dagger/plan/task/decodesecret.go

package task

import (
	"context"
	"encoding/json"
	"errors"

	"cuelang.org/go/cue"
	"github.com/rs/zerolog/log"
	"go.dagger.io/dagger/compiler"
	"go.dagger.io/dagger/plancontext"
	"go.dagger.io/dagger/solver"
	"gopkg.in/yaml.v3"
)

func init() {
	Register("DecodeSecret", func() Task { return &decodeSecretTask{} })
}

type decodeSecretTask struct {
}

func (c *decodeSecretTask) Run(ctx context.Context, pctx *plancontext.Context, _ *solver.Solver, v *compiler.Value) (*compiler.Value, error) {
	lg := log.Ctx(ctx)
	lg.Debug().Msg("decoding secret")

	input := v.Lookup("input")

	inputSecret, err := pctx.Secrets.FromValue(input)
	if err != nil {
		return nil, err
	}

	format, err := v.Lookup("format").String()
	if err != nil {
		return nil, err
	}

	lg.Debug().Str("format", format).Msg("unmarshaling secret")

	inputSecretPlaintext := inputSecret.PlainText()

	var unmarshaled map[string]interface{}

	switch format {
	case "json":
		err = json.Unmarshal([]byte(inputSecretPlaintext), &unmarshaled)
	case "yaml":
		err = yaml.Unmarshal([]byte(inputSecretPlaintext), &unmarshaled)
	}

	if err != nil {
		// returning err here could expose secret plaintext!
		return nil, errors.New("could not unmarshal secret")
	}

	output := compiler.NewValue()

	// recurse over unmarshaled to convert string values to secrets
	var convert func(p []cue.Selector, i interface{})
	convert = func(p []cue.Selector, i interface{}) {
		switch entry := i.(type) {
		case string:
			secret := pctx.Secrets.New(entry)
			p = append(p, cue.ParsePath("contents").Selectors()...)
			logPath := cue.MakePath(p[1 : len(p)-1]...)
			lg.Debug().Str("path", logPath.String()).Str("type", "string").Msg("found secret")
			path := cue.MakePath(p...)
			output.FillPath(path, secret.MarshalCUE())
		case map[string]interface{}:
			for k, v := range entry {
				np := append([]cue.Selector{}, p...)
				np = append(np, cue.ParsePath(k).Selectors()...)
				convert(np, v)
			}
		}
	}

	convert(cue.ParsePath("output").Selectors(), unmarshaled)

	return output, nil
}
implemented #DecodeSecret as engine task Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-03 20:08:11 +01:00			`package task`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`

			`"cuelang.org/go/cue"`
			`"github.com/rs/zerolog/log"`
			`"go.dagger.io/dagger/compiler"`
			`"go.dagger.io/dagger/plancontext"`
			`"go.dagger.io/dagger/solver"`
			`"gopkg.in/yaml.v3"`
			`)`

			`func init() {`
			`Register("DecodeSecret", func() Task { return &decodeSecretTask{} })`
			`}`

			`type decodeSecretTask struct {`
			`}`

Fix export cache issue Resolve #1551 and #1020. We are never returning the result of solved operations so Buildkit could not cache the layer. This commit implements a simple system to forward operations' result to the main build to cache it. Signed-off-by: Vasek - Tom C <tom.chauveau@epitech.eu> 2022-03-23 23:02:17 +01:00			`func (c decodeSecretTask) Run(ctx context.Context, pctx plancontext.Context, _ solver.Solver, v compiler.Value) (*compiler.Value, error) {`
implemented #DecodeSecret as engine task Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-03 20:08:11 +01:00			`lg := log.Ctx(ctx)`
			`lg.Debug().Msg("decoding secret")`

			`input := v.Lookup("input")`

			`inputSecret, err := pctx.Secrets.FromValue(input)`
			`if err != nil {`
			`return nil, err`
			`}`

			`format, err := v.Lookup("format").String()`
			`if err != nil {`
			`return nil, err`
			`}`

			`lg.Debug().Str("format", format).Msg("unmarshaling secret")`

			`inputSecretPlaintext := inputSecret.PlainText()`

			`var unmarshaled map[string]interface{}`

			`switch format {`
			`case "json":`
			`err = json.Unmarshal([]byte(inputSecretPlaintext), &unmarshaled)`
			`case "yaml":`
			`err = yaml.Unmarshal([]byte(inputSecretPlaintext), &unmarshaled)`
			`}`

			`if err != nil {`
			`// returning err here could expose secret plaintext!`
			`return nil, errors.New("could not unmarshal secret")`
			`}`

			`output := compiler.NewValue()`

			`// recurse over unmarshaled to convert string values to secrets`
			`var convert func(p []cue.Selector, i interface{})`
			`convert = func(p []cue.Selector, i interface{}) {`
			`switch entry := i.(type) {`
			`case string:`
			`secret := pctx.Secrets.New(entry)`
improved handling of p []cue.Selector Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-05 17:54:38 +01:00			`p = append(p, cue.ParsePath("contents").Selectors()...)`
			`logPath := cue.MakePath(p[1 : len(p)-1]...)`
implemented #DecodeSecret as engine task Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-03 20:08:11 +01:00			`lg.Debug().Str("path", logPath.String()).Str("type", "string").Msg("found secret")`
improved handling of p []cue.Selector Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-05 17:54:38 +01:00			`path := cue.MakePath(p...)`
implemented #DecodeSecret as engine task Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-03 20:08:11 +01:00			`output.FillPath(path, secret.MarshalCUE())`
			`case map[string]interface{}:`
			`for k, v := range entry {`
improved handling of p []cue.Selector in for loop Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-05 18:01:06 +01:00			`np := append([]cue.Selector{}, p...)`
			`np = append(np, cue.ParsePath(k).Selectors()...)`
			`convert(np, v)`
implemented #DecodeSecret as engine task Signed-off-by: Richard Jones <richard@dagger.io> 2022-02-03 20:08:11 +01:00			`}`
			`}`
			`}`

			`convert(cue.ParsePath("output").Selectors(), unmarshaled)`

			`return output, nil`
			`}`