubernetes/release/blob/master/find_green_build) : Ask Jenkins for a good build to use
 * [script-template](https://github.com/kubernetes/release/blob/master/script-template) : Generate a script template in the kubernetes/release ecosystem
 * [relnotes](https://github.com/kubernetes/release/blob/master/relnotes) : Scrape github for release notes \(See below for more info\)
diff --git a/anago b/anago
index f87666b7ef6..b811be5d817 100755
--- a/anago
+++ b/anago
@@ -25,6 +25,7 @@ PROG=${0##*/}
 #+     $PROG  [--yes] [--nomock] [--noclean] [--official]
 #+            [--buildversion=<jenkins build version>]
 #+            [--basedir=<alt base work dir>] <branch>
+#+            [--security_layer=/path/to/pointer/to/script]
 #+     $PROG  [--helpshort|--usage|-?]
 #+     $PROG  [--help|-man]
 #+
@@ -79,6 +80,10 @@ PROG=${0##*/}
 #+                                 build version
 #+     [--basedir=dir]           - Specify an alternate base directory
 #+                                 (default: /usr/local/google/$USER)
+#+     [--security_layer=]       - A file containing a path to a script to
+#+                                 source/include:
+#+                                 FLAGS_security_layer=/path/to/script
+#+                                 Default: $HOME/.kubernetes-releaserc
 #+     [--help | -man]           - display man page for this script
 #+     [--usage | -?]            - display in-line usage
 #+
@@ -161,10 +166,10 @@ common::cleanexit () {
 # Simple ACL check to limit nomock runs to a short list of release folks
 check_acls () {
   case "$USER" in
-    filipg|robertbailey|fabioy|djmm|pwittroc|stclair|mtaufen) ;;
-    *) logecho "Releases restricted to certain users!"
-       return 1
-       ;;
+    $ACL_LIST) ;;
+            *) logecho "Live releases restricted to certain users!"
+               return 1
+               ;;
   esac
 }
 
@@ -174,13 +179,10 @@ check_acls () {
 # @param package - A space separated list of packages to verify exist
 #
 check_prerequisites () {
-  local useratgoog="$USER@google.com"
+  local userat="$USER@$DOMAIN_NAME"
   local tempfile=/tmp/$PROG-cp.$$
 
-  # TODO: stub out for non-google
-  # Verify some hours of LOAS
-  logecho -n "Checking LOAS state: "
-  logrun -s common::loascheck 1 || return 1
+  security_layer::auth_check 2
 
   if ! common::set_cloud_binaries; then
     logecho "Releasing Kubernetes requires gsutil and gcloud. Please download,"
@@ -190,11 +192,11 @@ check_prerequisites () {
     return 1
   fi
 
-  # TODO: Users outside google? Guess domain?
-  # TODO: THe real test here is to verify that whatever auth has access to
+  # TODO: Users outside google? Ask/derive domain?
+  # TODO: The real test here is to verify that whatever auth has access to
   #       do releasey things
   gcloud_auth_list=$($GCLOUD auth list 2>/dev/null)
-  for user in k8s.production.user@gmail.com $useratgoog; do
+  for user in $G_AUTH_USER $userat; do
     logecho -n "Checking cloud auth for $user: "
     if [[ "$gcloud_auth_list" =~ -\ $user ]]; then
       logecho -r "$OK"
@@ -208,11 +210,11 @@ check_prerequisites () {
     fi
   done
   # Ensure $USER is active to start
-  if ! [[ "$gcloud_auth_list" =~ -\ $useratgoog\ ACTIVE ]]; then
-    logecho "$useratgoog is not the active gcloud user!"
+  if ! [[ "$gcloud_auth_list" =~ -\ $userat\ ACTIVE ]]; then
+    logecho "$userat is not the active gcloud user!"
     logecho "Set with:"
     logecho
-    logecho "$ gcloud config set account $useratgoog"
+    logecho "$ gcloud config set account $userat"
     return 1
   fi
   GCLOUD_ACCOUNT=$user
@@ -377,7 +379,7 @@ prepare_tree () {
   # the NON-master branch itself, versionize the docs
   if [[ "$PARENT_BRANCH" == master && "$current_branch" != "master" ]]; then
     logecho -n "Versionizing docs for ${RELEASE_VERSION[$label]}: "
-    logrun -s $TREE_ROOT/build/versionize-docs.sh $current_branch
+    logrun -s $TREE_ROOT/build/versionize-docs.sh $current_branch || return 1
     logecho -n "Committing: "
     logrun git commit -am \
            "Versioning docs and examples for ${RELEASE_VERSION[$label]} on $current_branch."
@@ -524,9 +526,10 @@ announce () {
   # Due to announcements landing on public mailing lists requiring membership,
   # post from the invoking user (for now until this is productionized further)
   # and use reply-to to ensure replies go to the right place.
-  mailer --to="$mailto" --cc="$USER" --file="$announcement_text" --html \
-         --replyto="K8s-Anago<cloud-kubernetes-release@google.com>" \
-         --from="K8s-Anago<$USER@google.com>" --subject="$subject" || return 1
+  common::sendmail "$mailto" "K8s-Anago<$USER@$DOMAIN_NAME>" \
+                   "K8s-Anago<cloud-kubernetes-release@google.com>" \
+                   "$subject" "$USER" \
+                   "$announcement_text" --html || return 1
 
   logrun rm -f $announcement_text
 }
@@ -821,18 +824,31 @@ common::logfileinit $LOGFILE 10
 # BEGIN script
 common::timestamp begin
 
+# Additional functionality
+common::security_layer
+
 ##############################################################################
 common::stepheader "CHECK CREDENTIALS"
 ##############################################################################
 gitlib::check_credentials
 
+# Domain check
+if [[ $(hostname) =~ \.([^\.]+\.com)$ ]]; then
+  DOMAIN_NAME=${FLAGS_domain:-${BASH_REMATCH[1]}}
+  if ! [[ -n $DOMAIN_NAME ]]; then
+    common::exit 1 "Unable to determine your domain." \
+                   "Pass it in on the command-line" \
+                   "with --domain=<yourdomain.com>"
+  fi
+fi
+
 # Simple check to validate who can do actual releases
 ((FLAGS_nomock)) && check_acls
 
 ##############################################################################
 common::stepheader "CHECK PREREQUISITES"
 ##############################################################################
-common::check_packages jq docker-engine pandoc sendgmr \
+common::check_packages jq docker-engine pandoc ${PREREQUISITE_PACKAGES[*]} \
  || common::exit 1 "Exiting..."
 check_prerequisites || common::exit 1 "Exiting..."
 
diff --git a/find_green_build b/find_green_build
index e4d557161e9..5d5829a148f 100755
--- a/find_green_build
+++ b/find_green_build
@@ -83,6 +83,9 @@ common::cleanexit () {
 # BEGIN script
 common::timestamp begin
 
+# Force verbose flag
+FLAGS_verbose=1
+
 # Initialize and save up to 10 (rotated logs)
 MYLOG=/tmp/$PROG.log
 common::logfileinit $MYLOG 10
diff --git a/lib/common.sh b/lib/common.sh
index d62e22cbbaa..e9e4245e3fc 100755
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -633,67 +633,26 @@ common::sha () {
 # * $HOME/${PROG}rc (FLAGS_security_layer=/path/to/source)
 # SECURITY_LAYER global defaulted here.  Set to 1 in external source
 common::security_layer () {
+  local rcfile=$HOME/.kubernetes-releaserc
   SECURITY_LAYER=0
-  # Quietly source the pointer
-  source $HOME/.${PROG}rc >/dev/null 2>&1 || return 0
+
+  # Source the include
+  if [[ $(hostname -d) =~ google.com ]]; then
+    if [[ -f $rcfile ]]; then
+      source $rcfile >/dev/null 2>&1
+    else
+      logecho "$WARNING: This session is incomplete.  go/$PROG"
+      logecho
+    fi
+  fi
+
   # If not there attempt to set it from env
   FLAGS_security_layer=${FLAGS_security_layer:-":"}
 
   [[ -s $FLAGS_security_layer ]] || return 0
-  source $FLAGS_security_layer
+  source $FLAGS_security_layer >/dev/null 2>&1
 }
 
-###############################################################################
-# Check state of LOAS
-#
-# @param hour - hours remaining on prodcert
-# @optparam user - Check a specific user
-# Returns:
-#   0 if LOAS is active and will still be active for more than N hours.
-#   1 if LOAS is inactive or will expire in less than N hours.
-common::loascheck () {
-  local hour=${1:-0}
-  local user=${2:-}
-  local becomeuser=''
-  local athostname=''
-  local isroleacct=0
-  local tty_session=1
-
-  # Role account?
-  id |fgrep -q role-accts && isroleacct=1
-
-  # Interactive/tty session?
-  tty -s || tty_session=0
-
-  [[ -n "$user" ]] && becomeuser="become $user --"
-
-  if ! $becomeuser \
-       prodcertstatus --quiet --check_remaining_hours=$hour &>/dev/null; then
-    logecho
-    logecho "EXCEPTION: LOAS credentials for ${user:-$USER} will expire" \
-            "in $hour hours. Run:"
-
-    if [[ -n "$user" ]] || (($isroleacct)); then
-       # If run via cron, assume we need to instruct user where to run
-       # prodaccess
-       (($tty_session)) || athostname="@$HOSTNAME"
-
-       logecho "$ become -t ${user:-$LOGNAME}$athostname -- prodaccess --sslenroll"
-    else
-       logecho "$ prodaccess"
-    fi
-    return 1
-  else
-    # Issue a WARNING if we get close to a reasonable threshold
-    # The latest version of prodcertstatus spews useless text into stderr
-    # and we want to display the useful part of the stderr so explicitly 
-    # strip it out
-    # We also have to do a dance with stderr/stdout
-    $becomeuser prodcertstatus --check_remaining_hours=4 2>&1 1>/dev/null |\
-     egrep -v 'Reusing existing SSO cookie.'
-    return 0
-  fi
-}
 
 ###############################################################################
 # Check packages for a K8s release
@@ -733,10 +692,11 @@ common::check_packages () {
             "Run the following and try again:"
     logecho
     for prereq in ${missing[@]}; do
-      if [[ $prereq == "sendgmr" ]] && [[ $distro == "Ubuntu" ]]; then
-        logecho "sudo goobuntu-add-repo $prereq && sudo apt-get update"
+      if [[ -n ${PREREQUISITE_INSTRUCTIONS[$prereq]} ]]; then
+        logecho "# See ${PREREQUISITE_INSTRUCTIONS[$prereq]}"
+      else
+        logecho "$ sudo $packagemgr install $prereq"
       fi
-      logecho "sudo $packagemgr install $prereq"
     done
     return 1
   fi
@@ -849,6 +809,53 @@ common::set_cloud_binaries () {
   fi
 }
 
+###############################################################################
+# sendmail/mailer front end.
+# @optparam html - Send html formatted
+# @param to - To
+# @param from - From
+# @param reply_to - Reply To
+# @param subject - Subject
+# @param cc - cc
+# @param file - file to send
+#
+common::sendmail () {
+  local cc_arg
+  local html=0
+
+  while [[ "$#" -gt 0 ]]; do
+    case "$1" in
+      -h) html=1; shift ;;
+       *) continue ;;
+    esac
+  done
+
+  local to="$1"
+  local from="$2"
+  local reply_to="$3"
+  local subject="$4"
+  local cc="$5"
+  local file="$6"
+
+  (
+  cat <<EOF+
+To: "$to"
+From: "$from"
+Subject: "$subject"
+Cc: "$cc"
+Reply-To: "$reply_to"
+EOF+
+  ((html)) && echo "Content-Type: text/html"
+  cat $file
+  ) |/usr/sbin/sendmail -t
+}
+
+# Stubs for security_layer functions
+security_layer::auth_check () {
+  logecho "Skipping $FUNCNAME..."
+  return 0
+}
+
 # Set a common::trap() to capture ^C's and other unexpected exits and do the
 # right thing in common::trapclean().
 common::trap common::trapclean ERR SIGINT SIGQUIT SIGTERM SIGHUP
diff --git a/lib/gitlib.sh b/lib/gitlib.sh
index 24ecd793cad..1bb043c6c2a 100644
--- a/lib/gitlib.sh
+++ b/lib/gitlib.sh
@@ -24,7 +24,6 @@ GHCURL="curl -s --fail --retry 10 -u ${GITHUB_TOKEN:-$FLAGS_github_token}:x-oaut
 JCURL="curl -g -s --fail --retry 10"
 K8S_GITHUB_API='https://api.github.com/repos/kubernetes/kubernetes'
 K8S_GITHUB_URL='https://github.com/kubernetes/kubernetes'
-JENKINS_URL="http://kubekins.dls.corp.google.com/job"
 
 # Regular expressions for bash regex matching
 # 0=entire branch name
diff --git a/lib/releaselib.sh b/lib/releaselib.sh
index a8a184349ac..5fd196b2940 100644
--- a/lib/releaselib.sh
+++ b/lib/releaselib.sh
@@ -94,12 +94,6 @@ release::set_build_version () {
   local main_job="kubernetes-e2e-gce$branch_suffix"
   local job_path=/tmp/buildresults-cache.$$
   local -a JOB
-
-  # Would be nice to pull/generate these jobs dynamically filtered through
-  # a pattern like gce,gke so new/changed testing jobs don't require
-  # updating here, but it turns out way too much hardcoding would need
-  # to be done to make this 'dynamic', so just list these explicitly.
-  #all_jobs=$($JCURL -s "http://kubekins.dls.corp.google.com/view/Critical%20Builds/api/json" |jq -r '.jobs[] | .name' | egrep -v '-soak-|-build')
   local -a gce_jobs=("kubernetes-e2e-gce-serial$branch_suffix"
                      "kubernetes-e2e-gce-slow$branch_suffix"
                      "kubernetes-kubemark-5-gce$branch_suffix"
diff --git a/mailer b/mailer
deleted file mode 100755
index 0ae9ca101af..00000000000
--- a/mailer
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2016 The Kubernetes Authors All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Set PROGram name
-PROG=${0##*/}
-########################################################################
-#+
-#+ NAME
-#+     $PROG - General (send)mail interface
-#+
-#+ SYNOPSIS
-#+     $PROG  --to=<address,address,...> --subject="..." --file=<file>
-#+           [--html] [--cc=<address,address,...>] [--from=<address>]
-#+           [--replyto=<address> ]
-#+     $PROG  [--helpshort|--usage|-?]
-#+     $PROG  [--help|-man]
-#+
-#+ DESCRIPTION
-#+     Google has deprecated sendmail for internal use -- go/nosmtp.
-#+     $PROG provides an common interface for sending email using a sendmail
-#+     replacement (for use within Google).
-#+
-#+     $PROG by default sends plain text.  Use --html to send html.
-#+
-#+ OPTIONS
-#+     --to=<address,address,...>   - space separated list of people to mail
-#+     --subject="..."              - mail subject
-#+     --file=<file>                - file to mail
-#+     [--cc=<address,address,...>] - space separated list of people to cc
-#+     [--replyto=<address>]        - address to reply to
-#+     [--from]=<address>]          - From address
-#+     [--html]                     - Send html content
-#+     [--help | -man]              - display man page for this script
-#+     [--helpshort]                - display gbash-usage
-#+     [--usage | -?]               - display in-line usage
-#+
-#+ EXAMPLES
-#+     $PROG --to="$USER" --subject="This PASSED!" --file=/tmp/mailfile.23561
-#+                                  - Mail the contents of /tmp/mailfile.23561
-#+
-#+ FILES
-#+
-#+ SEE ALSO
-#+     common.sh                    - function definitions for timestamp, etc.
-#+
-#+ BUGS/TODO
-#+
-########################################################################
-# If NO ARGUMENTS should return *usage*, uncomment the following line:
-usage=${1:-yes}
-
-source $(dirname $(readlink -ne $BASH_SOURCE))/lib/common.sh
-
-if [[ $(hostname) =~ \.google\. ]]; then
-  # Quietly check for sendgmr
-  common::check_packages sendgmr || common::exit 1 "Exiting..."
-
-  # sendgmr doesn't do much checking so hold its hand and talk nicely to it
-  [[ -n "$FLAGS_cc" ]] && CC_ARG="-cc=$FLAGS_cc"
-
-  if ((FLAGS_html)); then
-    FILE_ARGS="--html_file=$FLAGS_file --body_file=/dev/null"
-  else
-    FILE_ARGS="--html_file=/dev/null --body_file=$FLAGS_file"
-  fi
-
-  # Send it!
-  sendgmr \
-   -to="$FLAGS_to" \
-   -from="$FLAGS_from" \
-   -reply_to="$FLAGS_replyto" \
-   -subject="$FLAGS_subject" \
-   $CC_ARG \
-   $FILE_ARGS
-else
-  # Nice and simple
-  (
-  cat <<EOF+
-To: $FLAGS_to
-From: $FLAGS_from
-Subject: $FLAGS_subject
-Cc: $FLAGS_cc
-Reply-To: $FLAGS_replyto
-EOF+
-  ((FLAGS_html)) && echo "Content-Type: text/html"
-  cat $FLAGS_file
-  ) |/usr/sbin/sendmail -t
-fi
diff --git a/prin b/prin
index 6be64734831..91c4bfd57a6 100755
--- a/prin
+++ b/prin
@@ -33,8 +33,9 @@ PROG=${0##*/}
 #+
 #+ OPTIONS
 #+     [--security_layer=]       - A file containing a path to a script to
-#+                                 source:
+#+                                 source/include:
 #+                                 FLAGS_security_layer=/path/to/script
+#+                                 Default: $HOME/.kubernetes-releaserc
 #+     [--help | -man]           - display man page for this script
 #+     [--usage | -?]            - display in-line usage
 #+
@@ -107,7 +108,7 @@ show_tags () {
 
       if ((SECURITY_LAYER)); then
         hosted_days="NA"
-        [[ -n ${HOSTED_EPOCH[$tag]} ]] && \
+        [[ -n "${HOSTED_EPOCH[$tag]}" ]] && \
          hosted_days=$(echo "scale=2; (${HOSTED_EPOCH[$tag]}-$commit_seconds)/86400"|bc)
       fi
 
@@ -117,6 +118,13 @@ show_tags () {
   echo
 }
 
+###############################################################################
+# Stubbed out
+security_layer::hosted_map () {
+  logecho "Skipping $FUNCNAME extensions..."
+  return 0
+}
+
 
 ###############################################################################
 # MAIN
@@ -143,7 +151,6 @@ fi
 
 [[ -z "$INITIAL_COMMIT" ]] && common::exit 1 "No commit/pr found in this repo."
 
-# Conditional execute
-type -t hosted_map >/dev/null 2>&1 && hosted_map
+security_layer::hosted_map
 
 show_tags "$PR" $INITIAL_COMMIT ${CP_COMMITS[*]}